аЯрЁБс > ўџ " ўџџџ џџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџьЅС aр јП qЫ bjbjЭЭ чь јЇI\јЇI\И у џџ џџ џџ З ъ ъ b b b b b D џџџџ І І І & М тЁ Ь І КД в ЎЋ ,> кщ @ ъ ъ ъ bы 8C . \ і: 0 В В В В В В В $ З Ж BК * 7В = b &A bы bы &A &A 7В b b ъ ъ H tД >S >S >S &A b ъ b ъ В >S &A В >S >S . _ g ъ џџџџ ЂШЫЬб џџџџ 0J . ѓ §Б Д 0 КД T lК ^J р lК s lК b h &A &A >S &A &A &A &A &A 7В 7В >S &A &A &A КД &A &A &A &A џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ џџџџ lК &A &A &A &A &A &A &A &A &A ъ > ( : [MS-DRM]: Digital Rights Management License Protocol Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=214445" Open Specification Promise or the HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=214448" Community Promise. If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting HYPERLINK "mailto:iplg@microsoft.com" iplg@microsoft.com. Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit HYPERLINK "http://www.microsoft.com/trademarks" www.microsoft.com/trademarks. Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred. Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. Revision Summary DateRevision HistoryRevision ClassComments05/11/20070.1 MCPP Milestone 4 Initial Availability08/10/20071.0MajorUpdated and revised the technical content.09/28/20071.0.1EditorialRevised and edited the technical content.10/23/20071.0.2EditorialRevised and edited the technical content.11/30/20071.0.3EditorialRevised and edited the technical content.01/25/20081.0.4EditorialRevised and edited the technical content.03/14/20082.0MajorUpdated and revised the technical content.05/16/20082.0.1EditorialRevised and edited the technical content.06/20/20082.0.2EditorialRevised and edited the technical content.07/25/20082.0.3EditorialRevised and edited the technical content.08/29/20082.0.4EditorialRevised and edited the technical content.10/24/20082.1MinorUpdated the technical content.12/05/20082.1.1EditorialEditorial Update.01/16/20092.1.2EditorialRevised and edited the technical content.02/27/20092.2MinorUpdated the technical content.04/10/20093.0MajorUpdated and revised the technical content.05/22/20094.0MajorUpdated and revised the technical content.07/02/20095.0MajorUpdated and revised the technical content.08/14/20095.0.1EditorialRevised and edited the technical content.09/25/20095.1MinorUpdated the technical content.11/06/20095.1.1EditorialRevised and edited the technical content.12/18/20096.0MajorUpdated and revised the technical content.01/29/20106.1MinorUpdated the technical content.03/12/20106.1.1EditorialRevised and edited the technical content.04/23/20107.0MajorUpdated and revised the technical content.06/04/20108.0MajorUpdated and revised the technical content.07/16/20109.0MajorSignificantly changed the technical content.08/27/20109.0No changeNo changes to the meaning, language, or formatting of the technical content.10/08/20109.0No changeNo changes to the meaning, language, or formatting of the technical content.11/19/20109.0No changeNo changes to the meaning, language, or formatting of the technical content.01/07/20119.0No changeNo changes to the meaning, language, or formatting of the technical content.02/11/20119.0No changeNo changes to the meaning, language, or formatting of the technical content.03/25/201110.0MajorSignificantly changed the technical content.05/06/201111.0MajorSignificantly changed the technical content.06/17/201111.1MinorClarified the meaning of the technical content.09/23/201111.1No changeNo changes to the meaning, language, or formatting of the technical content.12/16/201112.0MajorSignificantly changed the technical content.03/30/201212.0No changeNo changes to the meaning, language, or formatting of the technical content.07/12/201212.0No changeNo changes to the meaning, language, or formatting of the technical content.10/25/201212.0No changeNo changes to the meaning, language, or formatting of the technical content.01/31/201313.0MajorSignificantly changed the technical content.08/08/201314.0MajorSignificantly changed the technical content.11/14/201315.0MajorSignificantly changed the technical content. Contents TOC \f \h \t "DSTOC1-1,1,DSTOC1-2,2,DSTOC1-3,3,DSTOC1-4,4,DSTOC1-5,5,DSTOC1-6,6,DSTOC1-7,7,DSTOC1-8,8,DSTOC1-9,9,DSTOC2-2,2,DSTOC2-3,3,DSTOC2-4,4,DSTOC2-5,5,DSTOC2-6,6,DSTOC2-7,7,DSTOC2-8,8,DSTOC2-9,9,DSTOC3-3,3,DSTOC3-4,4,DSTOC3-5,5,DSTOC3-6,6,DSTOC3-7,7,DST HYPERLINK \l "_Toc370462164" 1 Introduction PAGEREF _Toc370462164 \h 8 HYPERLINK \l "_Toc370462165" 1.1 Glossary PAGEREF _Toc370462165 \h 8 HYPERLINK \l "_Toc370462166" 1.2 References PAGEREF _Toc370462166 \h 8 HYPERLINK \l "_Toc370462167" 1.2.1 Normative References PAGEREF _Toc370462167 \h 9 HYPERLINK \l "_Toc370462168" 1.2.2 Informative References PAGEREF _Toc370462168 \h 9 HYPERLINK \l "_Toc370462169" 1.3 Overview PAGEREF _Toc370462169 \h 10 HYPERLINK \l "_Toc370462170" 1.3.1 Digital Rights Management Version 1 PAGEREF _Toc370462170 \h 11 HYPERLINK \l "_Toc370462171" 1.3.2 Digital Rights Management Version 7 PAGEREF _Toc370462171 \h 12 HYPERLINK \l "_Toc370462172" 1.3.3 Digital Rights Management Version 11 PAGEREF _Toc370462172 \h 13 HYPERLINK \l "_Toc370462173" 1.4 Relationship to Other Protocols PAGEREF _Toc370462173 \h 13 HYPERLINK \l "_Toc370462174" 1.5 Prerequisites/Preconditions PAGEREF _Toc370462174 \h 13 HYPERLINK \l "_Toc370462175" 1.6 Applicability Statement PAGEREF _Toc370462175 \h 14 HYPERLINK \l "_Toc370462176" 1.7 Versioning and Capability Negotiation PAGEREF _Toc370462176 \h 14 HYPERLINK \l "_Toc370462177" 1.8 Vendor-Extensible Fields PAGEREF _Toc370462177 \h 14 HYPERLINK \l "_Toc370462178" 1.9 Standards Assignments PAGEREF _Toc370462178 \h 14 HYPERLINK \l "_Toc370462179" 2 Messages PAGEREF _Toc370462179 \h 15 HYPERLINK \l "_Toc370462180" 2.1 Transport PAGEREF _Toc370462180 \h 15 HYPERLINK \l "_Toc370462181" 2.2 Message Syntax PAGEREF _Toc370462181 \h 15 HYPERLINK \l "_Toc370462182" 2.2.1 Common Data Types and Algorithms PAGEREF _Toc370462182 \h 15 HYPERLINK \l "_Toc370462183" 2.2.1.1 Base64 Encoding PAGEREF _Toc370462183 \h 15 HYPERLINK \l "_Toc370462184" 2.2.1.1.1 Base64 Mapping Table PAGEREF _Toc370462184 \h 16 HYPERLINK \l "_Toc370462185" 2.2.1.1.2 Example: Base64 Encoding of 3 Bytes PAGEREF _Toc370462185 \h 16 HYPERLINK \l "_Toc370462186" 2.2.1.1.3 Base64 and DRM PAGEREF _Toc370462186 \h 16 HYPERLINK \l "_Toc370462187" 2.2.1.2 Cryptographic Parameters PAGEREF _Toc370462187 \h 17 HYPERLINK \l "_Toc370462188" 2.2.1.3 Cryptographic Keys PAGEREF _Toc370462188 \h 17 HYPERLINK \l "_Toc370462189" 2.2.1.4 PK PAGEREF _Toc370462189 \h 18 HYPERLINK \l "_Toc370462190" 2.2.1.5 PKCERT PAGEREF _Toc370462190 \h 18 HYPERLINK \l "_Toc370462191" 2.2.1.6 PUBKEY PAGEREF _Toc370462191 \h 18 HYPERLINK \l "_Toc370462192" 2.2.1.7 LicenseToSend PAGEREF _Toc370462192 \h 18 HYPERLINK \l "_Toc370462193" 2.2.2 DRM Version 1 Data Types PAGEREF _Toc370462193 \h 19 HYPERLINK \l "_Toc370462194" 2.2.2.1 DRM Version 1 License Request PAGEREF _Toc370462194 \h 19 HYPERLINK \l "_Toc370462195" 2.2.2.2 DRM Version 1 License Response PAGEREF _Toc370462195 \h 21 HYPERLINK \l "_Toc370462196" 2.2.2.3 DRM Version 1 License Format PAGEREF _Toc370462196 \h 22 HYPERLINK \l "_Toc370462197" 2.2.2.3.1 CERT PAGEREF _Toc370462197 \h 22 HYPERLINK \l "_Toc370462198" 2.2.2.3.2 CERTDATA PAGEREF _Toc370462198 \h 23 HYPERLINK \l "_Toc370462199" 2.2.2.3.3 CERTIFIED_LICENSE PAGEREF _Toc370462199 \h 23 HYPERLINK \l "_Toc370462200" 2.2.2.3.4 LICENSE PAGEREF _Toc370462200 \h 24 HYPERLINK \l "_Toc370462201" 2.2.2.3.5 LICENSEDATA PAGEREF _Toc370462201 \h 24 HYPERLINK \l "_Toc370462202" 2.2.3 DRM Version 7 Data Types PAGEREF _Toc370462202 \h 26 HYPERLINK \l "_Toc370462203" 2.2.3.1 DRM Version 7 License Request PAGEREF _Toc370462203 \h 26 HYPERLINK \l "_Toc370462204" 2.2.3.1.1 Silent and Nonsilent Requests PAGEREF _Toc370462204 \h 26 HYPERLINK \l "_Toc370462205" 2.2.3.1.1.1 Silent Requests PAGEREF _Toc370462205 \h 26 HYPERLINK \l "_Toc370462206" 2.2.3.1.1.2 Nonsilent Requests PAGEREF _Toc370462206 \h 26 HYPERLINK \l "_Toc370462207" 2.2.3.1.2 HTTP POST Headers PAGEREF _Toc370462207 \h 27 HYPERLINK \l "_Toc370462208" 2.2.3.1.3 XML Schema for Version 7 License Request PAGEREF _Toc370462208 \h 27 HYPERLINK \l "_Toc370462209" 2.2.3.1.3.1 ACTION PAGEREF _Toc370462209 \h 28 HYPERLINK \l "_Toc370462210" 2.2.3.1.3.2 APPSECURITY PAGEREF _Toc370462210 \h 28 HYPERLINK \l "_Toc370462211" 2.2.3.1.3.3 CLIENTID (Element) PAGEREF _Toc370462211 \h 28 HYPERLINK \l "_Toc370462212" 2.2.3.1.3.4 CLIENTID (Structure) PAGEREF _Toc370462212 \h 28 HYPERLINK \l "_Toc370462213" 2.2.3.1.3.5 CLIENTVERSION PAGEREF _Toc370462213 \h 29 HYPERLINK \l "_Toc370462214" 2.2.3.1.3.6 DRMKVERSION PAGEREF _Toc370462214 \h 29 HYPERLINK \l "_Toc370462215" 2.2.3.1.3.7 REVOCATIONINFO PAGEREF _Toc370462215 \h 29 HYPERLINK \l "_Toc370462216" 2.2.3.1.3.8 SECURITYVERSION PAGEREF _Toc370462216 \h 29 HYPERLINK \l "_Toc370462217" 2.2.3.1.3.9 SUBJECTID1 PAGEREF _Toc370462217 \h 30 HYPERLINK \l "_Toc370462218" 2.2.3.1.3.10 SUBJECTID2 PAGEREF _Toc370462218 \h 30 HYPERLINK \l "_Toc370462219" 2.2.3.1.3.11 V1CHALLENGE PAGEREF _Toc370462219 \h 30 HYPERLINK \l "_Toc370462220" 2.2.3.1.3.12 WMRMHEADER PAGEREF _Toc370462220 \h 30 HYPERLINK \l "_Toc370462221" 2.2.3.2 DRM Version 7 License Response PAGEREF _Toc370462221 \h 30 HYPERLINK \l "_Toc370462222" 2.2.3.2.1 Silent Acquisition PAGEREF _Toc370462222 \h 30 HYPERLINK \l "_Toc370462223" 2.2.3.2.2 Nonsilent Acquisition PAGEREF _Toc370462223 \h 30 HYPERLINK \l "_Toc370462224" 2.2.3.2.3 Errors PAGEREF _Toc370462224 \h 30 HYPERLINK \l "_Toc370462225" 2.2.3.2.4 XML Schema for Version 7 License Response PAGEREF _Toc370462225 \h 31 HYPERLINK \l "_Toc370462226" 2.2.3.2.4.1 DRM Version 1 License Format Within a Version 7 License Response PAGEREF _Toc370462226 \h 32 HYPERLINK \l "_Toc370462227" 2.2.3.2.4.2 DRM Version 7 License Format PAGEREF _Toc370462227 \h 32 HYPERLINK \l "_Toc370462228" 2.2.3.2.5 ACTION PAGEREF _Toc370462228 \h 37 HYPERLINK \l "_Toc370462229" 2.2.3.2.6 ANALOGVIDEO PAGEREF _Toc370462229 \h 37 HYPERLINK \l "_Toc370462230" 2.2.3.2.7 CERTIFICATE PAGEREF _Toc370462230 \h 37 HYPERLINK \l "_Toc370462231" 2.2.3.2.8 CERTIFICATECHAIN PAGEREF _Toc370462231 \h 37 HYPERLINK \l "_Toc370462232" 2.2.3.2.9 COMPRESSEDDIGITALAUDIO PAGEREF _Toc370462232 \h 37 HYPERLINK \l "_Toc370462233" 2.2.3.2.10 COMPRESSEDDIGITALVIDEO PAGEREF _Toc370462233 \h 37 HYPERLINK \l "_Toc370462234" 2.2.3.2.11 CONDITION When Used Under the ONACTION, ONSELECT, and ONSTORE Elements PAGEREF _Toc370462234 \h 38 HYPERLINK \l "_Toc370462235" 2.2.3.2.12 CONDITION When Used Under the CONTENTREVOCATION/DATA Element PAGEREF _Toc370462235 \h 38 HYPERLINK \l "_Toc370462236" 2.2.3.2.13 CONTENTPUBKEY PAGEREF _Toc370462236 \h 38 HYPERLINK \l "_Toc370462237" 2.2.3.2.14 CONTENTREVOCATION PAGEREF _Toc370462237 \h 38 HYPERLINK \l "_Toc370462238" 2.2.3.2.15 COPY PAGEREF _Toc370462238 \h 39 HYPERLINK \l "_Toc370462239" 2.2.3.2.16 ENABLINGBITS PAGEREF _Toc370462239 \h 39 HYPERLINK \l "_Toc370462240" 2.2.3.2.17 Events in DRM Licenses PAGEREF _Toc370462240 \h 39 HYPERLINK \l "_Toc370462241" 2.2.3.2.18 Expressions in DRM Licenses PAGEREF _Toc370462241 \h 39 HYPERLINK \l "_Toc370462242" 2.2.3.2.18.1 Identifier PAGEREF _Toc370462242 \h 40 HYPERLINK \l "_Toc370462243" 2.2.3.2.18.2 Function Symbol PAGEREF _Toc370462243 \h 40 HYPERLINK \l "_Toc370462244" 2.2.3.2.18.3 Constant PAGEREF _Toc370462244 \h 40 HYPERLINK \l "_Toc370462245" 2.2.3.2.18.4 Variable PAGEREF _Toc370462245 \h 40 HYPERLINK \l "_Toc370462246" 2.2.3.2.18.5 Final Value PAGEREF _Toc370462246 \h 40 HYPERLINK \l "_Toc370462247" 2.2.3.2.19 Operators in DRM Expressions PAGEREF _Toc370462247 \h 40 HYPERLINK \l "_Toc370462248" 2.2.3.2.19.1 Operator Behavior PAGEREF _Toc370462248 \h 40 HYPERLINK \l "_Toc370462249" 2.2.3.2.19.2 Operator Precedence PAGEREF _Toc370462249 \h 42 HYPERLINK \l "_Toc370462250" 2.2.3.2.20 Data Types in DRM Expressions PAGEREF _Toc370462250 \h 42 HYPERLINK \l "_Toc370462251" 2.2.3.2.20.1 DATETIME Data Type PAGEREF _Toc370462251 \h 42 HYPERLINK \l "_Toc370462252" 2.2.3.2.20.2 LONG Data Type PAGEREF _Toc370462252 \h 42 HYPERLINK \l "_Toc370462253" 2.2.3.2.20.3 STRING Data Type PAGEREF _Toc370462253 \h 43 HYPERLINK \l "_Toc370462254" 2.2.3.2.20.4 Casting Data Types PAGEREF _Toc370462254 \h 43 HYPERLINK \l "_Toc370462255" 2.2.3.2.21 ISSUEDATE PAGEREF _Toc370462255 \h 43 HYPERLINK \l "_Toc370462256" 2.2.3.2.22 KID PAGEREF _Toc370462256 \h 43 HYPERLINK \l "_Toc370462257" 2.2.3.2.23 LICENSESERVERPUBKEY PAGEREF _Toc370462257 \h 43 HYPERLINK \l "_Toc370462258" 2.2.3.2.24 LICENSORINFO PAGEREF _Toc370462258 \h 43 HYPERLINK \l "_Toc370462259" 2.2.3.2.25 LID PAGEREF _Toc370462259 \h 44 HYPERLINK \l "_Toc370462260" 2.2.3.2.26 META PAGEREF _Toc370462260 \h 44 HYPERLINK \l "_Toc370462261" 2.2.3.2.27 ONACTION PAGEREF _Toc370462261 \h 44 HYPERLINK \l "_Toc370462262" 2.2.3.2.28 ONCLOCKROLLBACK PAGEREF _Toc370462262 \h 44 HYPERLINK \l "_Toc370462263" 2.2.3.2.29 ONSELECT PAGEREF _Toc370462263 \h 44 HYPERLINK \l "_Toc370462264" 2.2.3.2.30 ONSTORE PAGEREF _Toc370462264 \h 45 HYPERLINK \l "_Toc370462265" 2.2.3.2.31 Predefined Functions in DRM Expressions PAGEREF _Toc370462265 \h 45 HYPERLINK \l "_Toc370462266" 2.2.3.2.32 Predefined Variables in DRM Expressions PAGEREF _Toc370462266 \h 46 HYPERLINK \l "_Toc370462267" 2.2.3.2.33 PRIORITY PAGEREF _Toc370462267 \h 48 HYPERLINK \l "_Toc370462268" 2.2.3.2.34 PUBKEY PAGEREF _Toc370462268 \h 48 HYPERLINK \l "_Toc370462269" 2.2.3.2.35 RESTRICTIONS PAGEREF _Toc370462269 \h 49 HYPERLINK \l "_Toc370462270" 2.2.3.2.36 REV_INFO PAGEREF _Toc370462270 \h 49 HYPERLINK \l "_Toc370462271" 2.2.3.2.37 REVOCATION PAGEREF _Toc370462271 \h 49 HYPERLINK \l "_Toc370462272" 2.2.3.2.38 RevocationList PAGEREF _Toc370462272 \h 49 HYPERLINK \l "_Toc370462273" 2.2.3.2.39 SEQUENCENUMBER PAGEREF _Toc370462273 \h 49 HYPERLINK \l "_Toc370462274" 2.2.3.2.40 SIGNATURE When Used Under the CONTENTREVOCATION or LICENSORINFO Element PAGEREF _Toc370462274 \h 50 HYPERLINK \l "_Toc370462275" 2.2.3.2.41 SIGNATURE When Used Under the ENABLINGBITS Element PAGEREF _Toc370462275 \h 50 HYPERLINK \l "_Toc370462276" 2.2.3.2.42 UNCOMPRESSEDDIGITALAUDIO PAGEREF _Toc370462276 \h 50 HYPERLINK \l "_Toc370462277" 2.2.3.2.43 UNCOMPRESSEDDIGITALVIDEO PAGEREF _Toc370462277 \h 50 HYPERLINK \l "_Toc370462278" 2.2.3.2.44 VALUE PAGEREF _Toc370462278 \h 50 HYPERLINK \l "_Toc370462279" 2.2.3.2.45 WMDRMRLVICERTCHAIN PAGEREF _Toc370462279 \h 51 HYPERLINK \l "_Toc370462280" 2.2.3.2.46 WMDRMRLVIHEAD PAGEREF _Toc370462280 \h 51 HYPERLINK \l "_Toc370462281" 2.2.3.2.47 WMDRMRLVISIGNATURE PAGEREF _Toc370462281 \h 51 HYPERLINK \l "_Toc370462282" 2.2.3.2.48 WMDRMRLVIVERSION PAGEREF _Toc370462282 \h 52 HYPERLINK \l "_Toc370462283" 2.2.4 DRM Version 11 Data Types PAGEREF _Toc370462283 \h 52 HYPERLINK \l "_Toc370462284" 2.2.4.1 DRM Version 11 License Request PAGEREF _Toc370462284 \h 52 HYPERLINK \l "_Toc370462285" 2.2.4.1.1 MACHINECERTIFICATE PAGEREF _Toc370462285 \h 53 HYPERLINK \l "_Toc370462286" 2.2.4.1.2 REVINFO PAGEREF _Toc370462286 \h 57 HYPERLINK \l "_Toc370462287" 2.2.4.1.3 ACTION PAGEREF _Toc370462287 \h 57 HYPERLINK \l "_Toc370462288" 2.2.4.2 DRM Version 11 License Response PAGEREF _Toc370462288 \h 58 HYPERLINK \l "_Toc370462289" 3 Protocol Details PAGEREF _Toc370462289 \h 59 HYPERLINK \l "_Toc370462290" 3.1 Client Details PAGEREF _Toc370462290 \h 59 HYPERLINK \l "_Toc370462291" 3.1.1 Abstract Data Model PAGEREF _Toc370462291 \h 59 HYPERLINK \l "_Toc370462292" 3.1.2 Timers PAGEREF _Toc370462292 \h 59 HYPERLINK \l "_Toc370462293" 3.1.3 Initialization PAGEREF _Toc370462293 \h 60 HYPERLINK \l "_Toc370462294" 3.1.4 Higher-Layer Triggered Events PAGEREF _Toc370462294 \h 60 HYPERLINK \l "_Toc370462295" 3.1.5 Message Processing Events and Sequencing Rules PAGEREF _Toc370462295 \h 60 HYPERLINK \l "_Toc370462296" 3.1.5.1 DRM Version 1 Client Message Processing Events and Sequencing Rules PAGEREF _Toc370462296 \h 60 HYPERLINK \l "_Toc370462297" 3.1.5.1.1 Request Behavior PAGEREF _Toc370462297 \h 60 HYPERLINK \l "_Toc370462298" 3.1.5.1.2 Response Behavior PAGEREF _Toc370462298 \h 61 HYPERLINK \l "_Toc370462299" 3.1.5.2 DRM Version 7 Client Message Processing Events and Sequencing Rules PAGEREF _Toc370462299 \h 61 HYPERLINK \l "_Toc370462300" 3.1.5.2.1 Request Behavior PAGEREF _Toc370462300 \h 61 HYPERLINK \l "_Toc370462301" 3.1.5.2.2 Response Behavior PAGEREF _Toc370462301 \h 63 HYPERLINK \l "_Toc370462302" 3.1.5.2.2.1 LICENSERESPONSE.LICENSE nodes PAGEREF _Toc370462302 \h 63 HYPERLINK \l "_Toc370462303" 3.1.5.2.2.2 LICENSERESPONSE.Revocation nodes PAGEREF _Toc370462303 \h 63 HYPERLINK \l "_Toc370462304" 3.1.5.3 DRM Version 11 Client Message Processing Events and Sequencing Rules PAGEREF _Toc370462304 \h 63 HYPERLINK \l "_Toc370462305" 3.1.5.3.1 Request Behavior PAGEREF _Toc370462305 \h 63 HYPERLINK \l "_Toc370462306" 3.1.5.3.2 Response Behavior PAGEREF _Toc370462306 \h 64 HYPERLINK \l "_Toc370462307" 3.1.6 Timer Events PAGEREF _Toc370462307 \h 64 HYPERLINK \l "_Toc370462308" 3.1.7 Other Local Events PAGEREF _Toc370462308 \h 64 HYPERLINK \l "_Toc370462309" 3.2 Server Details PAGEREF _Toc370462309 \h 64 HYPERLINK \l "_Toc370462310" 3.2.1 Abstract Data Model PAGEREF _Toc370462310 \h 64 HYPERLINK \l "_Toc370462311" 3.2.1.1 TransmitLicensesToClient PAGEREF _Toc370462311 \h 65 HYPERLINK \l "_Toc370462312" 3.2.2 Timers PAGEREF _Toc370462312 \h 65 HYPERLINK \l "_Toc370462313" 3.2.3 Initialization PAGEREF _Toc370462313 \h 65 HYPERLINK \l "_Toc370462314" 3.2.3.1 Retrieving Revocation Data from the Enrollment Server PAGEREF _Toc370462314 \h 65 HYPERLINK \l "_Toc370462315" 3.2.3.1.1 Client Certificate White List PAGEREF _Toc370462315 \h 66 HYPERLINK \l "_Toc370462316" 3.2.3.1.2 Revocation Information List PAGEREF _Toc370462316 \h 66 HYPERLINK \l "_Toc370462317" 3.2.3.1.3 Certificate Revocation List PAGEREF _Toc370462317 \h 66 HYPERLINK \l "_Toc370462318" 3.2.4 Higher-Layer Triggered Events PAGEREF _Toc370462318 \h 66 HYPERLINK \l "_Toc370462319" 3.2.5 Message Processing Events and Sequencing Rules PAGEREF _Toc370462319 \h 66 HYPERLINK \l "_Toc370462320" 3.2.5.1 DRM Version 1 Server Message Processing Events and Sequencing Rules PAGEREF _Toc370462320 \h 66 HYPERLINK \l "_Toc370462321" 3.2.5.2 DRM Version 7 Server Message Processing Events and Sequencing Rules PAGEREF _Toc370462321 \h 68 HYPERLINK \l "_Toc370462322" 3.2.5.3 DRM Version 11 Server Message Processing Events and Sequencing Rules PAGEREF _Toc370462322 \h 71 HYPERLINK \l "_Toc370462323" 3.2.6 Timer Events PAGEREF _Toc370462323 \h 73 HYPERLINK \l "_Toc370462324" 3.2.7 Other Local Events PAGEREF _Toc370462324 \h 73 HYPERLINK \l "_Toc370462325" 4 Protocol Examples PAGEREF _Toc370462325 \h 74 HYPERLINK \l "_Toc370462326" 4.1 DRM Version 1 License Request Example PAGEREF _Toc370462326 \h 74 HYPERLINK \l "_Toc370462327" 4.2 DRM Version 1 License Response Example PAGEREF _Toc370462327 \h 74 HYPERLINK \l "_Toc370462328" 4.3 DRM Version 7 License Request Example PAGEREF _Toc370462328 \h 75 HYPERLINK \l "_Toc370462329" 4.4 DRM Version 7 License Response Example PAGEREF _Toc370462329 \h 76 HYPERLINK \l "_Toc370462330" 4.5 DRM Version 7 Nonsilent License Response Example PAGEREF _Toc370462330 \h 76 HYPERLINK \l "_Toc370462331" 4.6 DRM Version 11 License Request Example PAGEREF _Toc370462331 \h 77 HYPERLINK \l "_Toc370462332" 4.7 DRM Version 11 License Response Example PAGEREF _Toc370462332 \h 78 HYPERLINK \l "_Toc370462333" 5 Security PAGEREF _Toc370462333 \h 79 HYPERLINK \l "_Toc370462334" 5.1 Security Considerations for Implementers PAGEREF _Toc370462334 \h 79 HYPERLINK \l "_Toc370462335" 5.2 Index of Security Parameters PAGEREF _Toc370462335 \h 79 HYPERLINK \l "_Toc370462336" 6 Appendix A: Product Behavior PAGEREF _Toc370462336 \h 80 HYPERLINK \l "_Toc370462337" 7 Change Tracking PAGEREF _Toc370462337 \h 82 HYPERLINK \l "_Toc370462338" 8 Index PAGEREF _Toc370462338 \h 84 1 Introduction The Windows Media Digital Rights Management (WMDRM): License Protocol provides secure distribution, promotion, and sale of digital media content. The protocol is used to acquire licenses for Windows Media content protected using HYPERLINK \l "zcbed66dd523c4d9384c62799232942e6" Digital Rights Management Version 1, HYPERLINK \l "zf81d6d54f2ce44b6b62b49df19289208" Digital Rights Management Version 7, or HYPERLINK \l "zb6d3329139a74b55b03accbfea2bd467" Digital Rights Management Version 11 technologies. Sections 1.8, 2, and 3 of this specification are normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in RFC 2119. Sections 1.5 and 1.9 are also normative but cannot contain those terms. All other sections and examples in this specification are informative. 1.1 Glossary The following terms are defined in HYPERLINK "[MS-GLOS].pdf" [MS-GLOS]: ASCIIbase64big-endiancertificate (1)certificate revocationcertificate revocation lists (CRL)elliptic curve cryptography (ECC)globally unique identifier (GUID)Hypertext Transfer Protocol (HTTP)Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)little-endianrevocationSHA-1 hashtransport layerURI The following terms are specific to this document: Digital Rights Management (DRM): A set of technologies that provides control over how a given piece of protected content may be used. Rivest Cipher 4 (RC4): RSA symmetric key encryption algorithm. RC4 is a proprietary encryption algorithm available under license from RSA Security, as specified in [RC4-ENCRYPT]. Secure Digital Music Initiative (SDMI): An initiative to establish technology specifications that would protect the playing, storing. and distributing of digital music. These specifications are currently obsolete. MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as described in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90317" [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT. 1.2 References References to Microsoft Open Specifications documentation do not include a publishing year because links are to the latest version of the documents, which are updated frequently. References to other documents include a publishing year when one is available. A reference marked "(Archived)" means that the reference document was either retired and is no longer being maintained or was replaced with a new document that provides current implementation details. We archive our documents online HYPERLINK "http://msdn.microsoft.com/en-us/library/jj633107.aspx" [Windows Protocol]. 1.2.1 Normative References We conduct frequent surveys of the normative references to assure their continued availability. If you have any issue with finding a normative reference, please contact HYPERLINK "mailto:dochelp@microsoft.com" dochelp@microsoft.com. We will assist you in finding the relevant information. Please check the archive site, HYPERLINK "http://msdn2.microsoft.com/en-us/library/E4BD6494-06AD-4aed-9823-445E921C9624" http://msdn2.microsoft.com/en-us/library/E4BD6494-06AD-4aed-9823-445E921C9624, as an additional source. [MS-DTYP] Microsoft Corporation, " HYPERLINK "[MS-DTYP].pdf" Windows Data Types". [MS-ERREF] Microsoft Corporation, " HYPERLINK "[MS-ERREF].pdf" Windows Error Codes". [RC4-ENCRYPT] Schneier, B., "Applied Cryptography: Protocols, Algorithms, and Source Code in C", 2nd edition, Wiley, 1996, ISBN-10: 041117099 and ISBN-13: 978-0471117094. [RFC2045] Freed, N., and Borenstein, N., "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90307" http://ietf.org/rfc/rfc2045.txt [RFC2109] Kristol, D., and Montulli, L., "HTTP State Management Mechanism", RFC 2109, February 1997, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90315" http://www.ietf.org/rfc/rfc2109.txt [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90317" http://www.rfc-editor.org/rfc/rfc2119.txt [RFC2616] Fielding, R., Gettys, J., Mogul, J., et al., "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90372" http://www.ietf.org/rfc/rfc2616.txt [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90383" http://www.ietf.org/rfc/rfc2818.txt [RFC2821] Klensin, J., "Simple Mail Transfer Protocol", STD 10, RFC 2821, April 2001, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90384" http://www.ietf.org/rfc/rfc2821.txt [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, October 2006, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90487" http://www.ietf.org/rfc/rfc4648.txt [RSAFAQ] RSA Laboratories, "Frequently Asked Questions About Today's Cryptography, Version 4.1", May 2000, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90503" http://www.rsa.com/rsalabs/faq/files/rsalabs_faq41.pdf [XML] World Wide Web Consortium, "Extensible Markup Language (XML) 1.0 (Fourth Edition)", W3C Recommendation, August 2006, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90598" http://www.w3.org/TR/2006/REC-xml-20060816/ [XMLSCHEMA1/2] Thompson, H.S., Beech, D., Maloney, M., and Mendelsohn, N., Eds., "XML Schema Part 1: Structures Second Edition", W3C Recommendation, October 2004, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90607" http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/ [XMLSCHEMA2/2] Biron, P.V., and Malhotra, A., Eds., "XML Schema Part 2: Datatypes Second Edition", W3C Recommendation, October 2004, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90609" http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/ 1.2.2 Informative References [CAECCRYPT] Barbosa, M., Moss, A., and Page, D., "Compiler Assisted Elliptic Curve Cryptography", HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=89832" http://eprint.iacr.org/2007/053.pdf [ELLIPTICCURVE] RSA Laboratories, "Overview of Elliptic Curve Cryptosystems", June 1997, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=89858" http://www.rsa.com/rsalabs/node.asp?id=2013 [ELLIPTICCURVE-DSA] Farkas, S., "Elliptic Curve DSA", HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=89859" http://blogs.msdn.com/shawnfa/archive/2007/01/18/elliptic-curve-dsa.aspx [MS-GLOS] Microsoft Corporation, " HYPERLINK "[MS-GLOS].pdf" Windows Protocols Master Glossary". [MSDN-WMRMHEADOBJ] Microsoft Corporation, "WMRMHeader Object", HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90702" http://msdn.microsoft.com/en-us/library/ms984909.aspx [NSPCPW] Perlman, R., Speciner, M., and Kaufman, C., "Network Security: Private Communication in a Public World", New York, 1980, ASIN: B000N7EJQQ. [SCHNEIER] Schneier, B., "Applied Cryptography, Second Edition", John Wiley and Sons, 1996, ISBN: 0471117099. If you have any trouble finding [SCHNEIER], please check HYPERLINK "http://msdn2.microsoft.com/en-us/library/E4BD6494-06AD-4aed-9823-445E921C9624" here. [X9.62] American National Standards Institute, "Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA)", ANSI X9.62:2005, 2005, HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90596" http://webstore.ansi.org/ansidocstore/product.asp?sku=ANSI+X9%2E62%3A2005 Note There is a charge to download the specification. 1.3 Overview HYPERLINK \l "z2" Digital Rights Management (DRM) HYPERLINK \l "z27b083fb511346edb806a81ba6d373d3" version 1, HYPERLINK \l "zd28cf15b238b46269bc73103def0451f" version 7, and HYPERLINK \l "zd2903b3dd8f645548dd8b7ea6633db72" version 11 provide a means of acquiring a license for Windows Media content. When using Digital Rights Management Version 1, the client generates a license request and sends it to a license server as an HTTP GET request. The server receives the GET request and returns the license to the client embedded within an HTML page. Digital Rights Management Version 7 uses a packet containing a license request in extensible markup language (XML) format and is sent using an HTTP POST request. The server responds with an XML packet containing any number and combination of version 1 and version 7 licenses. Digital Rights Management Version 11 is functionally equivalent to the version 7 protocol, with the addition of a few XML fields in the license request challenge body. In all versions of the license protocol, the intent is to document the protocol for acquisition of licenses in which the license details themselves are not technically relevant to the protocol. License formats are described in detail for completeness, however. The following table describes cryptographic and mathematical operators. For more information, see [NSPCPW]. OperatorDescriptioncryptographic operator "K{text}"Text encrypted with symmetric key K.cryptographic operator "[text] K"Text signed with private portion of asymmetric key K, Kpriv.cryptographic operator "{text}K"Text encrypted with public portion of asymmetric key K, Kpub. m a t h e m a t i c a l o p e r a t o r " Ё%" A b i t w i s e e x c l u s i v e O R . m a t h e m a t i c a l o p e r a t o r " ~ " A b i t w i s e n e g a t i o n . m a t h e m a t i c a l o p e r a t o r " | " A c o n c a t e n a t i o n . 1 . 3 . 1 D i g i t a l R i g h t s M a n a g e m e n t V e r s i o n 1 D i g i t a l R i g h t s M a n a g e m e n t V e r s i o n 1 p r o v i d e s t h e m e a n s o f a c q u i r i n g a license for Windows Media content. Its packets include a client request for a license and a server response that contains the license. Figure 1: DRM version 1 license request and response The Digital Rights Management client application generates a license request and sends it to a license server. The request is a binary string that is partially encrypted using the HYPERLINK \l "z3" Rivest Cipher 4 (RC4) (as specified in [RC4-ENCRYPT]) and then encoded using the Base64 Encoding algorithm, as specified in section HYPERLINK \l "z88ae56d0e6b6412dbea74d4b20f2fcd6" 2.2.1.1. The response is a single version 1 license, formatted as a binary string, and encoded with the base64 encoding algorithm, as specified in section HYPERLINK \l "z88ae56d0e6b6412dbea74d4b20f2fcd6" 2.2.1.1. It is returned to the client embedded within an HTML page. A Digital Rights Management Version 1 license is represented as specified in section HYPERLINK \l "z1433e055636b44a59521e26f69c06bf6" 2.2.2.3. The structures that are used by version 1, HYPERLINK \l "zd28cf15b238b46269bc73103def0451f" version 7 and HYPERLINK \l "zd2903b3dd8f645548dd8b7ea6633db72" version 11 of the WMDRM: License Protocol are specified in section HYPERLINK \l "z627ec9edd6a64422b6737cbab559c242" 2.2.1. This protocol uses the following packets. PacketDescription HYPERLINK \l "z4916daac60734976a086cbd9862f418f" DRM Version 1 License RequestContains the client's request for a license. HYPERLINK \l "z913de4a976b342919232b8fca1d66fb6" DRM Version 1 License ResponseContains the server's response to the client's request for a license.RC4 is a proprietary encryption algorithm available under license from RSA Security, as specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90503" [RSAFAQ]. 1.3.2 Digital Rights Management Version 7 Digital Rights Management Version 7 provides the means of acquiring a license for Windows Media content. Its packets include a client request for a license and a server response that contains the license. Figure 2: DRM version 7 license request and response The Digital Rights Management client generates a license request and sends it to a license server. The request is in extensible markup language (XML) format, partially RC4-encrypted, and then encoded using the base64 algorithm, as specified in section HYPERLINK \l "z88ae56d0e6b6412dbea74d4b20f2fcd6" 2.2.1.1. It is sent to the server by means of an HTTP POST request. For more information about RC4, see Remarks at the end of this topic. The response is an RC4-encrypted XML packet. The first 80 bytes of the license response packet are an HYPERLINK "[MS-GLOS].pdf" ECC-encrypted RC4 key. The RC4 key is generated by the server using the EncRandNum member of the HYPERLINK \l "zac96d7f8b5074ca49bacb054150dc7ab" CLIENTID structure, section HYPERLINK \l "zac96d7f8b5074ca49bacb054150dc7ab" 2.2.3.1.3.4, sent by the client within the license request. The remainder of the packet (the license data itself) is encrypted with the generated RC4 key. The packet is then encoded with the base64 algorithm, as specified in section HYPERLINK \l "z88ae56d0e6b6412dbea74d4b20f2fcd6" 2.2.1.1. It can contain any number and combination of HYPERLINK \l "z1433e055636b44a59521e26f69c06bf6" version 1 and version 7 licenses. Each version 7 license is itself RC4-encrypted using the mechanism described in this topic. A WMDRM: License Protocol version 7 license is represented, as specified in section HYPERLINK \l "z34b07c501220478b80f75cb7daefb6bc" 2.2.3.2.4.2. The structures that are used by both HYPERLINK \l "z27b083fb511346edb806a81ba6d373d3" version 1 and version 7 of the WMDRM: License Protocol are specified in section HYPERLINK \l "z627ec9edd6a64422b6737cbab559c242" 2.2.1. This protocol uses the following packets. PacketDescription HYPERLINK \l "zf9c1aeaf693c48398672b34332f9c124" DRM Version 7 License RequestContains the client's request for a license. HYPERLINK \l "z969ab458b78b4ea9ad7bde9286add5ce" DRM Version 7 License ResponseContains the server's response to the client's request for a license. HYPERLINK \l "z34b07c501220478b80f75cb7daefb6bc" DRM Version 7 License FormatContains an XML-formatted license.RC4 is a proprietary encryption algorithm available under license from RSA Security, as specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90503" [RSAFAQ]. 1.3.3 Digital Rights Management Version 11 Digital Rights Management Version 11 is almost identical to the HYPERLINK \l "zd28cf15b238b46269bc73103def0451f" version 7 protocol, with the addition of a few fields in the license request packet. This protocol uses the following packets. PacketDescription HYPERLINK \l "z2705bac8b9e2403592d79bb9c7cea984" DRM Version 11 License RequestContains the client's request for a license. HYPERLINK \l "z9bd287964d87486d9e99c0621ad5c1dc" DRM Version 11 License ResponseContains the server's response to the client's request for a license. HYPERLINK \l "zb6d3329139a74b55b03accbfea2bd467" DRM Version 11 License FormatContains an XML-formatted license.1.4 Relationship to Other Protocols Protocol versions 1, 7, and 11 may be implemented over HYPERLINK "[MS-GLOS].pdf" Hypertext Transfer Protocol (HTTP), HYPERLINK "[MS-GLOS].pdf" Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS), or any other appropriate transport protocol. Selection of a specific transport protocol is at the discretion of the content encoder (the license acquisition URL is embedded within the content). 1.5 Prerequisites / P r e c o n d i t i o n s T h e f o l l o w i n g d a t a m u s t b e l i c e n s e d f r o m M i c r o s o f t f o r t h e l i c e n s e a c q u i s i t i o n s e r v e r p r i o r t o i m p l e m e n t i n g a n y o f t h e s e p r o t o c o l s : Ї№ P r i v a t e s e r v e r c r y p t o g r a p h i c k e y ( K S p r i v ) . Ї№ S e r v e r c e r t i f i c a t e c h a i n ( C S ) . T h e f o l l o w i n g d a t a i s u n i q u e f o r e v e r y l i c e n s e s e r v e r a n d m u s t b e g e n e r a t e d b y t h e i m p l e m e n t e r o f t h e s e r v e r s i d e o f t h e p r o t o c o l : Ї№ S e r v e r p u b l i c / p r i v a t e k e y p a i r ( K L ) . T h e f o l l o w i n g d a t a m u s t b e l i c e n s e d f r o m M i c r o s o f t f o r t h e c l i e n t a p p l i c a t i o n p r i o r t o i m p l e m e n t i n g t h e c l i e n t p o r t i o n o f t h i s p r o t o c o l : Ї№ C l i e n t a p p l i c a t i o n c e r t i f i c a t e ( C A ) ( l e a f c e r t i f i c a t e o n l y ) . Ї№ C l i e n t m a c h i n e c e r t i f i c a t e ( C M ) . T h e f o l l o w i n g k e y s a n d c e r t i f i c a t e s a r e u s e d b y t h e c l i e n t a p p l i c a t i o n a n d r e f e r e n c e d i n t h i s d o c u m e n t : Ї№ P r i v a t e c l i e n t c r y p t o g r a p h i c k e y ( K C p r i v ) . Ї№ P u b l i c s e r v e r c r y p t o g r a p h i c k e y ( K S p u b ) . Ї№ P u b l i c k e y r e p r e s e n t i n g t h e r o o t c e r t i f i c a t e a u t h o r i t y k e y u s e d t o s i g n t h e r o o t c e r t i f i c a t e i n C S ( K I p u b ) . K I p u b i s g i v e n b y t h e f o l l o w i n g b y t e s e q u e n c e : 0 x 4 D , 0 x B F , 0 x D 9 , 0 x 0 D , 0 x D 9 , 0 x 6 E , 0 x 8 C , 0 x9E, 0x32, 0x5F, 0x4F, 0x3D, 0xEC, 0xA9, 0x84, 0x59, 0x6B, 0x5E, 0x06, 0x86, 0xE7, 0xE2, 0xC2, 0x8B, 0xDE, 0x14, 0x4B, 0x29, 0x2C, 0xEC, 0x4D, 0x1D, 0x76, 0xFD, 0x5A, 0x14, 0x90, 0x3A, 0x10, 0x77 1.6 Applicability Statement None. 1.7 Versioning and Capability Negotiation In the WMDRM: License Protocol, there is no facility for version or capability negotiation. The client must submit requests to a server that understands the maximum protocol version used by the client. In practice, content providers embed license acquisition specifics within the content file headers. This information indicates to the client which license version and license acquisition protocol will be used. HYPERLINK \l "z11" <1> This protocol can be implemented on top of the following: Ї№ T C P Ї№ H T T P Ї№ H T T P S 1 . 8 V e n d o r - E x t e n s i b l e F i e l d s W i t h i n t h e H Y P E R L I N K \ l " z d 2 8 c f 1 5 b 2 3 8 b 4 6 2 6 9 b c 7 3 1 0 3 d e f 0 4 5 1 f " v e r s i o n 7 a n d H Y P E R L I N K \ l " z d 2 9 0 3 b 3 d d 8 f 6 4 5 5 4 8 d d 8 b 7 e a 6 6 3 3 d b 7 2 " v e r s i o n 1 1 l i c e n s e r e s p o n s e p a c k e t , v e n d o r s a r e f r e e t o a d d a n y w e l l - f o r m ed XML data to the element. The contents of this element are not used by the Digital Rights Management client application. This protocol uses Win32 error codes. These values are taken from the Windows error number space defined in HYPERLINK "[MS-ERREF].pdf" [MS-ERREF] section 2.2. Vendors SHOULD reuse those values with their indicated meaning. Choosing any other value runs the risk of a collision in the future. 1.9 Standards Assignments None. 2 Messages This protocol references commonly used data types as defined in HYPERLINK "[MS-DTYP].pdf" [MS-DTYP] such as HYPERLINK "[MS-DTYP].pdf" GUID--Curly Braced String Representation (section HYPERLINK "[MS-DTYP].pdf" 2.3.4.3 HYPERLINK "[MS-DTYP].pdf" ). 2.1 Transport The WMDRM: License Protocol uses HTTP (as specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90372" [RFC2616]) or HTTP over TLS (as specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90383" [RFC2818]) as the HYPERLINK "[MS-GLOS].pdf" transport layer. HYPERLINK \l "z16" <2> The use of HTTP over TLS is triggered by the specification of an "https" URL rather than an "http" URL within the HYPERLINK \l "za987488e13114069a0aa566a92210916" WMRMHEADER (section HYPERLINK \l "za987488e13114069a0aa566a92210916" 2.2.3.1.3.12 HYPERLINK \l "za987488e13114069a0aa566a92210916" ). Messages and data are sent via URI query strings, HTTP POST headers, and HTTP responses. Some client applications may also use the HTTP cookie mechanism (as specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90315" [RFC2109]) as a transport and state management mechanism outside the purview of license acquisition. The HTTP cookie mechanism allows named data items to be sent from one party to another as part of an HTTP message, stored by the receiving party, and returned automatically to the original party as part of all subsequent HTTP messages to that party. 2.2 Message Syntax 2.2.1 Common Data Types and Algorithms The following structures and algorithms are common to HYPERLINK \l "z27b083fb511346edb806a81ba6d373d3" version 1, HYPERLINK \l "zd28cf15b238b46269bc73103def0451f" version 7, and HYPERLINK \l "zd2903b3dd8f645548dd8b7ea6633db72" version 11 of the WMDRM: License Protocol. Unless otherwise noted, all multi-octet integral values are stored in HYPERLINK "[MS-GLOS].pdf" little-endian format. Unless otherwise noted, all data structures are packed to 4-octet alignment. For more information about encryption algorithms within this document, see HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=89832" [CAECCRYPT], HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=89858" [ELLIPTICCURVE], HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=89859" [ELLIPTICCURVE-DSA], [SCHNEIER] section 19.6, and HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90596" [X9.62]. This protocol uses the following types specified in HYPERLINK "[MS-DTYP].pdf" [MS-DTYP]. TypeReferenceBYTE HYPERLINK "[MS-DTYP].pdf" [MS-DTYP] section 2.2.62.2.1.1 Base64 Encoding The standard base64 encoding algorithm (as specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90487" [RFC4648]) is used to transmit binary data. Base64 processes data as 24-bit groups, mapping it to four encoded characters of 6 bits each. It is sometimes referred to as 3-to-4 encoding. Each 6-bit group in the 24-bit group is used as an index into a mapping table (see section HYPERLINK \l "z5654c472f69c4390b4932bdf55001d70" 2.2.1.1.1) to obtain a character for the encoded data. By convention, line lengths in the encoded data are limited to 76 characters, but this is not strictly enforced in this protocol. Note The characters used in base64 encoding do not include any of the special characters of the Simple Mail Transfer Protocol (SMTP) (as specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90384" [RFC2821]), or the hyphen used with Multipurpose Internet Mail Exchange (MIME) boundary strings, as specified in HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=90307" [RFC2045]. 2.2.1.1.1 Base64 Mapping Table This is the base64 mapping table. 0 A 17 R 34 i 51 z 1 B 18 S 35 j 52 0 2 C 19 T 36 k 53 1 3 D 20 U 37 l 54 2 4 E 21 V 38 m 55 3 5 F 22 W 39 n 56 4 6 G 23 X 40 o 57 5 7 H 24 Y 41 p 58 6 8 I 25 Z 42 q 59 7 9 J 26 a 43 r 60 8 10 K 27 b 44 s 61 9 11 L 28 c 45 t 62 + 12 M 29 d 46 u 63 / 13 N 30 e 47 v 14 O 31 f 48 w 15 P 32 g 49 x 16 Q 33 h 50 y 2.2.1.1.2 Example: Base64 Encoding of 3 Bytes This is an example of base64 encoding of 3 Bytes: "XYZ". Input data X Y Z Input bits 01011000-01011001-01011010 Bit groups 010110-000101-100101-011010 Mapping W F l a 2.2.1.1.3 Base64 and DRM In the WMDRM: License Protocol, base64 encoding refers to a slightly modified version of the standard base64 algorithm. Digital Rights Management base64 encoding is identical to standard base64 encoding, with the exception of the last two characters in the following mapping table. 0 A 17 R 34 i 51 z 1 B 18 S 35 j 52 0 2 C 19 T 36 k 53 1 3 D 20 U 37 l 54 2 4 E 21 V 38 m 55 3 5 F 22 W 39 n 56 4 6 G 23 X 40 o 57 5 7 H 24 Y 41 p 58 6 8 I 25 Z 42 q 59 7 9 J 26 a 43 r 60 8 10 K 27 b 44 s 61 9 11 L 28 c 45 t 62 ! 12 M 29 d 46 u 63 * 13 N 30 e 47 v 14 O 31 f 48 w 15 P 32 g 49 x 16 Q 33 h 50 y 2.2.1.2 Cryptographic Parameters The following 160-bit elliptic curve cryptography (ECC) curve is used in this document. ECC1 ParameterValuep(modulus)0x89abcdef012345672718281831415926141424f7a0x37a5abccd277bce87632ff3d4780c009ebe41497b0x0dd8dabf725e2f3228e85f1ad78fdedf9328239egenerator x0x8723947fd6a3a1e53510c07dba38daf0109fa120generator y0x445744911075522d8c3c5856d4ed7acda379936fcurve order0x89abcdef012345672716b26eec14904428c2a675Prior to encryption, the plaintext (length 1 16 bytes) is prepared with the following sequence of operations: 1. Copy the plaintext into a buffer, "x", comprising five DWORDs. 2. The fifth DWORD of x is set to zero. 3. If there is a solution for y in the following equation, x|y is now ready for encryption. (y^2) mod p = (x^3 + ax + b) mod p 4. If there is no solution to this equation, increment the fifth DWORD of x and repeat the preceding step. 2.2.1.3 Cryptographic Keys The client and server use a set of cryptographic keys as follows: KC: An ECC1 key that represents the client application. The client knows KCpriv and the server knows KCpub. KS: A well-known ECC1 key used to protect the privacy of packets sent between client and server. The client knows KSpub and the server knows KSpriv. KL: An ECC1 key that represents the license server. The server knows KLpub and KLpriv. KM: An ECC1 key that represents a specific instance of a machine running the client application. The key pair is either created by or issued to the DRM system during a one-time initialization process. The details are implementation-specific. KMpub is transmitted from the client to server during a license request. 2.2.1.4 PK The PK structure contains the HYPERLINK \l "z40d0a80a28ca4d43a13d85ae53d193fc" PUBKEY structure and its version information. typedef struct { PUBKEY pubkey; BYTE version[4]; } PK; pubkey: A PUBKEY structure that contains a public key. version: A 4-byte buffer that contains version information for the public key. MUST be {0x00, 0x01, 0x00, 0x00}. 2.2.1.5 PKCERT The PKCERT structure contains a signed HYPERLINK \l "z2b9d32c085944df0bcc1b3eff858328e" PK structure. typedef struct { PK pk; BYTE sign[40]; } PKCERT; pk: A PK structure that contains a public key and its version information. sign: A 40-byte buffer that contains the signature of the pk member. This signature is created using ECDSA over curve ECC1. For more information about ECDSA, see HYPERLINK "http://go.microsoft.com/fwlink/?LinkId=89859" [ELLIPTICCURVE-DSA]. [pk]K where K is an ECC1 key. 2.2.1.6 PUBKEY The PUBKEY structure contains a public key. typedef struct { BYTE y[40]; } PUBKEY; y: A 40-byte buffer that contains a public key. This is the public portion of a public/private key pair in ECC1. The x-coordinate is stored in bytes 0 - 19; the y-coordinate in bytes 20 - 39. The two coordinates are base 0x100000000 integers stored in little-endian order. 2.2.1.7 LicenseToSend The LicenseToSend structure is a container for an arbitrary number of variable-length licenses. It is passed to the Digital Rights Management License Protocol by the higher layer. This structure is used in the TransmitLicensesToClient abstract interface (section HYPERLINK \l "z0b807d8da02940ca9f536ca41773fbaf" 3.2.1.1). typedef struct _LicenseToSend { int LicenseVersion; int LicenseLength; byte License[]; } LicenseToSend; LicenseVersion: The version of the license included in this structure. ValueMeaning1License is constructed for DRM version 1.7License is constructed for DRM version 7.LicenseLength: The length, in bytes, of the license included in this structure. License: A byte array containing the license constructed by the higher layer. This field is LicenseLength bytes in length. The format of the license is implementation-dependent. 2.2.2 DRM Version 1 Data Types The following structures and algorithm are specific to HYPERLINK \l "z27b083fb511346edb806a81ba6d373d3" version 1 of the WMDRM: License Protocol. 2.2.2.1 DRM Version 1 License Request The DRM Version 1 License Request packet is used by the client to request a license for content. This packet is transmitted to the server via a HYPERLINK "[MS-GLOS].pdf" URI parameter "challenge" as a Digital Rights Management (DRM) HYPERLINK "[MS-GLOS].pdf" base64-encoded value. The URI parameter DRMVer is also sent to the server with this license request and MUST appear after the "challenge" URI parameter. For a version 1 client, the value of DRMVer MUST be 1.3. For a client that supports version 7 and higher, this value MUST be 1.4. This value is ignored by the server. 01234567891012345678920123456789301VersionEncRandNum.....................(EncRandNum cont'd for 12 rows)pkcert.....................(pkcert cont'd for 13 rows)KeyID..................Rights...AppSec...Version (4 bytes): The request version. MUST be {0x00, 0x01, 0x00, 0x01}. EncRandNum (80 bytes): A one-time used, previously 20-byte random number that is encrypted using ECC1 with the public server cryptographic key (KS). Before encryption, this buffer contains the following byte values: Ї№ b y t e s 0 6 : U s e d a s t h e i n i t i a l i z a t i o n v e c t o r ( I V ) t o c r e a t e a n R C 4 k e y ( K R ) Ї№ b y t e s 7 1 9 : N o t u s e d p k c e r t ( 8 4 b y t e s ) : A n R C 4 - e n c r y p t e d P K C E R T t h a t c o n t a i n s a s i g n e d c o p y o f K M p u b . K e y I D ( 2 5 b y t e s ) : A n R C 4 - e n c r y p t e d c o n t e n t k e y i d e n t i f i e r . T h e c o n t e nt key ID is generated by the server and stored in the header of a protected content stream. Only the first 25 bytes of this field are used. The KeyID can come from any source available to the client, but is typically extracted from a content header. Rights (4 bytes): An RC4-encrypted request for playback rights, which can be any combination of the values in the following table. The values used in the challenge are typically provided by the DRM-enabled application, but could be any combination implemented by the client. Byte ArrayMeaningRIGHT_PLAY_ON_PC0x01000000The right to play back content. This is also known as RIGHT_PLAY_ON_PC.RIGHT_COPY_TO_NONSDMI_DEVICE0x02000000The right to copy licensed content to a device that is not compliant with the HYPERLINK \l "z4" Secure Digital Music Initiative (SDMI). This is also known as RIGHT_COPY_TO_NONSDMI_DEVICE.RIGHT_BURN_TO_CD0x08000000The right to copy licensed content to a CD. This is also known as RIGHT_BURN_TO_CD.RIGHT_COPY_TO_SDMI_DEVICE0x10000000The right to copy licensed content to an SDMI device. This is also known as RIGHT_COPY_TO_SDMI_DEVICE.AppSec (4 bytes): An RC4-encrypted security level of the application that makes the request. The security level MUST be equal to the security level in the client application certificate (CA). Cryptographic sequence: 1. pkcert.pk = KMpub 2. pkcert.sign = [pkcert.pk]KC 3. {EncRandNum}KS 4. KR {pkcert} 5. KR {KeyID} 6. KR {Rights} 7. KR {AppSec} 2.2.2.2 DRM Version 1 License Response The license response is returned to the client as an HTML page containing a base64-encoded HYPERLINK \l "za4dd4de9ef8847b9a0b177161dadd213" CERTIFIED_LICENSE structure. The response is formatted as follows. Both the text enclosed in braces ("{{" and "}}") and the braces MUST be replaced or removed as appropriate. HYPERLINK \l "z21" <3>