File and document management systems assign access rights to libraries and items within the libraries. The access rights determine whether a user or group of users may access the items contained within the library. For instance, a user may be defined as a “viewer” of a library or an item within the library. With viewer rights, the user can download items from the library but cannot save modified versions of the items to the library. “Contributor” rights may be assigned to a user which permits the user to read and write items in the library. Additionally, “owner” rights may be assigned that allow a user to read and write items in the library and that also allow the user to assign access rights to other users. Other types of access rights may also be assigned to users.
Access rights do a good job of prohibiting unauthorized users from accessing items in a library. However, once a copy of an item is retrieved from the library, the access rights do nothing to stop subsequent distribution and use of the item. For instance, a user with viewer rights may download an item from a library in a document management system. The user may then transmit a copy of the item to a third party. The third party may then view, modify, and retransmit the item as desired even though the third party would not have otherwise been authorized to access the item stored at the document management system.
Unlike access rights, digital rights management (“DRM”) rights (also referred to herein as “usage rights”) can be utilized to secure items after they leave a document management system. Utilizing DRM, items in a library can be provided in an encrypted form. In order to use an item, a user must obtain a license to decrypt the item. Moreover, the license specifies the extent to which the user may utilize the item and may prohibit certain kinds of activities, such as printing, copying, or editing. If a DRM-protected item is transmitted to another user, that user must obtain their own license to use the item. If a license cannot be obtained by the user, the item may not be utilized in any manner.
While DRM rights provide sufficient protection for items after they have been removed from a document management system, use of DRM rights in conjunction with a document management system can introduce a number of drawbacks. In particular, when usage rights are utilized with a document management system that also utilizes access rights, two sets of rights must be maintained for each user or group of users. This can be time consuming and troublesome for the network administrator responsible for maintaining both sets of rights. Moreover, maintaining DRM rights for each user on every file results in large amount of data being stored for each item in library. This can quickly grow the size of a library to an unmanageable size. Additionally, maintaining items in encrypted form prevents system programs such as backup and search from directly accessing the items in their native format. In order to backup or search the items directly, the items must be decrypted. This process dramatically increases the processing overhead necessary to perform these types of operations.
It is with respect to these considerations and others that the various embodiments of the present invention have been made.