Understanding and Setting License Properties in MS Windows Media Rights Manager

  • Article

By Andrea Pruneda, Microsoft Streaming Media Division

On This Page

Summary Summary
Introduction Introduction
Overview of Licenses Overview of Licenses
Understanding the Properties of a License Understanding the Properties of a License
Setting the Properties of a License Setting the Properties of a License
To set the minimum required application security level To set the minimum required application security level
For More Information For More Information

Summary

The default Microsoft Windows Media Rights Manager Web site uses ASP scripts for the license acquisition process and applies the same properties to all licenses that are issued. However, vendors can customize this script or create their own script to modify the license acquisition process. Rights, expiration, and application security level are the three properties of a license that can be modified:

  • Rights specify how a consumer can play a media file and define any other actions that are allowed. The Windows Media Rights Manager Web site allows the consumer to play a media file, to transfer it to a portable device, and to recover licenses. These rights can be changed, as needed, in the license acquisition script by specifying the rights that should be blocked and the rights that should be given.

  • Expiration is the expiration date for licenses. By default, licenses do not expire, but you can set an expiration period that determines the length of time for which a license is valid. The expiration date is then determined when the license is issued.

  • Application security level is a value that ranks the security of a playback device application. Each license contains a value that indicates the minimum security level that is required of the playback device. The default value is 100, but this value can be changed in the license acquisition script.

Read this document for an overview of licenses and to learn how to set the rights, the expiration, and the minimum required application security level for licenses.

Introduction

Microsoft Windows Media Rights Manager helps content owners control their property by creating encrypted, packaged copies of media files that can only be played with a valid license. Separating media content from the license needed to play it is a unique feature of Windows Media Rights Manager. Media files and licenses are acquired separately; although this feature potentially requires consumers to perform additional steps to acquire a license before playing a media file, the benefit is a finer degree of control over the interaction between the consumer and the vendor. The vendor can change the properties of the license at the time of purchase, and is not restricted to a set of permanent license properties. For example, a vendor can promote a song over the Internet by distributing the media file with a license that expires after one month. For the same media file, the vendor can also distribute licenses that do not expire to those consumers who purchase the song.

This document describes the information that is contained in licenses issued by Windows Media Rights Manager for playing packaged media files and explains how to change these properties. The topics included are:

  • Overview of Licenses, which describes the content of a license and how it is issued.

  • Understanding the Properties of a License, which describes the properties of a license, including the rights, expiration, and application security level.

  • Setting the Properties of a License, which explains how to change the settings for rights, expiration, and the application security Level for licenses you issue.

  • For More Information, which lists other sources of information.

Overview of Licenses

A packaged media file contains an encrypted version of the media file, plus information such as its title, copyright statement, the artist's name, and so on. A license contains a key that unlocks the media file, plus information specifying how a consumer can play the media file. Consumers can get packaged media files in many ways, such as downloading files from Web sites, copying files from friends, or receiving files as e-mail attachments. Consumers can also play packaged media files in different ways; depending on the rights included in their licenses, consumers can:

  • Play media files on a personal computer (PC), for example using Microsoft Windows Media Player.

  • Transfer media files to a portable device and play them.

  • Copy media files to portable media, then play them on a PC or portable device.

Note: Portable devices and portable media are defined in the Secure Digital Music Initiative (SDMI) specification, which is available on the Secure Digital Music Initiative Web site.

This section describes how licenses are issued, how platforms work with licenses, and responsibilities.

How Licenses are Issued

Licenses can be issued from Windows Media License Service or from a client application:

  • Typically, when a consumer first obtains a packaged media file, the license is acquired from a Web site running Windows Media Rights Manager. The license is issued by Windows Media License Service, which is the infrastructure containing the LicenseServer object and the ASP pages that run the license acquisition process.

  • For media files that are created or transferred by applications, a Windows Media Rights Manager client running under the application creates licenses. For example, an application that extracts music clips from a CD (often called a CD ripper) creates a license at the same time it creates a media file. An application that transfers a packaged media file to a portable device also transfers a license to the device. These applications use the Microsoft Windows Media Audio Software Development Kit (SDK) or the Microsoft Windows Media Format SDK to work with packaged media.

Once a license is issued, it is bound to the computer and only works on the computer to which it was issued. For example, a consumer can e-mail a packaged media file to a friend; however, the license cannot be shared in this way. When the friend tries to play the media file, the license acquisition process begins and the friend must acquire his or her own license before playing the media file.

How Platforms Work with Licenses

The following table shows how the different platforms work with licenses.

Platform

Software component

Function

Windows Media License Service

LicenseServer.dll

Generates licenses

PC (application software)

DRMClien.dll

Interprets licenses for playback
Reformats licenses for portable devices and portable media

Portable devices and portable media

Microsoft Windows Media Product Adaptation Kit (WMPAK) library

Interprets licenses for playback

Responsibilities

Applications that issue licenses are responsible for setting the rights as specified by the content owner.

Applications that transfer packaged media files to portable devices or portable media must ensure that new licenses follow the rules of the original licenses. For example, if a media file has a license that expires on June 1 and it is transferred to a portable device, the license on the portable device must also expire on June 1.

Applications that issue licenses locally on a PC must follow rules from the SDMI specification when SDMI-specific rights in the license are set. For more information about rights and SDMI, see the Rights topic later in this document.

Understanding the Properties of a License

License properties refer to the settings that determine the rights, expiration, and minimum security level required for a media file.

  • For licenses that are issued by Windows Media License Service, the license properties are set by the content owner or vendor in the ASP script that runs the license acquisition process. The Web site that was installed with Windows Media Rights Manager uses the same properties for all licenses that are issued, and changes that you make to the license properties will apply to all licenses. However, you can customize the script in this site to issue licenses with different properties based on the media file.

  • Licenses that are issued by a client application use a default set of rights specified in the application.

This section describes the three properties of a license: rights, expiration, and application security level.

Rights

Rights specify how a consumer can play a media file and define any other actions that may be taken. For example, the rights in a particular license might allow the consumer to listen to the song and to copy it to a portable device.

The rights you can set adhere to a specification created by the Secure Digital Music Initiative (SDMI), which is an organization that sets standards for secure digital music. Microsoft is an active member of SDMI. One of the main goals of SDMI is to create a framework for the secure distribution of music from the Internet to PCs and consumer electronic devices. A portable device or software module that adheres to the rules described in the SDMI specification is said to be SDMI-compliant.

Note: This document applies only to SDMI Phase I content. Future versions of this document will address SDMI Phase II.

Seven rights have been defined, but more rights may be defined in the future. The following list describes the rights that you can currently set in a license.

  • Play on PC. Allow the media file to be played back on a PC. Licenses issued by the Web site installed with Windows Media Rights Manager give this right by default.

  • Transfer to a portable device that is not SDMI-compliant. Allow the media file to be transferred to and played on a portable device that is not SDMI-compliant. Licenses issued by the Web site installed with Windows Media Rights Manager give this right by default.

  • Recover the license. Allow the license to be recovered by the consumer. License recovery is a feature that allows the Windows Media License Service to reissue licenses to consumers; however, this right is not relevant in a local-play environment (it is only relevant in combination with Windows Media License Service). Licenses issued by the Web site installed with Windows Media Rights Manager give this right by default.

  • Burn to CD. Allow the media file to be burned to a CD.

  • Mark as SDMI validated. Allow the media file to be marked as SDMI-validated content, transferred to an SDMI-compliant portable device, and played back. Only SDMI-validated content can be played on an SDMI-compliant playback device. For more information, see Indicating SDMI content later in this document.

  • Limit to one-time use. Allow the license to be used one time, and then delete the license. To enable one-time actions (for example, to play the file on a PC once and to burn the file to a CD once), you must issue different licenses for each action.

  • Allow streams to be saved. Allow a streamed media file to be saved to a disk (a Save button appears in the player). Because the license is located on the hard disk, consumers should also save streamed media files on the hard disk.

Indicating SDMI content

SDMI-validated content is digital media that has been screened according to SDMI specifications and can be played on an SDMI-compliant playback device. You can set a right that marks a media file as SDMI-validated content. If you also disallow the right to play the media file on a portable device that is not SDMI-compliant, the media file is considered to be SDMI-protected content.

The following table summarizes how to set rights to indicate SDMI content.

Transfer to portable devices that are not SDMI-compliant?

Mark as SDMI validated?

SDMI terminology

Yes/No

No

Unknown (not tested against SDMI rules)

No

Yes

SDMI-protected content

Yes

Yes

SDMI-validated content

How Windows Media SDKs affect rights

To work with packaged media files, applications must use either Windows Media Audio SDK or Windows Media Format SDK, which is an updated version of the Windows Media Audio SDK. Rights are interpreted by the application that runs a playback device, so if a particular application has not been updated with the most current Windows Media Format SDK, newer rights will be ignored. The rights defined in the Windows Media Audio SDK include the rights to play media files on a PC, transfer media files to a portable device that is not SDMI-compliant, and recover licenses. The rights defined in the Windows Media Format SDK also include the rights to burn media files to a CD, use a license one time, mark media files as SDMI content, and save streams to a disk. For example, if a media file is played with an application created with the Windows Media Audio SDK, the right to burn the file to a CD will be ignored.

Issuing multiple licenses

The conditions set in a license, such as an expiration period or a one-time use, apply to the license as a whole. Therefore, to achieve certain results, you can issue multiple licenses for the same media file. For example, you may want to allow a media file to be played on a PC for one month and be transferred to a portable device one time, so you must issue two licenses. The first license gives the right to play the media file on a PC and has an expiration period of 30 days. The second license gives the rights to transfer the media file to a portable device and use the license one time (this license is deleted once the media file has been transferred). For more information about setting an expiration period for a license, see the Expiration topic later in this document.

Licenses issued by client applications

A client application that generates licenses, such as a CD ripper, specifies the rights to include in each license. Generally, these licenses are created exactly as specified by the application. However, to comply with the SDMI specification, licenses are issued differently under certain conditions.

Note: These conditions apply only to applications using Windows Media Format SDK.

When the application marks content as SDMI validated and does not restrict a license to one-time use, multiple licenses are created. Rights in these licenses are typically set as follows:

  • One license allows unlimited playback on a PC. This license includes the rights specified by the application except the right to mark the content as SDMI validated. This license does not expire.

  • Three licenses allow the transfer of media files to SDMI-compliant devices. These licenses are one-time-use licenses that include the rights specified by the application and the right to mark the content as SDMI-validated.

When the application creates portable licenses (licenses that are created for media files that have been transferred to portable devices or portable media), rights are set as follows:

  • If the license is created for SDMI-compliant devices, the license does not include the right to transfer content to a device that is not SDMI-compliant.

  • If the license is created for devices that are not SDMI-compliant, the license does not include the right to mark content as SDMI validated.

  • The license does not include the right to burn the content to a CD.

  • The license does not include the right that restricts the license to one-time use (the license can be used multiple times).

  • The license does not include undefined rights (placeholders for future rights) in bytes 0 and 1 (for information about bytes 0 and 1, see the Setting the bits topic later in this document).

Expiration

You can set an expiration period for licenses, and the expiration date is determined at the time the license is issued. For example, you set licenses to expire after 30 days; therefore, the expiration date for licenses issued on June 1 will be July 1.

Application Security Level

The application security level is a value that ranks the security of a playback device application, for example an audio player. Different playback device applications have different levels of security. For example, a playback device application with a high security level can play SDMI-protected content, whereas a less secure application cannot.

Each license contains a value that indicates the minimum application security level that is required to play the media file. When a consumer tries to play the media file, the minimum application security level specified in the license is compared to the application security level of the playback device. The outcome of this comparison determines whether the media file can be played. For example, if a media file requires a minimum application security level of 200, only playback devices with an application security level of 200 or more can play the media file.

Determining the minimum application security level of a media file

The content owner determines the minimum application security level that is required to play his or her media files. As a content owner, if you want your media files to be available to a wide market, require a lower security level, for example 100. If you want to restrict playback of your media files to very secure playback devices, for example to ensure that your media files are protected, require a higher security level, although fewer playback devices will be able to play your media files.

When client applications such as CD rippers create packaged media files, a license is also created. This license contains the client application's default settings for rights and the minimum required application security level. These applications must have a security level greater than or equal to 450 to create SDMI-protected content or SDMI-validated content.

The following table shows general guidelines for the minimum application security levels required to play media files.

Security level

Media content

Example

100

General media files

CD-extracted content
Promotional clips

450

SDMI-protected content

New releases that can only be played on SDMI-compliant playback devices

Determining the application security level of a playback Device

The application security level of a playback device reflects the ability of the playback device to adhere to the content rules. The application security level is determined by an application certificate, which is issued by Microsoft. So, more secure applications will receive a certificate with a higher application security level. Applications that want to be SDMI-compliant must meet certain criteria, including their application security level, which must be at least 450.

Note: Licenses issued by applications with version 1.0 certificates are not SDMI-compliant, and the media files cannot be transferred to SDMI-compliant playback devices.

The following table shows examples of application security levels for different playback devices.

Security level

Application

Example

150

Applications that produce clear-text content

Windows Media Manager for Pocket PC

450

The first level of security intended to meet the needs of the SDMI specification; portable media must have a hardware serial number

SDMI-compliant playback devices

1,000

Audio players
PCs with software obfuscation (software code with hidden information)

Windows Media Player

2,000

PCs with protected audio stacks

Future playback devices

Setting the Properties of a License

You can set the rights, expiration, and application security levels in the licenses issued by Windows Media License Service through your Web site. The default Windows Media Rights Manager Web site uses ASP scripts for the license acquisition process and applies the same properties to all licenses that are issued. However, if you want to modify the license acquisition process, you can customize this script or create your own. For example, you can create a script that issues different licenses according to the content. Or, you can issue one-time-use licenses for playback to your site visitors as a promotion but issue licenses with unlimited playback to paying consumers.

This section describes how to modify the script in the default Web site to set the rights, the expiration, and the minimum required application security level.

Setting the Rights

Each license for a media file contains the rights that specify what the consumer is allowed to do. The Windows Media Rights Manager Web site allows the consumer to play a media file, to transfer it to a portable device, and to recover licenses.

You can change these rights as needed in the license acquisition script by specifying the rights that you want to block and rights that you want to give. When an unlicensed media file is played, the playback device sends a challenge string to Windows Media License Service to request a license. This challenge string contains the set of rights that the playback device is requesting. Windows Media License Service takes this request, removes the rights from it that you do not want to give, adds the rights that you do want to give (whether they are asked for or not), and then issues the license with the resulting set of rights.

Setting the bits

Two 32-bit arrays (an array has four sets of 8 bits, or 4 bytes) are used to specify the rights. The first array specifies the rights to block (disallow), and the second array specifies additional rights to give regardless of the rights that are requested. This arrangement means that you have greater control over the way you issue rights. For example, if you want to give very specific rights, you can simply disallow all rights that are requested by the playback device and specify only the rights you want to give.

Each of the 32 bits in an array corresponds to a right. With the exception of license recovery, allowed rights have a value of 1, and disallowed rights have a value of 0 (for the license recovery right, these values are reversed). At this time, rights have only been defined for 7 of the 32 bits; therefore, the remaining 25 bits in each array are always set to 0 (see the following tables).

Bit

Right

Settings

1

Play on PC

1 Allow playback on PC.
0 Do not allow playback on PC.

2

Transfer to a portable device that is not SDMI-compliant

1 Allow transfer to a portable device that is not SDMI-compliant.
0 Do not allow transfer to a portable device that is not SDMI-compliant.

4

Recover the license

1 Do not allow the license to be restored to the consumer by Windows Media License Service.
0 Allow license recovery.

8

Burn to CD

1 Allow burning to a CD.
0 Do not allow burning to a CD.

16

Mark as SDMI validated

1 Mark content as SDMI-validated. The media file can be played on any SDMI-compliant playback device.
0 Do not mark content as SDMI-validated.

32

Limit to one-time use

1 Delete license after it is used one time.
0 Do not restrict license to one-time use.

64

Save streams to disk

1 Allow streamed content to be saved to a disk.
0 Do not allow streamed content to be saved.

The following table shows an example of a 32-bit array. The first seven bits have a value of n, which can be 1 or 0. Because no other rights have been defined, all other bits always have a value of 0.

First set of 8 bits (byte 0)

128

64

32

16

8

4

2

1

0

n

n

n

n

n

n

n

Second set of 8 bits (byte 1)

  

 

 

 

 

 

 

128

64

32

16

8

4

2

1

0

0

0

0

0

0

0

0

Third set of 8 bits (byte 2)

  

 

 

 

 

 

 

128

64

32

16

8

4

2

1

0

0

0

0

0

0

0

1

Fourth set of 8 bits (byte 3)

  

 

 

 

 

 

 

128

64

32

16

8

8

4

2
1

0

0

0

0

0

0

0

0
0

Then, these values are represented in the license acquisition script as follows: the first four lines shown below correspond to the first 32-bit array, and the last four lines correspond to the second array. Each line corresponds to a byte:

rights(0) = x 
rights(1) = 0 
rights(2) = 0 
rights(3) = 0 
rights(4) = y 
rights(5) = 0 
rights(6) = 0 
rights(7) = 0

The value for x specifies the remaining rights to allow after you have specified the rights to disallow, and the value for y specifies the rights to give. Because no rights have been defined for bits in bytes 1, 2, or 3, all values for these bits are zero; therefore, the lines that correspond to these bytes are also zero.

To find the value for x, specify the rights you want to explicitly disallow by setting the corresponding bits to 0 (if a bit has a value of 1, the corresponding right will be allowed if it is requested in the playback device's challenge string). The value of x corresponds to the sum of the bits that are set to 1. For example, to disallow all rights except playback on a computer and burning to a CD (bits 8 and 1), assign values as follows.

Note: Bit 4 is an exceptionset it to 1 to disallow it and to 0 to allow it.

rights(0) = 13 
rights(1) = 0 
rights(2) = 0 
rights(3) = 0

Then, repeat this process to find y. Specify the rights you want to explicitly give, even if they are not requested, by setting the corresponding bits to 1 (except bit 4, which is disallowed when set to 1). If a bit has a value of 0, the corresponding right is not given, but will be allowed if it was requested by the playback device's challenge string and not explicitly disallowed. Then, the value of y corresponds to the sum of the bits that are set to 1.

Determining the final rights that are issued

The final rights are determined as follows:

final rights = (requested rights & 1st array) | 2nd array

where & represents the bitwise and operation, and | represents the bitwise or operation.

The following tables show how the and and or operations work, using example values A and B.

A

B

B&A

0

0

0

0

1

0

1

0

0

1

1

1

A

B

B|A

0

0

0

0

1

1

1

0

1

1

1

1

The and operation is used on the rights requested by the playback device and the rights to disallow; any time there is a 0, the result is 0. Therefore, when assigning values to the rights to disallow, use 0s to block rights and ignore the playback device's request. Use 1s to allow the requested rights.

The or operation is used to compare the previous results with the rights to give; any time there is a 1, the result is 1. Therefore, assign 1s to give specific rights. Use 0s if you do not want to give additional rights.

The resulting rights are included in the license.

To set the rights

In a text or HTML editor, open Getlic.asp, which is located in C:\Inetpub\Wwwroot\Wm by default.

Find the following lines:

rights(0) = 3 
rights(1) = 0 
rights(2) = 0 
rights(3) = 0 
rights(4) = 3 
rights(5) = 0 
rights(6) = 0 
rights(7) = 0

Change the values as needed, and then save the page.

Note: If you are creating a new license acquisition process, use the IssueLicense method of the License Server object. The varRights parameter determines how the rights are set. If this parameter is set to NULL, the client playback device is given the rights it requests. Otherwise, this parameter should be an array of 8 bytes, each ranging between 0 and 255.

Setting the Expiration

By default, licenses do not expire, but you can set an expiration period that determines the length of time for which a license is valid. The expiration date is then determined when the license is issued.

To set an expiration period

In a text or HTML editor, open Getlic.asp, which is located in C:\Inetpub\Wwwroot\Wm by default.

Find the following line:

days = null

Change this line in one of the following ways:

  • To specify an expiration period from the issue date, replace null with the number of days for which you want the license to be valid. For example, type 60 if you want licenses to expire after 60 days.

  • To specify an expiration date, replace null with DateDiff("d", Now(), # mm / dd / yyyy #), where mm is the month, dd is the day, and yyyy is the 4-digit year of the date on which you want the license to expire. For example, type DateDiff("d", Now(), #12/31/1999#).

Save the page.

Setting the Application Security Level

The application security level determines the minimum level of security that is required of the playback device. The default value is 100, but you can change this value in the license acquisition script.

The application security level is set using a 32-bit array, where w, x, y, and z are values between 0 and 255:

appsec(0) = w 
appsec(1) = x 
appsec(2) = y 
appsec(3) = z

The application security level is calculated as follows:

application security level = (256)3w + (256)2x + 256y + z

Therefore, for an application security level of 1,000, the values are as follows:

appsec(0) = 0 
appsec(1) = 0 
appsec(2) = 3 
appsec(3) = 232

because 0 + 0 + 256*3 + 232 = 1,000.

To set the minimum required application security level

In a text or HTML editor, open Getlic.asp, which is located in C:\Inetpub\Wwwroot\Wm by default.

Find the following lines:

appsec(0) = 0 
appsec(1) = 0 
appsec(2) = 0 
appsec(3) = 100

Change the values as needed, and then save the page.

For More Information

To learn more about Windows Media Rights Manager, see Windows Media Rights Manager Help. Windows Media Rights Manager is available for download from the Windows Media Technologies page at the Microsoft Web site.

To learn more about SDMI, see the Secure Digital Music Initiative Web site.

To learn more about piracy, Web licensing, and SDMI, see the Recording Industry Association of America Web site.

To register to receive a copy of the Windows Media Audio SDK or the Windows Media Format SDK, see the Windows Media Technologies page of the Microsoft Web site.