Secured Design Goals

Secured device and content methodology is contained completely within Windows Media Device Manager. Applications that interact with Windows Media Device Manager do not have direct access to the secured content. This means that all operations that need to be of a trusted level, such as ensuring the integrity of secured content and the rights and policies that go with that secured content, are automated and hidden from an application.

Secured Content

Windows Media Device Manager is designed with a view to the future for secured content providers. The internal design supports modular upgrades and revisions of secured interfaces, which are provided by secured content management entities. The media content industry will continue to grow and various providers with differing means of maintaining content security will emerge. These providers will be able to take direct advantage of the Windows Media Device Manager implementation by providing a security module (a COM object itself) that Windows Media Device Manager can recognize and support, but is transparent to the application.

Trust Mechanisms

Applications and content security providers may be concerned with the trust levels of Windows Media Device Manager operations. To verify authenticity from Windows Media Device Manager implementations, they can use Digital Signature Authentication mechanisms that are provided with a software component. Within the Windows Media Device Manager implementation, secured media components must be able to provide an authentication signature. The Service Provider for the secured device and the application must each communicate with Windows Media Device Manager in a secure manner, by exchanging their authentication certificates. They also must trust that Windows Media Device Manager will not communicate with any untrusted components.

Windows Media Device Manager implementations and the devices they support can use trust to determine which functions an application can access, by requiring the same authenticity verification from applications. Given the run-time linking involved in COM implementations, denying access to a function truly means denying access to any unauthorized means of exposing that function.