Information Technology Reference
In-Depth Information
SRM-only Architecture.
A system with SRM-only facilitates a central means
to control subjects' access to and usage of digital information objects. A subject
can be either within same organization/network area or outside this area. In this
environment a digital object may or may not be stored in client-side non-volatile
storage. If the digital object is allowed to reside in client-side non-volatile storage,
it means the saved client copy of the digital object is no longer UCON's target
object and doesn't have to be controlled. It can be used and changed freely at
client-side. For example, an on-line bank statement can be saved at a customer's
local machine for his records and the server system (bank) doesn't care about
customer's copy as long as the bank keeps original account information safe.
However if the content of digital information itself has to be protected and
controlled centrally, the digital information must remain at server-side storage
and never be allowed to be stored in cleartext on client-side non-volatile storage.
Traditional access control and trust management mainly utilize this kind of
system.
CRM-only Architecture.
In a system with CRM-only environment, no ref-
erence monitor exists on server-side system. Rather, a reference monitor exists
at the client system for controlling usage of disseminated digital information. In
this environment digital objects can be stored either centrally or locally. The
usage of digital objects saved at the client-side is still under the control of CRM
in lieu of the server. Without SRM, a digital object cannot be customized for
specific users for distribution. Hence, this system is likely to be suitable for B2C
mass distribution environments such as e-book systems or MP3 music file distri-
bution. However this doesn't mean that every user will have same usage rights.
Distributed digital objects are associated with certain usage rules and users have
to prove they have sucient credentials to exercise certain rights on the objects.
At this point users may be limited to perform certain rights on the object under
certain conditions such as a specific device identity.
Digital rights management solutions mainly utilize CRM in their systems.
In real world implementation, CRM is likely to be embedded within application
software where digital objects can be rendered. One example is Acrobat Reader
with “Webbuy” plug-in. Webbuy functions as a CRM. Digitally encapsulated
PDF files can be viewed through Acrobat Reader with Webbuy. Webbuy controls
access to the contents based on a valid license called Voucher. A Voucher may
include a specific CPU-ID to restrict rendering devices.
SRM & CRM Architecture.
By having SRM in addition to CRM, this archi-
tecture can provide two-tier control. SRM may be used for distribution related
control while CRM can be used for a finer-grained control on usages. For in-
stance, in SRM, digital objects can be pre-customized for distribution and the
distributed, pre-customized digital objects can be further controlled and cus-
tomized for clients' usages by CRM. As a result, server can reduce or eliminate
unnecessary exposure of digital objects that do not have to be distributed. Sup-
pose we have an intelligence system with this architecture. If an unclassified
