Revocation

Revocation is a process identifying clients that have compromised security, and it prevents them from getting access to additional licenses for decrypting content that has been protected.

When Microsoft identifies a client with compromised security, the device may be revoked and added to a revocation list. The revocation list is periodically downloaded by the license servers that issue licenses for protected content. License servers use this revocation list to deny licenses to portable and network devices that have been revoked, thereby preventing the device from playing new protected content.

Revocation lists are refreshed to personal computers and devices when they are not up to date. The revocation list may be issued along with licenses or separately from licenses. The DRM component on the computer or device checks this revocation list before transferring content to other devices. By preventing communication with revoked components, revoked apps no longer work. Once revoked, the only way to fix the situation is to replace the revoked element or remove the revoked component from a newer version of the revocation list.

Microsoft builds and maintains the revocation list and its versioning structure.

Note

If you are programming a Web app using HTML5 and Internet Explorer 11, revocation is carried out by the PlayReady Content Decryption Module. Your Web app does not need to be programmed to handle revocation.