Know your gear
The Documentum IRM Server accepts connections from various clients, authenticates users, and manages authorization to, and dissemination of, encryption keys and use policies for protected content. The system ensures that even authorized users cannot get direct access to encryption keys. To prevent offline attacks, keys and policy information are kept only on the server. Furthermore, all time-based decisions are made based on the server's clock not the client's, which could be subject to manipulation by a malicious user.