How to handle the expiry of you CKC

You mentioned in WWDC session 10655 about downloading HLS content for offline use that you need to invalidate the persistentCKC using the invalidatePersistableContentKey API on AVContentKeySession.

I was wondering what the best practice would be to keep track of the expiry date? In our case the KSM is returning relevant storage & playback duration data, so i have all the pieces to know when the key is about to expire, but should i handle those rules myself or is AVFoundation helping me in some way with this?

Thank you!
Up vote post of Joris Dubois Down vote post of Joris Dubois
580 views
Posted by
Joris Dubois
Reply
Add a Comment

Accepted Reply

I presume when you say expiry of CKC, you mean expiration for your offline key.

There are multiple ways you can go about this -

  1. You get the expiration date off-band from your key server and track it yourself in the app after you create your offline key.

  2. If you don't want to do that, you can use makeSecureTokenForExpirationDateOfPersistableContentKey:completionHandler: to query expiration date from AVFoundation. This generates a SPC which you can send to your key server to determine when it expires. Note that this involves an additional round trip to server compared to (1)

  3. You can always delete the offline key you have in your app. Sometimes, your business rule demand that the offline key is securely deleted. You can use invalidatePersistableContentKey:options:completionHandler: or invalidateAllPersistableContentKeysForApp:options:completionHandler: to do that. When you use this, you will get a SPC which you can send to your key server and your key server can unwrap SPC and find out securely that the key was invalidated. Let's say if someone tries to reuse your offline key, after invalidation, they cannot anymore.

Posted by
Media Engineer
Up vote reply of Media Engineer Down vote reply of Media Engineer
Post marked as solved
Add a Comment

Replies

I presume when you say expiry of CKC, you mean expiration for your offline key.

There are multiple ways you can go about this -

  1. You get the expiration date off-band from your key server and track it yourself in the app after you create your offline key.

  2. If you don't want to do that, you can use makeSecureTokenForExpirationDateOfPersistableContentKey:completionHandler: to query expiration date from AVFoundation. This generates a SPC which you can send to your key server to determine when it expires. Note that this involves an additional round trip to server compared to (1)

  3. You can always delete the offline key you have in your app. Sometimes, your business rule demand that the offline key is securely deleted. You can use invalidatePersistableContentKey:options:completionHandler: or invalidateAllPersistableContentKeysForApp:options:completionHandler: to do that. When you use this, you will get a SPC which you can send to your key server and your key server can unwrap SPC and find out securely that the key was invalidated. Let's say if someone tries to reuse your offline key, after invalidation, they cannot anymore.

Posted by
Media Engineer
Up vote reply of Media Engineer Down vote reply of Media Engineer
Post marked as solved
Add a Comment