3.3.5.1 Registration Details
The transmitter MUST maintain a record of all registered receivers. This collection of records is referred to as the device registration database. Any implementation-specific data storage can be used to store this collection of records.
The transmitter performs registration through the following steps:
The transmitter MUST receive the registration request message that is sent by the receiver. The registration request message contains the following: the WMDRM: Network Devices Protocol version number that is supported by the receiver, its device certificate signed by Microsoft (which includes a 1024-bit RSA public key), and a serial number.
The transmitter MUST parse the registration request message and validate the receiver's device certificate. The certificate MUST be validated according to the rules specified in the Machine Certificate Specification [XMR].
The transmitter MUST verify that the device certificate has not been revoked. The transmitter checks each certificate in the chain against the CRL. If a receiver's certificate has been revoked, it MUST NOT be allowed to register, revalidate, or start a data transfer. For more information on CRLs, see section 2.2.1.5.3.
The transmitter MUST generate a seed and use it to generate three 128-bit numbers: the content encryption key, the content integrity key, and the authenticated commands key.
The transmitter MUST add the device to its device registration database. The transmitter MUST NOT transfer content to more than 10 different receivers simultaneously.
The transmitter MUST send the registration response message to the receiver. The message contains the following: a random session identifier, the seed (encrypted with the public key of the receiver), the serial number of the receiver, the WMDRM: Network Devices Protocol version number supported by the transmitter, the IP address and port number of the transmitter (for proximity detection), and the OMAC [OMAC] of the message, which is computed using the content integrity key. A new random session identifier MUST be generated for every registration response message.