Analysis of Enterprise Rights Management Solutions for CAD Data According to the Requirements of the Automotive Industry and a Proposal to Increase the ERM Security Level

Abstract

The use of computer aided design (CAD) for product development is well-established. Without this technology, it would be impossible to maintain the speed and quality of products in the collaborative product development process. When CAD technology was first introduced, it was only possible to include simple geometrical elements to represent the product in the CAD system. With the evolution of CAD systems much more information was added to the CAD files such as: model history, manufacturing information, material and others. With this information a lot of intellectual property is saved inside the CAD files. If, on one hand, the integration of the intellectual property to CAD data speeds up the product development, and makes it possible to integrate the different areas of the companies like development and manufacturing; on the other hand, this leads to general danger for the companies, because the CAD data must be shared inside and outside of the company. Nowadays, in most companies which are exchanging data, the security is just kept by contracts, laws and technical mechanisms that do not guarantee the security of the data being exchanged. As soon as the data crosses the border of the company there is no way to control the data anymore. One way to guarantee the security of the data exchanged is to ensure that only authorized people, no matter where they are located, can access distributed data. This is provided by Enterprise Rights Management (ERM), which protects the data as soon as it is created. ERM technology controls digital data, even after it has crossed the borders of the company. The owner of the data to be shared can control its rights by several approvals that can be granted or denied, e.g. who is allowed to work with the data, how long it can be accessed, which actions can be performed, and others. This paper analyzes two of the current ERM solutions for protecting CAD data according to the requirements of the automotive industry. It shows, that the analyzed ERM systems are protecting CAD data only on a file-based level and do not provide granular protection which is necessary to meet the automotive industry’s requirements. In order to furthermore increase security of CAD data, this paper also presents a proposal which extends the current file-based protection to a granular protection.