Research And Implementation Of Enterprise Digital Rights Management System Based On Workflow

Nowadays, information is pervasively stored and processed in digital forms, and the security of information content is given more and more attention. Information theft of insiders is now the most serious security threat to important information in the enterprise, such as Intellectual Property, financial data and business secret, etc. Enterprise Digital Rights Management (EDRM) system protects corporate sensitive information from unauthorized access by using a series of security techniques to strictly manage the rights of digital content, and it is considered as good solution against information theft. There have been some successful EDRM system as business applications, but the typical control policy in those systems, which based on role(user) and expiration time, usually leads to inappropriate authorization, and weakens the guard of information. The protection method that those systems provided is also inflexible, that is, the whole document is always treated as a protection unit, so it can't meet different needs, like part protection.Due to these deficiencies of conventional EDRM systems, we focused to improve the system architecture. In this dissertation, we firstly analyze general EDRM system and introduce the workflow technique, then present a EDRM system based on workflow named wfEDRM. In wfEDRM, we also propose a new authorization policy called RUTask, which bases on role, user and task(duty and time), to strengthen the guard of information. Meanwhile, we describe a concept of thin granule protection, with which wfEDRM can support protection of different parts in a document. Finally, we design the key components of wfEDRM system and implement a prototype.The main contributions in this dissertation are summarized as the followings:1) With typical components of EDRM system and workflow management system as basis, a EDRM system architecture based on workflow named wfEDRM is given.2) An authorization control policy called RUTask, which combines role, user and task as control element is proposed, also with its formal description and an example of application.3) A protection method which supports thin granule protection is presented, the process of granule creating and using is described and the security of granule is also analyzed.4) With the above new authorization policy and protection method, key components of wfEDRM system are designed, and a prototype is implemented to indicate the feasibility of wfEDRM architecture.