The purpose of output protection is to increase content protection during transmission between a computer’s video or audio output port and the input port of another device such as a monitor or set of speakers (output). hot wallpapers,640-802 Testking, Gestion Documental This is useful to prevent someone from intercepting copy protected content “en route” between such devices, known commonly as an ”analog hole”.

Output Protection is specialized stuff and so this post will be a bit arcane to most, but will hopefully be useful to a few folks out there who are familiar with OP and want to integrate it into their Silverlight apps.

Contents:

• What does Output Protection Consist Of?
  • Policy Data
  • PolicyManager
  • Secured and Compliant Drivers
  • A Secured and Encrypted Channel
  • A Secured Output
• Silverlight Support for Output Protection
  • PlayReady License Format Support
  • Implicit Video OPL mapping to Silverlight platforms
  • Implicit Uncompressed Digital Audio OPL Mapping to Silverlight Platforms
  • Mixed Capabilities on the Same or Different Types of Outputs
  • COPP and OPM Driver considerations
• API and Error Messages
  • API
  • Error Messages
• See Also

What does Output Protection Consist Of?

Output Protection schemes are made up of many parts but there are at least five key parts and technologies related to any given output protection scheme. These five key parts are license policy data, a policy manager, a secured and compliant driver, an encrypted channel from an output port, and a compliant output device. The following sections go over these key parts.

Policy Data
This is the data inside a license, such as a PlayReady DRM license. Licenses can contain policies which explicitly declare that content requires a specific degree and form of output protection using a series of GUIDs or licenses can contain policies that have a single number per output indicating a desired protection level which must in turn be mapped to different forms and degrees of output protection.

Below are examples of the policies that can be requested using implicit protection level based output protection mechanisms.

• Unrestricted: indicates that the content is likely of lower relative value and that it can flow anywhere.
• Best Effort: indicates that the content is of higher value and that output protection should be attempted but if it cannot be engaged, allow the content to flow anyway.
• Restricted: indicates that content is of very high value and that it should not be allowed to flow over an unsecured channel.
• Disallowed: indicates that the content should not be allowed to flow through any channel whether secured or unsecured.

PolicyManager

The policy manager takes data from individual licenses and communicates with a compliant driver to discover the capabilities of the driver, video card, audio card, any devices between the monitor or speakers and the computer, and the monitor itself. Based on the information that the policy manager gets back from the license’s requested output protection level and what the hardware supports, the policy manager decides if and how content should flow and over what outputs, or returns an error. When you use Silverlight, Silverlight is the policy manager.

Secured and Compliant Drivers

A secured and compliant video or audio driver is one that meets a content protection bar (for example, part of the Windows logo program) and that implements, in the case of Silverlight output protection, the driver interfaces of OPM or COPP.

COPP

COPP is the Certified Output Protection Protocol and is an interface for display drivers to implement which allows applications to query a graphics card and the devices connected to it for their support levels of various output protection mechanisms.

COPP is available for Windows Server 2003 SP1 and Windows XP SP 2 and later operating systems.

OPM
OPM is the Output Protection Manager and similar to COPP, it is an interface for display drivers to implement which allows applications to query a graphics card and the devices connected to it for their support levels of various Output Protection mechanisms.

OPM builds upon COPP to fix a number of fundamental issues such as an inability to have a multi-monitor setup running in Clone mode and the inability to have a repeater between the computer and the rendering device.

OPM is available for Windows Vista, Windows Server 2008 (Media Desktop Experience needed), and later.

A Secured and Encrypted Channel
There are many technologies for actually communicating encrypted video frames and audio samples from the video card or audio card to a secured output. There is: Analog Copy Protection (ACP), Content Generation Management System Analog (CGMS-A), High-bandwidth Digital Content Protection (HDCP), and DisplayPort Content Protection Protocol (DPCP) where only the HDCP and DPCP are actually capable of transmitting audio.

The above protocols work over a large number of actual output ports such as component, composite, S-video, VGA, HDMI, DVI, and DisplayPort.

Note: In the path between the graphics card and the display there could be other things present. For example, a computer could be hooked up to a receiver which is hooked up to a television. Alternately, a computer could be hooked up to a KVM switch. Each of these must also support the form of output protection desired.

Note: Various output protection technologies only work with certain ports.

Note 3: Most common graphics cards encountered today do not have direct composite and component outputs. To get the composite and component outputs, you would typically use an adaptor from an S-Video port.
 
A Secured Output
The output device must understand the secure protocol being used to communicate content to it. For example, most displays today understand HDCP.

Silverlight Support for Output Protection 

PlayReady License Format Support

The Silverlight runtime only supports implicit output protection levels contained in the optional Output Protection Level Restriction Object as defined in section 4.2.2.1 of the PlayReady XMR specification (specification found in the documentation pack that comes with PlayReady). If a license does not contain an Output Protection Level Restriction Object with audio or video output protection levels specified, then Silverlight will not attempt to engage any form of output protection. 

Implicit Video OPL mapping to Silverlight platforms

Below is a mapping of the various Output Protection Policies that PlayReady DRM defines to their net effect in the Silverlight runtime.

The top, uncolored portion, of each cell represents the high-level interpretation and what output protection mechanism could be employed. The bottom, colored portion, of each cell represents the action the Silverlight runtime will take upon encountering the given level.

Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2, and Windows 7

The table below represents that the Silverlight runtime support HDCP output protection levels over DVI and HDMI on Windows operating systems.

Support on Windows Vista and later operating systems will be via the OPM APIs while support on Windows XP up to but not including Windows Vista will be via the COPP APIs.

Implicit Uncompressed Digital Audio OPL Mapping to Silverlight Platforms

Audio mapping across all Silverlight platforms is exactly the same.

Mixed Capabilities on the Same or Different Types of Outputs

In the course of usage, it could happen that one monitor is connected via an output which supports protection while another is connected via an output which does not. For instance a computer is connected to a TV which does not support output protection as well as to a monitor which does.

In these cases where there are mixed capabilities, both connections must conform to the license’s requested output protection level or be blocked. Put another way, output protection policy is interpreted based on the least protective port provided and the following interpretations to the four basic policies are added.

• Unrestricted — no change in interpretation, connection can be over any combination of protected or unprotected ports
• Best Efforts – If one or more of the outputs cannot support the content protection, then after all the outputs have been tried (and some failed) then content is played.
• Restricted — if all connections cannot engage output protection to the desired level, block content playback
• Disallow — no change in interpretation as all content output it already blocked

COPP and OPM Driver considerations

Before using COPP or OPM, the graphics card’s OPM or COPP certificate must be validated and then checked to ensure that it is not on a revoked list. If the certificate is either revoked or is not valid when checked, the Silverlight runtime will raise MediaFailed with the 6036 error code.

For more information on how to validate and check against the revocation list, see Validating the Certificate Chain covering this topic.

API and Error Messages

API

You can use the following Silverlight API to detect the output protection available on a device. You can then add this information to a license request (see DRM Overview) and then determine on the server whether or not to playback content.

·         LicenseManagement.VideoOutputConnectors Property: Gets from the graphics card all of the data on connector types and what output protections Silverlight can engage for each video output.

·         VideoOutputConnector Class: Returned by the VideoOutputConnectors Property and provides the actual data on connector types and what output protections Silverlight can engage.

·         VideoOutputConnectorType Enumeration: Returned by the VideoOutputConnector.ConnectorType Property, this enumeration defines of all of the commonly available output connector types.

Error Messages

The errors for this feature will all propagate through the MediaFailed event and are all related to changes during playback.

6030 AG_E_DRM_OUTPUT_PROTECTION_REQUIRED “This content requires an output protection which cannot be enabled on this machine”

This error is raised via the MediaFailed event whenever a license contains an unsupported license protection. This error is raised before the MediaOpened event has been raised.

6031 AG_E_DRM_OUTPUT_LINK_LOST “The integrity of the secured video output connection has been compromised or lost”

This error is raised via the MediaFailed event whenever Silverlight polls the OPM interface via GetInformation and the OPM_STATUS_LINK_LOST flag is returned.

6032 AG_E_DRM_RENEGOTIATION_REQUIRED “The secured graphics connection requires renegotiation but could not be renegotiated”

This error is raised via the MediaFailed event whenever Silverlight polls the OPM interface via GetInformation and the OPM_STATUS_RENEGOTIATION_REQUIRED flag is returned.

6033 AG_E_DRM_REVOKED_HDCP_DEVICE_ATTACHED “A revoked High-Bandwidth Digital Content Protection (HDCP) device is attached to the video output”

This error is raised via the MediaFailed event whenever Silverlight polls the OPM interface via GetInformation and the OPM_STATUS_REVOKED_HDCP_DEVICE_ATTACHED flag is returned.

6034 AG_E_DRM_OUTPUT_PROTECTION_TAMPERING_DETECTED “The graphics adapter or the driver has been tampered with.”

This error will be raised via the MediaFailed event whenever Silverlight polls the OPM interface via GetInformation and the OPM_STATUS_TAMPERING_DETECTED flag is returned.

6035 AG_E_DRM_OUTPUT_ADDED “A new graphics connection was added during playback and playback was halted”

WM_DeviceChange/RegisterDeviceNotification is used to keep track of monitors being added. If a new monitor is added during playback of protected content requiring output protections and only protected content requiring output protections, the MediaFailed event is raised.

6036 AG_E_DRM_INVALID_DRIVER “Graphics device’s driver certificate is invalid.”

This is raised whenever the runtime encounters a bad OPM or COPP certificate.

See Also

• PlayReady Complaince and Robustness Rules 
• Implementation Tips and Requirements for OPM