Common use of Generic Internet and Mobile Streaming Requirements Clause in Contracts

Generic Internet and Mobile Streaming Requirements. The requirements in this section 9 “Generic Internet and Mobile Streaming Requirements”apply in all cases where Internet streaming is supported. Streams shall be encrypted using AES 128 (as specified in NIST FIPS-197) or other robust, industry-accepted algorithm with a cryptographic strength and key length such that it is generally considered computationally infeasible to break. Encryption keys shall not be delivered to clients in a cleartext (un-encrypted) state. The integrity of the streaming client shall be verified before commencing delivery of the stream to the client. Licensee shall use a robust and effective method (for example, short-lived and individualized URLs for the location of streams) to ensure that streams cannot be obtained by unauthorized users. The streaming client shall NOT cache streamed media for later replay but shall delete content once it has been rendered. Apple http live streaming The requirements in this section “Apple http live streaming” only apply if Apple http live streaming is used to provide the Content Protection System. Use of Approved DRM for HLS key management. Licensee shall NOT use the Apple-provisioned key management and storage for http live streaming (“HLS”) (implementations of which are not governed by any compliance and robustness rules nor any legal framework ensuring implementations meet these rules) for protection of Licensor content between Licensee servers and end user devices but shall use (for the protection of keys used to encrypt HLS streams) an industry accepted DRM or secure streaming method approved by Licensor under section 2 of this Schedule. Http live streaming on iOS devices may be implemented either using applications or using the provisioned Safari browser, subject to requirement “Use of Approved DRM for HLS Key Management” above. Where the provisioned HLS implementation is used (e.g. so that native media processing can be used), the connection between the approved DRM client and the native HLS implementation shall be robustly and effectively secured (e.g. by mutual authentication of the approved DRM client and the native HLS implementation). The m3u8 manifest file shall only be delivered to requesting clients/applications that have been authenticated as being an authorized client/application. The streams shall be encrypted using AES-128 encryption (that is, the METHOD for EXT-X-KEY shall be ‘AES-128’). The content encryption key shall be delivered via SSL (i.e. the URI for EXT-X-KEY, the URL used to request the content encryption key, shall be a https URL). Output of the stream from the receiving device shall not be permitted unless this is explicitly allowed elsewhere in the schedule. No APIs that permit stream output shall be used in applications (where applications are used). Licensor content shall NOT be transmitted over Apple Airplay and applications shall disable use of Apple Airplay. The client shall NOT cache streamed media for later replay (i.e. EXT-X-ALLOW-CACHE shall be set to ‘NO’). iOS applications shall include functionality which detects if the iOS device on which they execute has been “jailbroken” and shall disable all access to protected content and keys if the device has been jailbroken.

Generic Internet and Mobile Streaming Requirements. The requirements in this section 9 “Generic Internet and Mobile Streaming Requirements”apply in all cases where Internet streaming is supported. Streams shall be encrypted using AES 128 (as specified in NIST FIPS-197) or other robust, industry-accepted algorithm with a cryptographic strength and key length such that it is generally considered computationally infeasible to break. Encryption keys shall not be delivered to clients in a cleartext (un-encrypted) state. The integrity of the streaming client shall be verified before commencing delivery of the stream to the client. Licensee shall use a robust and effective method (for example, short-lived and individualized URLs for the location of streams) to ensure that streams cannot be obtained by unauthorized users. The streaming client shall NOT cache streamed media for later replay but shall delete content once it has been rendered. Apple http live streaming The requirements in this section “Apple http live streaming” only apply if Apple http live streaming is used to provide the Content Protection System. Use of Approved DRM for HLS key management. Licensee shall NOT use the Apple-provisioned key management and storage for http live streaming (“HLS”) (implementations of which are not governed by any compliance and robustness rules nor any legal framework ensuring implementations meet these rules) for protection of Licensor content between Licensee servers and end user devices but shall use (for the protection of keys used to encrypt HLS streams) an industry accepted DRM or secure streaming method approved by Licensor under section 2 of this Schedule. Http live streaming on iOS devices may be implemented either using applications or using the provisioned Safari browser, subject to requirement “Use of Approved DRM for HLS Key Management” above. Where the provisioned HLS implementation is used (e.g. so that native media processing can be used), the connection between the approved DRM client and the native HLS implementation shall be robustly and effectively secured (e.g. by mutual authentication of the approved DRM client and the native HLS implementation). The m3u8 manifest file shall only be delivered to requesting clients/applications that have been authenticated as being an authorized client/application. The streams shall be encrypted using AES-128 encryption (that is, the METHOD for EXT-X-KEY shall be ‘AES-128’). The content encryption key shall be delivered via SSL (i.e. the URI for EXT-X-KEY, the URL used to request the content encryption key, shall be a https URL). Output of the stream from the receiving device shall not be permitted unless this is explicitly allowed elsewhere in the schedule. No APIs that permit stream output shall be used in applications (where applications are used). Licensor content shall NOT be transmitted over Apple Airplay and applications shall disable use of Apple Airplay. The client shall NOT cache streamed media for later replay (i.e. EXT-X-ALLOW-CACHE shall be set to ‘NO’). iOS applications shall include functionality which detects if the iOS device on which they execute has been “jailbroken” and shall disable all access to protected content and keys if the device has been jailbroken. Revocation and Renewal The Licensee shall ensure that clients and servers of the Content Protection System are promptly and securely updated, and where necessary, revoked, in the event of a security breach (that can be rectified using a remote update) being found in the Content Protection System and/or its implementations in clients and servers. Licensee shall ensure that patches including System Renewability Messages received from content protection technology providers (e.g. DRM providers) and content providers are promptly applied to clients and servers. Account Authorisation Content Delivery. Content, licenses, control words and ECM’s shall only be delivered from a network service to registered devices associated with an account with verified credentials. Account credentials must be transmitted securely to ensure privacy and protection against attacks.