Compliance Rules for WMF 9.5 SDK WMDRM Applications
Compliance rules for
WMF 9.5 SDK WMDRM Applications
- DEFINITIONS
The following terms have the meanings set forth below. Other initially capitalized terms not defined in these Compliance Rules have the meanings ascribed to them in the License Agreement and the Microsoft Implementation.
1.1“AES” means Advanced Encryption Standard.
1.2“Analog Audio Output” means a connector for an analog sound reproduction device such as a speaker or headphones. For avoidance of doubt, this includes both external jacks to connect speakers and/or headphones and built-in speakers and/or headphones.
1.3“Analog Component Video Output” means the YPrPb consumer electronics analog connectors.
1.4“Analog Computer Monitor Output” means a connector for an analog monitor that is typically found and associated with a Computer Product and that carries uncompressed analog video signals. The term expressly includes those outputs known as VGA, SVGA, XGA, DVI Analog, and various non-standardized analog monitor connections that have been implemented by manufacturers, and expressly does not include such typical consumer electronics connectors as NTSC, PAL, SECAM, SCART, YPrPb, S-Video and consumer RGB, whether or not such connectors are found on any Computer Product.
1.5“Analog Protection System (APS) trigger bits (APSTB)” means the bits as specified (a) for NTSC video signals, in IEC 61880 (for inclusion of such value on Line 20) and EIA-608-B (for inclusion of such value on Line 21) or (b) for YUV (525/60 systems) signals, in IEC 61880 (for inclusion of such value on Line 20) and EIA-608-B (for inclusion of such value on Line 21).
1.6“Analog Sunset Content (AACS)” means the video portion of WMDRM Content that has been decrypted using a WMDRM License with a Source ID value of 262.
1.7“Analog Television Output” means such typical consumer electronics analog connectors as NTSC, PAL, SECAM, SCART, YPrPb, S-Video and consumer RGB.
1.8“Analog Video Outputs” means Analog Component Video Outputs, Analog Computer Monitor Outputs, and Analog Television Outputs.
1.9“API” means Application Programming Interface.
1.10“Application” means software applications running on the Windows Media Format SDK and making use of WMDRM functionality.
1.11“Application Secrets” means, collectively, the WMDRM stub library provided to the Company and secrets such as symmetric keys and private keys that reside in the Application binary and/or in the process space of the Application.
1.12“Automatic Gain Control (AGC)” means the so-named copy control system as specified (a) for NTSC, PAL, SECAM or YUV analog video signals, in the document entitled “Specification of the Macrovision Copy Protection Process for DVD Products, Revision 7.1.D1, September 30, 1999,” and (b) for a 480p progressive scan analog video signal, in the document entitled “Specification of the Macrovision AGC Copy Protection Waveforms for DVD Applications with 525p (480p) Progressive Scan Outputs, Revision 1.03 (December 22, 1999).”
1.13“Certificate” means a unique WMDRM object used to assess trust.
1.14“Certified Output Protection Protocol” or “COPP” means a protocol that enables a robust signaling and content delivery mechanism between applications and video device drivers, and includes any successor of such protocol, however named.
1.15“CGMS-A” means the Copy Generation Management System (Analog) as specified (a) for NTSC analog video signals, in IEC 61880 (for inclusion on Line 20) and in EIA-608-B (for inclusion on Line 21), (b) for PAL, SECAM or YUV analog video signals, in IEC 61880 (for inclusion on Line 20) or in EIA-608-B (for inclusion on Line 21) or in EIA-805 (for inclusion on Line 41) for YUV (525/60 systems) signals or in ETS 300294 for PAL, SECAM and YUV (625/50 systems) signals, or (c) for 480p progressive scan analog video signals, in, or adapted without material change from, EIAJ CPR1204-1 (defining the signal waveform carrying the CGMS-A) and IEC 61880 (defining the bit assignment for CGMS-A).
1.16“Collaborative Play Client” means a software application that receives and plays the audio and/or video portion of decrypted WMDRM Contentfrom a Collaborative Play Server under the Collaborative Play Model.
1.17“Collaborative Play Model” means a peer-to-peer model for enabling a Collaborative Play Server to Pass and simultaneously send the audio and/or video portion of decrypted WMDRM Contentto a Collaborative Play Client for the purpose of a creating a concurrent listening and/or viewing experience.
1.18“Collaborative Play Server” means a Licensed Product that Passes and simultaneously sends the audio and/or video portion of decrypted WMDRM Content to a Collaborative Play Client under the Collaborative Play Model.
1.19“Colorstripe” means the so-named copy control system as specified for NTSC analog video signals in the document entitled “Specification of the Macrovision Copy Protection Process for DVD Products, Revision 7.1.D1, September 30, 1999.”
1.20“Company” means an entity licensed under a License Agreement to develop Licensed Products.
1.21“Compliance Rules” means theseCOMPLIANCE RULES FOR WMF 9.5 SDK WMDRM APPLICATIONS, as amended from time to time by Microsoft.
1.22“Computer Product” means a device that is designed or permits the end user to install software applications thereon, including, but not limited to, personal computers, handheld “Personal Digital Assistants,” and the like.
1.23“Consistent with the Microsoft Implementation” means the Licensed Product (i) provides equivalent functionality to the Microsoft Implementation, (ii) equals or exceeds the robustness of the Microsoft Implementation, and (iii) maintains compatibility and interoperability with the Microsoft Implementation.
1.24“Content” means Digital Audio Content and/or Digital Video Content.
1.25“Content Key” means a symmetric key used to encrypt and decrypt WMDRM Content.
1.26“Cryptographically Random” means unpredictable, in that no polynomial-time algorithm, given any sequence of bits, can guess the succeeding K bits with probability greater than ½^K + 1/P(K) for any (positive) polynomial P and sufficiently large K.
1.27“DES” means Data Encryption Standard.
1.28“Digital Audio Content” means sound recordings, as defined in 17 U.S.C. §101, recorded in a digital format.
1.29“Digital Audio Output” means any of the following digital audio signals: IEC-958, IEC-60958, IEC-61937, HDMI or DisplayPort.
1.30“Digital Video Content” means audiovisual works, as defined in 17 U.S.C. §101, recorded in a digital format.
1.31“Digital Video Output” means any of the following: the digital interface portion only of Digital Visual Interface (DVI), the digital video interface portion of HDMI, or the digital video interface portion of DisplayPort.
1.32“Direct License Acquisition” means the process of acquiring a WMDRM License directly from a WMRM Server.
1.33“DisplayPort” means the so-named industry-supported, digital audio/video interface. The DisplayPort specification is available at
1.34“Effective Resolution” means an image having a visual equivalence not more than the total number of pixels per frame specified. For the avoidance of doubt, an image of Effective Resolution may be Passed using video processing techniques such as line doubling, scaling, or sharpening.
1.35“Existing Licensed Product” means a Licensed Product, all aspects of which are exactly the same in all respects, as any product manufactured and sold prior to December 31, 2010; providedthat notwithstanding the foregoing, Existing Licensed Products may include changes to Licensed Product made solely for one or more of the following reasons: (i) to comply with the Compliance Rulesand applicable robustness rules, (ii) to implement changes solely of Application Secrets and/or WMDRM Certificates, (iii) to implement security patches or (iv) to implement bug fixes designed solely to cause a product to operate in accordance with such product’s pre-existing product specification.
1.36“HDCP” means High-Bandwidth Digital Content Protection. The HDCP specification and license agreement are available from Digital Content Protection, LLC at
1.37“HDMI” means High-Definition Media Interface, an industry-supported, uncompressed, digital audio/video interface. The HDMI specification is available at
1.38“Individualization” means the process of downloading and installing from a Microsoft service unique WMDRM component(s) for the purpose of improving the protection provided by WMDRM.
1.39“Internal Video Output” includes any display that is permanently internally connected to the Computer Product on which a Licensed Product is running, including but not limited to, a liquid crystal display (“LCD”).
1.40“License Agreement” means the agreement(s) under which Microsoft licenses entities to develop and distribute products that use the WMDRM components contained in the Windows Media Format SDK redistributable components and authorizes use of WMDRM Certificates.
1.41“Licensed Product” means a Company software application that uses the WMF SDK and is licensed by Microsoft to implement WMDRM Functionality.
1.42“Metering” is a feature of WMDRM designed to securely collect and report content usage information.
1.43“Microsoft Implementation” means the implementation of WMDRM Functionality provided as source code, binaries, technical documentation, tools and/or sample files as provided to Company under the License Agreement. To the extent a Licensed Product implements WMDRM-ND, such technical documentation includes but is not limited to the Windows Media DRM for Network Devices specification.
1.44“Output” means any of the following: Analog Audio Output, Analog Computer Monitor Output, Analog Television Output, Analog Component Video Output, Digital Audio Output, Digital Video Output, Internal Video Output or USB Audio Output. Transmitting (as defined herein) is not an Output.
1.45“Output Control” means restrictions included in WMDRM Policy that must be applied when Passing WMDRM Content, including but not limited to Output Protection Levels.
1.46“Output Protection Level” means a number included in WMDRM Policy that corresponds to the content protection that must be applied when Passing WMDRM Content. The Output Protection Level may be determined and assigned by the content owner or may be assigned by the Microsoft Implementation for specific categories of WMDRM Content.
1.47“Package” means the process of encrypting Content into WMDRM Content.
1.48“Pass” means to direct decrypted WMDRM Content to flow to local Computer Product Outputs, optionally through intermediate local components such as a decoder or device driver.
1.49“Persistent Storage” means storage that can retain data for an indefinite period of time after power is withdrawn.
1.50“Redbook CD” means "Compact Disc Digital Audio Standard" standard, as described in CEI IEC 908.
1.51“SD Interlace Modes” mean composite video, S-Video, 480i component video and 576i video.
1.52“Secure Audio Path” or “SAP” means a Microsoft technology for protecting audio from the point at which it is decrypted in the WMF SDK to the point at which it is Passed to the audio device driver, and includes any successor of such technology, however named.
1.53“Source ID" means a WMDRM Policy contained in a WMDRM License used for purposes such as, but not limited to, identifying a content protection system that was the source of the WMDRM Content.
1.54“Transmit” means to sendWMDRM Licenses to a device implementing WMDRM.
1.55“Transmitter” means a product authorized by Microsoft to Transmit.
1.56“Unknown Output” means an output type that cannot bedetermined by the Licensed Product using all commercially reasonable technical mechanisms.
1.57“USB Audio Output” means an output that complies with the Universal Serial Bus (USB) Audio Specification available from the USB Forum.
1.58“WMDRM” means Windows Media Digital Rights Management technology.
1.59“WMDRM Certificate” means a Certificate provided by Microsoft for the purpose of enabling a Licensed Product to access WMDRM Functionality.
1.60“WMDRM Content” means audio or audiovisual content that has been encrypted and recorded using WMDRM.
1.61“WMDRM Data Stores” means the secure databases required for mandatory and optional WMDRM features. These include, but are not limited to, License Store, Secure Store, Metering Store and License Synchronization Store as described in the Microsoft Implementation.
1.62“WMDRM Functionality” means the implementation of WMDRM tasks, including but not limited to Passing, Packaging, encrypting, decrypting, enumerating licenses, Individualizing, Direct License Acquisition, burning to Redbook CD, functioning as a Transmitter, and functioning as a Collaborative Play Server.
1.63“WMDRM License” means a data structure that contains, but is not limited to, an encrypted Content Key or an encrypted key used to decrypt a Content Key associated with specific WMDRM Content, and WMDRM Policy associated with specific WMDRM Content.
1.64“WMDRM Policy” means the description of the actions permitted and/or required with respect to WMDRM Content and restrictions on those actions as described in the WMDRM License associated with the WMDRM Content.
1.65“WMDRM-ND Receiver” means a product authorized by Microsoft to obtain WMDRM Licenses and WMDRM Content from a WMDRM-ND Transmitter.
1.66“WMDRM-ND Technical Documentation” means all of the technical documentation entitled "Implementing the Windows Media Digital Rights Management for Network Devices Protocol," as such technical documentation may be amended from time to time by Microsoft.
1.67“WMDRM-ND Transmitter” means a product authorized by Microsoft to use the WMDRM-ND functionality in the WMF SDK to Transmit.
1.68“WMDRM-ND” means WMDRM for Network Devices.
1.69“WMF SDK Technical Documentation” means documentation provided with the WMF SDK.
1.70“WMF SDK” means Windows Media Format Software 9.5 Development Kit.
1.71“WMRM Server” means a web server licensed by Microsoft to use a Windows Media Rights Manager Software Development Kit to issue WMDRM Licenses over a network.
- SCOPE. These Compliance Rules apply to Licensed Products.
- REQUIREMENTS FOR COMPLYING WITH WMDRM POLICY
- Functionality. WMDRM Functionality must be implemented in a manner Consistent with the Microsoft Implementation. This requirement is in addition to all of the specific compliance rules set forth in this document. In the event of a conflict between how the Microsoft Implementation implements a given WMDRM Functionality and how a specific compliance rule in this document describes how such functionality must be implemented, the compliance rule takes precedence.
- Architecture.All WMDRM Functionality must be implemented in its entirety on a single Computer Product.
- Unspecified policy. WMDRM Policymay specify additional rights, restrictions or parameters that are not covered in these Compliance Rules. Nevertheless Licensed Products must take action based only on rights covered in these Compliance Rules and must enforce only restrictions covered in these Compliance Rules. To the extent that WMDRM Policy (or a particular WMDRM License) describes additional rights, restrictions or parameters that are not described in these Compliance Rules, Licensed Products must ignore such additional rights, restrictions or parameters.
- DRM Certificates
- Unique Certificate. Company shall request from Microsoft and use a unique WMDRM Certificate for each major version of a Licensed Product released by Company. A “major version” refers to any version of a Licensed Product that adds significant features or functionality, and/or that alters the implementation of any WMDRM Functionality in a material way (e.g., but not limited to, a version designated by a change in the first digit to the left of the decimal point such as version 1.0, 2.0, 3.0, etc.).
- Certificate Implementation. Company shall statically link the WMDRM Certificate into Licensed Products. Company shall use the WMDRM Certificate solely to enable Licensed Products to interoperate with the WMF SDK.
- Revocation. If a Licensed Product receives the NS_E_DRM_APPCERT_REVOKED or NS_E_DRM_LICENSE_APP_NOTALLOWED error from WMDRM, Licensed Product must either (A) invoke an internal upgrade mechanism to restore the compliance of the Licensed Product, or (B) direct the end user to a Company web site page that provides a mechanism for the end user to restore the compliance of the Licensed Product.
- Individualization.
- Licensed Products supporting Direct License Acquisition must enable Individualization whenever the Licensed Product receives either WMT_NEEDS_INDIVIDUALIZATION or NS_E_DRM_NEEDS_INDIVIDUALIZATION from any WMF SDK API.
- Company must provide a mechanism to obtain the end user’s explicit informed consent prior to the Licensed Product’s performing any Individualization.
- Encryption. “Personal WMDRM” is the process of encrypting content into WMDRM Content and creating a WMDRM License bound to the local Computer Product. If a Licensed Product encrypts WMDRM Content using the Personal WMDRM feature of WMDRM, Licensed Product must specify only rights for which pre-defined constants beginning with WMT_RIGHT exist in the WMF SDK. For avoidance of doubt, specifying WMT_RIGHT_PLAYBACK is allowed and specifying 0xFFFFF is disallowed.
- COPP Support. Licensed Products that Pass the video portion of WMDRM Content to Outputs under the Playback rules specified in Section 4 must implement support for COPP. Licensed Products must engage COPP to confirm that the required Output protection is enabled as required in Section 4.3.
3.7.1 APIs. Licensed Products meeting the conditions of this Section 3.7 must use the APIs exposed by the DirectShow Video Mixing Renderer (VMR) 7 or 9, or the Enhanced Video Renderer (EVR) to establish the secure channel to the COPP-compliant graphics driver, and to send or receive COPP commands or status information. These APIs are described in Section 7 of the Certified Output Protection Protocol (HDCP, CGMS-A and Analog Copy Protection Support) Technical Documentation. The VMR provides a new interface, IAMCertifiedOutputProtection, and associated data structures for this purpose.
3.7.2COPP Certificate Validation. Licensed Products may not Pass WMDRM Content to an Output under Section 3.7 unless the Licensed Product has validated that the applicable COPP driver’s certificate chains up to the Microsoft root Certificate containing the RSA public key identified by the following base64-encoded values.
3.7.2.1Modulus: pjoeWLSTLDonQG8She6QhkYbYott9fPZ8tHdB128ZETcghn5KHoyin7HkJEcPJ0Eg4UdSva0KDIYDjA3EXd69R3CN2Wp/QyOo0ZPYWYp3NXpJ700tKPgIplzo5wVd/69g7j+j8M66W7VNmDwaNs9mDc1p2+VVMsDhOsV/Au6E+E
3.7.2.2Exponent: AQAB
3.7.3Exception. Licensed Products that implement support for only Collaborative Play policy as set forth in Section 5 are not required to implement COPP or support Output Protection Levels.
3.8No Circumvention. Licensed Products must not, directly (including without limitation through the use of the WMDRM Functionality) or indirectly (including without limitation through any device or application offered, sold, or marketed for use with the Licensed Product), (a) provide access to and/or display WMDRM Content in any manner inconsistent with these Compliance Rules or (b) otherwise circumvent the rights and restrictions associated with WMDRM Content.