STANDARDwalkthrough
Offline Sync and Download Management
A listener downloads a playlist of 50 songs for a 12-hour flight. Six hours into the flight, their premium subscription expires.
The constraint: downloaded content must be playable offline, but we must enforce licensing restrictions. Once the subscription lapses or the license window expires, the content must become unplayable even without a network connection.
“Can they still listen?”
We solve this with time-limited DRM licenses. When the user downloads a track, we encrypt it with AES-128-CTR and store the decryption key in a DRM license that includes an expiration timestamp (typically 30 days).
The player checks the license expiry against the device clock before decryption. We chose AES-128-CTR (not AES-CBC) because CTR mode supports random seek without decrypting preceding blocks, which is essential for byte-range seeking within encrypted files.
The download manager on the client handles prioritization, retry on failure, and storage management. It downloads tracks at the highest quality tier the user's plan allows (320 kbps for Premium) and stores them in an encrypted local cache.
Storage per downloaded track at 320 kbps: . A 500-song offline library: .
Spotify allows up to 10,000 downloads across 5 devices. The sync protocol checks license validity every 30 days: the client must connect to the server at least once per 30 days to refresh DRM licenses.
Trade-off: 30-day license windows balance user convenience (rare re-authentication) against rights holder protection (content cannot be hoarded indefinitely after cancellation). What if the interviewer asks: what if the user changes their device clock to extend the license?
We store the last-known server timestamp and reject playback if the device clock is earlier than the last sync timestamp, detecting clock tampering.
Related concepts