2.2.2.3.5 LICENSEDATA

The LICENSEDATA structure defines the data portion of a version 1 license, including the rights and security settings.

 typedef struct {
   char KID[25];
   BYTE key[80];
   BYTE rights[4];
   DWORD appSec;
   BYTE expiryDate[4];
 } LICENSEDATA;

KID: A 25-character array that contains the content key ID. The KID MUST be a value that uniquely identifies content for which the license is issued. Use of a base64-encoded GUID is recommended. This value is usually a copy of the KID value sent in the license challenge, but that is not technically required.

key: An 80-byte buffer that contains the encrypted RC4 content key (Kcontent) and a copy of its bitwise negation (Pcontent = ~Kcontent). This field is encrypted using ECC1 with KM. Prior to encryption and after decryption, bytes 0 through 6 of the plaintext represent Kcontent and bytes 7 through 13 of the plaintext represent Pcontent. These values can be compared to ensure that they were stored and transmitted properly by calculating

~(Kcontent ⊕ Pcontent)

If this value is not 0, Kcontent and/or Pcontent are suspect and cannot be used.

The key is secret and known only to the service.  How keys are stored and referenced is service implementation-dependent and not relevant to the protocol.

rights: A 4-byte buffer that contains the client rights for the licensed content. These values are logically combined in byte order. The value used for rights is entirely dependent on the service-business-logic implementation.

Byte Array

Meaning

{0x01,0x00,0x00,0x00}

0x01000000

The client is authorized to play back the content. This is known as RIGHT_PLAY_ON_PC.

{0x02,0x00,0x00,0x00}

0x02000000

The client is authorized to copy the licensed content to a device that is not compliant with the Secure Digital Music Initiative (SDMI). This is known as RIGHT_COPY_TO_NONSDMI_DEVICE.

{0x04,0x00,0x00,0x00}

0x04000000

The client is not authorized to restore the license content. This is known as RIGHT_NO_RESTORE.

{0x08,0x00,0x00,0x00}

0x08000000

The client is authorized to burn the licensed content to a CD. This is known as RIGHT_BURN_TO_CD.

{0x10,0x00,0x00,0x00}

0x10000000

The client is authorized to copy the licensed content to an SDMI device. This is known as RIGHT_COPY_TO_SDMI_DEVICE.

{0x20,0x00,0x00,0x00}

0x20000000

The client can perform any of the authorized actions one time. This is known as RIGHT_ONE_TIME.

{0x00,0x00,0x01,0x00}

0x00000100

The client is authorized to handle SDMI-generated events. This is known as RIGHT_SDMI_TRIGGER.

{0x00,0x00,0x02,0x00}

0x00000200

The client is not authorized to make any further SDMI copies of the licensed content. This is known as RIGHT_SDMI_NOMORECOPIES.

appSec: The minimum application security level required to play content associated with this license. The application security level is embedded within CA. Valid values range from 0 to 2000. The value used for appSec is entirely dependent on the service-business-logic implementation.

expiryDate: A 4-byte buffer that contains the date on which the license expires. All values are encoded as hexadecimal. The first byte contains the value of the first two digits of the year, the second contains the value of the last two digits of the year, the third contains the value of the month, and the fourth contains the value of the day. For example, the date 12/30/2002 is represented as {0x14, 0x02, 0x0C, 0x1E}. A value of { 0xFF, 0xFF, 0xFF, 0xFF } indicates that there is no expiration date for the license. The value used for expiryDate is entirely dependent on the service-business-logic implementation.

Cryptographic Sequence:

key = { Kcontent | Pcontent }KM

When content is encrypted, the packager generates a content key identifier (KID) and a content key as a pair. The key is used to encrypt the content, and the KID is placed in the content header of a license request.

The Digital Rights Management (DRM) component on the client computer can use this key to decrypt the content.