Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Using digital rights management to protect data wherever it goes

Learn about the digital rights management technology Congressional Quarterly used to control electronic media distribution and lessen plagued deliveries.

"The business need of DRM is controlling the distribution of electronic media," says Larry Tunks, CIO of Congressional Quarterly. "We had to make sure the digital format couldn't be passed along to everyone in the world."

Last spring, Congressional Quarterly was experiencing chronic problems delivering its CQ Daily Monitor to 3,500 readers on Capitol Hill and within the Washington, D.C., beltway by 7 a.m. each day.

Traffic snags and difficulty getting clearance to federal buildings plagued delivery. In response, CQ's IT leadership began investigating online delivery mechanisms that would not only preserve the integrity of the Monitor's print version, but would prevent a digital version from being distributed "willy-nilly."

"As this is a high-dollar publication, [illegal distribution] was a huge thing to us, and there is a great incentive to do a lot of pass-along," explains Bob Shew, CQ's director of strategic planning.

CQ CIO Larry Tunks stresses that DRM adoption came strictly from a business need to control distribution. "We weren't focusing on security or the technology," he says.

One mandate was having the digital format print exactly as the printed version. Support for PDF was a determining factor in narrowing product choices. Tunks strongly preferred the ASP model. "That was not something I wanted to manage. I like to keep things simple," he says.

CQ spent several months reviewing choices before choosing SealedMedia's Enterprise License Server. SealedMedia's server stores and serves access rights and licenses (digital keys) to content users. Digital content is encrypted and protected using digital signatures.

"What sold me on SealedMedia was the separation of the license key from the data. It's very unique," says Tunks. "In most offerings, they scramble the data, encrypt it and lock up the key right with it and then deliver the whole package. The problem is, if you get an errant user, they can pass the key, and the treasure chest right along, so your whole notion of locking people out is gone."

To Tunks's dismay, however, most DRM products didn't take publishing fulfillment requirements into account -- "fulfilling" critical customer and business needs such as order handling, credit approval, list maintenance, inventory control, billing, reports, filling and shipping orders and customer service.

"In publishing, this is a big issue, and we need to get our product to people around rules they agree with and we agree with," he explains.

Sealing Content

SealedMedia is available as a hosted solution or, as in the case with CQ, an ASP model. At CQ, users seal their content using the Java sealing applet, which routes the information to the License Server hosted by SealedMedia. Requests to access content are made to the hosted server. SealedMedia charges a fixed percentage fee for each transaction.

SealedMedia includes a License Server, running on a Windows 2000 box, and a client browser plug-in for IE (Windows or Mac) or Netscape. The License Server issues content licenses, which cover access privileges and AES-based keys for decrypting content. As with other DRM products, protection choices are based on policy (license) templates created by an admin.

Content can be "sealed" using one of three methods:

  1. SealedMedia Sealing Applet: an in-browser Java applet for owners of low-volume content.
  2. Batch Sealing Engine: a batch process accessed through a Windows console command-line interface.
  3. Dynamic Sealing Engine: an ActiveX component for owners of high-volume content who need to automate their publication process.

In the SealedMedia scenario, the Unsealer plug-in requests a license for the sealed content from the server and uses the keys in the license to decrypt the document. AES encryption is used, and client-server communication is secured in a proprietary "SSL-like" tunnel.

SealedMedia supports file-based, buffered and streaming media in HTML, PDF, GIF, JPEG, MP3 and QuickTime formats on Windows and Macintosh.

While increased revenue wasn't a goal for CQ, sales spiked by nearly 100 subscribers after the publisher adopted SealedMedia, as electronic distribution pushed circulation beyond the D.C. beltway. Between new revenue and production savings, CQ realized a net gain of several hundred thousand dollars between last October and the end of 2001.

"I'm a believer that the ASP model works when it's very specific and you've got people in house, on the business side, to manage it," says Tunks. "General services on the ASP aren't successful as no one owns the business mission," he says.

Article 4 of 13
This was last published in March 2002

Dig Deeper on Data security technology and strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All