Summary: Every piece of content needs to be decrypted, a token is derived from the content, and client authenticate using a verification server before playing back using the next piece of the content. This approach works for preroll ads but not for midroll, because the client can do enough look-ahead before getting to ad and download it ahead of time and skip the ad when it gets to its playtime. Alternatively, if the main content is also used to create the token/access token, then client cannot do random seeking on the main content.
Resolution: Will continue the CE to develop a single solution for preroll and midroll ads.