(This article is sponsored by The Boston Group)

Content Protection refers to technologies that limit unauthorized use of data.
Back in the days when paper was the primary medium for rendering content, organizations developed a variety of techniques to protect sensitive data from unauthorized use (accidental or intentional). Ever since computers began to replace paper, technology made it very easy for end-users to manipulate content, one can now print unlimited copies of documents at the press of a button, one can copy sections of a document to another, one can forward documents to large mailing lists extremely easily via email, etc.

While the current state of technology makes it easy for end-users to manipulate data, it does not adequately safeguard that data from unintentional or intentional misuse. As end-users continue to move away from paper and onto computers, this poses a growing security risk to organizations with sensitive data. Many enterprises are developing a set of technologies that will help protect sensitive data in novel ways.

The current paradigm for protecting sensitive content primarily aims to prevent unauthorized access. In the current paradigm an end-user must clear a variety of hurdles such as encryption, passwords, biometrics to get to the data. If an end-user’s access rights need to be revoked, mechanisms such as Access Control Lists are used. The current paradigm can even limit data tampering by further restricting who can modify data in restricted locations.

The problem with this approach is that once an end-user obtains access to the data, the user is free to manipulate their copy of it in any way they chose. The current paradigm relies on the end-user’s goodwill and discipline to maintain security. There are no mechanisms to prevent an end-user from unintentionally misusing the data (e.g., if the end-user prints a sensitive document, copies segments of the document to another document against the wishes of the document owner, or forwards a sensitive document to another person). Worst still, this paradigm cannot protect sensitive data from intentional misuse by an authorized user. Content protection systems are evolving to bypass these problems by supporting the following principals:

1. Each document is allowed to contain a collection of “usage rights that define what an end-user can do with sensitive data.
2. The system has a mechanism for enforcing those usage rights.
3. The end-user, even once authorized, is assumed to be an adversary who may try to misuse data. The system must prevent data misuse.
4. A copy of the sensitive data may reside on end-user devices, which are subject to hacking.
5. While any single technique may be subject to successful hacking, if collection of techniques is used, the system will be more successful in preventing hackers.

Content protection is gaining widespread use in the music and video industry to combat piracy. Content protection technologists have developed a variety of techniques to prevent music and video fans from making illegal copies of digital music and video. These technologies include rights management languages, novel encryption mechanisms that are well suited to copy protection, tamper resistant hardware and software, fingerprinting, watermarking, and forensics.

|