Can Widevine DRM client player maintain a log of the keys that have been used for content decryption? The logs could be useful to derive certain statistics, such as to identify till where the content was viewed.
Also, are the keys that are received in 'pssh' data blogs also encrypted with certain token or session key?
pssh contains only KIDs (key ids) or in general protection headers, not the real decryption keys. The application needs to use those KIDs / protection headers to request the license from the license server. The license contains decryption keys but those are never exposed to your application. Keys in the license are encrypted. The only information you have are KIDs.
Widevine client should have some kind of map showing which status of known KIDs and event to notify you when the map changes. For example:
You can use those to monitor usage of keys in your app.
I assume by Widevine DRM you mean Widevine CDM.
Once key is expired (duration of key as per license policy), it is replaced by renewed keys corresponding to KIDs (KeyIDs). So "no" it does not maintain a log of used keys
Pssh box does not have Keys.
It has KeyIds and Init Data from which license request can be prepared by CDM, using which application can fetch license from license Server
