Visible to Intel only — GUID: GUID-EAE4CA11-B314-437C-B6E6-7C6947E57874
Visible to Intel only — GUID: GUID-EAE4CA11-B314-437C-B6E6-7C6947E57874
DRM Solution Sample
Note: This sample is not included in the first public release of the Intel® Dynamic Application Loader (Intel® DAL) SDK. It will be provided in a future release.
This sample demonstrates how to use Intel DAL for Digital Rights Management (DRM) protected content.
Note: This sample only works on real hardware. It will not work in an emulated environment.
This sample includes a Reset button for resetting the sample. A reset cleans the trusted application's keys and metadata, and resets the trusted application's monotonic counter. In real use cases this option should NOT be readily exposed as it is a potential security vulnerability.
The DRM ability takes advantage of these Intel DAL features:
- Protected Terminal Display (PTD)
- Cryptography
- Monotonic counter
Following are the sample's components:
- Server: Delivers the DRM-protected content to the host.
- Host: Receives and stores the DRM-protected content; communicates with the trusted application (TA); transfers data from server to TA and graphics.
- Trusted Application: Generates 2 keys on installation: private and public. The keys are encrypted by the private key and are stored in the host. The host reloads them at each session opening.
- Protected Audio and Video Pipe (PAVP): Provides pipe for playing DRM-protected content.
When a protected file from the server is viewed across different platforms, the key that encrypts the server's AES-120 public symmetric key differs from platform to platform.
- First time: Host asks the TA to generate both its keys (private and public) and send them to the host. The public key is signed with the Intel® Enhanced Privacy ID (Intel® EPID). All other times: Host loads the keys and the encrypted data of how many times each picture was viewed into the TA. The TA decrypts the data and compares the monotonic counter data to the TA counter to avoid data replay.
- The host sends the public key to the server. The server verifies that the public key was signed by an Intel TA using an Intel EPID verification algorithm. For more details, see the EPID 1.1 Signing sample.
- The server packages the AES-128 public symmetric key with the UHID of the DRM-protected content and the number of times the content is allowed to be viewed. The server then encrypts this package with the TA's public key. The server sends the TA-specific TA-key-encrypted package and the general server-key-encrypted image to the host.
- The host stores the server-encrypted image and forwards the TA-key-encrypted package to the TA.
- The TA uses its private key to decrypt the package and extract the server's AES-128 symmetric public key. The TA also begins a view counter, Y, and checks that the DRM-protected content counter value, X, has not been exceeded. The TA indirectly acquires the PAVP key. There is no direct communication between the TA and the PAVP.
- The TA encrypts the server's AES-128 symmetric public key with the PAVP key and sends the encrypted key to the host.
- The host sends the PAVP key and DRM-protected content to the PAVP.
- The host sends the TA a request to store the data securely. The TA increments the monotonic counter, Y, and encrypts the new counter value along with the image ID mapped to the number of times viewed using the platform binding key.