diff --git a/libwvdrmengine/cdm/core/include/wv_cdm_types.h b/libwvdrmengine/cdm/core/include/wv_cdm_types.h
index e14a02ea..5a5a12db 100644
--- a/libwvdrmengine/cdm/core/include/wv_cdm_types.h
+++ b/libwvdrmengine/cdm/core/include/wv_cdm_types.h
@@ -607,7 +607,9 @@ enum CdmClientTokenType : int32_t {
   kClientTokenOemCert,
   kClientTokenUninitialized,
   kClientTokenBootCertChain,
-  kClientTokenDrmReprovisioning,
+  // For use by internal L3 CDMs supporting individualization of embedded
+  // drm certificates.
+  kClientTokenDrmCertificateReprovisioning,
 };
 
 // kNonSecureUsageSupport - TEE does not provide any support for usage
diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
index d2622086..b60f58c1 100644
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -754,7 +754,7 @@ CdmResponseType CdmEngine::QueryStatus(RequestedSecurityLevel security_level,
     }
     switch (token_type) {
       case kClientTokenDrmCert:
-      case kClientTokenDrmReprovisioning:
+      case kClientTokenDrmCertificateReprovisioning:
         *query_response = QUERY_VALUE_DRM_CERTIFICATE;
         break;
       case kClientTokenKeybox:
diff --git a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
index 38973baf..b40c3825 100644
--- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
+++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp
@@ -169,7 +169,7 @@ CertificateProvisioning::GetProvisioningType() {
       return SignedProvisioningMessage::PROVISIONING_40;
     case kClientTokenOemCert:
       return SignedProvisioningMessage::PROVISIONING_30;
-    case kClientTokenDrmReprovisioning:
+    case kClientTokenDrmCertificateReprovisioning:
       return SignedProvisioningMessage::DRM_REPROVISIONING;
     default:
       return SignedProvisioningMessage::PROVISIONING_20;
diff --git a/libwvdrmengine/cdm/core/src/client_identification.cpp b/libwvdrmengine/cdm/core/src/client_identification.cpp
index 86aa9fff..94bb8720 100644
--- a/libwvdrmengine/cdm/core/src/client_identification.cpp
+++ b/libwvdrmengine/cdm/core/src/client_identification.cpp
@@ -404,7 +404,7 @@ bool ClientIdentification::GetProvisioningTokenType(
       }
       return true;
     }
-    case kClientTokenDrmReprovisioning:
+    case kClientTokenDrmCertificateReprovisioning:
       *token_type =
           video_widevine::ClientIdentification::DRM_DEVICE_CERTIFICATE;
       return true;
diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp
index ee60c5e1..939af6dd 100644
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -348,7 +348,7 @@ CdmResponseType CryptoSession::GetProvisioningMethod(
       type = kClientTokenBootCertChain;
       break;
     case OEMCrypto_DrmReprovisioning:
-      type = kClientTokenDrmReprovisioning;
+      type = kClientTokenDrmCertificateReprovisioning;
       break;
     case OEMCrypto_ProvisioningError:
     default:
@@ -666,7 +666,8 @@ CdmResponseType CryptoSession::GetProvisioningToken(
   } else if (pre_provision_token_type_ == kClientTokenBootCertChain) {
     status = GetBootCertificateChain(requested_security_level, token,
                                      additional_token);
-  } else if (pre_provision_token_type_ == kClientTokenDrmReprovisioning) {
+  } else if (pre_provision_token_type_ ==
+             kClientTokenDrmCertificateReprovisioning) {
     status = GetTokenFromEmbeddedCertificate(token);
   }
   metrics_->crypto_session_get_token_.Increment(status);
@@ -1275,7 +1276,8 @@ CdmResponseType CryptoSession::PrepareAndSignProvisioningRequest(
     should_specify_algorithm = true;
     // Do nothing here. The key to signing the provisioning 4.0 request for each
     // stage has been loaded already when it was generated by OEMCrypto.
-  } else if (pre_provision_token_type_ == kClientTokenDrmReprovisioning) {
+  } else if (pre_provision_token_type_ ==
+             kClientTokenDrmCertificateReprovisioning) {
     should_specify_algorithm = false;
     // Do nothing here. The baked-in certificate used as the token has already
     // been loaded when the EncryptedClientId was filled in.
@@ -1462,7 +1464,7 @@ CdmResponseType CryptoSession::GetTokenFromEmbeddedCertificate(
     LOGE("Failed to get token type");
     return sts;
   }
-  if (token_type != kClientTokenDrmReprovisioning) {
+  if (token_type != kClientTokenDrmCertificateReprovisioning) {
     token->clear();
     return CdmResponseType(NO_ERROR);
   }
diff --git a/libwvdrmengine/cdm/core/src/license_protocol.proto b/libwvdrmengine/cdm/core/src/license_protocol.proto
index 70c778c3..7e814b54 100644
--- a/libwvdrmengine/cdm/core/src/license_protocol.proto
+++ b/libwvdrmengine/cdm/core/src/license_protocol.proto
@@ -1026,7 +1026,8 @@ message SignedProvisioningMessage {
     ARCPP_PROVISIONING = 4;  // ChromeOS/Arc++ devices.
     // Android-Attestation-based OTA keyboxes.
     ANDROID_ATTESTATION_KEYBOX_OTA = 6;
-    // Certificate reprovisioning for internal L3 CDMs only.
+    // DRM certificate reprovisioning for individualization of embedded
+    // DRM certificates used by internal L3 CDMs only.
     DRM_REPROVISIONING = 7;
     INTEL_SIGMA_101 = 101;  // Intel Sigma 1.0.1 protocol.
     INTEL_SIGMA_210 = 210;  // Intel Sigma 2.1.0 protocol.
@@ -1275,8 +1276,9 @@ message DrmCertificate {
     DEVICE = 2;
     SERVICE = 3;
     PROVISIONER = 4;
-    // Only used by baked-in certificates with internal L3 CDMs that support
-    // Drm Reprovisioning.
+    // Only used by internal L3 CDMs with baked-in (embedded) certificates that
+    // support the Drm Reprovisioning method for individualization of embedded
+    // certificates.
     DEVICE_EMBEDDED = 5;
   }
   enum ServiceType {
diff --git a/libwvdrmengine/cdm/core/src/system_id_extractor.cpp b/libwvdrmengine/cdm/core/src/system_id_extractor.cpp
index 791ace5f..72b548fd 100644
--- a/libwvdrmengine/cdm/core/src/system_id_extractor.cpp
+++ b/libwvdrmengine/cdm/core/src/system_id_extractor.cpp
@@ -60,7 +60,7 @@ bool SystemIdExtractor::ExtractSystemId(uint32_t* system_id) {
   switch (type) {
     case kClientTokenDrmCert:
     // TODO: b/309675153 - Extract system id when using DRM reprovisioning.
-    case kClientTokenDrmReprovisioning:
+    case kClientTokenDrmCertificateReprovisioning:
       LOGW(
           "Cannot get a system ID from a DRM certificate, "
           "using null system ID: security_level = %s",
diff --git a/libwvdrmengine/cdm/core/src/wv_cdm_types.cpp b/libwvdrmengine/cdm/core/src/wv_cdm_types.cpp
index ce21bd81..edc2edf2 100644
--- a/libwvdrmengine/cdm/core/src/wv_cdm_types.cpp
+++ b/libwvdrmengine/cdm/core/src/wv_cdm_types.cpp
@@ -76,8 +76,8 @@ const char* CdmClientTokenTypeToString(CdmClientTokenType type) {
       return "BootCertChain";
     case kClientTokenUninitialized:
       return "Uninitialized";
-    case kClientTokenDrmReprovisioning:
-      return "DrmReprovisioning";
+    case kClientTokenDrmCertificateReprovisioning:
+      return "DrmCertificateReprovisioning";
   }
   return UnknownValueRep(type);
 }
diff --git a/libwvdrmengine/cdm/core/test/certificate_provisioning_unittest.cpp b/libwvdrmengine/cdm/core/test/certificate_provisioning_unittest.cpp
index cf5ccbd9..01328861 100644
--- a/libwvdrmengine/cdm/core/test/certificate_provisioning_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/certificate_provisioning_unittest.cpp
@@ -482,7 +482,7 @@ TEST_P(CertificateProvisioningTest, ProvisioningResponseSuccess) {
 INSTANTIATE_TEST_SUITE_P(
     CertificateProvisioningTests, CertificateProvisioningTest,
     testing::Values(kClientTokenKeybox, kClientTokenOemCert,
-                    kClientTokenDrmReprovisioning),
+                    kClientTokenDrmCertificateReprovisioning),
     [](const testing::TestParamInfo<CertificateProvisioningTest::ParamType>&
            param_type) {
       return CdmClientTokenTypeToString(param_type.param);
diff --git a/libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp b/libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp
index 138cbff2..a668481d 100644
--- a/libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp
+++ b/libwvdrmengine/cdm/core/test/crypto_session_unittest.cpp
@@ -99,7 +99,7 @@ TEST_F(CryptoSessionMetricsTest, OpenSessionValidMetrics) {
   } else if (token_type == kClientTokenBootCertChain) {
     EXPECT_EQ(OEMCrypto_BootCertificateChain,
               metrics_proto.oemcrypto_provisioning_method().int_value());
-  } else if (token_type == kClientTokenDrmReprovisioning) {
+  } else if (token_type == kClientTokenDrmCertificateReprovisioning) {
     EXPECT_EQ(OEMCrypto_DrmReprovisioning,
               metrics_proto.oemcrypto_provisioning_method().int_value());
   } else {
@@ -143,7 +143,7 @@ TEST_F(CryptoSessionMetricsTest, GetProvisioningTokenValidMetrics) {
   } else if (token_type == kClientTokenBootCertChain) {
     EXPECT_EQ(OEMCrypto_BootCertificateChain,
               metrics_proto.oemcrypto_provisioning_method().int_value());
-  } else if (token_type == kClientTokenDrmReprovisioning) {
+  } else if (token_type == kClientTokenDrmCertificateReprovisioning) {
     EXPECT_EQ(OEMCrypto_DrmReprovisioning,
               metrics_proto.oemcrypto_provisioning_method().int_value());
   } else {