Common use of Widevine DRM Profile Clause in Contracts

Widevine DRM Profile. Content protection to the device AES 128-bit scrambling in CBC mode or equivalent. Content is encrypted as part of the encoding/packaging process before content enters the content distribution network. The content is encrypted in its entirety. Content protect outputs The Widevine DRM triggers output protects such as HDCP, Macrovision, and C-GMSA. Widevine will securely pass and trigger output protections when the hardware supports this capability. Content will not be passed if the hardware does not support this functionality. Widevine does not interfere or obscure consensus watermarks. DRM Metadata and message authentication Authentication using HMAC with 256-bit key and SHA-2 (256 bit) Hash, or with RSA 2048-bit signature (RSASSA-PKCS1-v1_5) over (at least) SHA-1 Hash. DRM and message encryption (where necessary) RSA 2048-bit encryption combined with AES 128- bit scrambling in CBC mode. All Widevine internal communications are mutually authenticated, process privacy, and process integrity. This is accomplished via the use of the Widevine Secure Message Manager (SMM). Key Usage Separate keys are used for authentication and encryption. Each session, license, and asset has separate keying material Each time content is encrypted it is encrypted with unique keying material. No two encrypted content files are encrypted with the same unique cryptographic key. Key Expiration Symmetric keys are used as session keys or content protection keys are freshly generated and expire at the end of the session. License keys expire based on the CinemaNow business rules – see Digital Content Locker Usage Models. Device registration keys are permanently assigned at time of device manufacture to a device and are not expected to expire. Other asymmetric keys have expiration periods commensurate with their usage, but these periods are planned to be in excess of 10 years. Device Registration Keys Asymmetric Keys – 2048 bit RSA – unique to the device Session Keys Symmetric Keys – 128-bit AES – unique to the session Content Protection Keys Symmetric Keys – 128-bit AES – unique to a portion of the content License Keys Symmetric Keys – 128-bit AES – unique to the device Symmetric Key Exchange Symmetric key encrypted by 2048-bit RSA key. – unique to the device Message Digest All message digests are SHA-1 (160-bit). Random Number Generation The RNG is in compliance to FIPS 140-2 Section 4.7 tests for randomness DRM Client Identity Each Widevine client is uniquely identified and bound to the device. The Widevine Cypher client uses class and identity ridges to establish trust with the Device – in the device manufacturing process is provided a Physical Device ID that identifies the client and this is later binded to the CinemaNow Device ID Decrypted content security Widevine never allows unprotected content to be stored unless the CCI allows for unrestricted copies. DRM client renewability Widevine’s downloadable clients (Cypher VSC) are renewable via network or other distribution methods. Revocation of license/device Widevine’s DRM has positive revocation initiated from CinemaNow without user initiation. Robustness and tamper protections Widevine agreements with device manufacturers include the robustness rules below. In addition to the hardware robustness rules; Widevine employs both Widevine invented and third party obfuscation, encryption, integrity and other techniques to protect the software components.

Widevine DRM Profile. Content protection to the device AES 128-bit scrambling in CBC mode or equivalent. Content is encrypted as part of the encoding/packaging process before content enters the content distribution network. The content is encrypted in its entirety. Content protect outputs The Widevine DRM triggers output protects such as HDCP, MacrovisionXxxxxxxxxxx, and C-GMSA. Widevine will securely pass and trigger output protections when the hardware supports this capability. Content will not be passed if the hardware does not support this functionality. Widevine does not interfere or obscure consensus watermarks. DRM Metadata and message authentication Authentication using HMAC with 256-bit key and SHA-2 (256 bit) Hash, or with RSA 2048-bit signature (RSASSA-PKCS1-v1_5) over (at least) SHA-1 Hash. DRM and message encryption (where necessary) RSA 2048-bit encryption combined with AES 128- bit scrambling in CBC mode. All Widevine internal communications are mutually authenticated, process privacy, and process integrity. This is accomplished via the use of the Widevine Secure Message Manager (SMM). Key Usage Separate keys are used for authentication and encryption. Each session, license, and asset has separate keying material Each time content is encrypted it is encrypted with unique keying material. No two encrypted content files are encrypted with the same unique cryptographic key. Key Expiration Symmetric keys are used as session keys or content protection keys are freshly generated and expire at the end of the session. License keys expire based on the CinemaNow business rules – see Digital Content Locker Usage Models. Device registration keys are permanently assigned at time of device manufacture to a device and are not expected to expire. Other asymmetric keys have expiration periods commensurate with their usage, but these periods are planned to be in excess of 10 years. Device Registration Keys Asymmetric Keys – 2048 bit RSA – unique to the device Session Keys Symmetric Keys – 128-bit AES – unique to the session Content Protection Keys Symmetric Keys – 128-bit AES – unique to a portion of the content License Keys Symmetric Keys – 128-bit AES – unique to the device Symmetric Key Exchange Symmetric key encrypted by 2048-bit RSA key. – unique to the device Message Digest All message digests are SHA-1 (160-bit). Random Number Generation The RNG is in compliance to FIPS 140-2 Section 4.7 tests for randomness DRM Client Identity Each Widevine client is uniquely identified and bound to the device. The Widevine Cypher client uses class and identity ridges to establish trust with the Device – in the device manufacturing process is provided a Physical Device ID that identifies the client and this is later binded to the CinemaNow Device ID Decrypted content security Widevine never allows unprotected content to be stored unless the CCI allows for unrestricted copies. DRM client renewability Widevine’s downloadable clients (Cypher VSC) are renewable via network or other distribution methods. Revocation of license/device Widevine’s DRM has positive revocation initiated from CinemaNow without user initiation. Robustness and tamper protections Widevine agreements with device manufacturers include the robustness rules below. In addition to the hardware robustness rules; Widevine employs both Widevine invented and third party obfuscation, encryption, integrity and other techniques to protect the software components.

Widevine DRM Profile. Content protection to the device AES 128-bit scrambling in CBC mode or equivalent. Content is encrypted as part of the encoding/packaging process before content enters the content distribution network. The content is encrypted in its entirety. Content protect outputs The Widevine DRM triggers output protects such as HDCP, MacrovisionXxxxxxxxxxx, and C-GMSA. Widevine will securely pass and trigger output protections when the hardware supports this capability. Content will not be passed if the hardware does not support this functionality. Widevine does not interfere or obscure consensus watermarks. DRM Metadata and message authentication Authentication using HMAC with 256-bit key and SHA-2 (256 bit) Hash, or with RSA 2048-bit signature (RSASSA-RSASSA- PKCS1-v1_5) over (at least) SHA-1 Hash. DRM and message encryption (where necessary) RSA 2048-bit encryption combined with AES 128- 128-bit scrambling in CBC mode. All Widevine internal communications are mutually authenticated, process privacy, and process integrity. This is accomplished via the use of the Widevine Secure Message Manager (SMM). Key Usage Separate keys are used for authentication and encryption. Each session, license, and asset has separate keying material Each time content is encrypted it is encrypted with unique keying material. No two encrypted content files are encrypted with the same unique cryptographic key. Key Expiration Symmetric keys are used as session keys or content protection keys are freshly generated and expire at the end of the session. License keys expire based on the CinemaNow business rules – see Digital Content Locker Usage Models. Device registration keys are permanently assigned at time of device manufacture to a device and are not expected to expire. Other asymmetric keys have expiration periods commensurate with their usage, but these periods are planned to be in excess of 10 years. Device Registration Keys Asymmetric Keys – 2048 bit RSA – unique to the device Session Keys Symmetric Keys – 128-bit AES – unique to the session Content Protection Keys Symmetric Keys – 128-bit AES – unique to a portion of the content License Keys Symmetric Keys – 128-bit AES – unique to the device Symmetric Key Exchange Symmetric key encrypted by 2048-bit RSA key. – unique to the device Message Digest All message digests are SHA-1 (160-bit). Random Number Generation The RNG is in compliance to FIPS 140-2 Section 4.7 tests for randomness DRM Client Identity Each Widevine client is uniquely identified and bound to the device. The Widevine Cypher client uses class and identity ridges to establish trust with the Device – in the device manufacturing process is provided a Physical Device ID that identifies the client and this is later binded to the CinemaNow Device ID Decrypted content security Widevine never allows unprotected content to be stored unless the CCI allows for unrestricted copies. DRM client renewability Widevine’s downloadable clients (Cypher VSC) are renewable via network or other distribution methods. Revocation of license/device Widevine’s DRM has positive revocation initiated from CinemaNow without user initiation. Robustness and tamper protections Widevine agreements with device manufacturers include the robustness rules below. In addition to the hardware robustness rules; Widevine employs both Widevine invented and third party obfuscation, encryption, integrity and other techniques to protect the software components.

Widevine DRM Profile. Content protection to the device AES 128-bit scrambling in CBC mode or equivalent. Content is encrypted as part of the encoding/packaging process before content enters the content distribution network. The content is encrypted in its entirety. Content protect outputs The Widevine DRM triggers output protects such as HDCP, Macrovision, and C-GMSA. Widevine will securely pass and trigger output protections when the hardware supports this capability. Content will not be passed if the hardware does not support this functionality. Widevine does not interfere or obscure consensus watermarks. DRM Metadata and message authentication Authentication using HMAC with 256-bit key and SHA-2 (256 bit) Hash, or with RSA 2048-bit signature (RSASSA-PKCS1-v1_5) over (at least) SHA-1 Hash. DRM and message encryption (where necessary) RSA 2048-bit encryption combined with AES 128- 128-bit scrambling in CBC mode. All Widevine internal communications are mutually authenticated, process privacy, and process integrity. This is accomplished via the use of the Widevine Secure Message Manager (SMM). Key Usage Separate keys are used for authentication and encryption. Each session, license, and asset has separate keying material Each time content is encrypted it is encrypted with unique keying material. No two encrypted content files are encrypted with the same unique cryptographic key. Key Expiration Symmetric keys are used as session keys or content protection keys are freshly generated and expire at the end of the session. License keys expire based on the CinemaNow business rules – see Digital Content Locker Usage Modelsrules. Device registration keys are permanently assigned at time of device manufacture to a device and are not expected to expire. Other asymmetric keys have expiration periods commensurate with their usage, but these periods are planned to be in excess of 10 years. Device Registration Keys Asymmetric Keys – 2048 bit RSA – unique to the device Session Keys Symmetric Keys – 128-bit AES – unique to the session Content Protection Keys Symmetric Keys – 128-bit AES – unique to a portion of the content License Keys Symmetric Keys – 128-bit AES – unique to the device Symmetric Key Exchange Symmetric key encrypted by 2048-bit RSA key. – unique to the device Message Digest All message digests are SHA-1 (160-bit). Random Number Generation The RNG is in compliance to FIPS 140-2 Section 4.7 tests for randomness DRM Client Identity Each Widevine client is uniquely identified and bound to the device. The Widevine Cypher client uses class and identity ridges to establish trust with the Device – in the device manufacturing process is provided a Physical Device ID that identifies the client and this is later binded to the CinemaNow Device ID Decrypted content security Widevine never allows unprotected content to be stored unless the CCI allows for unrestricted copies. DRM client renewability Widevine’s downloadable clients (Cypher VSC) are renewable via network or other distribution methods. Revocation of license/device Widevine’s DRM has positive revocation initiated from CinemaNow without user initiation. Robustness and tamper protections Widevine agreements with device manufacturers include the robustness rules below. In addition to the hardware robustness rules; Widevine employs both Widevine invented and third party obfuscation, encryption, integrity and other techniques to protect the software components.