Without Secure Audio Path, when packaged digital music is played, the encrypted content passes to the DRM client component. The DRM client component verifies that the player and the component developed with the Microsoft Windows Media Format Software Development Kit (SDK) are valid. If they are valid, the DRM client component decrypts the content and sends it to the player, which then sends it to the audio components. At this point, the decrypted music is available to applications and plug-ins that can intercept the music, leaving it susceptible to tampering. The content is then passed to other system components until it reaches the sound card and is played.
In the Secure Audio Path model, the DRM client component passes encrypted content to the player, and the content remains encrypted until it reaches a DRM component in the computer kernel. Before decrypting and passing the content on to any other components, the DRM kernel component verifies that all remaining components in the path to the sound card are valid and authenticated. When this verification is completed, the content is decrypted and the music is played.
The following diagram compares the current DRM model with the Secure Audio Path model.
Viewing or Modifying the Music Signal
In the Secure Audio Path model, applications cannot be used to modify packaged music in any way. For example, when an application is used to intercept a music signal, the signal sounds like random noise. As a result, applications used to modify signals (such as an equalizer) cannot change the sound of the music.
Some applications are used to view a music signal. For example, some applications display flashing light patterns in time with the music signal, but do not modify it. To accommodate the use of such applications, a small part of the music is decrypted and passed in clear form with the encrypted content. The resulting signal is very poor (worse than telephone quality) but suffices for applications used to view signals.
Understanding the DRM Kernel Component
The DRM kernel component provides two basic features that protect the integrity of encrypted music.
First, the DRM client component and the DRM kernel component are in communication when a music file is played. This communication between components prevents anyone from tampering with the encrypted signal or from inserting false information.
Second, the DRM kernel component does not decrypt the music signal until all remaining components are authenticated. That is, before decrypting content and passing it to the next system component, the DRM kernel component verifies that each remaining component in the path to the sound card (each component that can access the content) is certified as SAP-compliant by Microsoft. The absence of a certificate can indicate that the component is a false driver or in some other way suspicious. So, if any of the remaining components fail a validation test by the DRM kernel, the signal is halted. Otherwise, if all components pass validation, the DRM kernel component decrypts the music and passes it to the next component.
Microsoft digitally certifies drivers that pass the Windows Hardware Quality Lab (WHQL) tests for SAP to assure consumers that they are using the highest-security drivers. This practice is standard and guarantees the authenticity of components because the certificate cannot be forged, nor can the code be modified without destroying the certificate. To learn more about Windows Hardware Quality Labs, see the Windows Hardware Quality Labs page at the Microsoft Web site.
Drivers included with Windows Millennium Edition and Windows XP are certified as SAP-compliant. Drivers that are not signed for use with Windows Millennium Edition cannot play packaged files that require both Secure Audio Path and certified drivers. All audio drivers included with Windows XP are signed for Secure Audio Path. Driver manufacturers can reissue updated versions of their drivers that are signed by WHQL, and publish them on the Internet for consumers to download.
Disabling Digital Output
You can also use Secure Audio Path to disable digital output on audio cards. By using this feature, content owners can disable digital output by setting a parameter in licenses for their music. If this parameter is set, Secure Audio Path forces the sound card to disable its digital output capability when playing packaged music. Users can listen to decrypted music, but they cannot make copies.
Note If you do not use this feature, consumers can make a perfect digital recording of protected music.
Driver Security Level
Each SAP-compliant audio driver has a security level, and content owners can specify the minimum security level a driver must have to play their packaged files.