Information & Document Security Glossary
Covering information and document security terminology
This section covers commonly used information security, document security and rights management terminology. In preparing this glossary of information security terms we have tried to remain consistent with the normal English meaning of words wherever possible. When a word is being used in a way that is unusual we have tried to explain the special meaning, either immediately after its use or by including it as a term in this information security glossary.
The rights granted to an authorized person that specify how they are able to access a document.
The ability to hold an individual accountable for their actions. In the case of DRM systems this is achieved by auditing the actions of individuals using protected information.
Active rights management
Digital rights may be managed in a number of ways. Active rights management means that the owner is able to change the rights that are available either for particular documents or for particular users with immediate effect. For this to work, before a document can be accessed, the user must automatically check with an administrative system so that the latest rights are imposed.
The provision of a separate means of verifying the correctness of financial records. In IT systems this means a log of activities that have taken place, which may be used as a means of holding people accountable for their actions. Log files may contain records of individuals accessing documents, registering authorization, attempting to use documents when not authorized and so on.
Permission to do something. In DRM, permission may be given by the owner of the rights or by an administrator who runs the system on behalf of the owner to be able to read, copy, edit, print all or part of a document.
Keeping the content of a document secret from anyone who is not authorized to see it.
Quite literally, the right to control the making of copies of a work. A work is something created as a result of some effort (in English law, by the sweat of the brow). This can be a book, a play, a database, a computer program, a still or moving image, a film, a song, music and similar works. It may not be a mathematical equation. Copyright is one example of IPR control. Copyright grants the owner of a work the right to control the copying of that work, and to license such copying, and to have that right for a fixed period of time, now between 50 and 120 years after the death of the last creator.
A means of making information inaccessible to those without the authority to read it. Cryptography may be used to make information secret (confidential) or to identify the creator of information, or both.
This is a term used by some DRM providers to mean the transfer of the contents of electronic documents to those who are not authorized to see them.
Digital Rights Management (DRM)
The management method by which controls are implemented over digital documents so that their owners are able to ensure that the users of the documents are only able to use the rights that they have actually licensed and are not able to abuse those rights to disadvantage the rights of the owner.
Typical rights that are made available include:
– ability to read a document
– ability to read the document a limited number of times
– preventing reading a document before a given date/time
– preventing reading a document after a given date/time>
– preventing printing the document
– preventing using the document>
– limiting printing to a number of copies
– preventing using the Print Screen feature to copy information
– allowing low quality printing
– allowing limited copying
– allowing a program to be run for a number of times or forever.
The application of restrictions on the use of a document. This may also be referred to as policy control. The use of the word policy here means implementing the controls that the rights owner would like to see imposed on the document so that they can control how it is used by those authorized to use it.
This usually means stopping people from being able to use documents that were previously available. It can be achieved using active rights management, or by setting a time and date at which the document ceases to be available.
The means of preventing the undetected alteration or use of documents by those who are not authorized. This is achieved by implementing various controls that are applied to the document.
Scrambling information in such a way that only those who have the correct key are able to return it to its original form.
A term used by some DRM product providers to suggest that the controls over documents inside an enterprise are somehow different from the controls required to protect documents being distributed outside the enterprise (say selling a book to the public or making an announcement to the press or publishing a magazine to customers). Some available DRM controls may not be appropriate where a document is sold to customers as against being controlled within an enterprise.
Intellectual property rights (IPR)
These are rights, recognized in international law and by international treaties that creators have in those things made by use of their own intellect. Such things include books, articles, poems, plays, pictures, films. This paper is an intellectual property. IPR is seen as so important that it is part of the World Trade Organization responsibilities. Some specific intellectual property rights are copyright and patent.
This is the control that grants a license to one or more authorized users of a document or a computer program. A license control binds the user of the license to a specific computer where they are able to use the license. It means that the user is not able to grant any other user rights to use a document they are authorized to use. This means that they are not able to use a document unless they are at a specific computer system. They may have more than one license, and thus are able to license use on several computers and not just one. Where license control is being operated the owner may be able to monitor registration of the actual PCs that are authorized, and any attempt(s) to register PCs that are not authorized that are using an authorized user’s registry information.
Passive rights management
Whilst active rights management deals with situations where the owner of a document needs to be able to change the rights that they are granting dynamically, this is not the case when a book, or a magazine, or a picture, are being sold. In these situations, the purchaser expects to have their rights in perpetuity (forever). Passive rights management, where the rights are permanently embedded in the document, and there is no requirement to consult a rights management server before use, are more appropriate.
This is a form of IPR that gives the holder the absolute right of exploitation of the intellectual property for a fixed period of time. It is given in return for making the knowledge of the thing that is patented publicly accessible. DRM is of limited value for documents that are patents, except to guarantee the documents are genuine. DRM may be very relevant to those documents before a patent is granted, when disclosure could prevent the owner from being granted the patent.
This term refers to the ‘portable document format’ that was developed by Adobe Systems Incorporated, and the document security measures that are implemented by their writer and reader products. These include:
– requiring a password before the document may be opened
– requiring a password before being able to change security settings
– stopping printing
– stopping changes to the document
– no content copying or extracting
– no adding or changing comments and form fields.
Secure access rights
This term is used by some DRM product providers to suggest that the access rights conferred are secure in some way. Please see Access Rights.