Hi, Can you provide more information about your playback scenario? Are you attempting to acquire a CKC? Why are you including the FPS certificate in your request? Thanks, ThetaSeg!

Hi, Can you share how you are calling the function: makeSecureTokenForExpirationDateOfPersistableContentKey including the parameters (truncated is fine) and the parameter types. Thanks, ThetaSeg!

Hi, Are you requesting an offline / persistent license for the content? ThetaSeg!

Hi, FPS's core security functions are: ASk calculation algorithm DASk derivation algorithm The ASk is a symmetric key utilised as the Root-of-Trust and bootstraps the secure communication between the FPS enabled client and server. The DASk is a session-bound symmetric key derived from the ASk and a random value R2 used to further encrypt communication. While the DASk algorithm is available to developers via the FPS SDK, the ASk algorithm is highly confidential and is not documented. At a high-level, the FPS client consumes the Application Certificate and from this, using the core security function, the client is able to calculate the ASk. On the server side, the ASk is hardcoded and readily available. During SPC generation, the FPS client will calculate the DASk through the core security function and a randomly generated 21 byte value, R2. The SK_R1 block is then symmetrically encrypted against the DASk. The R2 is included in the SPC message that the server consumes. Now since both the FPS client and server have the ASk and R2 value, both sides can confidently calculate the DASk which is used to encrypt / decrypt the SK_R1 block. Hope this answers your question. ThetaSeg!