The HyperText Transfer Protocol (HTTP) Live Streaming (HLS) standard provides for the segmentation of a multimedia program by a media server into a sequence of relatively small segments. The server may provide to a client device a playlist, or “index file,” listing separate identifiers (typically uniform resource identifiers (URIs)) for each these segments. Using this playlist and the segment URIs listed therein, the client device then may initiate downloading of each segment in order using standard HTTP messaging. By utilizing standard HTTP protocols in conjunction with other widely-adopted protocols, such as HyperText Markup Language (HTML) standards, HLS enables conventional web servers to effectively distribute multimedia programs to a wide variety of client devices.
In order to prevent unauthorized access to the multimedia content transmitted from the media server to the client device, HLS can employ an encryption scheme whereby the segments are encrypted in accordance with, for example, a 128-bit Advanced Encryption Standard (AES-128) scheme. In this approach, a uniform resource identifier (URI) of the cipher key to be used to decrypt one or more segments of a playlist is listed in the playlist itself. This URI points to a location at the media server or other external entity. Thus, to obtain the cipher key, the client device issues a standard HTTP request to the media server using the URL of the cipher key as listed in the playlist. The media server locally accesses the cipher key and replies to the key request by sending an HTTP response to the client device with the cipher key in plain text. As such, there is little to prevent an unauthorized party from accessing the unprotected cipher key from this conventional key exchange in HLS and then decrypting the corresponding multimedia content.