One aspect of the present invention discloses a client device for content security. The device includes: an application execution unit configured to control content in response to a content control command requested in a user level; a DRM agent configured to communicate with a DRM server and the application execution unit in the user level, to detect the content control command, to receive an encryption/decryption key and security policy for content from the DRM server, to provide the received encryption/decryption key and security policy to a client kernel module, and to transmit an encryption/decryption request; and the client kernel module configured to receive the encryption/decryption key and the security policy, to store the encryption/decryption key and security policy in a secure box of a kernel level, and to perform encryption or decryption on the content based on the encryption/decryption key and security policy in response to the encryption/decryption request.