• Sidebar: Why Do DRM In-House?
• Illustration: Windows Media DRM License Acquisition

Windows Media Digital Rights Management (DRM) allows content owners to define what users may do with a digital audio or video file (such as copy it a certain number of times), enforcing these rules by encrypting content and then requiring users to get a license to decrypt it. Over the years, Microsoft has gradually improved Windows Media DRM for content owners, while making it less obtrusive to end users. Even so, the competitive landscape is slowly forcing Microsoft to support other DRM systems and copy-protection technology.

Main Customer: Content Owners

Microsoft built DRM into the Windows Media platform in 1999, hoping to convince content owners to support the Windows PC as a home entertainment device (for example, by offering high-value content over the Internet) rather than trying to thwart it (for example, by implementing technology that disables regular audio CDs from being played on a PC). Although DRM was a fairly new concept at the time, Microsoft could have licensed one or more DRM systems from companies specializing in the field. Yet, for business reasons, Microsoft chose to build its own DRM system. (See the sidebar "Why Do DRM In-House?".)

Since its introduction, Microsoft has gradually improved the capabilities of Windows Media DRM for content owners, adding support for more granular business rules (such as the ability to render content unplayable after a specific number of plays or transfers) and improving its security (for example, by adding the ability to revoke the right to play a piece of content after it's been distributed). The company has also enlisted consumer electronics companies and chip suppliers to support Windows Media DRM so that other types of devices, such as portable music players, can play protected content—important because content owners want to reach the widest possible audience.

When considering improvements to Windows Media DRM, Microsoft is primarily concerned with the needs of content owners. However, the technology (like any DRM system) must not be obtrusive beyond the point of enforcing content owners' restrictions. If it is, consumers will favor unprotected content, such as MP3 audio, or bypass the PC as an entertainment device entirely. To this end, Microsoft has slowly moved Windows Media DRM further into the background. For example, it has streamlined the process of acquiring licenses for content playback and is less aggressive in prompting users to apply DRM when they rip a file from an audio CD to a hard drive.

How Windows Media DRM Works

Windows Media DRM works by encrypting content, then requiring users to retrieve a license—granted only with the content owner's permission—to decrypt that content for playback.

When a user attempts to play a piece of protected content, a DRM component on the user's PC checks to see if the user has a license for that content. If not, it checks the header attached to the content for a URL where it can request the license. Often, the request is sent to a license clearinghouse that is separate from the content owner (such as a record company) and distributor (such as an online music store). For instance, a general-purpose online retailer might want to sell song downloads alongside many other products, but not want to negotiate use rights with content owners or set up the technology necessary to distribute licenses. Instead, the retailer could turn to a license clearinghouse, which might perform the same function for multiple online music stores.

Along with the license request, the DRM component also sends information about the content and non-personal information about the user's PC, such as which version of the DRM component is installed. The license clearinghouse checks this information and, if the user has rights to the content, distributes a license containing the key necessary to decrypt the content. (For a more detailed look at this process, see the illustration "Windows Media DRM License Acquisition".)

This license acquisition process can vary. For example, a content distributor might want to distribute a license with the content to enable immediate one-time playback but block further copying and usage (useful for live broadcasts), or a license clearinghouse could require a user to enter credit card or other information before delivering the license.

Beyond the PC

One way for Microsoft to differentiate the Windows Media platform from competitors is to make it support many different business models (such as "all-you-can-eat" subscriptions, pay-per-download, and rental) and devices beyond the PC. In some cases, however, content owners are reluctant to support these new scenarios unless Microsoft can assure them that they won't open new avenues for piracy.

To this end, Windows Media DRM 10, released in fall 2004, incorporated two new technologies: one for portable devices (including both dedicated music players and wireless-connected devices like cell phones) and one for digital media receivers attached to home networks.

Portable Devices

Before content owners would let users transfer content from subscription services to portable devices, they needed to be sure that they could disable the content on these devices if users stopped paying their subscription fees. Windows Media DRM 10 for Portable Devices, introduced in fall 2004 and often known by its code-name Janus, addresses this issue, as well as offering other benefits for content owners.

With Janus, each piece of content on a portable device contains a "leaf" license with information specific to that content, such as how many times it's been played previously. All pieces of content from a particular subscription service are then bound to a "root" license, also on the device, that describes when that content expires. Whenever the user attaches the device to his PC to download new content, it automatically downloads the latest versions of all root licenses. If the user stops paying his subscription fee for a particular service, the root license eventually runs past its expiration date (a software-based clock on each device is used to keep track of time) and the content becomes unplayable on that device.

Janus has other provisions for content owners, such as the ability to track playback of individual songs on each device (paving the way for new remuneration models) and the ability to prevent content from being transferred to devices with certain types of outputs (to prevent users from attaching a digital recorder to a device and recording the unencrypted, unprotected content).

Since its release, Napster, RealNetworks, and Yahoo have launched subscription-based music services that use Janus, and MSN Music will probably do so later in 2005. Portable device makers such as Creative, iRiver, RaveMP, Rio, and Samsung are shipping devices that support Janus. Both the services and devices are certified under a logo program, PlaysForSure, introduced around the same time as Janus.

Despite this early support, however, Apple continues to dominate the market for online music distribution with its iTunes Music Store, which uses a per-download model, and the market for portable devices with its iPod family of devices.

Networked Devices

Windows Media DRM 10 for Networked Devices, code-named Cardea, addresses content owners' concerns that a user could attach an unauthorized recording device to a home network (or to a node on a remote network posting as a home network), then make a perfect copy of the digital material after it's been decrypted on the PC.

With Cardea, when a networked digital media device is attached to a network, the PC uses certificates issued by Microsoft to identify and authenticate the device, and timed "ping" signals to ensure that the device is actually in the user's home. During playback, all content is encrypted, and the device must prove that it has taken certain security measures (such as turning off certain types of outputs) before it is allowed to decrypt the content.

All content from online sources with the PlaysForSure logo will play on Cardea-enabled devices. As of July 2005, six Cardea-enabled devices are available from D-Link and Roku, although some of them require a firmware update.

Future Directions

Windows Media DRM will continue to be a critical part of the Windows Media platform, and Microsoft will continue to improve its capabilities for content owners and the usage experience for end users.

Equally important, the company will continue to promote Windows Media DRM to the consumer electronics industry. For instance, in May 2005, the company signed a deal with Philips to incorporate support for Windows Media DRM 10 in a future chipset that it sells to consumer electronics manufacturers. This deal is significant because Philips has never supported Windows Media DRM, has spent considerable time investigating and developing alternate DRM systems, and has been an ally of Sony—one of Microsoft's major competitors in the digital media space.

Even so, two factors are forcing Microsoft to look beyond Windows Media DRM.

Interoperability. Many Microsoft competitors remain reluctant to support Windows Media DRM and have turned to alternatives, most of which are not interoperable with Windows Media DRM, nor with one another. As a consequence, consumers are faced with a confusing array of incompatible media sources and devices. This lack of interoperability threatens the PC's role as a home entertainment device.

Microsoft has been working with an industry body, the Digital Living Network Alliance (DLNA) for several years in an effort to resolve this and other problems. However, with no clear resolution in sight, the company will probably strike one-off deals to support third-party DRM systems in exchange for concessions from their proponents. For instance, in Jan. 2005, the company struck a deal with Nokia to support OMA DRM on the PC, in exchange for Nokia's agreeing to support Windows Media DRM on some future handsets.

PC architecture. Because the PC architecture was designed long before the PC was envisioned as a home entertainment device, there are many opportunities for sophisticated attackers to bypass any DRM system and steal content after it's been decrypted—for example, recording software can pose as a hardware driver, or end users can attach recording devices to digital outputs to make perfect copies. As a consequence, content owners remain wary about allowing certain content, particularly high-definition video, to be played on a PC.

To address this problem, Microsoft is taking a new approach with its next OS, code-named Longhorn and expected in 2006: instead of positioning Windows Media DRM as sufficient for protecting content, the company is building new content-protection technology directly into Windows, then enabling any application or third-party DRM system to take advantage of this technology.

Resources

Microsoft's Windows Media DRM page is located at www.microsoft.com/windows/windowsmedia/drm/default.aspx.

Technical articles about Windows Media DRM can be found at www.microsoft.com/windows/windowsmedia/knowledgecenter/technicalarticles.aspx#digitalrightsmanagement.

The Microsoft-Nokia deal is covered in "Nokia, Microsoft Sign Digital Music Deal" on page 26 of the Mar. 2005 Update.

Planned content protection technologies for Longhorn are covered in "New Content Protection Technology in Longhorn" on page 7 of the July 2005 Update.