Comparison of Enterprise Digital Rights Management · PDF file 2007-07-02 ·...

Click here to load reader

  • date post

    30-Jul-2020
  • Category

    Documents

  • view

    0
  • download

    0

Embed Size (px)

Transcript of Comparison of Enterprise Digital Rights Management · PDF file 2007-07-02 ·...

  • Comparison of Enterprise Digital Rights Management systems

    M.H. van Beek Master Thesis

    Computer Science MT Advice report Aia Software

    Thesis number 565 June 22, 2007

    Radboud University Nijmegen Computer Science Supervisor: Dr. Martijn Oostdijk Management Science Supervisor: Drs. Pepijn Vos Aia Software Supervisor: Drs. Paul Dirven

  • Preface

    Illegal distribution of audio and video has been limited since large companies in- troduced Digital Rights Management systems. By using the same techniques inside companies, it is possible to protect classified information to be distributed to unau- thorized people and assigning sophisticated rights to digital documents. Several companies developed these so called EDRM systems. These innovations triggered Aia Software and me to do research on the subject and to write this Master Thesis.

    After six months of intensive research, I would like to thank my friends, fam- ily and especially Pepijn Vos from Management Science, Martijn Oostdijk from Computer Science and Paul Dirven from Aia Software for their support during the research project. I have learned a lot during this period at Aia Software, the uni- versity and even at home when writing this thesis. In this way, I would like to thank employees from Aia Software for their contribution as well. I consider EDRM to be a very interesting topic and I am really curious about new innovations and the potential practical implementations at organizations in the future. Although I think restrictions on digital content can be used to remain competitiveness within organizations, I do hope these organizations will not restrict employees too much by using EDRM systems.

    3

  • 4

  • Executive summary

    Since the last few years, security of digital documents within organizations has be- come very important. Because loss of digital content at organizations has been increased, there is need to provide a solution to limit illegal distribution. Distri- bution of classified information leads to significant loss at organizations [AH05b]. Next to this, standard encryption methods do not provide an overall solution against distribution, because authorized persons still have all rights to distribute digital con- tent. Enterprise Digital Rights Management systems were analyzed to be a potential solution for Aia Software during this research project. By using Enterprise Digital Rights Management within organizations, digital content can be secured no matter where it is distributed by offering sophisticated rights to privileged users. EDRM technology is rather new and EDRM innovations have been increased since these last few years. Aia Software would like to use an EDRM system to secure digital content produced by customers and the produced content by their own developed application (ITP). By using literature, technical knowledge about EDRM is gath- ered and a selection criteria model was built, to create business case specific criteria. After development of a selection criteria model, all current EDRM systems and their properties were gathered from literature and practice to be used next to business case specific inputs from Aia Software. Because real customers are not available, several inputs from Aia Software were used. These inputs all resulted into an eval- uation and advice for using a specific EDRM system for Aia Software. To support the inputs, technical literature, testing these systems, and contact persons from EDRM developing companies where used to reveal the needed information. RMS, DOFS, Authentica and Adobe are evaluated with their EDRM solution. As a result of the research project, RMS was considered to be the best current existing solu- tion for Aia Software. Several differences between these EDRM systems were found; wherefore it is necessary to gather business case specific requirements from customer organizations to choose the most appropriate solution. Because not all important requirements from Aia Software were supported by RMS, it is necessary to keep up with new EDRM innovations and new developed EDRM systems to provide the best possible EDRM solution to customers.

    5

  • 6

  • Contents

    Preface 3

    Executive summary 5

    Contents 12

    1 Introduction 13

    1.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

    1.2 Aia Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

    1.3 Enterprise Digital Rights Management . . . . . . . . . . . . . . . . . 14

    1.4 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

    1.5 Relevance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

    1.5.1 Science . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

    1.5.2 Aia Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

    1.5.3 Other organizations . . . . . . . . . . . . . . . . . . . . . . . . 17

    1.6 Purpose of document . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

    1.7 Document guideline . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

    2 Research method 19

    2.1 Definition analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

    2.2 Requirements analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 21

    2.3 Selection criteria model . . . . . . . . . . . . . . . . . . . . . . . . . . 21

    2.4 Current EDRM systems . . . . . . . . . . . . . . . . . . . . . . . . . 22

    7

  • 2.5 EDRM system properties . . . . . . . . . . . . . . . . . . . . . . . . . 23

    2.6 Selection criteria Aia Software . . . . . . . . . . . . . . . . . . . . . . 23

    2.7 EDRM system evaluation . . . . . . . . . . . . . . . . . . . . . . . . 24

    2.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

    3 Definition analysis 25

    3.1 Research method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

    3.1.1 Information Technology system . . . . . . . . . . . . . . . . . 25

    3.1.2 EDRM literature analysis . . . . . . . . . . . . . . . . . . . . 26

    3.1.3 EDRM according to Aia Software . . . . . . . . . . . . . . . . 26

    3.2 Information technology systems . . . . . . . . . . . . . . . . . . . . . 27

    3.3 EDRM literature analysis . . . . . . . . . . . . . . . . . . . . . . . . 28

    3.3.1 Enterprise Digital Rights Management . . . . . . . . . . . . . 28

    3.3.2 Digital Rights Management . . . . . . . . . . . . . . . . . . . 30

    3.4 EDRM according to Aia Software . . . . . . . . . . . . . . . . . . . . 32

    3.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

    4 Requirements analysis 35

    4.1 Research method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

    4.1.1 Requirements process . . . . . . . . . . . . . . . . . . . . . . . 36

    4.1.2 Requirement categorization . . . . . . . . . . . . . . . . . . . 37

    4.2 Functional requirements . . . . . . . . . . . . . . . . . . . . . . . . . 39

    4.2.1 Content management . . . . . . . . . . . . . . . . . . . . . . . 39

    4.2.2 Tracking and control management . . . . . . . . . . . . . . . . 40

    4.2.3 User management . . . . . . . . . . . . . . . . . . . . . . . . . 41

    4.2.4 Rights management . . . . . . . . . . . . . . . . . . . . . . . . 41

    4.3 Non-functional requirements . . . . . . . . . . . . . . . . . . . . . . . 43

    4.3.1 Security management requirements . . . . . . . . . . . . . . . 43

    4.3.2 Other non-functional requirements . . . . . . . . . . . . . . . 44

    4.4 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

    8

  • 5 Selection criteria model 47

    5.1 Research method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

    5.1.1 Completeness of criteria . . . . . . . . . . . . . . . . . . . . . 48

    5.1.2 Business case applicability . . . . . . . . . . . . . . . . . . . . 48

    5.1.3 Measurement with EDRM systems . . . . . . . . . . . . . . . 49

    5.1.4 Degree of importance . . . . . . . . . . . . . . . . . . . . . . . 49

    5.2 Functional selection criteria . . . . . . . . . . . . . . . . . . . . . . . 49

    5.2.1 Content management . . . . . . . . . . . . . . . . . . . . . . . 50

    5.2.2 Tracking and control management . . . . . . . . . . . . . . . . 52

    5.2.3 User management . . . . . . . . . . . . . . . . . . . . . . . . . 53

    5.2.4 Rights management . . . . . . . . . . . . . . . . . . . . . . . . 55

    5.3 Non-functional selection criteria . . . . . . . . . . . . . . . . . . . . . 57

    5.3.1 Security management . . . . . . . . . . . . . . . . . . . . . . . 57

    5.3.2 Other non-functional selection criteria . . . . . . . . . . . . . 59

    5.4 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

    6 EDRM system analysis 63

    6.1 Research method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

    6.2 Microsoft RMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

    6.3 DOFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

    6.4 Authentica Active Rights Management . . . . . . . . . . . . . . . . . 66

    6.5 Adobe LiveCycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

    6.6 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

    7 EDRM system properties 71

    7.1 Research Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

    7.2 Microsoft RMS . . . . . . .