Share via

4.2 Using Precertification to Pre-License Protected Content

  • Article

After content has been protected by a publisher and distributed to recipients, each recipient typically makes a request to the RMS server in order to acquire a use license granting access to the content. Depending on the content distribution mechanism, this process can be optimized so that the content arrives with the appropriate use license for the recipient so that the recipient can access the content immediately. This optimization can help in situations where the recipient might receive protected content and then disconnect from the network before attempting to access the content.

Roles in the RMS system

Figure 10: Roles in the RMS system

The transport or other server application illustrated in figure 8 is responsible for distributing the content to the consumer or recipient. This entity can request a use license on behalf of the recipient and deliver it with the content:

  1. Content is created and protected. A publishing license is generated to describe the usage policy for the content and to contain the content key. Both the protected content and the associated publishing license are sent to the recipient via the transport.

  2. The transport detects that the content is protected. Before delivering the protected content to the recipient, the transport locates the RMS server responsible for the forest in which the recipient's user object exists. It makes a Precertify request to this RMS server, specifying the recipient's email address in the request. The RMS server returns the recipient's public key certificate.

    Precertify operation is called

    Figure 11: Precertify operation is called

  3. The transport now extracts the publishing license from the protected content and submits it and the recipient's public key certificate to the RMS server responsible for issuing use licenses for the publishing license. This communication uses the AcquireLicense operation described in the RMS: Client-to-Server Protocol Specification [MS-RMPR].

    AcquireLicense operation is called using the RMS: Client-to-Server Protocol [MS-RMPR]

    Figure 12: AcquireLicense operation is called using the RMS: Client-to-Server Protocol [MS-RMPR]

  4. The RMS server returns the use license to the transport. The transport sends both the use license and the protected content to the recipient.

  5. If the recipient is already bootstrapped (as described in the RMS: Client-to-Server Protocol Specification [MS-RMPR]), the content can be accessed without requiring an additional request to the RMS server.