Compliance Rules for WMRM 10 SDK Applications and Services

Compliance Rules For
WMRM 10 SDK Applications And Services

1. Definitions

The following terms have the meanings set forth below. Other initially capitalized terms not defined in these Compliance Rules have the meanings ascribed to them in the License Agreement and the Microsoft Implementation.

1.1“Certificate” means a unique WMDRM object used to assess trust.

1.2“Chained License” means a WMDRM License which has an association with another WMDRM License.

1.3“Company” means an entity licensed under a License Agreement to develop Licensed Products.

1.4“Content” means audio and/or video that are transmitted or distributed, either by broadcast, cablecast or other means of distribution.

1.5“Content Key” means a symmetric key used to encrypt and decrypt WMDRM Content.

1.6“DRM Root Certificate” means a WMDRM Certificate that is common to all WMRM License Agreement licensees that is used by the WMRM SDK for operating a License Server and generating WMDRM Licenses.

1.7“DRM Server Certificate” means a WMDRM Certificate unique to a WMRM License Agreement licensee that is used by the WMRM SDK for operating a License Server and generating WMDRM Licenses.

1.8“License Server” means a web server or other Licensed Productthat utilizes the WMRM SDK to issue WMDRM Licenses to WMDRM Clients.

1.9“Licensed Product” means any application or service that utilizes the WMRM SDK.

1.10“Metering” is a feature of WMDRM designed to securely collect and report Content usage information.

1.11“Metering Aggregation Service” means a Licensed Productwhich collects Metering Submissions from WMDRM clients.

1.12“Metering Certificate” is a WMDRM Certificate that is used by a Metering Aggregation Service to establish trust with a WMDRM Client and is also contained in WMDRM Licenses that enable WMDRM Clients to submit metering data to a specific Metering Aggregation Service.

1.13“Metering Submission” means a message containing Metering data sent to a Metering Aggregation Service by a WMDRM Client.

1.14“Metering Response” means a required acknowledgement returned to a WMDRM Client by a Metering Aggregation Service in response to a Metering Submission.

1.15“Output Protection Level” means a number included in WMDRM Policy that corresponds to the Content protection that must be applied when Passing WMDRM Content.

1.16“Package” means the process of encrypting Content into WMDRM Content.

1.17“Pass” means to direct Content that has been decrypted from WMDRM Content to flow to outputs, optionally through intermediate components such as a codec or device driver.

1.18“Right” means an action permitted on WMDRM Content.

1.19“WMDRM” means Windows Media Digital Rights Management technology.

1.20“WMDRM Client” is an application, device or service that can accept and process WMDRM Licenses and WMDRM Content, and can optionally create and submit WMDRM Metering Submissions.

1.21“WMDRM Content” means audio or audiovisual Content that has been encrypted using WMDRM.

1.22“WMDRM License” means a data structure that contains, but is not limited to, WMDRM Policy and an encrypted Content Key associated with specific WMDRM Content.

1.23“WMDRM Policy” means the description of the actions permitted and/or required for or with WMDRM Content, and the restrictions on those actions as described in the WMDRM License associated with the WMDRM Content.

1.24“WMRM License Agreement” means the agreement under which Microsoft licenses entities to develop and distribute products that use the WMDRM components contained in the Windows Media Rights Manager SDK.

1.25“WMRM SDK Configuration” means the configuration settings used by a Licensed Product. This includes, but is not limited to, Revocation Lists, Client Verification Keys and WMDRM Certificates.

1. SCOPE

These Compliance Rules apply to Licensed Products that make use of the WMDRM functionality included in the WMRM SDK. These Compliance Rules set forth the requirements pursuant to which Licensed Products that use the WMRM SDK may Package WMDRM Content, modify WMDRM Content, processMetering Submissions, and issue WMDRM Licenses.

1. Requirements for Licensed Product Configurations
2. WMRM SDK Configuration. Company must maintain current WMRM SDK configuration settings in compliance with section 4 of these Compliance Rules. Company may replicate WMRM SDK configuration settings to test computers and production computers. Company must not modify WMRM SDK Configuration data without written consent from Microsoft.
3. Requirements for Product Updates

Licensed Products must comply with the following:

4.1Configuration Updates. Company must update the WMRM SDK Configuration for all Licensed Products once a week by accessing the WMRM SDK Configuration settings at

4.2SecurityUpdates. When contacted by Microsoft about a required security update for or related to WMRM SDK, Company will use commercially reasonable efforts to obtain the update and update all Licensed Products within a commercially reasonable time.

4.3Recommended Updates. From time to time Microsoft may provide non mandatory updates. Although Microsoft recommends that these updates be applied to Licensed Products, Company is not required to obtain recommendedupdates or to apply them to update Licensed Products.

1. Requirements for WMDRM Certificate
2. Certificates. Company shall consider all WMDRM and Metering Certificates to be Confidential Information of Microsoft and subject to the confidentiality provisions in the WMRM License Agreement.
3. DRM Server Certificate. Company shall request from Microsoft and use a DRM ServerCertificatethat is unique to Company.
4. DRM Root Certificate. Company automatically receives a DRM Root Certificate when the DRM Server Certificate is updated.
5. Metering Certificate. If Company maintains a Metering Aggregation Service then Company shall request from Microsoft and use a unique WMRM SDK Metering Certificate. Company may request multiple Metering Certificates. Distribution requirements for Metering Certificates are described in section 6.
6. DRM Server Certificate and DRM Root Certificate Expiration. Company shall request from Microsoft and use a unique DRM ServerCertificate for use in issuing DRM licenses.Company acknowledges that requesting a DRM ServerCertificate will result in updating the DRM Root Certificate. Company acknowledges that both WMDRM Certificates will periodically expire.
7. The time before the DRM Server Certificate and DRM Root Certificate expiration dates can be queried,as demonstrated in Code Sample1).

Code Sample 1: Querying Certificate Expiration

dim LicenseServer

dim val

set LicenseServer = CreateObject( "LicenseServer.LicenseGenerator" )

call LicenseServer.Get( "cert1_days_to_expiry", val )

wscript.echo "Cert1 (DRM ServerCertificate) Expires in " & val & " days."

call LicenseServer.Get( "cert2_days_to_expiry", val )

wscript.echo "Cert2 (DRM Root Certificate) Expires in " & val & " days."

set LicenseServer = nothing

1. Requirements for Metering

Licensed Productsthat use Metering must comply with the following:

6.1Metering Certificate Distribution. Metering Aggregation Services may distribute Metering Certificates.

6.2Metering Certificate Private Key. Company will not share, expose or provide Metering Certificate private keys outside of Company. Company must make commercial reasonably efforts to secure all Metering Certificate private keys.

6.3Metering Aggregation Service URL. WMDRM Licenses issued with Metering Certificates must ensure that the Metering Aggregation Service URL contained within is valid and accessible by Metering Client.

1. Requirements for LICENSE CHAINING
2. Clients. Licensed Products mayissue Chained Licenses to WMDRM v10 or higher and WMF SDK v9.5 or higher . Licensed Products can determine a client’s version by using the WMRM SDK’s ChallengeObj.ClientVersion() method (as demonstrated in Code Sample 2).

Code Sample 2: Determining client's WMDRM Version

Dim sLicRequest

Dim sMajorVersion

Dim objChallenge

Set objChallenge = Server.CreateObject("Wmrmobjs.WMRMChallenge")

' Retrieve the license request from the client computer

sLicRequest = request.Form("challenge")

' Set the license request into the WMRMChallenge object

objChallenge.Challenge = sLicRequest

' Retrieve the DRM client version from the client

if instr(1,objChallenge.ClientInfo,"devcert",1) = 0 then

'license request is not from a device, get the

'major version from the client version property

sMajorVersion = left(objChallenge.ClientVersion, instr(objChallenge.ClientVersion, ".") - 1)

else

sMajorVersion="10"

end if

if cint(sMajorVersion) >= 10 then

'Add code to perform license chaining here

end if

1. Requirements for LICENSE RIGHTS

Licensed Products must comply with the following:

8.1CopyCount Right. Licensed Productsshall not generate WMDRM Licenses that have a CopyCount value higher than 250

8.2AllowCopy Right. When using the AllowCopy Right the following must be observed:

8.2.1Licensed Products must not set AllowCopy inclusion and/or exclusion values.

8.2.2If the AllowCopy Right is set in a particular WMDRM License then the Licensed Product must also set the Copy Protection Levelrestriction to 400 in such WMDRM License as shown in section 11.4 and Table 2 (as demonstrated in Code Sample 3).

Code Sample 3: Setting Copy Protection Level

' Set playback and copy restrictions.

Dim RestrictObj ' WMRMRestrictions object

Dim PlayRestrictions ' Playback restrictions

Dim CopyRestrictions ' Copy restrictions

' Set CopyProtection Levels

Set RestrictObj = Server.CreateObject("WMRMObjs.WMRMRestrictions")

' Add copy restriction

Call RestrictObj.AddRestriction( WMRM_COPY, 400)

1. Requirements for Application Exclusion

Licensed Products must comply with the following Application Exclusion rules:

9.1Excluded Applications. Company must have written approval from Microsoft before generating WMDRM Licenses that exclude an application.

1. Requirements for Packaging Content

Licensed Products must comply with the following:

10.1Compatibility. Licensed Product will Package content such that it may be played back in the latest public final release of Windows Media Player from Microsoft. Content Packaged with the Licensed Product when played back in Windows Media Player must not result in stability, reliability, or quality problems any more than identical content encoded with the latest public final release of Windows Media Encoder from Microsoft.

1. Requirements for Output and Copy Protection Levels

Licensed Products must comply with the following:

11.1ReservedList. A Licensed Product must not set the ReservedList[] for any WMDRM License.

11.2Updating Output and Copy Protection Levels. The defined set of valid Output Protection Levels and Copy Protection Levels may change from time to time. Company acknowledges that it must check for updates to the Output Protection Levels and Copy Protection Levels and make changes to Licensed Products as needed to reflect these changes.

11.3Output and Copy Protection Level Descriptions. Company acknowledges that it will obtain and use the Windows Media Format SDK Compliance Rules document’s sections on Output Protection Levels and Copy Protection Levels for Output Protection Level and Copy Protection Level definitions. The Windows Media Format SDK Compliance Rules are located at

11.4Valid Output Protection Levels. If an Output Protection Level is specified in a License it must be one of the Output Protection Level values listed inTable 1.

Table 1: Valid Output Protection Levels

Output Protection / Valid Levels
Digital Compressed Audio Output / 100, 400
Digital Uncompressed Audio Output / 100, 200, 300
Digital Compressed Video Output / 100, 400
Digital Uncompressed Video Output / 100, 300
Analog Video Output / 100, 200
Analog Video Extended Output
(set using AddExtension()) / N/A

11.5Valid Copy Protection Levels. If a Copy Protection Level is specified in a WMDRM License it must be one of the Copy Protection Level values listed in Table 2.

Table 2: Valid Copy Protection Levels

Copy Protection / Valid Levels
Copy Protection Level / 400

1. Requirements for Security Levels

Licensed Products must comply with the following:

12.1MinimumClientSDKSecurity Right. A Licensed Product must not set the MinimumClientSDKSecurityRight.

12.2MinimumSecurityLevel Right. If the Minimum Security Level Right is assigned a value it must be one of the Security Level values indicated in Table 3.

Table 3: Security Levels

Security level / Players and devices / Example
150 / Devices that do not support Windows Media DRM. DRM protection is removed when the Content is transferred to such a device. / Devices that support Windows Media-based Content but not protected Content
1000 / Player applications based on Windows Media Format 9.5 SDK and earlier that do not meet additional requirements for level 2000. / Windows Media Player v6.4, Windows Media Player v7
Devices based on Windows Media Portable Device DRM v1. / Windows Media Player for Pocket PC or SmartPhone
Devices based on Windows CE 4.2 and later.
2000 / Player applications based on Windows Media Format 7.1 Series SDK or later, and that follow a stricter set of Content protection guidelines than applications at level 1000. / Windows Media Player v7.1 and later
Devices based on Windows Media DRM 10 for Portable Devices. / Portable media devices that support Windows Media DRM 10 for Portable Devices
Devices based on Windows Media DRM 10 for Network Devices. / Windows Media Connect devices

Compliance Rules For WMRM 10 SDK Applications And Services

Microsoft Confidential-1-10-01-04a