diff --git a/libwvdrmengine/cdm/core/include/cdm_engine.h b/libwvdrmengine/cdm/core/include/cdm_engine.h
index d94cccee..9f840933 100644
--- a/libwvdrmengine/cdm/core/include/cdm_engine.h
+++ b/libwvdrmengine/cdm/core/include/cdm_engine.h
@@ -75,6 +75,10 @@ class CdmEngine {
   // app_parameters: Additional, application-specific parameters that factor
   //                 into the request generation. This is ignored for release
   //                 and renewal requests.
+  //                 Certain app parameter keys are reserved for CDM
+  //                 device identification on the license server.  These
+  //                 parameters will be overwritten by the CDM request
+  //                 generator.
   // key_request: This must be non-null and point to a CdmKeyRequest. The
   //              message field will be filled with the key request, the
   //              type field will be filled with the key request type,
diff --git a/libwvdrmengine/cdm/core/src/client_identification.cpp b/libwvdrmengine/cdm/core/src/client_identification.cpp
index a1f012e6..a3404297 100644
--- a/libwvdrmengine/cdm/core/src/client_identification.cpp
+++ b/libwvdrmengine/cdm/core/src/client_identification.cpp
@@ -13,6 +13,7 @@
 #include "string_conversions.h"
 #include "wv_cdm_constants.h"
 
+namespace wvcdm {
 namespace {
 const std::string kKeyCompanyName = "company_name";
 const std::string kKeyModelName = "model_name";
@@ -25,9 +26,35 @@ const std::string kKeyOemCryptoSecurityPatchLevel =
     "oem_crypto_security_patch_level";
 const std::string kKeyOemCryptoBuildInformation =
     "oem_crypto_build_information";
-}  // unnamed namespace
 
-namespace wvcdm {
+// These client identification keys are used by the CDM for relaying
+// important device information that cannot be overwritten by the app.
+const std::array<std::string, 9> kReservedProperties = {
+    kKeyCompanyName,
+    kKeyModelName,
+    kKeyArchitectureName,
+    kKeyDeviceName,
+    kKeyProductName,
+    kKeyBuildInfo,
+    kKeyWvCdmVersion,
+    kKeyOemCryptoSecurityPatchLevel,
+    kKeyOemCryptoBuildInformation,
+    // TODO(b/148813171,b/142280599): include "origin" and "application_name"
+    // to this list once collection of this information has been moved
+    // to the core CDM.
+};
+
+// Checks if the client-provided |prop_name| is reserved for CDM device
+// identification with the license server.  Property keys which are
+// reserved should be dropped from the request.
+bool IsPropertyKeyReserved(const std::string& prop_name) {
+  for (const std::string& reserved_prop_name : kReservedProperties) {
+    if (prop_name == reserved_prop_name) return true;
+  }
+  return false;
+}
+}  // namespace
+
 // Protobuf generated classes.
 using video_widevine::ClientIdentification_ClientCapabilities;
 using video_widevine::ClientIdentification_NameValue;
@@ -99,7 +126,12 @@ CdmResponseType ClientIdentification::Prepare(
   ClientIdentification_NameValue* client_info;
   if (is_license_request_) {
     CdmAppParameterMap::const_iterator iter;
-    for (iter = app_parameters.begin(); iter != app_parameters.end(); iter++) {
+    for (iter = app_parameters.begin(); iter != app_parameters.end(); ++iter) {
+      if (IsPropertyKeyReserved(iter->first)) {
+        LOGD("Discarding client property: name = \"%s\", value = \"%s\"",
+             iter->first.c_str(), iter->second.c_str());
+        continue;
+      }
       client_info = client_id->add_client_info();
       client_info->set_name(iter->first);
       client_info->set_value(iter->second);
diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp
index 8f21a408..43509f23 100644
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -65,6 +65,10 @@ constexpr int kMaxTerminateCountDown = 5;
 
 const std::string kStringNotAvailable = "NA";
 
+// TODO(b/174412779): Remove when b/170704368 is fixed.
+// This is a Qualcomm specific error code
+const int kRsaSsaPssSignatureLengthError = 10085;
+
 // Constants relating to OEMCrypto resource rating tiers. These tables are
 // ordered by resource rating tier from lowest to highest. These should be
 // updated whenever the supported range of resource rating tiers changes.
@@ -926,6 +930,14 @@ CdmResponseType CryptoSession::PrepareAndSignLicenseRequest(
   });
 
   if (OEMCrypto_ERROR_SHORT_BUFFER != sts) {
+    // TODO(b/174412779): Remove when b/170704368 is fixed.
+    // Temporary workaround. If this error is returned the only way to
+    // recover is for the app to reprovision.
+    if (static_cast<int>(sts) == kRsaSsaPssSignatureLengthError) {
+      LOGE("OEMCrypto PrepareAndSignLicenseRequest result = %d",
+           static_cast<int>(sts));
+      return NEED_PROVISIONING;
+    }
     return MapOEMCryptoResult(sts, GENERATE_SIGNATURE_ERROR,
                               "PrepareAndSignLicenseRequest");
   }
@@ -953,6 +965,14 @@ CdmResponseType CryptoSession::PrepareAndSignLicenseRequest(
     core_message->resize(core_message_length);
     return NO_ERROR;
   }
+  // TODO(b/174412779): Remove when b/170704368 is fixed.
+  // Temporary workaround. If this error is returned the only way to
+  // recover is for the app to reprovision.
+  if (static_cast<int>(sts) == kRsaSsaPssSignatureLengthError) {
+    LOGE("OEMCrypto PrepareAndSignLicenseRequest result = %d",
+         static_cast<int>(sts));
+    return NEED_PROVISIONING;
+  }
   return MapOEMCryptoResult(sts, GENERATE_SIGNATURE_ERROR,
                             "PrepareAndSignLicenseRequest");
 }