2006 Microsoft Corporation. All Rights Reserved

© 2006 Microsoft Corporation. All rights reserved.

ROBUSTNESS RULES FOR WMDRM EXPORT

USING THE WMF 11 SDK

1.  DEFINITIONS

The following terms have the meanings set forth below. Other initially capitalized terms not defined in these robustness rules have the meanings ascribed to them in the Compliance Rules or the License Agreement.

1.1  “Application” means a software application resident and making use of the WMF SDK and making use of WMDRM functionality subject to a License Agreement.

1.2  “Application Secrets” means, collectively, WMDRM Certificates provided to the Company, the Export Boundary, the Private Keys, Payload Keys, and other WMDRM related secrets that reside in the Application binary and/or in the process space of the Application.

1.3  “Certificate” means a unique WMDRM object used to assess trust.

1.4  “Certificate Revocation List” means a list of Certificates that have been revoked.

1.5  “Circumvention Device” means a hardware, software or hybrid entity whose primary purpose is the circumvention of Content Protection Functions.

1.6  “Company” means an entity licensed under a License Agreement to develop Licensed Products.

1.7  “Compliance Rules” means the Compliance Rules for WMDRM Export using the WMF 11 SDK.

1.8  “Content Protection Functions” means functions related to the protection of Content as prescribed by the WMF SDK technical documentation and the Compliance Rules, including without limitation protection of Content during the Export of WMDRM Content to a Content Provider Authorized Export, as prescribed by the WMF SDK technical documentation.

1.9  “Debugging Aids” means software/hardware components supporting debugging and profiling tools and/or technologies, including without limitation debugging symbols in software.

1.10  “DTCP Source Content” shall mean content where the WMDRM License includes a Source ID of 258 or Source ID of 265, indicating it was received from Digital Transmission Content Protection.

1.11  “Private Key” means the cryptographic value corresponding to the Public Key embedded into the WMDRM Export Application Certificate. The Private Key is used to decrypt the Seed Value.

1.12  “Seed Value” means the value generated by WMDRM for the purpose of generating a Payload Key.

1.13  “User Accessible Bus” means a data bus that is designed for end user upgrades or access, such as PCMCIA, device bay, IEEE 1394, PCI buses with user accessible sockets or Cardbus. A “User Accessible Bus” does not include point-to-point buses, such as graphics buses, memory buses, CPU buses, and internal PCI buses, or similar portions of a device's internal architecture that do not permit access to content in a form useable by end users.

1.14  “WMF SDK” means Windows Media Format 11 Software Development Kit.

1.15  “WMF SDK Technical Documentation” means documentation provided with the WMF SDK.

1.16  “WMDRM Technology” means the methods for local decryption and renewability developed by Microsoft for use with Windows Media Digital Rights Management.

2.  CONSTRUCTION

2.1  Generally. Licensed Products as shipped must meet the applicable robustness and Compliance Rules and be designed and manufactured so as to resist attempts to modify such products so as to defeat any of the Content Protection Functions, as more specifically described herein.

2.2  Defeating Functions and Features. Licensed Products must not include control functions means, software switches, backdoors, bypasses, end-user selectable options, debuggers or Debugging Aids, or mechanisms for self-tampering or delayed loading by which the Content Protection Functions may be defeated. Licensed Products must not use, incorporate, call or enable any software that modifies the behavior of the Licensed Product in a manner that causes it to violate the Compliance Rules. This Section 2.2 does not prohibit Company from designing and implementing its products incorporating means used by Company or professionals to analyze or debug deployed products, or to design its products incorporating software protection techniques such as obfuscation or fragilization, provided, however, that such means do not provide a pretext for inducing consumers to defeat or circumvent mandatory provisions of the Content Protection Functions, robustness rules or Compliance Rules.

2.3  Keep Secrets. Licensed Products must be designed and manufactured such that they resist attempts to each and all of the following:

2.3.1  Reveal, use or replace without authority the Application Secrets. For this Section 2.3.1, ‘use without authority’ refers to direct or indirect use or leverage of the Application Secrets by a hardware or software entity other than the Licensed Product, by which the Content Protection Functions may be defeated;

2.3.2  Replace without authority the Public Cryptographic Constants;

3.  ACCESSIBILITY OF CONTENT. Company must design and develop Licensed Products such that decrypted WMDRM Content is not available to outputs or via a binary module that implements Export functionality, and must not travel or otherwise be placed outside the application process except as allowed by the Compliance Rules.

3.1  Within Licensed Products, the video portion of Compressed WMDRM Export Content must be protected by a robust method when transiting a User Accessible Bus. This Section 3.1 does not prohibit Company from designing and manufacturing its products incorporating means, such as test points, used by Company or professionals to analyze or repair products, provided, however, that such means do not provide a pretext for inducing consumers to obtain ready and unobstructed access to internal connectors.

3.2  The Application Secrets shall not be available in memory except when in use to decrypt WMDRM Content and keying material.

4.  METHODS OF MAKING FUNCTIONS ROBUST

Licensed Products must use at least the following techniques to be designed to effectively frustrate efforts to circumvent or defeat any or all applicable Content Protection Functions and protections specified in the applicable compliance rules and robustness rules:

4.1  Licensed Products must include all of the characteristics set forth in Sections 2 and 3 of these robustness rules. In addition, Licensed Products must:

4.1.1  Achieve compliance with Sections 2 and 3 of these robustness rules, to the extent required by Section 5, by reasonable and effective methods, including varying the memory location of the Export Boundary, and may additionally include use of techniques of obfuscation to disguise and hamper attempts to discover the approaches used and/or secrets concealed within the software, and/or self-checking of integrity in such a manner as to result in a failure to execute Content Protection Functions in the event of unauthorized modification.

4.1.2  Be implemented such that the failure of a Content Protection Function would cause the implementation to cease further processing and explicitly fail safely, as prescribed by the WMF SDK Technical Documentation.

5.  REQUIRED LEVELS OF ROBUSTNESS

5.1  The Content Protection Functions and the characteristics set forth in Sections 2.3.1 and 2.3.2 must be implemented so that it is reasonably certain that they:

5.1.1  Cannot be defeated or circumvented using Widely Available Tools or Specialized Tools.

5.2  Licensed Products shall be clearly designed such that when decrypted uncompressed video data from DTCP Source Content with a resolution greater than an Effective Resolution of 520,000 pixels per frame is transmitted over a User Accessible Bus, it is reasonably certain that such data:

5.2.1  Are reasonably secure from unauthorized interception by using either Widely Available Tools or Specialized Tools, except with difficulty, other than Circumvention Devices. The level of difficulty applicable to Widely Available Tools is such that a typical consumer should not be able to use Widely Available Tools, with or without instructions, to intercept such data without risk of serious damage to the product or personal injury.

5.3  “Widely Available Tools” means unrestricted application APIs and general-purpose tools or software that are widely available at a reasonable price, such as file readers, file editors, file comparison utilities, debuggers, dissemblers, and internet traffic analyzers, other than Circumvention Devices.

5.4  “Specialized Tools” means specialized tools, equipment or software that are widely available at a reasonable price, such as page file scanners, kernel mode code, and memory readers and writers, other than Circumvention Devices.

6.  NEW CIRCUMSTANCES. If a Licensed Product when designed and shipped complies with the robustness rules set forth above, but at any time thereafter circumstances arise which, had they been existing at the time of design, would have caused such implementation to fail to comply with the robustness rules ("New Circumstances"), then upon becoming aware of such New Circumstances, Company shall promptly redesign the affected Licensed Product(s) or make available upgrades to its affected Licensed Product(s) to make such Licensed Products compliant with the robustness rules under the New Circumstances, and, as soon as reasonably practicable, consistent with ordinary product cycles and taking into account the level of threat to content under the New Circumstances, shall incorporate such redesign or replacement into its affected Licensed Product(s), or if such redesign or upgrades are not possible or practical, cease manufacturing such affected Licensed Product(s) and cease selling such affected Licensed Product(s).

Robustness Rules for WMDRM Export

-4- 18 December 2006