FDRM Engine Suggested Requirements
4/8/2010
The following list provides recommendations for developing or evaluating the FDRM engine. The FDRM engine provides the following features:
- The DRM engine will implement the service provider version of all the FDRM APIs by providing a device driver that implements the API interface to the DRM engine.
- Facilitation of content download, extraction, and protection of FDRM content as it arrives onto the Windows Mobile device.
In OMA DRM v1, some protected content arrives in clear text. The FDRM engine should encrypt the content immediately after it arrives.
The DRM engine should protect all file types, that is, it should be content agnostic. This includes but is not limited to media, images, ringtones, documents, and executables. The device UID is recommended for use as the encryption key. This prevents protected content from being used if moved to another Windows Mobile device by means such as a removable storage card. - Facilitation of content and rights management and use through the FDRM APIs.
This includes interpreting the Rights Expression Language associated with the DRM engine being used. Content and rights management must adhere to the rules described by the DRM standard being implemented, for example, OMA DRM v1.0. - Facilitation of rights acquisition through the FDRM APIs.
This includes providing a push router client and an associated user interface to receive and process a rights object if it is received via a WAP push, that is, an unconfirmed push over a connectionless session service using the Push OTA Protocol service primitive Po-Unit-Push. The push router client will check the roles in the security policy to validate whether a message is from a privileged origin. - All FDRM-related UI through the FDRM APIs.
The FDRM engine, rather than the application, handles FDRM-related UI such as informing the user that rights expire on a specific date. Registry keys allow you to suppress elements of the FDRM UI. A UI that is consistent with Windows Mobile user interface guidelines is recommended. - Handles all errors returned from the FDRM APIs.
- Allows content to be protected anywhere on the Windows Mobile device including removable storage.
- File system filter.
This filter intercepts calls to the file system and checks to see whether the requested file is DRM protected. The file system filter should be marked as trusted. - Software secure clock.
This is an optional requirement that provides security for time-based rights. The software-based secure clock prevents users from rolling back the clock to evade time-based rights. The secure clock must allow users to change time and date as usual on their Windows Mobile device. - Performance & stability.
The implementation of rights management or decryption must not degrade sound and video playback by causing issues such as skipping or pausing. The DRM engine will not disrupt the performance of the Windows Mobile device, for example, it will not prevent placing or receiving phone calls.
For the OMA DRM V1 engine only, OMA generic content download OTA is also suggested. For OMA DRM v1, this is an optional component that is implemented by the FDRM engine provider. If this component is used, it must download all OMA generic content rather than only DRM content.