Windows Rights Management (RM) uses encryption and a centralized "trust broker" to restrict how data items can be used.

Assume the author of a Word document (top left) wants to permit other users to open and read the document, but not modify it, copy text from it, or print it. A typical transaction would involve the following steps:

1. The RM-enabled Word user interface presents the author with a list of organization-defined policy templates with different rights levels. In this illustration the author selects a level called "Confidential," which allows other users in the system to open and read the document, but not to modify it, copy text from it, or print it. Word then generates a one-time symmetric key, which it uses to encrypt the document.

2. Word creates a unique publishing license for this document which states that the policy template "Confidential" was selected. Then it seals the symmetric key inside the publishing license in such a way that only RMS can extract that key. (Public-private key pairs are used throughout the process to ensure that licenses cannot be forged or intercepted; a software-based lockbox on each PC contains the private key for that PC and performs the cryptographic functions necessary to use the system.) The publishing license is appended to the document so that all copies of the document will also have a copy of the publishing license.

3. The author distributes the document with its publishing license to another user who also has a RM-enabled version of Word.

4. The recipient tries to open the document, but it is encrypted, so Word contacts RMS for a use license. This request includes the publishing license and a certificate identifying the authenticated recipient (the certificate also contains that recipient’s public key).

5. RMS opens the publishing license and sees that the author has assigned rights under the Confidential policy template. RMS checks the information in the recipient's certificate against a list of users and determines what specific rights this user (or the user's group) is granted under the Confidential policy. If the recipient is authorized to access this document in some way, RMS creates a use license listing the rights the user has for this document. Then RMS extracts the symmetric key from the publishing license and seals it inside the use license so that only the recipient can extract it. Finally, RMS sends the use license back to the recipient.

6. The recipient's RM client ensures that this version of Word is a "trusted application." (Microsoft will distribute in an SDK the tools necessary for third parties to build trusted applications.) Once approved, Word opens the use license, extracts the symmetric key, and opens the file. Finally, Word renders the document and enforces the appropriate level of rights. In this example, Word would not allow the user to make any changes to the document, and the copy and print options would be disabled.

Back to associated article: Rights Management Comes to the Enterprise