At its simplest level, digital rights management (DRM) technology is all about controlling access to information. Customers want convenient access to their purchased products, while companies seek to protect their intellectual property from unauthorized use or duplication. DRM sits squarely between these two parties, trying to present an amicable compromise between the customers and the vendor.
You could argue that hardware keys, software licenses, and serial numbers all fall under the DRM umbrella. However, the term more commonly refers to any of several advanced architectures for producing, providing, and protecting digital media. Although DRM infrastructures are sophisticated, they frequently employ familiar technologies like public key infrastructure (PKI), encryption, distributed architectures, Web storefronts, and various media formats.
Although there are several approaches to providing digital rights management, the most common one is outlined in the diagram, "Anatomy of a DRM Transaction." (See below.) Key aspects of an effective DRM system include:
- data protection, so files aren't easily viewed without proper privileges;
- unique identification of each customer to ensure that rights are applied appropriately;
- central management of rights to allow for free distribution, anti-fraud measures, and revocation;
- flexibility, so the system can be tailored to various business models (rental, ownership, and read-only, for example).
DRM has several advantages over traditional digital media protection schemes like passwords and watermarks. The path from the author to the customer can be very short, allowing individuals to publish their works online at a low cost. The media is usually well protected using encryption or some other means (but you would be hard-pressed to demonstrate that any given DRM protection scheme is impossible to crack). Furthermore, permissions for the protected media can be tailored to either restrict or allow various privileges, such as partial or preview viewing, printing, duplication, or time-limited rentals.
On the other hand, the DRM approach introduces some concerns and disadvantages that you must also consider. Because rights are generally managed on a central server, authorization often (but not always) requires access to a license management server via the Internet. In such a scenario, the server is a pivotal component of the key infrastructure.
The unique identification requirement poses problems as well. Customers will be concerned about their privacy, and will want to know if and how you're tracking their usage. DRM also often requires running specific proprietary software on the client machine to unlock protected media, like Windows Media Player, or another product compatible with Microsoft Windows Media Rights Manager framework.
![]() |
Anatomy of a DRM Transaction: At its most basic, a DRM transaction starts with the content creator (a), who generates a piece of media (b), be it audio, video, text, or some other format. Once in digital form, the media file is encrypted to protect it from unauthorized use and stored on a server. Access to the file is managed by the license server, possibly in conjunction with a pay management system (c). Decrypted media might be delivered directly to a browser (d), or it could be decoded by the appropriate DRM-enabled software application (e). Either way, the result is fully licensed, digital-quality media file or stream reaching the customer (f). |



