|
|
|
| 2003.01.31 |
|
Document DRM System developed
- Protection of digital documents from illegal usage and leakage regardless of file format -
The NTT COMWARE CORPORATION (hereinafter, NTT COMWARE, Head Office: Minato-ku, Tokyo, President: Yuji Matsuo) has developed a "Document DRM System", a system that is able to accommodate various file formats and prevent illegal usage and leakage of digital documents.
|
 |
[Characteristics of the Document DRM System]
The "Document DRM System" is a digital documents security protection system which utilizes encryption technology. With this system it is possible to limit a person or group to browse the distributed digital documents as well as to limit the term or number of times that they can browse the documents. Also, for the person or group that is authorized to browse, it is possible to conduct settings of file operation authority such as printing and saving. Furthermore, when browsing the protected digital documents, exclusive viewers are not necessary and it is possible to handle applications that accommodate each of the file formats (Microsoft Word, Adobe Acrobat). With the installation of the "Document DRM System", companies will be able to set usage rules such as browsing, printing, and usage terms by department and/or job position, thus being helpful in the leakage protection of classified documents.
[Development background]
Currently, the distribution of in-house limited documents to employees through intranets as well as the opportunities for usage of such documents outside the office for presentations is increasing. However, regarding the management of classified documents and documents that requires leakage protection, the management, in most cases is dependent on monitors and/or the responsibility of personnel and no real fundamental strategy exists. Therefore, the establishment of a system that prevents illegal copying and leakage has been in demand. Furthermore, currently, as a means of safe distribution of digital documents, encryption by PKI (*1) is widely used. However, with this method, since it is necessary to provide an encryption key for each application, the complicated management of the key is a point of issue.
[Details of the Document DRM System]
With the "Document DRM System", the encryption code is broken only during the browsing of the digital documents. In other words, even after the browsing of the digital documents, the documents are constantly in an encrypted state. Thus making it possible to ensure the security of the documents against illegal leakage after its distribution. By using PKI, once the encryption code has been broken the documents are able to be handled as ordinary files. Therefore, not only are file operations such as saving and printing controllable, but limiting of the distribution range is not possible.
When distributing digital documents of files encrypted from the PC encryption client tool screen and the usage conditions are set, the license file that is to be the decryption (breaking the encrypted code) key and the usage conditions are created and registered in the license server. When the browser opens the file, the decryption client tool accesses the license server and obtains the license. If the browser's authority can be confirmed here, the encrypted code is broken with the PC decryption client tool and the browser is able to operate the documents according to the set conditions. Once the file is closed, the documents remain in the encrypted state. The conditions that can be set and controlled are as follows.
- User -> person or group able to use the file
- Available operations -> browsing, printing, saving of the files and the availability of each
- Availability term (number of times) -> the term or the number of times that the file can be used
Systems that managed accesses to files and conducted operation controls has existed in the past, but they either specialized in specific file formats and/or required exclusive viewers to browse the documents. With the "Document DRM System", exclusive viewers are not necessary when browsing the distributed digital documents and it is possible to use the application (Microsoft Word, Adobe Acrobat) that accommodates the file formats. This is due to the fact that the client tool to be installed in the user's PC which operates in the middle layer of the OS (Microsoft Windows, etc.) and the application. The browser is able to handle files automatically with the same usability as always.
The system format of the "Document DRM System" is made up of the encryption client tool which is installed in the PC and which encrypts the digital documents as well as conducts settings of usage conditions; the decryption client tool which conducts decryption; and the license server which manages the usage conditions. Also, for the authorization of the user the LDAP server (*2) is used. As the authorization is conducted by the server, it is not necessary for the users to provide encryption keys for each usage.
[Glossary]
- *1 PKI (Public Key Infrastructure : Public Key Encryption Platform)
- As it is a security platform that provides safe communication on the network using the Public Key Encryption Technology, it is a comprehensive system. Functions such as 1. ID confirmation 2. tamper-proof 3. Information protection 4. repudiation protection are provided.
- *2 LDAP (Lightweight Directory Access Protocol) Server
- A directory service server with a mechanism to conduct central control of various resources such as users and computers within the network. It conducts responses to management and references of various information.
[Reference]Positioning of the Document DRM System
* Windows is a registered trademark of the Microsoft Corporation in the U.S. and/or other countries.
* Adobe Acrobat is a trademark of the Adobe Systems Incorporated.
* The names of the companies and products mentioned herein are in general the trademarks or trademarks of their respective owners.
|
|
|
