By Matt Rosoff [bio]
Posted: Sep. 12, 2005

Windows Media DRM and Windows Rights Management Services (RMS) share many similarities. In this diagram, a user is attempting to open a rights-protected file. Regardless of which rights management system is being used, the following steps take place.

(1) The application responsible for rendering the protected object (e.g., the Windows Media Player; Word 2003) sends a license request to the rights management client application, which resides on the same PC. The client authenticates the requesting application to prevent spoofing (in which a hacker's tool poses as a legitimate application).

(2) The client contacts a license server and requests a key to unlock the content. This request is accompanied by data about the user. With Windows Media DRM, the license request includes nonspecific information, such as the user's OS and Windows Media Player version. With RMS, the license request includes a certificate identifying the user as being trusted by the organization protecting the content.

(3) The server determines the user's rights for that piece of content (e.g., "play once" for Windows Media DRM; "read but not print" for RMS). If the user has rights to work with the file, the server issues a use license that describes the user's rights and includes a key to unlock the content.

(4) The client passes the key to the rendering application, which enforces the rights granted to the user in the use license.