February 21, 2002

Flow Control

Having an actionable digital rights management vision can lead to important competitive advantages

By Darin Stewart

Information managers are in a difficult position: Users accustomed to the instant gratification of the Internet are demanding greater and freer access to data assets. At the same time, executives conditioned by horror stories of data piracy, misuse, and outright mismanagement are demanding greater security and control over those same assets. The information manager is caught in a balancing act between making information assets available to those who should have access to them and protecting them from those who should not.

Ideally, information would be packaged in such a way that it could be freely distributed across an enterprise or an Internet-based value chain while the contents of that package remain secure. Access and usage would be managed with a fine granularity. What users can see within a particular package and what they can do with it should be determined by business rules rather than passwords, hidden directories, and encryption schemes. This level of information management would give any enterprise a true edge over competitors still mired in the conflict between access and security.

Traditional modes of information management aren't up to the challenge. But stepping into the void are the emerging technologies that make up digital rights management (DRM).

WHAT IS DRM?

Once the province of military intelligence and industrial secrets, DRM has recently moved into the mainstream. As distribution of intellectual property across the Internet and corporate intranets has become the norm, having a reliable means to track that content and control who can access it has become essential.

DRM comprises technologies and techniques that secure digital materials and limits access to only those with the proper authorization. In addition, a complete DRM solution must facilitate and track any transactions involving the content you wish to protect. For example, allowing copying or limiting the period of access or the number of times content may be viewed must all be supported. Most DRM solutions carry out these functions by means of encryption, keys, and licenses.

When a piece of digital content — any information in a digital form — is published through a DRM solution, it is encrypted and packaged with a key that will allow the package to be opened and its contents accessed. This key is associated with a license that is initially kept separate from the packaged media and defines a set of "rights" specifying how the content may be used when the license is granted. The protected content can be distributed to users and potential customers by a variety of means, such as downloaded from a Web site, streamed from a server, emailed from a friend, or copied from CD, but users must acquire the appropriate license to open it. For example, media containing sensitive or proprietary information could be posted to an open repository on the corporate intranet without fear of it being read by anyone other than its intended audience. While anyone would be able to retrieve the file itself, thus facilitating document management, only those authorized to access its contents would be able to obtain the license required to open it, and then only from an approved location. When the media has been opened, it can be tied to the workstation it was opened on to guarantee that the file does not spread beyond the company network.

To acquire a license, the application accessing the protected content — such as an enterprise information portal, word processor, or media player — must contact a license server specified in the metadata packaged with the encrypted media. The appropriate server is usually identified by a URL that will provide the desired key to decrypt the media. The license may be granted silently without requiring any action on the part of the user, or the licensing agent may require information from the requestor, such as an email address, before granting the license. When this information is provided, the key to unlock the media is returned to the requesting application along with the license specifying how the now-accessible content may be used.

When the content has been decrypted, the license is accepted and becomes tied to the particular machine that requested it. In some cases, it is also tied to a specific user on that machine. This combination of hardware and software protection keeps the content secure even after the package has been opened. If people copy the file containing protected media and try to open it illegally on a different machine, they are automatically forwarded to a service offering them the opportunity to acquire the item legitimately. This functionality could also alert an administrator of an unauthorized attempt to access protected content.

The sequence of events I've described here reflects the "postdelivery" model of license management, which supports the widest possible dispersion of content. This approach, known as superdistribution, lets vendors create and serve a market of pass-along customers who have received the content from some source other than the main delivery channel. (See Figure 1.) In this way, file sharing becomes a marketing dream rather than a piracy nightmare. Intellectual property could be passed from current customers to potential customers without the direct involvement of your enterprise. Files can be passed around at trade shows, emailed, or packaged with an offering from a partner or reseller. To utilize your content, the recipient would contact your license server and provide whatever information or payment you require before receiving the key to use the package.

The other model of license management is that of "predelivery," in which the license is provided to the requesting application silently prior to the media itself being transferred or as part of the normal download process.

The best approach is a combination of the two models where a temporary license, allowing access to the content for a limited time or number of plays, is predelivered with the content. When the temporary license expires, the user is directed to a vendor or an internal corporate authority where a permanent license can be purchased granting permanent access to the media without having to reacquire it. The previous example may be extended under this model to facilitate a trial period. A 30-day limited use license could be predelivered with the media, allowing the recipient to test-drive the package before requesting and potentially paying for a permanent postdelivered, full-use license. Ultimately, any DRM solution must support the business rules you define both in how a license is acquired and how it governs your content.

BUILT-IN OR PLUGGED-IN

DRM can occur either at the application level or the operating system level: Each approach has strengths and weaknesses. OS-level DRM will create a secure area for hosting protected content and provide either an OS service or a device driver for handling DRM services such as decryption, authentication, and content rendering. The secure area will allow content to be opened to an application while preventing access to other areas of memory containing protected content the application is not authorized to open. This approach lets the vendor expose an API to other DRM vendors. Indeed, most OS-based DRM solutions focus on content protection and rely on integration with other packages to provide transaction services.

• News
• Business Intelligence
• Enterprise Applications
• Information Management
• Performance Management
• Process Management
• White Papers

• About Us
• Advertising Contacts
• Technology Marketing Solutions
• Blogosphere
• Intelligent Enterprise Print Archive
• Newsletters
• Contact Us
• Events
• Awards
• PR Info
• Authors
• TechWebCasts
• Database Magazine Print Archive
• Site Map

• Privacy
• Terms of Service
• Copyright © 2010 United Business Media LLC