Compliance Rules for WMDRM 10 for Network Devices …



Compliance Rules for

WMDRM 10 for Network Devices Transmitters

DEFINITIONS

The following terms have the meanings set forth below. Other initially capitalized terms not defined in these compliance rules have the meanings ascribed to them in the License Agreement.

1. “Company” means an entity licensed under a License Agreement to develop Licensed Products.

2. “Consistent with the Microsoft Implementation” means the Licensed Product (i) provides equivalent functionality to the Microsoft Implementation, (ii) equals or exceeds the robustness of the Microsoft Implementation, and (iii) maintains compatibility and interoperability with the Microsoft Implementation.

3. “Content Key” means a symmetric key or keys used to encrypt and decrypt WMDRM Content.

4. “Cryptographic Keys” means Content Key, Integrity Key, Device Keys and Device Certificate Signing Keys.

5. “Cryptographically Random” means unpredictable, in that no polynomial-time algorithm, given any sequence of bits, can guess the succeeding K bits with probability greater than ½^K + 1/P(K) for any (positive) polynomial P and sufficiently large K.

6. “DRI” means the OpenCable Digital Receiver Interface Protocol.

7. “HTTP” means HyperText Transfer Protocol.

8. “IP” means Internet Protocol which is a network layer protocol.

9. “IPv4” means “Internet Protocol Version 4”.

10. “IPv6” means “Internet Protocol Version 6”.

11. “License Agreement” means an agreement under which Microsoft licenses entities to develop and distribute WMDRM-ND Transmitters that include implementations of WMDRM-ND.

12. “Licensed Product” means a hardware device or software application (or other software component, which may be a separately identifiable subset of a software application or operating system), that (i) implements WMDRM-ND functionality subject to a License Agreement and (ii) may be capable of Transmitting.

13. “Media Transfer Protocol” or “MTP” means Microsoft’s Media Transfer Protocol for device control, metadata exchange and media transfer.

14. “Microsoft Implementation” means the implementation of WMDRM-ND functionality provided as source code, binaries, technical documentation including but not limited to the Windows Media DRM for Network Devices specification, tools and/or sample files as provided to the Company under the License Agreement.

15. “Nonce” means a value that is non-repeating and Cryptographically Random.

16. “Package” means the process of encrypting content into WMDRM Content.

17. “Protected Time Source” means a time source that cannot be easily circumvented.

18. “Receive” means to obtain WMDRM Licenses from a WMDRM-ND Transmitter.

19. “Revocation Data” means version numbers, certificate revocation lists, system renewability messages or other data necessary to execute revocation as described in these compliance rules.

20. “Revocation Data Timestamp” means the date and time information stored to determine the time interval since last receipt of Revocation Data.

21. “Revocation Information Version” means a number included in WMDRM Policy that identifies a particular version of Revocation Data.

22. “Robustness Rules” means the Robustness Rules for WMDRM 10 for Devices, as amended from time to time by Microsoft.

23. “RTSP” means Real Time Streaming Protocol.

24. “Security Level” means a number in the WMDRM Policy associated with specific WMDRM Content that specifies the minimum security level necessary for a Licensed Product to be able to acquire a WMDRM License for the WMDRM Content.

25. “Transmit” means to transport WMDRM Licenses to a WMDRM-ND Receiver.

26. “USB” means Universal Serial Bus.

27. “WMDRM” means Windows Media Digital Rights Management technology.

28. “WMDRM Base License” means a reference WMDRM Policy from which a WMDRM License is derived Consistent with the Microsoft Implementation.

29. “WMDRM Certificate” means a unique WMDRM object used to assess trust.

30. “WMDRM Certificate Chain” means a collection of WMDRM Certificates that assess trust back to the WMDRM Root Certificate.

31. “WMDRM Content” means audio or audiovisual content that has been encrypted using WMDRM.

32. “WMDRM License” means a data structure that contains, but is not limited to, an encrypted Content Key or an encrypted key used to decrypt a Content Key associated with specific WMDRM Content, and WMDRM Policy associated with specific WMDRM Content.

33. “WMDRM-ND” means WMDRM for Network Devices.

34. “WMDRM Policy” means the description of the actions permitted and/or required for or with audio or audiovisual content that has been encrypted using WMDRM and restrictions on those actions as contained in the associated WMDRM License.

35. “WMDRM Root Certificate” means a WMDRM Certificate controlled by Microsoft that is indirectly trusted by the Licensed Product.

36. “WMDRM-ND Protocol” means a protocol used by WMDRM-ND Transmitters and WMDRM-ND Receivers to Transmit and/or Receive.

37. “WMDRM-ND Receiver” means a product authorized by Microsoft to Receive.

38. “WMDRM-ND Registration Seed” means a value generated by a WMDRM-ND Transmitter used to derive WMDRM-ND Session Keys as defined in the Microsoft Implementation.

39. “WMDRM-ND Transmitter” means a product authorized by Microsoft to Transmit.

40. “WMDRM-ND Transmitter as an MS OCUR” means a WMDRM-ND Transmitter that is manufactured in accordance with the specification for OpenCable Unidirectional Receiver Host Device issued by CableLabs (OC-SP-OCUR-I04-060622) and is paired with a CableCARD.

41. “XMR License” means a WMDRM License using the Extensible Media Rights binary data schema.

SCOPE. These compliance rules apply to Licensed Products implementing WMDRM-ND Transmitter functionality. These compliance rules set forth the requirements pursuant to which Licensed Products must enforce the WMDRM controls for Transmitting.

REQUIREMENTS FOR WMDRM-ND TRANSMITTERS

Functionality. When a Licensed Product implements any WMDRM-ND functionality, it must do so in a manner Consistent with the Microsoft Implementation. This requirement is in addition to all of the specific compliance rules set forth in this document. In the event of a conflict between how the Microsoft Implementation implements a given WMDRM-ND functionality and how a specific compliance rule in this document describes how such functionality must be implemented, the compliance rule takes precedence.

2. Architecture. All WMDRM functionality implemented in a Licensed Product must be executed in its entirety on a single device.

3. Communication Protocol. The Licensed Product must use one of the following as the communication protocol to interact with a WMDRM-ND Receiver in a manner Consistent with the Microsoft Implementation: MTP over USB, HTTP over IP, RTSP over IP, or DRI over IP.

4. Random Number Generator. The Licensed Product must implement and make use of a random number generator that is Cryptographically Random. For the avoidance of doubt, linear congruential random number generators are not acceptable.

5. Cryptographic Keys. The Licensed Product must use a secure Cryptographically Random number generator to generate the Symmetric Keys.

6. Timer. The Licensed Product must implement a timer with at least one (1) millisecond granularity.

No Circumvention.  Licensed Products must not, directly (including without limitation through the use of WMDRM-ND or any feature or functionality thereof) or indirectly (including without limitation through any device or application offered, sold, or marketed for use with the Licensed Product), (a) provide access to and/or display WMDRM Content in any manner inconsistent with these compliance rules or (b) otherwise circumvent the rights and restrictions associated with WMDRM Content.

8. WMDRM-ND Certificates.

1. WMDRM Certificate Chain. Licensed Products must verify the validity of the associated WMDRM-ND Receiver’s WMDRM Certificate Chain Consistent with the Microsoft Implementation. If the verification fails, the Licensed Product must not Transmit to the associated WMDRM-ND Receiver.

2. WMDRM Certificates and Keys. Licensed Products must only use Cryptographic Keys and WMDRM Certificates in a manner Consistent with the Microsoft Implementation.

3. Root Trust Authority. Licensed Products must verify that the WMDRM-ND Receiver Certificate inherits its trust from the WMDRM Root Certificate. If the verification of the WMDRM-ND Receiver Certificate fails, the Licensed Product must not Transmit to the associated WMDRM-ND Receiver.

Security Level. Licensed Products must verify that the Security Level of the WMDRM-ND Receiver is no less than the Security Level of the WMDRM Policy for the requested WMDRM Content. If the verification of the Security Level fails, the Licensed Product must not Transmit to the associated WMDRM-ND Receiver.

RULES FOR TRANSMITTING

.

Proximity Detection Policy

Round Trip Time (RTT) Verification. Licensed Products must verify that the RTT between the Licensed Product and the associated WMDRM-ND Receiver, as measured Consistent with the Microsoft Implementation, is no more than seven (7) milliseconds computed with at least one (1) millisecond resolution time source.

Time To Live (TTL). When Transmitting over IPv4 networks, Licensed Products must set the TTL to three (3) in IPv4 header of the proximity challenge message.

Hop Count. When Transmitting over IPv6 networks, Licensed Products must set the Hop Count to three (3) in IPv6 header of the proximity challenge message.

Revalidation of WMDRM-ND Receivers. Licensed Products must require a WMDRM-ND Receiver to successfully complete a proximity challenge at least once every forty-eight (48) hours. If the associated WMDRM-ND Receiver has not successfully completed a proximity challenge at least once in the preceding forty-eight (48) hour period, the Licensed Product must not Transmit to the associated WMDRM-ND Receiver.

Nonce. Licensed Products must verify that the Nonce received from the WMDRM-ND Receiver is equivalent to the Nonce sent by the Licensed Product. If the verification of the Nonce fails, the Licensed Product must not Transmit to the associated WMDRM-ND Receiver.

Revocation Data

Revocation Data. Licensed Products must verify the validity of the Revocation Data, including but not limited to Revocation Information Version structure, Consistent with the Microsoft Implementation. If the verification fails, the Licensed Product must not Transmit.

2. WMDRM-ND Receiver Revocation. Licensed Products must verify that none of the WMDRM Certificates in the WMDRM Certificate Chain associated with the WMDRM-ND Receiver appears in the Revocation Data. If any of the WMDRM Certificates in the WMDRM Certificate Chain are present in the Revocation Data, the Licensed Product must not Transmit to the associated WMDRM-ND Receiver.

Revocation Data Freshness. In addition to complying with Sections 4.2.1 and 4.2.2, Licensed Products implementing a WMDRM-ND Transmitter as an MS OCUR must not Transmit to the associated WMDRM-ND Receiver unless the Issued Time on the Revocation Information Version structure is no more than ninety (90) days prior to the current date/time received from a Protected Time Source. For the avoidance of doubt, when the condition in this Section 4.2.3 is not met, a Licensed Product implementing both WMDRM-ND Transmitter and WMDRM-ND Transmitter as an MS OCUR may Transmit if (i) the Licensed Product is functioning in the capacity of a WMDRM-ND Transmitter (not as an MS OCUR) and (ii) the Licensed Product is in compliance with Sections 4.2.1 and 4.2.2.

Transmitting to Concurrent WMDRM-ND Receivers

WMDRM-ND Transmitter. Except as otherwise required by Section 4.3.2, Licensed Products must enforce that at most ten (10) WMDRM-ND Receivers are able to Receive concurrently.

WMDRM-ND Transmitter as an MS OCUR. Notwithstanding Section 4.3.1, Licensed Products when functioning in the capacity of a WMDRM-ND Transmitter as an MS OCUR must enforce that at most one (1) WMDRM-ND Receiver is able to Receive concurrently.

WMDRM-ND Protocol Messages

Implementation. Licensed Products must implement all WMDRM-ND Protocol messages Consistent with the Microsoft Implementation.

WMDRM-ND Registration Seed. Licensed Products must use a Cryptographically Random number generator to generate any WMDRM-ND Registration Seed.

3. Nonce. Licensed Products must use a Cryptographically Random number generator to generate the Nonce.

Rules for Packaging Content

1. Compatibility. If Licensed Product Packages Content in a format supported by Windows Media Player, Licensed Product must Package Content such that it can be played back in the most recent public final release of Windows Media Player from Microsoft. When accessed in Windows Media Player, WMDRM Content Packaged by the Licensed Product must not cause instability, reliability, or quality problems any more than identical content encoded with the most recent public final release of Windows Media Encoder from Microsoft.

RULES FOR XMR LICENSE CREATION AND DELETION

Licensed Products may manage XMR Licenses Consistent with the Microsoft Implementation, provided that all requirements in this Section 6 are met.

1. XMR Specification. Licensed Products that create XMR Licenses must follow all the rules in this document as well as the Windows Media DRM Extensible Media Rights Specification.

2. Allowed XMR License Object Values. Licensed Products must comply with the following restrictions on XMR License object fields specified in this Section 6.2 and may only be assigned the values specified herein.

1. Allowed Output Protection Level Restriction Values. If an Output Protection Level field is assigned in an XMR License, it must be one of the allowed values corresponding to the applicable field as listed in Table 1. Section 5.2 of the Compliance Rules for Windows Media DRM 10 for Network Devices Receiver Applications describes each allowed Output Protection Level value.

Table 1: Allowed Output Protection Level Restriction Values

|Output Protection Level Field Name |Allowed Values |

|Minimum Digital Compressed Audio Output Protection Level |100, 200, 300 |

|Minimum Uncompressed Digital Audio Output Protection Level |100, 150, 200, 300 |

|Minimum Compressed Digital Video Output Protection Level |400 |

|Minimum Uncompressed Digital Video Output Protection Level |100, 250, 300 |

|Minimum Analog Video Output Protection Level |100, 150, 200 |

2. Allowed Minimum Security Level Values. A Minimum Security Level field of the Minimum Environment Restriction object must be assigned in every XMR License, and must be one of the values indicated in Table 2.

Table 2: Allowed Security Levels

|Allowed Value |Players and devices |Example |

|150 |Devices that do not support Windows Media DRM. DRM |Devices that support Windows Media-based |

| |protection is removed when the Content is |Content but not protected Content |

| |transferred to such a device. | |

|1000 |Player applications based on Windows Media Format |Windows Media Player v6.4, Windows Media Player|

| |9.5 SDK and earlier that do not meet additional |v7 |

| |requirements for level 2000. | |

| |Devices based on Windows Media Portable Device DRM |Windows Media Player for Pocket PC or |

| |v1. |SmartPhone |

| |Devices based on Windows CE 4.2 and later. | |

|2000 |Player applications based on Windows Media Format |Windows Media Player v7.1  and later |

| |7.1 Series SDK or later, and that follow a stricter | |

| |set of Content protection guidelines than | |

| |applications at level 1000. | |

| |Devices based on Windows Media DRM 10 for Portable |Portable media devices that support Windows |

| |Devices. |Media DRM 10 for Portable Devices |

| |Devices based on Windows Media DRM 10 for Network |Windows Media Connect devices |

| |Devices. | |

3. Source ID.

1. If a Licensed Product is Transmitting in connection with WMDRM Content originating from one of the sources described in Table 3, the Licensed Product must set the Source ID field of the Source ID object to the value indicated in Table 3 corresponding to that source.

Table 3: Source ID

|Allowed Value |Source Descriptions |

|1 |Macrovision |

|2 |CGMS-A |

|4 |OpenCable Unidirectional Receiver (OCUR) |

|257 |CPRM, CPPM |

|258 |DTCP |

|259 |OMA |

|262 |AACS (pre-recorded) |

|263 |AACS (recordable) |

|264 |Satellite Content – DIRECTV |

|265 |DTCP at no greater than 520,000 pixels per frame |

2. Licensed Products must not set the Source ID field of the Source ID Object to 265 for Content with an Effective Resolution of greater than 520,000 pixels per frame.

4. Allowed Revocation Information Version Values. If the Licensed Product is a WMDRM-ND Transmitter as an MS OCUR, it must set the RIV field of the Revocation Information Version object in the XMR License to the value of the Sequence Number field in the Revocation Information Version structure from Section 4.2.3 of these rules.

5. Allowed Analog Video Output Configuration. If a Video Output Protection GUID and corresponding Binary Configuration Data field is specified in the Analog Video Output Configuration object in an XMR License, it must be a combination of the values indicated in Table 4 and subject to rules specified in Section 4.2.6.

Table 4: Allowed Analog Video Output Configuration Values

|Allowed Analog Video Output Configuration GUID |Allowed Value for Binary Configuration |Output Protection Description |

| |Data Field | |

|{C3FD11C6-F8B7-4d20-B008-1DB17D61F2DA} |0, 1, 2, 3 |AGC and Color Stripe |

|{D783A191-E083-4BAF-B2DA-E69F910B3772} | |Output control for Analog Computer Monitor |

| | |Output |

| |520,000 | |

|{811C5110-46C8-4C6e-8163- C0482A15D47E} | |Output control for Analog Component Video |

| | |Output |

6. Allowed Minimum Copy Protection Level Values. If the Minimum Copy Protection Level of the Copy Protection Level Restriction object is assigned a value in an XMR License, it must be one of the values indicated in Table 5.

Table 5: Allowed Minimum Copy Protection Level Values

|Allowed Value |Minimum Copy Protection Permitted |

|300 |Copy to PD-DRM devices and WMDRM-PD devices |

|400 |Copy to WMDRM-PD devices only |

Allowed Copy Count Values. If the Copy Count field of the Copy Count Restriction object is assigned a value in an XMR License, it must be less than or equal to 250.

Cannot Persist. If the Licensed Product is functioning as a WMDRM-ND Transmitter (not as an MS OCUR) it must set the CannotPersist bit in the Rights field of the Rights Setting Object to a value of 1.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download