Registration, Authorization, and Revalidation
Registration, authorization, and revalidation are the procedures that a PlayReady-ND transmitter uses to determine whether a receiver is valid.
Registration (or revalidation) is required before receivers can play protected content from a transmitter. Registration and revalidation allow the transmitter to identify a receiver through its unique device certificate.
If a receiver's certificate is revoked, the receiver cannot register, revalidate, or start a data transfer. Information on certificates and certificate revocation lists is available throughout this documentation.
Authorization is the procedure in which a transmitter grants a specific receiver access to content. PlayReady-ND apps are responsible for implementing authorization procedures. Typically, authorization occurs as part of, or at roughly the same time as, registration. In most cases transmitters perform all implementation-specific additional steps for authorization during registration. For example, the authorization procedure can require explicit approval from a transmitter user to grant a given receiver access to content and metadata or allow a user to deauthorize a previously authorized receiver. A transmitter can send a registration error to a receiver if authorization fails (for example if the transmitter user did not approve the receiver).
The authorization process typically starts with the receiver sending a registration request to the transmitter. This request contains a block of custom data that gives authorization information about the receiver. The transmitter processes the registration request in cases where where a callback function can handle the custom data processing. A transmitter should authorize a receiver that supports PlayReady-ND requests only when the receiver requests it and should not start to transfer content to unauthorized receivers. It is a good idea for transmitters to maintain a record of authorized receivers.
In addition to the app-level authorization, the PlayReady-ND protocol also performs protocol-level authorization checking to verify that the transmitter and receiver are using the same protocol version. The transmitter also verifies the receiver's security certificate during the initial registration sequence to assure that it is a trusted device.
Apps can also implement mutual authorization, in which case the receiver verifies the transmitter's security certificate to establish that it is a trusted device.
Revalidation differs from registration in that the receiver is already registered with the transmitter. During revalidation, the transmitter and receiver perform the registration and proximity detection procedures again and update the last revalidation time. The transmitter must enforce revalidation by ensuring that it occurs at least once every 48 hours.
Note
Receivers should always revalidate within the 48 hour period rather than falling back to a registration request. Revalidation consumes fewer resources on the transmitter than a full registration. In both cases, proximity detection is always required after either a registration or revalidation request.
Note
If a receiver has not successfully revalidated itself in 48 hours and is receiving content when that limit is reached, the transmitter must stop the data transfer to the receiver. Receivers should revalidate themselves at least once every 48 hours to avoid a possible interruption during playback.
The following interfaces and enumerations are available in PlayReady Client SDK for Windows Store Apps to support PlayReady-ND registration and authorization for network device receivers:
| Interface/Enumeration | Description |
|---|---|
| INDCustomData | Gets custom data properties for a PlayReady-ND request or response. |
| INDRegistrationCompletedEventArgs | Provides arguments for a RegistrationCompleted event. |
| NDCertificateFeature | Indicates the PlayReady-ND feature to which the certificate controls access. |
| NDCertificatePlatformID | Indicates the client platforms with which a PlayReady-ND certificate can be associated. |
| NDCertificateType | Specifies the type and purpose of a PlayReady-ND license. |