User Profile

Hi, We are trying to adopt FPS for mp4 content protection playing on safari browser of Mac OS. I have verified that native functions of safari browser support the decryption for AES-128 encrypted TSs based on EME of HTML5 and HLS mechanism, where the CEK stores in http server described in the m3u8 manifest and is delivered to the browser in plain. Although it is a simple and easy solution to protect the mp4 contents, the security is still matter because the key is delivered in plain. So we decided to implment a key server to issue the CKC message after receiving SPC as safari browser's key request. I have a question before starting it. Q: The Encrypted AES-128 key in the Table 2-3. SPC container structure of FairPlay Streaming Programming Guide document says that "This key is itself encrypted, using RSA public key encryption with Optimal Asymmetric Encryption Padding (OAEP)". It means we needs a private key to decrypt it. I understand it if the client is a proprietary application so that the public key would be one of the FPS development credential, which will be issued by Apple according to our request. Because the client application can use the public key during the implementation. But what if the client is the safari browser? We cannot use any kind of new issued public key for the safari browser. I guess Mac OS uses some fixed public key which is already issued by Apple for safari browser's FPS. Now how can I get the counter private key? It could not be contained in the FPS credential. Because it should be a fixed one, not new generated one.