|
Code Signing for Protected Media Components in Windows Vista
|
bet | 10/11 | Sana | 01.04.2021 | Hajmi | 422,5 Kb. | | #13820 |
After a trusted PE component has been released and installed on users systems, it could for a variety of reasons become untrusted. For example, the signing certificate's private key could be compromised. A component that becomes untrusted is revoked, which means that the PE is no longer allowed to handle premium content.
Because revocation can have a dramatic impact on users, Microsoft provides a way to renew compromised components with updated trusted versions. There are three renewal scenarios:
Automatic renewal. By default, Windows Vista automatically downloads and installs all critical and recommended updates. Component renewal is considered a recommended update, so most systems should quietly update the component before it can cause any problems for the user.
On-demand renewal. If the user has disabled automatic updates or has been off the network for an extended time, the application may attempt to play premium content with an untrusted component. In that case, the application is notified and provided with a URL that allows the application to initiate the renewal process. The process is handled in one of two ways:
The URL references a specific Microsoft Update package. The process downloads the package and launches the Update Installation Wizard to install it.
The URL takes the user to a Web site where he or she can manually download the updated version.
Not renewable. In rare cases, an updated version of the component may not be available, for example, the company that implemented the component has gone out of business. If the component is not essential, the PE can work around the issue by not loading the component. If the component is essential, the application is provided with a URL that directs the user to a Web page that has information on the issue.
|
| |