DRM OS Design Development (Windows CE 5.0)
Digital Rights Management for Microsoft® Windows® CE provides a method for protecting multimedia content from unauthorized playback or duplication. Adding the Digital Rights Management (DRM) Catalog item to your OS design allows your run-time image to work with media that have been protected with DRM version 7.
OS Design Information
The following table shows operating system design information for Digital Rights Management.
| Concept | Description |
|---|---|
| Dependencies | DirectShow and Windows Media® Technologies. |
| Hardware considerations | Your Windows CE-based device must implement a unique device identifier.
DRM-protected content can only be transferred to portable media, such as compact flash, that has a unique device identifier. |
Modules and Components
The following table shows the modules and components that implement Digital Rights Management.
| Item | Module | Component |
|---|---|---|
| Direct Licensing DRM | None | drmv7 |
| Portable Device DRM | None | pddrm |
| DRM Cleanup Utilities | None | drmutils |
| License acquisition OCX | cedrm2 | None |
| Windows Media DRM for Networked Devices
(Requires the Windows CE 5.0 Networked Media Device Feature Pack) |
cardea_wince | None |
Application Development Topics
Implementation Considerations
The following list shows the special considerations that you must consider when you include the Digital Rights Management (DRM) Catalog item in your OS design.
- You must obtain a DRM module from Microsoft. This module is not included with Windows CE.
- You must obtain, from Microsoft, certificates that will identify your device.
- The presence of DRM in a run-time image also affects debugging on a target device.
When Microsoft issues certificates, you are provided with one generic certificate and many individualized certificates. You can use either type of certificate to enable DRM on your platform. In both cases, the certificates are unique to your platform and must be burned onto devices — along with the rest of the OS — that are built on your platform . They cannot be installed later.
Generic certificates are certificates that can be duplicated so that the same certificate is installed on each device built from your platform. These certificates have the advantage of being easier for most manufacturing processes because they allow you to flash the same run-time image on all of your devices.
The disadvantage to generic certificates is that license servers only have one certificate to issue licenses against for all your devices. Therefore, if a generic certificate must be revoked, none of your devices will be able to play DRM-protected content. In addition, some content providers will not issue DRM licenses to a device that uses a generic certificate.
Individualized certificates are a more secure solution to enable DRM on your platform because each device built from your platform has its own certificate. Therefore, license servers can grant and revoke certificates on a device-by-device basis. The challenge with implementing individualized certificates is in designing your manufacturing process so that it can create and flash unique run-time images for all devices built from your platform.
Your platform must support a unique device identifier that is at least 128 bits long and that can be exposed through OEMIoControl calls using the IOCTL_HAL_GET_DEVICEID I/O control code. For more information about formatting the device identifier, see DEVICE_ID. The preset portion of the device identifier must be 128 bits long. The platform portion of the device identifier can be any length, as specified by the dwPlatformIDBytes member of DEVICE_ID.
Adding DRM to your OS Design
Although DRM appears in the Microsoft Platform Builder Catalog, the software components that fully enable DRM do not ship with Platform Builder. OEMs wanting to include DRM in their OS design must register with Microsoft to obtain the necessary DRM components. To request licensing instructions for DRM version 7 in Windows CE, send e-mail to wmla@microsoft.com.
Debugging with DRM
To maintain the integrity of DRM, Platform Builder does not allow kernel debugging when DRM components are present in a run-time image. If you plan to include DRM in your OS design, you should plan to incorporate DRM at the end of your development cycle so that you can debug the rest of your OS first.
DRM also has a similar affect on application development. For more information, see Developing Applications on DRM-Enabled Platforms.
Specific DRM Catalog Items
The following table shows the individual Catalog items your OS design can contain for Digital Rights Management. Your OS design can contain one or more of these Catalog items.
| Catalog item | Description |
|---|---|
| Digital Rights Management (DRM) | Determines whether the license acquisition is silent or nonsilent.
For silent license acquisition this Catalog item acquires licenses by itself. For nonsilent license acquisition, it launches a browser to help acquire a license. |
| DRM for Portable Devices | Provides the core functionality for DRM. It allows you to transfer content from a desktop computer to the local store of a Windows CE-based device or to a supported portable media device connected to a Windows CE-based device. |
| License Acquisition OCX | Allows a Windows CE-based device to negotiate the request, acceptance, and transfer of DRM licenses from Microsoft DRM license servers. |
The following table shows the Sysgen variables that you can set to add DRM support to your OS design.
| Sysgen variable | Description |
|---|---|
| SYSGEN_DSHOW_WMT_DRMV7 | Digital Rights Management (DRM) |
| SYSGEN_DSHOW_WMT_PDDRM | DRM for Portable Devices |
| SYSGEN_DSHOW_WMT_DRMOCX | DRM License Acquisition OCX |
| SYSGEN_DSHOW_WMT_CardeaDRM
(Requires the Windows CE 5.0 Networked Media Device Feature Pack) |
Windows Media DRM for Networked Devices |
See Also
Send Feedback on this topic to the authors