Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rights Management Services (RMS) Paul Cullimore Graham Calladine Security Solutions Team, MCS, UK.

Published byUlises Moule Modified over 9 years ago

Similar presentations

Presentation on theme: "Rights Management Services (RMS) Paul Cullimore Graham Calladine Security Solutions Team, MCS, UK."— Presentation transcript:

1 Rights Management Services (RMS) Paul Cullimore paulcu@microsoft.com Graham Calladine grahamca@microsoft.com Security Solutions Team, MCS, UK

2 What is RM? “RMS is a technology that works with enabled applications to help protect digital information from unauthorised use.” Relies on a system of trust Trusted user (using a) Trusted application (installed on a) Trusted computer

3 Defining Rights Management Windows Media Rights Manager v1, v7, 9 Series (1997 ff) Digital Asset Server (2000) Windows Rights Management Services for Windows Server 2003 Expansion of client support, usage scenarios and value to the enterprise User experience Windows Media ® Player & licensees of Windows Media Format SDK Rights Management Category: Digital Rights Management Enterprise benefits: Protection of both live and on- demand streamed audio and video files (e.g. sensitive internal or external audio/video communications, on-demand training, and corporate meetings User experience Microsoft Reader Rights Management Category: Digital Rights Management Enterprise benefits: Not an enterprise-focused solution User experience Users engage rights-protected content via a browser or with RM-enabled applications. Rights Management Category: Enterprise Rights Management Enterprise benefits: Allows for flexible and persistent policy expression and enforcement for information: material drawn from database or content management queries, e-mail messages, documents, spreadsheets, other Web content Existing Rights Management technologies Greater flexibility for corporate scenarios, new business opportunities

4

5 eBook  Known reader software  Must be activated for protected content  Digital Asset Server (DAS)

6 Windows Media  Series 9  Secure Audio Path  Live broadcast  Commercial Napster v2 Napster v2 iTunes iTunes OD2 (MSN, Ministry of Sound) OD2 (MSN, Ministry of Sound)

7 Windows Media

8 Windows Rights Management Services  Persistent protection  Policy enforcement  Template based administration  Who can access  And, what they can do Cut, Copy & Paste Cut, Copy & Paste Print, Print Screen Print, Print Screen Forward Forward Expire Expire

9 Where does RMS fit technologically?  EFS – prevents stolen laptops from having their information compromised  ACLs – Protects the integrity of files on a network share.  S/MIME – provides over-the-wire information security for e-mail  Document Protection – Strongly encrypts Office documents.  RM – Stops accidental abuses of Office content

10 What RM is NOT!  RM is NOT a security solution  Also, users with malicious intent may circumvent RM policies.  Restrict MP3 usage so you can’t play them the way you want  Provide unbreakable, hacker-proof security  Technology alone cannot stop the inappropriate spread of information: Screen capture utilities work Screen capture utilities work Digital cameras Digital cameras Read over the phone Read over the phone

11

12

13 RM Components  Windows Rights Management Services (RMS) - Windows Server 2003  Updates to Windows client RM client APIs for Windows 98SE+ RM client APIs for Windows 98SE+ RM Add-on for Internet Explorer RM Add-on for Internet Explorer  Software Development Kit For both client-based & server-based development For both client-based & server-based development  RM-enabled applications Any application which has utilized the RM SDK Any application which has utilized the RM SDK Office 2003 is the first set of apps to implement RM = Information RM Office 2003 is the first set of apps to implement RM = Information RM

14 RMS Architecture  RMS is an ASP.NET Web service SOAP over HTTP/HTTPS SOAP over HTTP/HTTPS IIS 6 only IIS 6 only Stateless for most requests – all processing on front end Stateless for most requests – all processing on front end Database used for configuration & logging Database used for configuration & logging  Requests Machine Activation: One time process to create and download secure trusted root per machine Machine Activation: One time process to create and download secure trusted root per machine Certification and Client Enrollment: Binding a user key pair to a specific machine. Certification and Client Enrollment: Binding a user key pair to a specific machine. Licensing: requesting a license to use a piece of content. Licensing: requesting a license to use a piece of content.

15 Deployment Prerequisites  P3 800 / 256MB / 20GB (Rec: P4 Dual / 512MB / 40GB)  Windows Server 2003 Internet Information Services 6.0 Internet Information Services 6.0 ASP.NET ASP.NET MSMQ client for logging MSMQ client for logging MSDE or SQL server 2000 MSDE or SQL server 2000  Active Directory (AD): Windows 2000 SP3 or later  Test users must have accounts with mail attribute in the AD  RM client bits installed on client test machines  RM-enabled application  RM server must have access to the Internet

16  “Do Not Forward” e-mail Includes optional expiration Includes optional expiration  “Do Not Distribute” documents Provides more granularity Provides more granularity Access can be Read, Change, or Full Control Access can be Read, Change, or Full Control Additional options include Printing and Expiration Additional options include Printing and Expiration  Specifying recipients uses e-mail addresses  Support for Exchange DLs makes it easy to manage access control as group membership changes  “Company Confidential” policies Supports “permission policies” in enterprises Supports “permission policies” in enterprises Admins control policies, even after content is protected Admins control policies, even after content is protected IRM Features in Office 2003

17 Office versions Application Create Content Consume Content Office 2003 Professional Yes Office 2003 Standard NoYes Standalone Office 2003 Applications Yes Office XP (all versions) No Office 2000/97 (all versions) No Rights Management Add-on for Internet Explorer NoYes

18 Deployment Blockers  AD deployment is #1 blocker Not all customers have appeared to have deployed AD yet. Not all customers have appeared to have deployed AD yet. No AD schema extensions required No AD schema extensions required  Office 2003 deployment is #2 blocker Office 2003 is only RMS-enabled authoring tool at present Office 2003 is only RMS-enabled authoring tool at present  Exchange is a big bonus, but not required  Deploying Windows Server 2003 Only need one server at minimum Only need one server at minimum  Air-gapped networks can’t talk to MSN RMS SP1 and Churchill – more later. RMS SP1 and Churchill – more later.

19 Summary  RM extends the control users and IT have over sensitive communications  No user can claim “they didn’t know” when they are caught abusing RM protected content  RMS is an enterprise class service – plan accordingly  Think early about roaming use and collaboration needs

Download ppt "Rights Management Services (RMS) Paul Cullimore Graham Calladine Security Solutions Team, MCS, UK."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft.

We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft.
Omni eControl. New Features in Version 2.x - Manage Mixed Networks: eDirectory, Active Directory, GroupWise, Exchange eControl Version 2.0 New Features.

Omni eControl. New Features in Version 2.x - Manage Mixed Networks: eDirectory, Active Directory, GroupWise, Exchange eControl Version 2.0 New Features.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Microsoft® Windows® Rights Management Services (RMS) Deployment and Usage, Step-by-Step.

Microsoft® Windows® Rights Management Services (RMS) Deployment and Usage, Step-by-Step.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
TANDBERG Content Server January 2008. Organizational Challenges Corporations have struggled in the past:  Achieving unified communications within a global.

TANDBERG Content Server January Organizational Challenges Corporations have struggled in the past:  Achieving unified communications within a global.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.

Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Understanding Active Directory

Understanding Active Directory
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Similar presentations

Ads by Google