IBM’s Cryptolopes

Slides:

Advertisements

Similar presentations

Rob Farraher Ken Pickering Lim Vu

Advertisements

Digital Rights Management (DRM) Goal: Provide access control to digital content in order to support a variety of business models. Technical Challenge:

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Safeguarding and Charging for Information on the Internet Hector Garcia-Molina, Steven P. Ketchpel, Narayanan Shivakumar Stanford University Presented.

Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.

1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.

“...creating knowledge.” Enabling Digital Content Protection on Super-Distribution Models - Carlos Serrão ISCTE – Intituto Superior.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Protecting Digital Content - The Challenge Andy Barlow CTO – Phocis.

Quicktime Howell Istance School of Computing De Montfort University.

1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management.

1 Planning And Electronic Records Issues For Electronically Enhanced Courses Jeremy Rowe Nancy Tribbensee

Internet Resources Discovery (IRD) IBM DB2 Digital Library Thanks to Zvika Michnik and Avital Greenberg.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall 2.1.

1 Copyright and Intellectual Property Design Issues by Jeremy Rowe

Development of Japanese GIS Tool for use in the Humanities ○ Masatoshi ISHIKAWA †, Yoichi KAWANISHI ††, Hidefumi OKUMURA †††, Shoichiro HARA †††† † University.

Introduction to HASP ® Software DRM Solutions, Products, Benefits All Rights Reserved © Aladdin Knowledge Systems.

1 Functional reference model for Digital Rights Management Systems Vural Ünlü / Prof. Dr. Thomas Hess Munich School of Management Berlin, 5. September2004.

Internet Trust Defined. Delivered. Electronic Business the Way It Was Meant to Be.

General Purpose Packages

CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Chapter 2 The Sources of Software 2.1.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Essentials of Systems Analysis and Design Fourth Edition Joseph S. Valacich Joey F.

Copyright © 2000 Internet Document Security Alan Weintraub Research Director March 9, 2000.

© 2005 by Prentice Hall 2-1 Chapter 2 The Origins of Software Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F. George Joseph.

Introducing Digital Rights Management Willms Buhse October 2002, Vilnius.

Donald M. Whiteside Vice President, Corporate Technology Group Director, Technical Policy and Standards ITU and EBU Presentation A perspective on trends.

1 ENC Encryption/ISO Julia Powell Office of Coast Survey Marine Chart Division.

Recordkeeping for Good Governance Toolkit Digital Recordkeeping Guidance Funafuti, Tuvalu – June 2013.

Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.

MPEG-21 : Overview MUMT 611 Doug Van Nort. Introduction Rather than audiovisual content, purpose is set of standards to deliver multimedia in secure environment.

Module 3: Business Information Systems Chapter 8: Electronic and Mobile Commerce.

CMNS 2301 Follow the Money/Copyright Handout Rights Transactions Driven from agreements based on copyright –Rights bought and sold in the following way:

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Cryptography, Authentication and Digital Signatures

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

E-Commerce Course Overview. Telephone Network Connection-based Admission control Intelligence is “in the network” Traffic carried by relatively few, “well-known”,

University of Kaiserslautern Department of Computer Science Integrated Communication Systems ICSY License4Grid: Adopting DRM for Licensed.

Digital Rights Management and Watermarking of Multimedia Content for M-Commerce Applications Frank Hartung and Friedhelm Ramme, Ericsson Research, IEEE.

Digital Rights Management with XML Eamonn Neylon Technology Director The YRM Group.

Business-to-Business Authors: Authors: Mladenka Jakovljevic, Prof. Dr. Veljko Milutinovic,

Jaws Digital Courier Justin Coombes Product Manager Jaws Product Line / Global Graphics.

1. Contents  EULAs, piracy and copyright  So why do we use computers anyway? So why do we use computers anyway?  The Digital Divide The Digital Divide.

Web 2.0: Making the Web Work for You, Illustrated Unit B: Finding Media for Projects.

Digital Commons & Open Access Repositories Johanna Bristow, Strategic Marketing Manager APBSLG Libraries: September 2006.

1 Analysis of Consumer Issues and Paths for Concrete Approaches Dr. Carsten Orwat Forschungszentrum Karlsruhe in the Helmholtz Association, Institute for.

Content Protection Platform Shih-Kun Huang Chung-Po Lin Wei-Nan Hung Institute of Information Science Academia Sinica.

HASP ® SRM Enabling Business Growth through Software Rights Management All Rights Reserved © 2007 Aladdin Knowledge Systems. Yariv Drory International.

Sociedad Digital de autores y editores Digital Media Project (DMP) Value Chain Functions, Requirements And Architecture Marc Gauvin Requirements.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Cis339 Chapter 2 The Origins of Software 2.1 Modern Systems Analysis and Design Fifth Edition.

Towards a Software Architecture for DRM Joint work with Kristof Verslype, Wouter Joosen, and Bart De Decker DistriNet research.

Networking E-commerce. E-commerce ► A general term used to describe the buying and selling of products or services over the Internet. ► This covers a.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Did you just get used to using QR codes? Technology Has changed again. There is a new invention called digital watermarks now. What does a digital watermark.

Digibox/MetaTrust Overview Similar to Cryptolopes in 2 ways: –A technology for securing intellectual property rights in a distributed.

A Semi-Automated Digital Preservation System based on Semantic Web Services Jane Hunter Sharmin Choudhury DSTC PTY LTD, Brisbane, Australia Slides by Ananta.

Chapter 2 The Origins of Software

Business System Development

12 E-Commerce Overview.

Chapter 2 The Sources of Software

Chapter 2 The Origins of Software

Chapter 2 The Origins of Software

Digital television systems - (DTS)

E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.

Web Information Systems Engineering (WISE)

Chapter 2 The Origins of Software

Electronic Payment Security Technologies

Presentation transcript:

IBM’s Cryptolopes

Overview A technology for securing intellectual property rights in a distributed environment Emphasizes security at the document level, not the channel level Developed for e-commerce settings, IBM has tuned cryptolopes for the digital library market

History Developers Developed at IBM. Proposed by Jeff Crigler and Marc Kaplan [Benton 1996] Implemented by Kaplan, Josh Auerbach and Chee-Seng Chow Pursued by Ulrich Kohl, Jeffrey Lotspiech, and Marc A. Kaplan [Kohl et al. 1997]

History Time line 1994) Crigler proposes cryptolopes in the context of IBM’s InfoMarket service (now defunct?). i.e. e-commerce origins: The infoMarket service is using Cryptolopes to obtain both service revenue, through reselling a wide range of premium business information by the document, and licensing revenue, from companies that set up Cryptolope clearinghouses for defined uses. [Benton 1996] 1995) Kaplan delivers initial prototype 1996?) IBM licenses Xerox PARC’s Digital Property Rights Language (DPRL) for use in Cryptolopes ) “Safeguarding Digital Content” series appears in Dlib magazine, describing the motivation and architecture of cryptolopes. Current) Cryptolopes have been integrated into IBM’s digital library management software.

Motivation Superdistribution Since distributing info is cheap, we should be able to broadcast it in bulk. i.e. Give information away, then charge for the rights to use it. e.g. Partially functional software downloads The idea of superdistribution is due to Ryoichi Mori. See Kaplan, Cox [1994].

Motivation 4 goals of rights management for digital content –Authentication of both provider & reader –Authentication of content –Reader privacy –Superdistribution [Kohl et al. (1997)]

Motivation Secure documents, open channels Traditional intellectual property protection invovles secure channels (SSL/SHHTP) This is fine for purposes of transmission But doesn’t protect against illegal copying after legal transmission

Motivation Secure documents, open channels Instead of protecting the channel, Cryptolopes protect at the document level. Getting the document is free, but getting access to the document costs. So give the documents away! i.e. superdistribution!

Motivation CustomizabilitySuccessful rights management depends on the context in which transactions take place. Content protection must be easily customizable. Rights management must be automated, and must scale well.

Motivation Parties involved in content distribution from

Analysis Basic idea of a cryptolope (cryptographic envelope): –Digital content is encrypted by the creator –Encrypted content is bundled into a cryptolope with non-encrypted (clear) metadata and associated authentication material –Encrypted content is freely distributed –Using clear metadata, users decide if they want to “license” the material –If so, users “purchase” decryption key from publisher

Architecture 3-tiersKohl et al. (1997) and Gladney et al. (1997) describe rights management software utilizing 3 parties Creator Publisher Customer

Architecture 3-tiered distribution of digital content from

Architecture IBM (infoMarket) acts as a potential clearing house Creators may set up their own clearing house servers [Kohl, et al. (1997)] casts digital libraries as the clearing houses for publishers’ cryptolopes

Architecture Structure of a cryptolope from

Architecture Cryptolope structure: important points –Cryptolope contains the keys to its own content –These keys are themselves encoded –Users buy keys for these keys from clearing house –i.e. clearing house only maintains keys for keys, not keys for content –Checksums assure authenticity of content

How does this work? If a user satisfies T/Cs, he is given the key Content is decrypted, shown in “special viewer” Content is authenticated using digital watermark Content is stamped with a user-specific digital fingerprint

Technical Details A cryptolope is a *.jar file Authentication via “X.509” certificates, a la Verisign…or you can create your own “lightweight certificates. Emphasis on providing just enough security for the distribution context. [See for description]

System Requirements Cryptolope viewer application is available for Win32 (only successful under NT) The IBM Digital Library software runs under AIX, MacOS, and Win32. Presumably cryptolope server software does, too…but no mention in IBM docs IBM InfoMarket appears to be defunct (i.e. no readymade clearing house)

Summary StrengthsRights management that is flexible regarding: –Level of security –Terms and conditions Protecting at the document level allows liberal distribution

Summary WeaknessesProprietary viewing software Reliance on long-term viability of clearing houses Lack of IBM support

References Benton, P. (1996). “Packaging Information for Superdistribution” IBM Research Magazine. Cox, Brad. (1994). “Superdistribution.” Wired. Gladney, H. M. and Lotspiech, J. B. “Safeguarding Digital Library Contents and Users: Assuring Convenient Security and Data Quality.” In D-Lib Magazine, May Kaplan, Marc A. IBM Cryptolopes, Superdistribution and Digital Rights Management. Ulrich Kohl, Jeffrey Lotspiech, and Marc A. Kaplan, "Safeguarding Digital Library Contents and Users: Protecting Documents Rather Than Channels", in D-lib Magazine, September,