Secure Authenticated Channel Interface
.gif) |
The Secure Authenticated Channel (SAC) interface provides secure, encrypted communication among modules of Windows Media Device Manager.
The SAC interface is implemented by the IComponentAuthenticate interface.
Two classes are provided to support the SAC. They are:
All methods of Windows Media Device Manager, service provider, and secure content provider interfaces can return WMDM_E_NOT_CERTIFIED to indicate that the caller has not authenticated successfully.
Applications use the IComponentAuthenticate interface provided in Windows Media Device Manager, while service providers and secure content providers must implement their own IComponentAuthenticate interfaces. To accomplish these tasks, use the following procedures:
- To Use IComponentAuthenticate with an Application
- To Implement IComponentAuthenticate in a Service Provider
A secured authentication channel uses the message authentication code algorithm (MAC) for content security and integrity during transfers between components. The MAC is a keyed hashing algorithm used by the MACInit, MACFinal, and MACUpdate methods of the CSecureChannelServer and CSecureChannelClient classes. The result of MACFinal is a message authentication code. The algorithm processing is not exposed to the user.
The parameters and methods that are required to use the message authentication code algorithm and encryption are listed in the following tables.
The following parameters are used during content transfers between the application and Windows Media Device Manager components. They require encryption.
| Interface | Method | Parameter |
| IWMDMOperation | TransferObjectData | pData |
The following parameters are used during content transfers between Windows Media Device Manager and service provider components. They require encryption.
| Interface | Method | Parameter |
| IMDSPObject | Read | pData |
| IMDSPObject | Write | pData |
The following methods must use the message authentication code algorithm during content transfers between the application and Windows Media Device Manager components.
| Interface | Method |
| IWMDMStorageGlobals | GetSerialNumber |
| IWMDMStorage | GetRights |
| IWMDMOperation | TransferObjectData |
| IWMDMDevice | GetSerialNumber |
The following methods must use the message authentication code algorithm during content transfers between the service provider and Windows Media Device Manager components.
| Interface | Method |
| IMDSPDevice | GetSerialNumber |
| IMDSPStorageGlobals | GetSerialNumber |
| IMDSPStorage | GetRights |
| IMDSPObject | Read |
| IMDSPObject | Write |
Encryption or decryption is required according to whether the parameters are [in] or [out]. If a parameter is [in] or [in,out], then it is encrypted by the caller and decrypted by the callee. If a parameter is [out] or [in,out], then the parameter is encrypted by the callee and decrypted by the caller. For example, for the IMDSPObject::Write method, pData is an [in] parameter, so Windows Media Device Manager encrypts the pData buffer, and the service provider decrypts it.
Before decrypting data with the DecryptParam method, you must first copy the data to a temporary buffer and then pass to the DecryptParam method a pointer to the temporary buffer. This increases security by making it more difficult to intercept the data as it is decrypted.
See Also