Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS155b: E-Commerce Lecture 8: February 1, 2001 TPSs and Content-Distribution Businesses.

Published byCharity Gilmore Modified over 9 years ago

Similar presentations

Presentation on theme: "CS155b: E-Commerce Lecture 8: February 1, 2001 TPSs and Content-Distribution Businesses."— Presentation transcript:

1 CS155b: E-Commerce Lecture 8: February 1, 2001 TPSs and Content-Distribution Businesses

2 Security Technologies Encryption –Symmetric Key –Public Key Signature PKI Rights Management Time stamping Secure Containers

3 Product- or Service-Developer’s Goal Choose the right ingredients and weave them together into an effective end-to-end technical protection system (TPS). Ingredients must be “right” w.r.t. business model and legal and social content as well as technical context. Notoriously Difficult! (Shapiro and Varian may be too optimistic.)

4 General Points about TPSs TPS is a means, not an end. Cannot answer legal, social, or economic questions about ownership of or rights over digital documents. No TPS is perfect. Continued improvement in TPS requires ongoing R&D, including “circumvention.” TPS easier to design for special purpose devices and systems (e.g., cable television) than for the Internet. TPS should serve customers’ needs, e.g., assured provenance, as well as rightsholders’ needs.

5 Content Distributor Encrypted Content Player App. Player App. Paying Customer Player App. Thief (no k) kk

6 Common Elements of Many TPSs Mass-Market broadcast content –Anyone can get ciphertext, which is broadcast on low-cost channel (e.g., web page, broadcast TV). –Encrypted once. Decryption key k sent only to paying customers on lower-bandwidth, higher-cost channel.

7 Possible Realization for Web Pages Customer U and content-server use basic security protocol, e.g., SSL, to create “session key” K U and transfer payment from U to server. Server sends k` = E(k, K U ) to U. U’s browser computes k = D (k`, K U ), downloads encrypted content, decrypts it using k, and displays it.

8 Possible Shortcomings Why can’t U print, save, or otherwise redirect displayed content? Why can’t a hacker steal k while it’s in use? Interaction of browser with other local- network software, e.g., back-up system?

9 Crypto. Theory Myth: Private Environments KDC Key Generation c K AB Alice Bob Alice Y E(X, K AB ) Bob X D(Y, K AB ) Y

10 Modern Computing Reality Alice Admin AjAj AiAi Bob Admin BkBk BlBl Eve Alice

11 Real Sources of Compromise Unwatched Terminals Administrative Staff Changes Misconfigurations OS Bugs Bad Random-Number Generators Not sophisticated break-ins!

12 Secure Socket Layer (SSL) SSL was first developed by Netscape Corp. in 1994 and became an Internet Standard in 1997 (version 3.x). SSL is a cryptographic protocol to secure two applications communicating across a “socket” (cf. TCP). Data transmitted through an SSL connection is encrypted. It is mostly used by WWW applications (web servers and browsers). The string https:// in an URL specifies the browser to open a secured socket connection to the server (port 443).https:// SSL uses digital certificates for authentication. There is no “trust hierarchy” in SSL, so browsers are preloaded with certificates of trusted CAs. Due to U.S. export regulations, products using SSL sold in foreign markets use weakened cryptography (40-bit key vs. 128-bit key).

13 SSL In Online Retailing Most Internet retail sites use SSL to secure online payments. Online merchants purchase digital certificates from CAs (e.g., Verisign) to authenticate itself to the browser software. SSL is NOT an electronic payment protocol. It is used to safely transmit sensitive financial information (e.g., credit card number, personal address, etc.) It means online merchants using SSL (e.g., Amazon.com) do not process the credit cards in real-time. A traditional mail order/telephone order (MOTO) protocol is used after for payment processing later, SSL provides security in authentication and communication. It does not address other security issues: it is up to the individual to trust a name linked to a certificate, and in its ability to protect and not misuse its database.

14 The SSL Handshake Client hello Server hello Present Server Certificate *Request Client Certificate Server Key Exchange Client Finish *Present Client Certificate Client Key Exchange *Certificate Verify Change Cipher Spec Server Finish Change Cipher Spec Client Server Application Data * Optional messages

15 Possible Realization for Pay-TV K ui is entered in i th “set-top box” when box is installed. E(k, K u1 ), …, E(k, K uN ) are broadcast with encrypted program. Shortcoming: One broken box can be used to steal all future programs.

16 Watermarking Note similarity with and difference from digital signature scheme. Open Problem: Public-key watermarking. Watermark Insertion Watermark Detection Marked Object Accept or Reject Owner’s Key Unmarked Object Owner’s Key Object

17 Uses of Watermarking in TPS Broadcast of marked object, controlled distribution of keys. (Same architecture as in broadcast of encrypted content... and same shortcomings.) Web crawlers can search for unauthorized copies of marked objects. Unauthorized modification of marked objects can be detected by “fragile watermarking schemes.” Special-purpose devices can refuse to copy marked objects.

18 Superdistribution Content is packaged with “terms and conditions” that are checked by a “rights-management system” and can be augmented by value-adding middlemen. Content Originator Redistributor Payment Clearing System End user End user End user End user

19 TPS Design Principles Know the $$ value of content Following rules: Convenient Breaking rules: Inconvenient Breaking rules: Conscious Renewable/Improvable Security Don’t let Pirates use your distribution channel Provide value that pirates don’t

20 Known Risks Unknown Risks TPS Copyright Law Residual Risks A.Rubin & M. Reiter – used with permission

21 INTERTRUST Full Name: Intertrust Technologies Corporation Employees: 190 (end of 1999) Stock Price: $4.56 (Jan 29, 2001) Revenues in 1999: $1,541,000 Business Area: Digital Right Management (DRM)

22 MAIN PRODUCTS Commerce DRM Platform: Can be used to create applications to securely manage, sell, and fulfill digital information. Commerce Applications: Partners of the applications built on top of the commerce platform Integrated System for DRM: Chips

23 BRIEF HISTORY 1990 Founded 1997 Annual Revenue More than $1M Q4, 1999 Listed as a Publicly Traded Company Feb, 2000 Historic Peak of Stock Price ($97) Jan, 2001 Virgin Records, Zomba Music, Daft Life and, Intertrust Announce Strategic Alliance

24 STOCK PRICE CHART

25 NET INCOME CHART

Download ppt "CS155b: E-Commerce Lecture 8: February 1, 2001 TPSs and Content-Distribution Businesses."

Similar presentations

CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
CS155a: E-Commerce Lecture 6: Sept. 25, 2001 Technical-Protection Services for Online Content Distribution.

CS155a: E-Commerce Lecture 6: Sept. 25, 2001 Technical-Protection Services for Online Content Distribution.

Similar presentations

Ads by Google