DRM Security (Windows CE 5.0)
Security issues specific to DRM are provided with the unique digital signed components that you must obtain from Microsoft to build DRM-enabled run-time images. For information about how to obtain DRM components for Windows CE, see DRM OS Design Development.
Adding support for the DRM license acquisition OCX to your OS design will also add Internet Explorer your OS design. For more information, see Internet Explorer 6 Security.
The successful and continued operation of DRM in your run-time image depends on having DRM certificates stored in a secure manner. You should ensure that the DRM files on your Windows CE-based device remain hidden in ROM and are never copied to RAM. In addition, Microsoft recommends that you take whatever additional steps you can, such as file encryption, code obfuscation, and implementation of hardware-based capabilities, to protect the DRM files in ROM.
It is in your interest to protect the DRM certificates in your run-time image. If these certificates are compromised on any of your DRM client devices then it may be necessary for Microsoft to revoke those certificates at the DRM license servers. This will disable DRM on those client devices and prevent them from accessing any content protected with DRM. Because of this, the hardware design of your Windows CE-based device should allow for flash updates. This is the only way to restore DRM support to a device whose DRM certificates have been revoked.
See Also
Digital Rights Management | Enhancing the Security of a Device
Send Feedback on this topic to the authors