Securely enabling content protection across a sandboxed application boundary

摘要

A sandboxed application issues a request to enable content protection for audio and video content. The request is sent via an application programming interface to an unsandboxed application. The request is received from the unsandboxed application by an output device. After receiving the request, content protection is enabled and the output device employs a certificate to create a signed message indicating the content protection is enabled. The sandboxed application verifies the request has been fulfilled based on the signed message, and provides protected audio and video content.

主权项

1. A method comprising:
issuing, by a sandboxed application, a request to enable content protection for audio and video content; sending the request via an application programming interface to an unsandboxed application; receiving, from the unsandboxed application, the request by an output device; after receiving the request, enabling content protection; employing, by the output device, a certificate to create a signed message indicating the content protection is enabled; providing, by the unsandboxed application, the signed message to the sandboxed application; verifying, by the sandboxed application, that the signed message is from a trusted entity; verifying, by the sandboxed application, that the trusted entity performed the request; verifying, by the sandboxed application, that the request has been fulfilled based on the signed message; providing, by the sandboxed application, protected audio and video content; and outputting the protected audio and video content.