Digital content distribution systems conventionally include a content server, a content player, and a communications network connecting the content server to the content player. The content server is configured to store digital content files, which can be downloaded from the content server to the content player. Each digital content file corresponds to a specific identifying title, such as “Gone with the Wind,” which is familiar to a user. The digital content file typically includes sequential content data, organized according to playback chronology, and may comprise audio data, video data, or a combination thereof. The stored content can also be streamed to the client. In addition, the client can stream from a live source such as a tuner-based server e.g., broadcast service.
The content player is configured to download or stream and play a digital content file, in response to a user request selecting the title for playback. The process of playing the digital content includes decoding and rendering audio and video data into an audio signal and a video signal, which may drive a display system having a speaker subsystem and a video subsystem. In the case of streaming, the content data is transmitted from an already-created content file sequentially to the content player. Streaming can also be live when the source is, for example, from a tuner using HTTP Live Streaming protocol (HLS). In this embodiment, HLS is used for streaming. The downloaded file can be either in HLS or MP4 ISO14496-12 formats. The player is configured to play the digital content as described above.
Content data is typically encrypted and needs to be decrypted before the data can be played. The playback process, therefore, includes four steps, (i) retrieve content, (ii) decrypt content, (iii) decode content and (iv) output content. For the purposes of content protection, the content is most vulnerable at step (ii). At this step, the decrypted (and, therefore, unprotected) but still compressed content data is available. Since it is not always desirable or possible to prevent execution of un-trusted code, the decrypted content at step (ii) is vulnerable to attacks from third-party applications.