Protected Media Path

Last updated

The Protected Media Path is a set of technologies creating a "Protected Environment," first included in Microsoft's Windows Vista operating system, that is used to enforce digital rights management (or DRM) protections on content. Its subsets are Protected Video Path (PVP) and Protected User Mode Audio (PUMA). Any application that uses Protected Media Path in Windows uses Media Foundation.

Contents

Overview

The protected environment in which DRM content is played contains the media components that play DRM content, so the application only needs to provide remote control (play, rewind, pause, and so on), rather than having to handle unprotected content data. The protected environment also provides all the necessary support for Microsoft-approved (signed) third-party software modules to be added. It provides a "wall" against outside copying, where within the walls, content can be processed without making the content available to unapproved software.

In order to prevent users from copying DRM content, Windows Vista provides process isolation and continually monitors what kernel-mode software is loaded. If an unverified component is detected, then Vista will stop playing DRM content, rather than risk having the content copied. The protected environment is implemented completely in software, so software-based attacks such as patching the Windows kernel are possible. [1]

These restrictions concern the various outputs from the PC. For DRM content, digital outputs such as Digital Visual Interface (DVI) and High Definition Multimedia Interface (HDMI) will have High-bandwidth Digital Content Protection (HDCP) enabled, to prevent someone from recording the digital stream. Even analog TV-style outputs typically require some restrictions, provided by mechanisms such as Macrovision and CGMS-A. These restrictions only apply to DRM-restricted content, such as HD DVD or Blu-ray that are encrypted with AACS, and also apply in Windows XP using supported playback applications. [2] [3] Users' standard unprotected content will not have these restrictions. Some output types such as S/PDIF (Sony/Philips Digital Interchange Format) typically don't have a suitable DRM scheme available, so these need to be turned off reliably if the content so specifies.

In Vista, the control of PC video outputs is provided by PVP-OPM, which is essentially the next generation of Certified Output Protection Protocol (COPP) introduced in Windows XP. However, rather than being a software application programming interface, PVP-OPM operates with the Windows media components in the protected environment.

Additionally, PVP-UAB (Protected Video Path - User-Accessible Bus) is used to encrypt video and audio data as it passes over the PCI-Express bus, to prevent it from being intercepted and copied on the way to the graphics card. It is complementary to PVP Output Protection Management.

Possible bypass

In January 2007 the developer Alex Ionescu announced that he had found a method that allows end users to bypass Vista's Protected Media Path. This would allow digital content to be played on equipment that does not implement DRM restriction measures (like rescaling of video resolutions and disabling analog audio outputs). However, he did not release any source code in fear of a Microsoft lawsuit regarding possible violation of the DMCA. [4] On 6 March 2007, Microsoft responded after internal testing that the described method would not work. [5]

Criticism

In addition to common criticisms against Digital Rights Management schemes, there has been speculation that this scheme has been motivated by the fact that it would affect official free/open source graphics driver support by manufacturers. The scheme relies on the internals of graphics cards to tell whether the hardware is trustworthy (permitted to play copy-protected content). This could be subverted if an attacker knows certain details about the hardware's operation, which could be disclosed by hardware documentation or open source device drivers. [6] However, this will not affect platform independency, as the scheme is provided with no charge. [7]

Microsoft has frequently been accused of adding the Protected Media Path feature to Vista to block customers from copying rightfully owned media content [8] (a practice believed to be protected by Fair Use provisions of the Copyright Act), and the feature is widely quoted as an example of Microsoft's uncompromising adherence to DRM.

These accusations have never gained much traction[ citation needed ] largely because Vista treats non-DRM media exactly the same as previous versions of Windows, and that following Vista's release there has been no change in the availability of free/open source drivers from graphics hardware manufacturers.[ citation needed ]

See also

Related Research Articles

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of confidential computing. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software. Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.

<span class="mw-page-title-main">Next-Generation Secure Computing Base</span> Software architecture by Microsoft

The Next-Generation Secure Computing Base is a software architecture designed by Microsoft which claimed to provide users of the Windows operating system with better privacy, security, and system integrity. NGSCB was the result of years of research and development within Microsoft to create a secure computing solution that equaled the security of closed platforms such as set-top boxes while simultaneously preserving the backward compatibility, flexibility, and openness of the Windows operating system. Microsoft's primary stated objective with NGSCB was to "protect software from software."

A broadcast flag is a bit field sent in the data stream of a digital television program that indicates whether or not the data stream can be recorded, or if there are any restrictions on recorded content. Possible restrictions include the inability to save an unencrypted digital program to a hard disk or other non-volatile storage, inability to make secondary copies of recorded content, forceful reduction of quality when recording, and inability to skip over commercials.

High-bandwidth Digital Content Protection (HDCP) is a form of digital copy protection developed by Intel Corporation to prevent copying of digital audio and video content as it travels across connections. Types of connections include DisplayPort (DP), Digital Visual Interface (DVI), and High-Definition Multimedia Interface (HDMI), as well as less popular or now deprecated protocols like Gigabit Video Interface (GVIF) and Unified Display Interface (UDI).

<span class="mw-page-title-main">Copy Control</span>

Copy Control was the generic name of a copy prevention system, used from 2001 until 2006 on several digital audio disc releases by EMI Group and Sony BMG Music Entertainment in several regions. It should not be confused with the CopyControl computer software copy protection system introduced by Microcosm Ltd in 1989.

SafeDisc is a copy protection program for Microsoft Windows applications and games distributed on optical disc. Created by Macrovision Corporation, it was aimed to hinder unauthorized disc duplication. The program was first introduced in 1998 and was discontinued on March 31, 2009.

SecuROM is a CD/DVD copy protection and digital rights management (DRM) system developed by Sony DADC and introduced in 1998. It aims to prevent unauthorised copying and reverse engineering of software, primarily commercial computer games running on Windows. The method of disc protection in later versions is data position measurement, which may be used in conjunction with online activation DRM. SecuROM gained prominence in the late 2000s but generated controversy because of its requirement for frequent online authentication and strict key activation limits. A 2008 class-action lawsuit was filed against Electronic Arts for its use of SecuROM in the video game Spore. Opponents, including the Electronic Frontier Foundation, believe that fair-use rights are restricted by DRM applications such as SecuROM.

<span class="mw-page-title-main">MediaMax CD-3</span>

MediaMax CD-3 is a software package created by SunnComm which was sold as a form of copy protection for compact discs. It was used by the record label RCA Records/BMG, and targets both Microsoft Windows and Mac OS X. Elected officials and computer security experts regard the software as a form of malware since its purpose is to intercept and inhibit normal computer operation without the user's authorization. MediaMax received media attention in late 2005 in fallout from the Sony XCP copy protection scandal.

<span class="mw-page-title-main">Windows Vista</span> Seventh major release of Windows NT

Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft Windows. It was released to manufacturing on November 8, 2006, and over the following two months, it was released in stages to business customers, original equipment manufacturers (OEMs), and retail channels. On January 30, 2007, it was released internationally and was made available for purchase and download from the Windows Marketplace; it is the first release of Windows to be made available through a digital distribution platform.

DirectX Video Acceleration (DXVA) is a Microsoft API specification for the Microsoft Windows and Xbox 360 platforms that allows video decoding to be hardware-accelerated. The pipeline allows certain CPU-intensive operations such as iDCT, motion compensation and deinterlacing to be offloaded to the GPU. DXVA 2.0 allows more operations, including video capturing and processing operations, to be hardware-accelerated as well.

Desktop Window Manager is the compositing window manager in Microsoft Windows since Windows Vista that enables the use of hardware acceleration to render the graphical user interface of Windows.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

Windows Vista, an operating system released by Microsoft for consumers on January 30, 2007, has been widely criticized by reviewers and users. Due to issues with new security features, performance, driver support and product activation, Windows Vista has been the subject of a number of negative assessments by various groups.

Windows Vista has many significant new features compared with previous Microsoft Windows versions, covering most aspects of the operating system.

<span class="mw-page-title-main">Security of Advanced Access Content System</span>

The security of Advanced Access Content System (AACS) has been a subject of discussion amongst security researchers, high definition video enthusiasts, and consumers at large since its inception. A successor to Content Scramble System (CSS), the digital rights management mechanism used by commercial DVDs, AACS was intended to improve upon the design of CSS by addressing flaws which had led to the total circumvention of CSS in 1999. The AACS system relies on a subset difference tree combined with a certificate revocation mechanism to ensure the security of high definition video content in the event of a compromise.

The various versions of Microsoft's desktop operating system, Windows, have received various criticisms since Microsoft's inception.

PlayReady is a media file copy prevention technology from Microsoft that includes encryption, output prevention and digital rights management (DRM). It was announced in February 2007.

Windows XP and Windows Vista differ considerably in regards to their security architecture, networking technologies, management and administration, shell and user interface, and mobile computing. Windows XP has suffered criticism for security problems and issues with performance. Vista has received criticism for issues with performance and product activation. Another common criticism of Vista concerns the integration of new forms of DRM into the operating system, and User Account Control (UAC) security technology.

The analog hole is a perceived fundamental and inevitable vulnerability in copy protection schemes for noninteractive works in digital formats which can be exploited to duplicate copy-protected works using analog means. Once digital information is converted to a human-perceptible (analog) form, it is a relatively simple matter to digitally recapture that analog reproduction in an unrestricted form, thereby fundamentally circumventing any and all restrictions placed on copyrighted digitally distributed work. Media publishers who use digital rights management (DRM), to restrict how a work can be used, perceive the necessity to make it visible or audible as a "hole" in the control that DRM otherwise affords them.

<span class="mw-page-title-main">Digital rights management</span> Technology to control access to copyrighted works and prevent unauthorized copying

Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures (TPM), such as access control technologies, can restrict the use of proprietary hardware and copyrighted works. DRM technologies govern the use, modification and distribution of copyrighted works and of systems that enforce these policies within devices. DRM technologies include licensing agreements and encryption.

References

  1. Ionescu, Alex. "Introducing D-Pin Purr v1.0 - 32bit Edition." Retrieved on April 11, 2007.
  2. CyberLink Customer Support - FAQ - What operating system should I have installed on my computer when playing Blu-ray Disc or HD DVD titles?
  3. CyberLink Customer Support - FAQ - PowerDVD displays an error message "The playback of this content is not allowed with a digital output device. Please use an analog output device."
  4. "Alex Ionescu's Blog » Update on Driver Signing Bypass". Archived from the original on 2007-09-28. Retrieved 2007-10-28.
  5. "Alex Ionescu's Blog » Vista DRM Issue Aftermath". Archived from the original on 2007-09-28. Retrieved 2007-10-28.
  6. Peter Gutmann (2006-12-26). "A Cost Analysis of Windows Vista Content Protection" . Retrieved 2007-01-28.{{cite journal}}: Cite journal requires |journal= (help)
  7. How to Play Protected Media Files (Windows)
  8. Why Microsoft must abandon Vista to save itself | The Digital Home – Don Reisinger's take on the tech closest to home – CNET Blogs [ permanent dead link ]