Automated Component Revocation and Renewal
Software applications or components that are considered compromised can be revoked by Microsoft. The Windows Media Format Client Extended API provides a mechanism for the automated revocation and renewal of components.
Revoked components are listed in a certificate revocation list, which is published by Microsoft. When a component is revoked, its certificate is added to the certificate revocation list, and the revocation information BLOB (REV_INFO) is updated on the Microsoft servers.
To perform automated revocation and renewal when a user attempts to process Windows Media DRM protected content, your application must do the following:
- Extract the REV_INFO version from the license. The REV_INFO version number is located in the following location in an XMR license:
- Compare the REV_INFO version number of the license with the REV_INFO version number in the local store by calling the IWMDRMSecurity::GetRevocationDataVersion method.
- If the REV_INFO version is not up to date, call the IWMDRMSecurity::PerformSecurityUpdate method, passing the WMDRM_SECURITY_PERFORM_REVOCATION_REFRESH flag in the dwFlags parameter.
- Retrieve the certificate revocation list from the local store by calling the IWMDRMSecurity::GetRevocationData method.
- Parse the revocation list, and check for Windows Media DRM revocations. For more information, see Checking Certificate Revocation.
- If there are any Windows Media DRM revocations:
- Create a content enabler to renew the revoked components by calling the IWMDRMSecurity::GetContentEnablersForRevocations method.
- Call IMFContentEnabler::AutomaticEnable which directs the user to a URL that contains component renewal information. This method is documented in the Media Foundation SDK (http://msdn.microsoft.com/en-us/library/ms694197(VS.85).aspx).
Note You must clarify this process to the user through the use of a privacy statement because the update process sends information from the client computer to a Microsoft Web site.
- If possible, the user will renew the component from the URL, either automatically or by following specific instructions. There will be some situations in which the component cannot be renewed.
- Try to access the content again until there are no more revocations, or the process is halted for some reason.