Partager via


Secure Authenticated Channel Interface

banner art

The Secure Authenticated Channel (SAC) interface provides secure, encrypted communication among modules of Windows Media Device Manager.

The SAC interface is implemented by the IComponentAuthenticate interface.

Two classes are provided to support the SAC. They are:

All methods of Windows Media Device Manager, service provider, and secure content provider interfaces can return WMDM_E_NOT_CERTIFIED to indicate that the caller has not authenticated successfully.

Applications use the IComponentAuthenticate interface provided in Windows Media Device Manager, while service providers and secure content providers must implement their own IComponentAuthenticate interfaces. To accomplish these tasks, use the following procedures:

A secured authentication channel uses the message authentication code algorithm (MAC) for content security and integrity during transfers between components. The MAC is a keyed hashing algorithm used by the MACInit, MACFinal, and MACUpdate methods of the CSecureChannelServer and CSecureChannelClient classes. The result of MACFinal is a message authentication code. The algorithm processing is not exposed to the user.

The parameters and methods that are required to use the message authentication code algorithm and encryption are listed in the following tables.

The following parameters are used during content transfers between the application and Windows Media Device Manager components. They require encryption.

Interface Method Parameter
IWMDMOperation TransferObjectData pData

The following parameters are used during content transfers between Windows Media Device Manager and service provider components. They require encryption.

Interface Method Parameter
IMDSPObject Read pData
IMDSPObject Write pData

The following methods must use the message authentication code algorithm during content transfers between the application and Windows Media Device Manager components.

Interface Method
IWMDMStorageGlobals GetSerialNumber
IWMDMStorage GetRights
IWMDMOperation TransferObjectData
IWMDMDevice GetSerialNumber

The following methods must use the message authentication code algorithm during content transfers between the service provider and Windows Media Device Manager components.

Interface Method
IMDSPDevice GetSerialNumber
IMDSPStorageGlobals GetSerialNumber
IMDSPStorage GetRights
IMDSPObject Read
IMDSPObject Write

Encryption or decryption is required according to whether the parameters are [in] or [out]. If a parameter is [in] or [in,out], then it is encrypted by the caller and decrypted by the callee. If a parameter is [out] or [in,out], then the parameter is encrypted by the callee and decrypted by the caller. For example, for the IMDSPObject::Write method, pData is an [in] parameter, so Windows Media Device Manager encrypts the pData buffer, and the service provider decrypts it.

Before decrypting data with the DecryptParam method, you must first copy the data to a temporary buffer and then pass to the DecryptParam method a pointer to the temporary buffer. This increases security by making it more difficult to intercept the data as it is decrypted.

See Also