Digital rights management (DRM) is generally defined as the collection of tools and technologies for protecting copyrights and other rights on digital media. DRM deals with authorization decisions about access to resources, and as such it is an application of identity and access management. However, DRM places stronger requirements on fraud prevention in that it also seeks to control usage by authorized users after they have gained access to a resource.

All modern DRM systems have at their core the notion of a digital license, and most deal with content and licenses separately, along the following lines:

• Licenses are issued when access is requested, while content is made freely available in encrypted form to prevent access by unauthorized parties. To access protected content, the client must obtain a digital license that specifies how the content may be used.
• To consume protected content, the client connects to a clearing house and requests a digital license for the content. The request requires the client to send a unique identifier that identifies him and/or a specific client device that will play the content. The request is typically initiated by the client’s software application or hardware device upon the client’s first attempted access.
• Assuming the clearing house makes a favorable authorization decision for the client, it sends the requested digital license to the client. The client’s device or application, which is presumed to be secure against tampering, then decrypts the license and displays or otherwise makes available the content to its user in accordance with the usage rules.

This DRM architecture has all the security, privacy, and performance problems of enterprise I&AM. These problems can be solved using the U-Prove™ technology.