When users access embedded content from within third-party services or applications, there is a need for the content provider to verify that the playback originated from an approved third-party service or application. Currently, content providers rely on the easily spoofable HTTP referrer information to check the name of the third-party from which a user is accessing embedded content. This disclosure describes a public key cryptography based simple mechanism for trusted third parties to provide first-party content providers with cryptographically signed referrer information that is non-spoofable and hard to replay. A cryptographic key pair is utilized by the content provider and by the third-party application or service. Requests for playing embedded content that originate from third-party applications are encrypted with the public key of the content provider and signed by the third-party service or application. The techniques enable provision of embedded content playback in third-party apps and allow content providers to ensure that embedded content playback is only available to authorized services and apps.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.