DRM and Content Protection Requirements for Windows Media Series and Tivo Approved Formats

Schedule B-1

DRM and Content Protection Requirements for Windows Media Series and TiVo Approved Formats

Exhibit E-4

DRM AND CONTENT PROTECTION REQUIREMENTS FOR
APPROVED DOWNLOAD DRMS

The following constitutes certain minimum requirements that Amazon’sADSI’s operational content protection systems must meet at all times with respect to the Included Programs.distribution of Subscription Titles through the Subscription Service using WM-DRM, TiVo DRM, or Widevine DRM (each, an “Approved Download DRM”). The requirements set forth in Part I of this Schedule B-1Exhibit E-4 are implemented via the DRM encompassed within the Approved FormatDownload DRM. Accordingly, so long as AmazonADSI properly implements, and configures its implementation of, the DRM encompassed within the Approved FormatDownload DRM, implements any appropriate security patches or updates to such Approved Download DRM and does not utilize separate features or technologies that conflict or override the foregoing , Amazon, ADSI will be in compliance with Part I of this Schedule B-1Exhibit E-4. The requirements set forth in Part II of this Schedule B-1Exhibit E-4 are to be implemented directly by AmazonADSI, and AmazonADSI is responsible for such implementation. These requirements may be upgraded from time to time by the mutual written agreement of the partiesParties.

PART I (IMPLEMENTATION VIA DOWNLOAD DRM)

1.

1. 1. Encryption

a.

1. Content shall be transmitted to devices in secure, encrypted form.

c.

1. Content shall never be transmitted digitally between any devices in unencrypted form.

e.

1. The content protection system shall only decrypt streamed content into memory temporarily for the purpose of decoding and rendering the content and shall never write decrypted content (including portions of the decrypted content) or streamed encrypted content into permanent storage.

g.

1. Content shall be encrypted using standard, nonproprietary, time-tested cryptographic protocols and algorithms.

i.

1. Encryption shall be applied to the entirety of A/V data.

k.

1. Each time content is encrypted, it shall be encrypted using a unique cryptographic key.

m.

1. No two encrypted content files shall be encrypted with the same cryptographic key.

o.

1. Passwords, cryptographic keys or any other information that is critical to the cryptographic strength of the content protection system shall never be transmitted or stored in the clear or reused.

3.

1. 2. Authentication, Playback and Storage

a.

1. A valid license, containing the unique cryptographic key/keys and other information necessary to decrypt the associated content and the set of usage rules associated with the content, shall be required in order to decrypt and play a specific instance of content.

c.

1. Each playback license shall be keyed to work only on a specific individual end user device and shall be incapable of being transferred between devices.

e.

1. Each installation of the trusted client software on an end user device shall be individualized and thus uniquely identifiable. For example, if the client software is copied or transferred from one computer to a subsequent computer, it will not work on the subsequent computer without being uniquely individualized.

5.

1. 3. Protection against Hacking

a.

1. Playback licenses, revocation certificates, and security-critical data shall be cryptographically protected against tampering, forging and spoofing.

c.

1. The content protection system shall employ industry-accepted tamper-resistant technology on hardware and software components (e.g., to prevent such hacks as a clock rollback, spoofing, use of common debugging tools, and intercepting unencrypted content in memory buffers).

e.

1. For software-only implementations on open computing platforms (e.g., personal computers), the content protection system shall employ tamper-resistant software. Examples of tamper-resistant software techniques include:
2. Code obfuscation example: The executable binary dynamically encrypts and decrypts itself in memory, so that the algorithm is not unnecessarily exposed to disassembly or reverse engineering.
3. Integrity detection example: Using one-way cryptographic hashes of the executable code segments and/or self-referential integrity dependencies, the trusted software fails to execute if it is altered prior to or during run-time.
4. Anti-debugging example: The decryption engine prevents the use of common debugging tools.

g.

1. The content protection system implementsshall implement secure internal data channels to prevent rogue processes from intercepting data transmitted between system processes as soon as possible after such secure internal data channels are commercially available or are otherwise feasible.

i.

1. The content protection system shall prevent the use of media player filters or plug-ins that can be exploited to gain unauthorized access to content (e.g., access to the decrypted but still encoded content by inserting a shim between the Download DRM and the player).

7.

1. 4. Revocation and Renewal

a.

1. The content protection system shall give AmazonADSI the ability to revoke any or all previously generated playback licenses and, among other things, require a player upgrade to reinstate the playback license.

c.

1. The content protection system shall provide a mechanism to revoke any or all playback licenses issued to specific individual devices.

e.

1. The content protection system shall be renewable and securely updateable in event of a breach of security or improvement to the content protection system.

g.

1. The content protection system shall be upgradeable, allow for backward compatibility if desired, and allow for integration of new rules and business models.

i.

1. The content protection system shall require periodic license verification (a/k/a “phone home” mechanism) if and when required by LicensorContent Provider.

PART II (AMAZON DIRECT IMPLEMENTATION)

1.

1. 1. Outputs

a.

b.Analog Outputs

c.

d.Prior to issuing a DRM license. ADSI shall signal for an Included ProgramCGMS-A set to “Copy Never” to an Authorized Device, Amazon will querybe activated if the Authorized Device to determine whether there (i)is an operationalone on which a Certified Output Protection Protocol (“COPP”) compliant driver on the Authorized Device. If the COPPvideo driver is present, the Included Program is one for which Licensor has requested Macrovision and (ii)has analog copy protection, and if Macrovision implementation would not materially degrade customer viewing of the Included Program on the Authorized Device, then Amazon will issue a DRM license with the Macrovision inclusion rights enabled. If the COPP driver is not present, if the Included Program is one for which Licensor has not requested Macrovision analog copy protection, or if Macrovision implementation would materially degrade customer viewing of the Included Program on the Authorized Device, then Amazon will issue a DRM license without the Macrovision rights set.

e.

f.Licensor will pay any per-transaction license fees for Macrovision analog copy protection. Amazon will bear any fees for implementation of Macrovision analog copy protection other than per-transaction license fees.

g.

h.

i.The content protection system shall not output any analog signal of a line standard that is greater than 525 line, NTSC or 625 pal.

j.

k.Digital Outputs

l.

m.a.Prior to allowing a Subscriber to register an Authorized Device with a digital output, Amazon will query the device to determine if it is compliant with DTCP (a.k.a. 5C) or HDCP digital output technology. If it is compliant with such digital output technology, Licensee shall enable DTCP or HDCP, as applicable, in connection with the issuance of DRM licenses for play of Included Programs on such device. Any such digital output protection technology shall be set, in implementation, at “Copy Never.” If DTCP or HDCP digital outputs that are not present and mandated, then digital outputs shall be prohibited. Notwithstanding the foregoing, on a personal computer platform only, Licensee shall be entitled to output uncompressed content over digital outputs such as Digital Video Interface (“DVI”) to the extent allowed by the DVDCCA. disabled. [Note to Sony: We have removed Macrovision-related provisions based on Sony’s agreement that there is no longer any requirement for Amazon to use Macrovision on Sony content.] [From Tim: mentioning COPP only is too specific, and COPP has now been succeeded by OPM, Output Protection Monitor. Change COPP text to something like “(i) supports the establishment of CGMS-A on analogue outputs”]

n.Exception Clause for Standard Definition, Uncompressed Digital Outputs on Windows-based PCs and Macs running OS X or higher:

b.Digital Outputs. ADSI shall signal for the following digital video output copy protections to be activated:

i.High Definition Copy Protection (“HDCP must be enabled on all”) if the Authorized Device has uncompressed digital video outputs (e.g. HDMI, Display Port),that are not disabled unless the customer’sSubscriber’s system cannot support HDCP (e.g., the contentSubscription Title would not be viewable on such customer’sSubscriber’s system if HDCP were to be applied).activated); and [From Tim: this allowance for non-support of HDCP only applies to SD and does not apply to HD. If HD is in scope here, we need quickly agree some language for HD to the PC that we are working on based on the iTunes agreement.]

ii.

ii.2. Except in the case of Widevine DRM, Digital Transmission Copy Protection (“DTCP”) (also known as 5C) if the Authorized Device has compressed digital video outputs that are not disabled. [From Tim: AMZ need to explain the absence of DTCP here – its our understanding that Widevine supports signaling for DTCP]

c.Implementation. Content Provider acknowledges that ADSI does not control whether an Authorized Device actually implements any output protection technology signaled by ADSI hereunder and agrees that ADSI shall not be responsible for any failure of any Authorized Device to do so. [I don’t like this but it’s a reasonable request in some ways. Could we also addd though “However, where this agreement requires ADSI to determine if output protection is supported on a particular device or not before delivering content to that device, AMZ shall be responsible for any failure to so determine support or otherwise of output protection at the required time.”]

3.Geofiltering

4.

1. Amazon. ADSI shall employ the Geofiltering Technologyan Authorized Geo-Filtering Techniqueas required under Section 12.1.Error! Reference source not found..

3.Embedded Information

In the event Licensor embeds, encodes or otherwise inserts, or if applicable, associates copy control information in or with the Included Programs prior to delivery to Amazon, and provided that Licensor ensures that the same does not degrade the viewability of the Included Program or introduce compatibility or other technical problems for the Service or the Subscriber, Amazon agrees to “pass through” such copy control information without alteration, modification or degradation in any manner; provided, however, that if such copy control information is altered, modified or degraded resulting from Amazon’s distribution of the Included Programs in the ordinary course of its operations, such alteration, modification or degradation shall not be a breach of this provision. Included Programs delivered by Licensor which include copy control information which degrades the viewability of the Included Program or introduces compatibility or other technical problems for the Service or the Subscriber shall not be deemed Delivered hereunder.