Revoking Applications By Using Revocation Lists
Previous | Next |
Revoking Applications By Using Revocation Lists
To ensure that players known to be damaged or corrupted cannot access packaged files, Microsoft posts revocation data that you must install on each licensing server. This data is stored in a revocation information structure, and it includes a revocation information version (RIV) and the current revocation lists that contain all the application or device certificates of those players known to be damaged or corrupted.
To install the latest revocation data on a licensing server, go to the Microsoft Web site https://licenseserver.windowsmedia.com/ from that computer, and then click Download the Latest License Server Information. It is recommended that you automate this process. For more information about how often this process is required to occur, see your license agreement with Microsoft.
When a client application or device requests a license, the license challenge includes the client's revocation information structure, which contains an RIV and the revocation lists that the client supports. To determine whether the client revocation information is current, the license server compares its RIV to the client RIV.
- If the client RIV is older than that of the license server, the license server determines which of the client's revocation lists are out of date, and then adds updated versions to the license.
- If the client did not include any revocation information, the license server assumes the request is from an older client (based on version 10 or earlier of Windows Media technology) and includes the legacy revocation lists.
- If the client RIV is current or newer than that of the license server, the license server does not add any revocation information to the license.
Then, whenever a consumer plays a packaged Windows Media file , the player is checked against its local revocation lists. If the application or device certificate of that player is revoked, the player cannot play that packaged file or any other packaged files.
Note Your privacy statement should mention that revocation lists are stored on consumers' computers in addition to licenses. See your license agreement with Microsoft for more information.
Updating the client revocation information requires the following steps.
After receiving the license challenge from the client and populating the WMRMChallenge object, retrieve the revocation information using the WMRMChallenge.RevInfo and WMRMChallenge.RevInfoPresent properties.
Retrieve the types of revocation lists that are supported by the client using the WMRMLicGen.SupportedCRLS property.
When adding a license with the WMRMResponse object, use the WMRMResponse.AddRevocationData method to add updated revocations lists to the license if needed. If the client's revocation data was current, this method does not add anything to the license.
Note You must explicitly call this method to add revocation data to the license response. If you do not add this information, an error could be displayed to the end user.
The following Visual Basic Scripting Edition (VBScript) code examples show how to issue a license for a Windows Media file.
VBScript Example
<% Response.Buffer = True Response.Expires = 0 ' Declare variables and objects. Dim seed, contentowner_publickey, silent Dim strLicenseRequested, varHeader Dim kid, lResult, varKey, sRights Dim varLicense, LicenseResponse Dim strRevinfo, ContainsRevinfo, strClientCRLs Dim ChallengeObj, HeaderObj, KeysObj Dim RightsObj, LicGenObj, ResponseObj do ' Replace XXX with your own values. In real practice, you would ' retrieve these values from a database. seed = "XXX" ' License key seed used by the packaging server. contentowner_publickey = "XXX" ' Public signing key for the ' packaging server. ' Create objects. Set ChallengeObj = Server.CreateObject("WMRMobjs.WMRMChallenge") Set HeaderObj = Server.CreateObject("WMRMobjs.WMRMHeader") Set KeysObj = Server.CreateObject("WMRMobjs.WMRMKeys") Set RightsObj = Server.CreateObject("WMRMobjs.WMRMRights") Set LicGenObj = Server.CreateObject("WMRMobjs.WMRMLicGen") Set ResponseObj = Server.CreateObject("WMRMobjs.WMRMResponse") ' Find out whether the request is for silent or non-silent delivery. silent = true if (request.Form("nonsilent") <> "") then silent = false end if ' Put the license request (challenge) into the Challenge object, and then ' extract the content header and client information from it. strLicenseRequested = Request.Form("challenge") ChallengeObj.Challenge = strLicenseRequested varHeader = ChallengeObj.Header ' Check for revocation information. strRevinfo = ChallengeObj.RevInfo ContainsRevinfo = ChallengeObj.RevInfoPresent ' Put the content header into the Header object. Using the public key, ' verify that the content header has not been tampered with. The header ' is valid if the result equals 0. HeaderObj.Header = varHeader lResult = HeaderObj.Verify(contentowner_publickey) if (lResult = 0) then ' TODO: Process for a corrupted or modified header. end if ' Put the required individualization version from the content header ' into the WMRMLicGen object. indiversion = HeaderObj.IndividualizedVersion LicGenObj.IndividualizedVersion = indiversion ' Extract the key ID from the content header. Put the key ID and ' license key seed into the Keys object, and then generate the key. kid = HeaderObj.KeyID KeysObj.KeyID = kid KeysObj.Seed = seed varKey = KeysObj.GenerateKey() ' Get the certificate revocation lists that are supported by the client. strClientCRLs = LicGenObj.SupportedCRLS ' Set the rights. RightsObj.MinimumSecurityLevel = 1000 RightsObj.BeginDate = "#20050101Z #" RightsObj.ExpirationDate = "#20051231Z #" RightsObj.AllowBackupRestore = true RightsObj.AllowCopy = false RightsObj.AllowTransferToSDMI = false RightsObj.AllowTransferToNonSDMI = false RightsObj.DeleteOnClockRollback = false RightsObj.DisableOnClockRollback = true SRights = RightsObj.GetAllRights ' Put the license information into the License Generator object. ' Including the following attributes is recommended. LicGenObj.KeyID = kid LicGenObj.SetKey "", varKey LicGenObj.Rights = sRights LicGenObj.Priority = 10 LicGenObj.Attribute("Copyright") = "copyright statement" LicGenObj.Attribute("ContentType") = "audio or video" LicGenObj.Attribute("Author") = "artist name" LicGenObj.Attribute("ArtistURL") = "https://artist_web_site" LicGenObj.Attribute("Title") = "title" LicGenObj.Attribute("LicenseDistributor") = "license issuer" LicGenObj.Attribute("LicenseDistributorURL") = "https://license_issuer_web_site" LicGenObj.Attribute("ContentDistributor") = "content distributor" LicGenObj.Attribute("Rating") = "rating" LicGenObj.Attribute("Description") = "description" ' Bind the license to the public key, and then generate the license. ' GetLicenseToDeliver fails if the client has been revoked. LicGenObj.BindToPubKey = contentowner_publickey varLicense = LicGenObj.GetLicenseToDeliver() ' Use the Response object to deliver the license. If the client does ' not allow silent license delivery, display a page (Silent_ns.asp) ' saying that a license has been delivered. call ResponseObj.AddLicense("2.0.0.0", varLicense) call ResponseObj.AddRevocationData(strRevinfo, strClientCRLs, ContainsRevinfo) if (silent = true) then LicenseResponse = ResponseObj.GetLicenseResponse() Response.Write LicenseResponse else ' ResponseObj.ReplaceQuotesWith = """""" ' For VBScript ResponseObj.ReplaceQuotesWith = "\""" ' For JavaScript LicenseResponse = ResponseObj.GetLicenseResponse() %> <!-- #include file="Silent_ns.asp" --> <% end if %>
The following page is used when licenses cannot be issued silently.
Silent_ns.asp
<html> <head> <script Language="JavaScript"> function Storev71License(hr) { LicenseObj.StoreLicense( "<%= LicenseResponse %>" ); } </script> </head> <body onload="Storev71License()"> <object classid="clsid:A9FC132B-096D-460B-B7D5-1DB0FAE0C062" height="0" id="LicenseObj" width="0"> <embed mayscript type="application/x-drm-v2" hidden="true"> </object> You have received a license for this song. Click Play. </body> </html>
See Also
Previous | Next |