Organizations that rely extensively on computer systems in carrying out their business need to have control over their internal information. In addition to malware threats, organizations may need to protect their information from accidental and intentional employee mishandling. A leak of intellectual property, financial data, or employee email can potentially harm an organization. As a result, some organizations have implemented information-rights-management systems to protect their digital information.
Many current information-rights-management systems may protect data by embedding themselves within the applications used to create, edit, or view information. Information-rights-management system providers, consequentially, may tailor their software to support each individual application and each operating system used by their clients. In such systems, content may be encrypted in a file system. When a user opens protected content from within an application, the application may call into the information-rights-management system's plug-in to interpret the policy associated with that content. The application may cooperate with the plug-in to enforce the policy.
There are numerous drawbacks to this approach that have slowed the widespread adoption of information-rights-management systems. One significant problem with traditional information-rights-management systems is that many common applications may not support rich plug-in architectures that are needed to support information rights management. For those applications capable of supporting information rights management, system administrators may need to acquire, install, and maintain plug-ins for each supported application. Unfortunately, even if applications are capable of supporting information-rights-management plug-ins, enforcing an information-rights-management policy within a user-level application plug-in may expose an information-rights-management system to a wide range of attacks. Furthermore, application behavior may be altered by the plug-in in undesirable ways, and the user interface of the information-rights-management system may be different within different supported applications. Thus, the cost and difficulty of administering such plug-ins across an enterprise application base may be prohibitively cumbersome. What is needed, therefore, is a more efficient and effective mechanism for providing information rights management.