This page is currently queued for revision.
#
Digital Rights Management (DRM)*
#
Acronyms, Abbreviations, and Initialisms
#
Overview
DRM was originally associated with digital media content/multimedia whereas IRM was associated with business. The terms are now used interchangeably.
- Provides content retrieval
- Provides user authentication
- Provides key storage
- Does not provide certificate generation; certificates are usually generated by a CA in the PKI
DRM can be used as a means for data classification and control since it is required to understand the type of data it needs to protect.
DRM encrypts content and then applies a series of rights. Rights can be as simple as preventing copying, or as complex as specifying group or user-based restrictions on activities like cutting and pasting, emailing, changing the content, etc. Any application or system that works with DRM protected data must be able to interpret and implement the rights, which typically also means integrating with the key management system.
DRM solutions are used to protect intellectual property (usually copyrights), in order to comply with the relevant protections, and to maintain ownership rights.
Permissions are bound to the actual object, not to a particular share. Permissions are embedded into the actual object, allowing granularity.
- DRM can protect documents, emails, web pages, and database columns.
- DRM ACLs determine who can open, edit, copy, save, and even print the document.
- DRM baseline policies should be used to ensure that the appropriate policies are applied to all documents created.
Usually, material protected by DRM need some form of labeling or metadata associated with the material in order for the DRM tool to function properly.
#
Implementation
- Rudimentary reference checks. Require the input of some information that can only be acquired if you purchased a licensed copy of the application. This input is usually a word or phrase, and is usually entered when the application is launched and in use.
- Online reference checks. Implemented when the application requires a product key at installation and checks that key against the vendor's license database to verify validity.
- Local agent checks. Implemented when an agent must be downloaded to install the application. The agent checks the application's license.
- Presence of licensed media (CD/DVD).
- Support-based licensing. Unlicensed versions of applications could be installed, but would be unable to obtain any kind of software updates, patches, or hot fixes.
#
Functions
- Persistent Protection. Ensures that data is safeguarded or protected wherever it resides, including in copies.
- Dynamic Policy Control. Allows data owners to modify the permissions for their protected data.
- Automatic Expiration. Allows administrators to set expiration dates for access that has been granted.
- Continuous Auditing.
- Replication Restrictions. Ensures that illegal or unauthorized copying of protected data is prohibited.
- Remote Rights Revocation.
#
Challenges
- Replication restrictions
- Jurisdictional conflicts
- Agent/enterprise conflicts
- Mapping IAM & DRM
- API conflicts
#
Restrictions
- Printing
- Copying
- Saving
- Editing
- Screenshots
#
Categories
There are two broad categories of DRM:
Used to protect broadly distributed content like audio, video, and electronic books destined for a mass audience. There are a variety of different technologies and standards, and the emphasis is on one-way distribution.
Consumer DRM offers good protection for distributing content to customers, but does have a sordid history with most technologies being cracked at some point.
Enterprise DRM is used to protect the content of an organization internally and with business partners. The emphasis is on more complex rights policies and integration within business environments.
Enterprise DRM can well-secure content stored in the cloud, but requires deep infrastructure integration. It's most useful for document based content management and distribution.