needs to be revoked, the access permissions for that document can be modified and enforced on all copies, wherever they are located. eRoom also provides a complete audit trail that reflects all activity on protected documents.
IRM Services overview
IRM Services comprise the EMC Documentum Information Rights Management (IRM) Server and various client components that are available separately from eRoom. Together they form a system that provides strong, persistent security and control over information in electronic form. IRM Services employs strong cryptography, controls access to decryption keys, and locks down viewing applications to prevent unauthorized use of information once decrypted.
More than 4, 000 enterprise organizations currently use eRoom to power a wide variety of mission-critical applications, including:
New product development and delivery
Drug discovery and development
Client engagement, proposal development,
and program management
Supplier and channel management
Global sales and marketing campaigns
Merger and acquisition management
The Documentum IRM Server uses cryptography with symmetric ciphers of varying key lengths to ensure the electronic security of information. With a symmetric cipher, the same key used to encrypt information is also used to decrypt it.
IRM Services works with a family of client applications or plug-ins that access a common policy server. Each client works with a particular information type. For example, the IRM Client for Microsoft Office is an add-in for Microsoft Office applications (specifically Word, Excel, and PowerPoint) that secures and controls documents in these formats.
After clients establish a secure connection to the policy server, users can select the desired security parameters—who can access it, can it be printed, should it carry a watermark, should it automatically self-destruct at some future time, and other permissions. Then the Documentum IRM Server generates a random encryption key for each page of content, records a local copy of the keys and policies, and sends the keys to the client. The client encrypts each page of the document with the appropriate key and discards the keys.
The Documentum IRM Server accepts connections from various clients, authenticates users, and manages authorization to, and dissemination of, encryption keys and use policies for protected content. The system ensures that even authorized users cannot get direct access to encryption keys. To prevent offline attacks, keys and policy information are kept only on the server. Furthermore, all time-based decisions are made based on the server’s clock not the client’s, which could be subject to manipulation by a malicious user.
Expanding the eRoom workplace
eRoom is a full-feature, collaboration solution that can be used right out of the box or as a powerful application platform for optimizing business processes. The user interface can be customized and eRoom can be tightly integrated with other tools and applications or modified to automate your most critical business processes. eRoom is also the foundation of eRoom Enterprise, a companion product seamlessly integrated with the EMC Documentum content management platform.
EMC Corporation Hopkinton Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.EMC.com
Take the next step To learn how to make collaboration a sustainable competitive advantage for your enterprise, visit www.EMC.com or call 800.607.9546 (outside the U.S.: +1.925.600.5802)
EMC2, EMC, Documentum, eRoom, and where information lives are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. © Copyright 2008 EMC Corporation. All rights reserved. Published in the USA. 1/08 Data Sheet H3098