Data sharing is an increasingly urgent issue for companies and other organizations. As shown by the recent passage of a referendum in Massachusetts requiring automobile OEMs to share data transmitted by their cars with third party repair shops, pressure is coming from both regulators and consumers. It is also a business issue.
With the push for digital transformation, companies are realizing that one of the best ways to maximize the value of their data is to use it to collaborate with partners. Many organizations are used to closely holding their own data, and allowing collaboration among disparate parties is a particular challenge for them.
A number of technology companies are trying to solve this complex problem. Interestingly, a technology that has been used to protect media content for more than 20 years, digital rights management (DRM), offers a model as to how this can be achieved.
How DRM works in video streaming
Under content distribution systems, in a typical video streaming scenario, the rights holder gives permission to a streaming service to provide the video to subscribers. With this permission, the rights holder attaches conditions to allow end user playback such as security requirements for the playback video device. The streaming service then hosts the video content on its servers.
When a subscriber requests to view that video on their device, such as a connected television, the service then starts streaming the data from the appropriate file. This data travels over a content distribution network (CDN) to the internet service provider (ISP) used by the subscriber. The client software on the subscriber’s TV then plays back the video data as it is received.
In this example, the DRM technology used to protect the video data has to both protect and control access to data as it travels between the multiple systems involved in the transaction. It also has to enforce the rights and policies of the loosely coupled organizations involved including content rights holders, distribution service operators, device manufacturers, and end users.
Identity and access management – from DRM to data
Any system that allows multiple organizations to collaborate with data faces many of the same issues. One technology that is indispensable for any such system is an IAM (identity and access management) capability that is specifically designed for multi-party collaboration. IAM is well-known and commonly implemented, and is usually used by companies to identify individuals who have credentialed access systems and data, and to manage that access.
Multi-party collaboration systems need an IAM layer, as well. However, this needs to differ from traditional IAM implementations in that the individuals being managed will be attached to multiple organizations and could also include consumers. In addition, beyond individuals, access to data by computer systems such as machine learning algorithms also needs to be managed, and furthermore, the IAM layer should be more precisely focused on managing access to data rather than corporate IT applications.
Again, DRM implementations show the beginnings of some of these features. DRM by default is focused on identifying and managing access to data by both an individual and the software program associated with that person. As previously noted, this is achieved with policy-based systems that account for individuals and software operating on a wide variety of devices associated with multiple organizations. Since DRM controls access to encrypted data using PKI -based systems, this capability will also be useful for multi-party collaboration systems since the latter, by necessity, must work with encrypted data.
DRM systems continue to protect high-value data even as it is accessed by myriad untrusted devices in zero-trust environments. For example, Intertrust has offered the market an extensive blueprint for DRM over the last 30 years, and this has influenced the development of the Intertrust Platform which is used to secure multi-party collaboration by the European energy company E.ON.
About David P. Maher
David Maher has over 30 years of experience in secure computing and is responsible for Research and Development at Intertrust. In addition, he is currently President of Seacert Corporation, a certificate authority for the Internet of Things, a developer of application security software, and Co-chairman of the Marlin Trust Management Organization which oversees the world’s only independent digital rights management ecosystem. Before joining Intertrust in 1999, Maher was chief scientist for AT&T Secure Communications Systems, Head of the Secure Systems Research Department, and security architect for AT&T’s Internet services platform. After joining Bell Labs in 1981, he developed secure communications, information vending, and e-commerce systems. He was Chief Architect for AT&T’s STU-III secure voice, data, and video products used by the White House and Department of Defense for top-secret communications. In 1992, Maher became a Bell Labs Fellow in recognition of his accomplishments in communications security. Maher holds dozens of patents in secure computing; has published papers in the fields of mathematics and computer science; and has consulted with the National Science Foundation, National Security Agency, National Institute of Standards and Technology, and the Congressional Office of Technology Assessment. Maher holds a Ph.D. in mathematics from Lehigh University. He has taught electrical engineering, mathematics, and computer science at several institutions.