Technology Positioning Statement Report

1.1.5 File and Document Security Technologies

Description: Software utilities used on client platforms to protect files and passwords and insure data integrity, e.g. file encryption.

Category: 1 - Authoring and Editing   Subcategory: 1 - General Purpose
Old Category: none

Vision

RetirementContainmentCurrentTacticalStrategic
   Entrust CA
 
PKI
 

Standards

Industry UsageSC Usage
FIPS-180-1
FIPS-186-1
X.509 v3
 
X.509 v3
 

Performance Metrics

Compliance with FIPS standards for hashing algorithms and digital signature algorithms, ease of use, support for Microsoft Office products, XML, HTML, graphics.


Usage and Dependencies

Industry Position: This category refers to technologies that insure security of the data on individual files. Two approaches are typically taken: 1) to encrypt the data using Kerberos or PGP; 2) to apply a "digital signature" to the data. If the data are modified, the signature code detects this and warns the user.

(Note that these technologies are not intended to provide authentication, i.e. the verification of an author's identity. This is a network security function supported by a Public Key Infrastructure (PKI)).

Digital-rights management is essentially a set of rules that specify how digital files can be used and by whom, and enforced by a "watermark" or a digital signature. The ability to successfully wrap it around video, audio, and text is crucial to ensuring that the owners of content are compensated, an issue at the center of the ongoing legal battles over Napster's music-file-sharing service.

A standalone product that supports digital signatures is ApproveIt, from Silanis. This product even includes a visual replica of the individual's signature.

Microsoft, because of the compatibility between its pervasive Windows Media Player and its digital-rights-management technology, is in an enviable position.

The same can also be said of InterTrust Technologies Corp., whose client-side digital-rights-management application is included in CD-ROMs containing America Online's latest software.

Beyond that, analysts say, it's pretty much a free-for-all, but not for long.

"There's going to be DRM consolidation in very short order," says Jupiter Research analyst Marci Glazer. -- After Napster, A Deluge Of Digital-Rights Software , February 20, 2001, TechWeb News, CMP Media Inc.

SC Usage: NT authentication is supported currently to provide some degree of authentication through a daily desktop login process. Digital Certificates and PKI will be implemented in the planned Cybersecurity initiative.

SC Application Impacts: Future applications will manage security over the network within systems, rather than by means of individual encrypted files. However, there may be some workflow processes where digital signatures are also required.

Last Update: Valid Until:
3/15/20014/15/2001

References

Silanis digital signature products


List all Categories

Administer the Database