Primetime Origin does not create an expired leaf license for chained license policy. Leaf license properties, such as validity, start date, and end date are determined from the policy. To create an expired leaf license to enforce the license validity from root license, specify the end data in the policy.
HLS Key rotation: If key rotation is enabled, FAXS API provides the encrypted rotation key used to encrypt ts fragments. This encrypted rotation key is specified as value for the EncryptedRK parameter in the key URI in m3u8.
To support random access, the encrypted rotation key is provided at the beginning of each encrypted audio or video packet. To decrypt the packet, the player uses CEK to decrypt the rotation key. Then uses the rotation key to decrypt the content.
Path of directory containing Shared domain certificates will be configured in ContentProtection/RecipientCertificates. The set of shared domain certificates may change over time in response to security breaches or other reasons. In such events, new Shared Domain Certificates will be released. Upon notification from Adobe or a security alert, customers need to retrieve new Shared Domain certificates from a secured Adobe website, which would host those updates and update them in the directory specified in ContentProtection/RecipientCertificates.
App whitelisting: App whitelisting can be used for PHDS/PHLS protection scheme. App whitelisting restricts playback of encrypted content only to the specified apps/swfs. app Information (Swf Hash/iOS App Information) is included in the embedded license. FAXS client ensures that the app information provided in the embedded license matches that of the app used for playback. If the user wants to enable app whitelisting for PHDS/PHLS, they can specify the WhitelistFolder tag in the configuration file.