Compliance Rules for

WMDRM 10 for Network Devices Transmitters

  1. DEFINITIONS

The following terms have the meanings set forth below. Other initially capitalized terms not defined in these Compliance Rules have the meanings ascribed to them in the License Agreement.

1.1“Company” means an entity licensed under a License Agreement to develop Licensed Products.

1.2“Consistent with the Microsoft Implementation” means the Licensed Product (i)provides equivalent functionality to the Microsoft Implementation, (ii)equals or exceeds the robustness of the Microsoft Implementation, and (iii)maintains compatibility and interoperability with the Microsoft Implementation.

1.3“Cryptographically Random” means unpredictable, in that no polynomial-time algorithm, given any sequence of bits, can guess the succeeding K bits with probability greater than ½^K + 1/P(K) for any (positive) polynomial P and sufficiently large K.

1.4“Content Key” means a symmetric key or keys used to encrypt and decrypt WMDRM Content.

1.5“License Agreement” means an agreement(s) under which Microsoft licenses entities to develop and distribute WMDRM-ND Transmitters that include implementations of WMDRM by virtue of Microsoft intellectual property licenses for the WMDRM-ND technology and licenses for the appropriate certificates and keys.

1.6“Licensed Product” means a hardware device or software application (or other software component, which may be a separately identifiable subset of a software application or operating system), that (i) implements WMDRM-ND functionality subject to a License Agreement and (ii)may be capable of Streaming WMDRM Content.

1.7“Microsoft Implementation” means the implementation of WMDRM-ND functionality provided as source code, binaries, technical documentation, tools and/or sample files as provided to the Company under the License Agreement.

1.8“Nonce” means a value that is Cryptographically Random.

1.9“Revocation Data” means version numbers, certificate revocation lists, system renewability messages or other data necessary to execute revocation Security Functions.

1.10“Robustness Rules” means the Robustness Rules for WMDRM for Devices as may be amended from time to time by Microsoft.

1.11“Security Level” means a number in the WMDRM Policy associated with specific WMDRM Content that specifies the minimum security level necessary for a Licensed Product to be able to acquire a WMDRM License for the WMDRM Content.

1.12“Stream” means to transport encrypted WMDRM Content over a network, to the extent permitted by applicable WMDRM Policy, to a WMDRM-ND Receiver for Passing to an Output immediately or shortly after receipt of the WMDRM Content in the WMDRM-ND Receiver.

1.13“WMDRM” means Windows Media Digital Rights Management technology.

1.14“WMDRM Base License” means a reference WMDRM Policy from which a WMDRM License is derived Consistent with the Microsoft Implementation.

1.15“WMDRM Certificate” means a unique WMDRM object used to assess trust.

1.16“WMDRM Certificate Chain” means a collection of WMDRM Certificates that assess trust back to the WMDRM Root Certificate.

1.17“WMDRM Content” means audio or audiovisual content that has been encrypted and recorded using WMDRM.

1.18“WMDRM License” means a data structure that contains, but is not limited to, WMDRM Policy and an encrypted Content Key associated with specific WMDRM Content.

1.19“WMDRM-ND” means WMDRM for Network Devices.

1.20“WMDRM Policy” means the description of the actions permitted and/or required for or with audio or audiovisual content that has been encrypted using WMDRM and restrictions on those actions as contained in the associated WMDRM License.

1.21“WMDRM Root Certificate” means a WMDRM Certificate controlled by Microsoft that is indirectly trusted by the Licensed Product.

1.22“WMDRM-ND Protocol” means a protocol used by WMDRM-ND Licensed Products to protect Streaming of WMDRM Content and WMDRM Licenses.

1.23“WMDRM-ND Receiver” means product authorized by Microsoft to connect to WMDRM-ND Transmitters and acquire WMDRM Licenses and receive Streamed WMDRM Content.

1.24“WMDRM-ND Registration Seed” means a value generated by a WMDRM-ND Transmitter used to derive WMDRM-ND Session Keys.

1.25“WMDRM-ND Transmitter” means a product authorized by Microsoft to connect to WMDRM-ND Receivers and issue WMDRM Licenses and Stream WMDRM Content.

  1. SCOPE. These Compliance Rules apply to Licensed Products implementing WMDRM-ND Transmitter functionality. These Compliance Rules set forth the requirements pursuant to which Licensed Products must enforce the WMDRM controls applicable to the Streaming of WMDRM Content from WMDRM-NDTransmitters to WMDRM-ND Receivers.
  1. REQUIREMENTS FOR WMDRM-NDTRANSMITTERS
  2. Functionality. The Licensed Productimplementing WMDRM-ND Transmitter functionality must comply with all of the specific compliance rules set forth in this document.Such Licensed Products must implement all WMDRM-ND Transmitter functionality Consistent with the Microsoft Implementation. In the event of a conflict between how the Microsoft Implementation implements a given WMDRM-ND functionality and how a specific compliance rule in this document describes how such implementation must be accomplished, the Compliance Rules are controlling.
  3. Random Number Generator.The Licensed Productmust implement and make use of a random number generator that is Cryptographically Random. For the avoidance of doubt, linear congruential random number generators are not acceptable.
  4. Cryptographic Keys.The Licensed Product must use a secure Cryptographically Random number generator for deriving the Symmetric Keys.
  5. Timer. The Licensed Product must implement a timer with at least one (1) millisecond granularity.
  6. WMDRM-ND Certificates.
  7. WMDRM Certificate Chain.The Licensed Productmust verify the validity of the associated WMDRM-ND Receiver’s WMDRM Certificate Chain. If the verification fails, the Licensed Product must not Stream the WMDRM Content to the associated WMDRM-ND Receiver.
  8. Root Trust Authority.The Licensed Product must verify that the WMDRM-ND Receiver Certificate inherits its trust from the WMDRM Root Certificate. If the verification of the WMDRM-ND Receiver Certificate fails, the Licensed Productmust not Stream the WMDRM Content to the associated WMDRM-ND Receiver.
  9. Security Level.The Licensed Product must verify that the Security Level of the WMDRM-ND Receiver is no less than the Security Level of the WMDRM Policy for the requested WMDRM Content. If the verification of the Security Level fails, the Licensed Product must not Stream the WMDRM Content to the associated WMDRM-ND Receiver.
  10. RULES FOR STREAMING WMDRM CONTENT FROM LICENSED PRODUCTS TO WMDRM-ND RECEIVERS
  11. Proximity Detection Policy
  12. Round Trip Time (RTT) Verification.The Licensed Productmust verify that the RTT,as measured Consistent with the Microsoft Implementation, between the Licensed Product and the associated WMDRM-ND Receiver is no more than seven (7) milliseconds.
  13. Time to Live (TTL).When Streaming over IP networks the Licensed Product must set the TTL to three (3) on Round Trip Time measurement packets.
  14. Revalidation of WMDRM-ND Receivers.The Licensed Product must require a WMDRM-ND Receiver to successfully complete a proximity challenge at least once every forty-eight (48) hours. If the associated WMDRM-ND Receiver does not successfully complete a proximity challenge at least once in a forty-eight (48) hour period the Licensed Product must not Stream WMDRM Content to the associated WMDRM-ND Receiver.
  15. Nonce. The Licensed Product must verify that the Nonce received from the WMDRM-ND Receiver is equivalent to the Nonce sent by the Licensed Product. If the verification of the Nonce fails, the Licensed Product must not Stream the WMDRM Content to the associated WMDRM-ND Receiver.
  16. Revocation Data
  17. Revocation Data.The Licensed Product must verify the validity of the Revocation Data. If the verification fails, the Licensed Product must not Stream the WMDRM Content to any WMDRM-ND Receiver.
  18. WMDRM-ND Receiver Revocation.The Licensed Product must verify that the WMDRM-ND Receiver certificate information does not appear in the Revocation Data. If the WMDRM-ND Receiver certificate information is present in the Revocation Data, the Licensed Product must not Stream WMDRM Content to the associatedWMDRM-ND Receiver.
  19. Concurrent Streaming to WMDRM-ND Receivers.
  20. WMDRM-ND Transmitter.Except if otherwise required by Section 4.3.2, the Licensed Productsmust enforce that at most ten (10) WMDRM-ND Receivers are able to receive Streamed WMDRM Content concurrently.
  21. WMDRM-ND Protocol Messages
  22. Implementation.Licensed Products must implement all WMDRM-ND Protocol messages Consistent with the Microsoft Implementation.
  23. WMDRM-ND Registration Seed.The Licensed Product must use a Cryptographically Random number generator for deriving the WMDRM-ND Registration Seed.
  24. Nonce. The Licensed Product must use a Cryptographically Random number generator for deriving the Nonce.

Compliance Rules for

WMDRM 10 for Network Devices Transmitters

Microsoft Confidential-1-09-01-05-a