Enterprise Rights Management

4 downloads 6204 Views 3MB Size Report
Protection of confidential documents ... Protection of the complete document .... Secure data encryption already at file storage with a up to 4096bit data.
Enhancing Product Innovation by Implementing Intellectual Property Protection into the Virtual Product Creation Stefan Rulhoff Dr. Harald Liese Dr. Josip Stjepandic 19th ISPE Conference on Concurrent Engineering Trier, September 5th 2012

PROSTEP AG • Dolivostraße 11 • 64293 Darmstadt • www.prostep.com © PROSTEP AG  2012

Agenda ............................................................................................. 1.

Introduction

............................................................................................ 2.

Business Requirements for secure Data Exchange

............................................................................................. 3.

Solution Approaches

............................................................................................. 4.

Industrial Practice

............................................................................................. 5.

© PROSTEP AG  2012

Summary and Outlook

Extended Enterprise

OEM 1 OEM 2

Supplier Supplier Module supplier

Development partner

Virtual Enterprise

Module supplier

OEM Module supplier Joint venture R&D

Module supplier

Supplier

OEM 3 Supplier

© PROSTEP AG  2012

Supplier

Need for Action



Enterprise security requirements against product piracy

 

  

Protection of confidential documents End-to-end encryprion is required

Legal restraints & compliance requirements

  

Traceability Risk management Confidentiality

Growing global partner data exchange

 

Partner are increasingly connected via web portals Process automation via portals is necessary

Bulk data exchange

 

© PROSTEP AG  2012

Stable transfer of bulk data in Gigabyte range Compensation of high latence time

Know-how safety mechanism Structuring into methodical blocks Know-how safety modules Safe data exchange Enterprise Rights Management  Protection of the complete document  Or parts of the document

Model simplification Know-how reduction  Removal of IP bevor data exchange  Intelligently protected documents

Enterprise Rights Management (ERM)

Safe data exchange platform

Data filtering

Equivalent models

with Adobe RightsManagement

with OpenDXM®GlobalX

with Knowledge Editor

with PDF Generator 3D

 Application of individual know-how safety mechanisms  Combination of the know-how safety mechanisms © PROSTEP AG  20112

PROSTEP Knowledge Editor Know-how protection

Know-how Schutz Bausteine Sicherer Datenaustausch Enterprise Rights Management  Schutz des kompletten Dokuments  oder von Teilen des Dokuments

Modellreduzierung Know-how Reduzierung  Entfernen von IP vor dem Datenaustausch  Intelligente geschützte Dokumente

Datenfilterung

mit Knowledge Editor

Data cleansing, analysis of model, validation

Consideration of data exchange agreement

Definition of adequate filter criteria

Integration into daily data exchange processes

Removal of company‘s know-how

Data cleansing

Analysis

Validation

© PROSTEP AG  2011

Knowledge Editor Part of data exchange processes Process control (e.g. OpenDMX*, OpenPDM*) PDMExport

*.CATProduct *.CATPart

Adjustment of product structure

Model simplification

Data transmission

  

*.CATProduct *.CATPart



 © PROSTEP AG  2011

Protection of company‘s know-how Adjustment of knowledge of elements Adjustment categories (CATIA V5)

     

Extended parametric design Knowledgeware features Model elements, model properties

Combination of operations Service functions Assembly operations

Profile Management

  

Use of different profiles, e.g. for each Collaboration and/or Data exchange agreement

Integration into dayly data exchange processes with OpenDXM® GlobalX

PROSTEP PDF Generator 3D for Adobe® LiveCycle® ES

Template

Data for „Packaging“

Know-how Schutz Bausteine Sicherer Datenaustausch Enterprise Rights Management  Schutz des kompletten Dokuments  oder von Teilen des Dokuments

Modellreduzierung Know-how Reduzierung  Entfernen von IP vor dem Datenaustausch  Intelligente geschützte Dokumente

Base Server Component XML Metadata Integration ● XMP Integration ● Basic Encryption ● Packaging ● LC Designer ● LC Workbench

(PDF and other Formats)

Ersatzmodelle

mit PDF Generator 3D

3D PDF

3D Geometry, Product Structure, Metadata, Etc. PRC/U3D

CAx Translators Tech Soft 3D ● 3rd. Parties

Mandatory Optional © PROSTEP AG  2010 2011

PROSTEP PDF Generator 3D for Adobe® LiveCycle® ES

Visit: http://www.pdfgenerator3d.com © PROSTEP AG  2010 2011

New dimension of data protection through ERM

Know-how Schutz Bausteine Sicherer Datenaustausch Enterprise Rights Management  Schutz des kompletten Dokuments  oder von Teilen des Dokuments

Modellreduzierung Know-how Reduzierung  Entfernen von IP vor dem Datenaustausch  Intelligente geschützte Dokumente

Enterprise Rights Management (ERM) mit Adobe Rights Management

Document remains protected no matter where the document is sent to.

Data never reaches unauthorized users.

Owner keeps full controll over data. Rights can be changed/revoked at any time. Quelle: ProSTEP iViP e.V

© PROSTEP AG  2011

Principal of ERM

Define access rights

Saves encoding key and access rights

distribute document

Permissionserver

protect document

Key

 

Every access to the documents requires communication with the server. Server safes access rights and the neccessary information for encoding.

Demand access Grant/deny access Quelle: ProSTEP iViP e.V

© PROSTEP AG  2011

Document protection and access control Example: Adobe Rights Management

Compose

Display Create Adobe PDF-File from native File

Add safety function

Authenticate and authorize

Native applications:  Desktop applications  Server applications

Define safety guidelines:

 LDAP  Active Directory  ECM-Systems  External recipients

   

Depriviation Procedure Review Water mark

Selection of recipient:  Individual recipient  Group

Adobe LC Rights Management

© PROSTEP AG  2011

OpenDXM® GlobalX Managed File Transfer Plattform

Know-how Schutz Bausteine Sicherer Datenaustausch Enterprise Rights Management  Schutz des kompletten Dokuments  oder von Teilen des Dokuments

Modellreduzierung Know-how Reduzierung  Entfernen von IP vor dem Datenaustausch  Intelligente geschützte Dokumente

Sichere DatenaustauschPlattform mit OpenDXM® GlobalX

OpenDXM GlobalX stands for:

 Scalable security  Integrated communication functions  Comfortable and powerful clients  Robust and comfortable data exchange functions  Audit-proof transfer processes logging  High flexibility and integration capabilities

© PROSTEP AG  2011

Possible application scenarios for OpenDXM® GlobalX



Engineering data exchange



PDM data synchronization

 

Distribution of tender and quotation documents Partner / service portal to publish for example:

  



CAD-standard part libraries Manuals / maintanance documentation General partner information

Mechatronics



Safe exchange of software with version management systems

Exchange of documents worthy of protection in any format and almost any size for every business department © PROSTEP AG  2011

Data safety & scalable data encryption

            

Data is at any given point of time encoded. Unauthorized users have no access to the data at any time. Administrators have no access to personal encrypted data. Individual or enforced encryption are configurable. Highest and scalable data encryption from server to server till end user to end user. Secure data encryption already at file storage with a up to 4096bit data encryption. Every file is encrypted with a separate key. Keys generated and administrated by OpenDXM GlobalX are administrated in a key store which is also encrypted. Personal keys don’t have to be transported and the local key store of the user is also encrypted and protected with his personal password. An integrated PKI-(Public-Key-Infrastructure) Management automatically administrates Keys generated by the OpenDXM GlobalX. An already existing PKI infrastructure can still be used. The encrypted data transfer takes place via https with a 128bit SSL encryption. Every access to the data by authorized users is automatically documented. Transparency is hence ensured.

© PROSTEP AG  2011

OpenDXM® GlobalX - Managed File Transfer Platform Supplier FileVaults Partner FileVault

Supplier 2

Supplier 1

Customer FileVault

GlobalX GateWay

OpenDXM GlobalX® Platform

Customer Headquarter GlobalX GateWay OFTP

Customer Location © PROSTEP AG  2011

Partner

Example application scenario

Transmitter

complete know-how

reduced know-how

© PROSTEP AG  2011

Portal application Process automatization Infrastructure (data management, encryption)

3D PDF - Forms - Metadata - Visulization - Attachments - CATIA V5 - JT - ERM-protection

Recipient

Movie application scenario



Movie: “Combination of Know-How Safety Mechanisms “

© PROSTEP AG  2011

Develop globally - with safety Summary



Process consulting and process integration



Powerful integration solutions

  

Secure data exchange platform Enterprise Rights Management (ERM) Intelligent PDF documents with equivalent models





Native CAD data filtering

Secure collaboration in global engineering data exchange.

© PROSTEP AG  2012

… thanks a lot for your attention …

Stefan Rulhoff PROSTEP AG [email protected]

© PROSTEP AG  2012