A DRM agent embodies a trusted entity in a device. It is responsible for enforcing permissions and constraints associated with DRM content, as well as controlling access to DRM content.
The DRM agent is launched when DRM content is received on the device, at which point it extracts and encrypts the DRM content. The DRM agent is consulted for permissions and constraints before the content is passed to a media player (for example, Image Viewer or Video Player). If the rights have expired, the media player is be informed and the content becomes unusable.
In OMA DRM v2.0, the DRM agent has a unique private key pair and a certificate. The certificate includes additional information, such as maker, device, type, software version, serial numbers. This allows the content and rights issuers to securely authenticate the DRM agent. Each DRM agent is provisioned with a unique private key and an associated certificate identifying the DRM agent and certifying the binding between the agent and the key pair. This allows rights issuers to securely authenticate the DRM agent using the standard PKI procedure.