FREE Subscription to Dr. Dobb’s Digest: Same Great Content, New Digital Edition
Site Archive (Complete)
ABOUT US | CONTACT | ADVERTISE | SUBSCRIBE | SOURCE CODE | NEWSLETTERS | RESOURCES | BLOGS | PODCASTS | GO PARALLEL
Security Blog: How to Protect Your Intellectual Property? DRM!
Security
Blog Home | Department Home | More Blogs |
Blog Home | Department Home | More Blogs |
EYE ON SECURITY

The World of Secure Development.

by Kevin Carlson
LOCK IT UP

... Keys to Better Security

by Neil Rerup
September 01, 2006

How to Protect Your Intellectual Property? DRM!

I was going to expand on my last blog about the SDL but I've had all sorts of questions this week from numerous different sources that asked the same question: How do you protect your Application Intellectual Property? My answer: DRM

Digital Rights Management (DRM) is a technology that allows you to tie the permissions of a user directly to the File (regardless of where the File is) rather than use Access Management to limit access to the File itself. The problem with Access Management is that, once a user has the right to copy a file, they can move that file to some location that non-authorized users could gain access.

There are two focuses for DRM. The first is attaching the permissions of the user to documents such as Word or Excel documents. In other words, Document protection so that information deemed as "Sensitive" are controlled. The second focus is around Copyright protection of files. In this case, you would attach the permissions to a file such as a jpg, exe, or some other file. It's this second focus that is useful for Application Security.

The standard that you want to look into around DRM is XrML (eXtensible Rights Markup Language). The original work on this standard came from work in Xerox around a language called DPRL (digital Property Rights Language). Xerox spun off the technology around DPRL into a company called ContentGuard and DRML was modified and renamed XrML.

Basically, the Reference Architecture around DRM involves a Content Server where the protected content resides, a License Server where the rights and identities that are associated with a protected file reside, and a Client which is required on the desktop/server where the content package will be accessed and used. The ability to access the client is limited based on a set of encryption keys that are provided to approved users and the description of the user's rights that are contained in the Rights Server. There's too much detail to be put into a Blog, so I won't go further here.

There are a few vendors in this space that you would want to take a look at. I'm not recommending any one vendor, just giving you some direction to look. The vendors I've looked at are:

You'll hear of Adobe and Microsoft also being involved in DRM but their activities are from the document protection point of view.

Anyway, look into Digital Rights Management if you are interested in protecting your Application Intellectual Property. It'll help with your problems about controlling your files.

Neil R.

Posted at 01:07 AM  Permalink



 
INFO-LINK


| All Feeds
© 2009 TechWeb, Privacy Policy, Terms of Service, United Business Media LLC
Comments about the web site: webmaster@ddj.com