“Digital goods” is a generic label for electronically stored or transmitted content. Examples of digital goods include images, audio clips, video, digital film, multimedia, software, and data. Digital goods may also be called a “digital signal,” “content signal,” “digital bitstream,” “media signal,” “digital object,” “object,” and the like.
Digital goods are often distributed to consumers over private and public networks—such as Intranets and the Internet. In addition, these goods are distributed to consumers via fixed computer readable media, such as a compact disc (CD-ROM), digital versatile disc (DVD), soft magnetic diskette, or hard magnetic disk (e.g., a preloaded hard drive).
Unfortunately, it is relatively easy for a person to pirate the pristine digital content of a digital good at the expense and harm of the content owners—which includes the content author, publisher, developer, distributor, etc. The content-based industries (e.g., entertainment, music, film, etc.) that produce and distribute content are plagued by lost revenues due to digital piracy.
Modern digital pirates effectively rob content owners of their lawful compensation. Unless technology provides a mechanism to protect the rights of content owners, the creative community and culture will be impoverished.
Watermarking
Watermarking is one of the most promising techniques for protecting the content owner's rights of a digital good (i.e., digital good). Generally, watermarking is a process of altering the digital good such that its perceptual characteristics are preserved. More specifically, a “watermark” is a pattern of bits inserted into a digital good that may be used to identify the content owners and/or the protected rights.
Watermarks are designed to be completely invisible or, more precisely, to be imperceptible to humans and statistical analysis tools. Ideally, a watermarked signal is perceptually identical to the original signal.
A watermark embedder (i.e., encoder) embeds a watermark into a digital good. It typically uses a secret key to embed the watermark. A watermark detector (i.e., decoder) extracts the watermark from the watermarked digital good.
Blind Watermarking
To detect the watermark, some watermarking techniques require access to the original unmarked digital good or to a pristine specimen of the marked digital good. Of course, these techniques are not desirable when the watermark detector is available publicly. If publicly available, then a malicious attacker may get access to the original unmarked digital good or to a pristine specimen of the marked digital good. Consequently, these types of techniques are not used for public detectors.
Alternatively, watermarking techniques are “blind.” This means that they do not require access to the original unmarked digital good or to a pristine specimen of the marked digital good. Of course, these “blind” watermarking techniques are desirable when the watermark detector is publicly available.
Robustness
Before detection, a watermarked signal may undergo many possible changes by users and by the distribution environment. These changes may include unintentional modifications, such as noise and distortions. Moreover, the marked signal is often the subject of malicious attacks particularly aimed at disabling the detection of the watermark.
Ideally, a watermarking technique should embed detectible watermarks that resist modifications and attacks as long as they result in signals that are of perceptually the same quality. A watermarking technique that is resistant to modifications and attacks may be called “robust.” Aspects of such techniques are called “robust” if they encourage such resistance.
Generally speaking, a watermarking system should be robust enough to handle unintentional noise introduction into the signal (such noise my be introduced by A/D and D/A conversions, compressions/decompressions, data corruption during transmission, etc.)
Furthermore, a watermarking system should be robust enough and stealthy enough to avoid purposeful and malicious detection, alternation, and/or deletion of the watermark. Such an attack may use a “shotgun” approach where no specific watermark is known or detected (but is assumed to exist) or may use “sharp-shooter” approach where the specific watermark is attacked.
This robustness problem has attracted considerable attention. In general, the existing robust watermark techniques fall into two categories: spread-spectrum and quantization index modulation (QIM).
With the spread spectrum-type techniques, the watermark indexes the modification to the host data. The host data is the data of the original, unmarked digital signal (i.e., host signal). With typical spread-spectrum watermarking, each bit (e.g., 0s and 1s) of the watermark is embedded into the signal by slightly changing (e.g., adding a pseudorandom sequence that consists of +Δ or +Δ) the signal.
With quantization index modulation (QIM), the watermark is embedded via indexing the modified host data. The modified host data is the data of the marked digital signal (i.e., marked host signal). This is discussed in more detail below.
Those of ordinary skill in the art are familiar with conventional techniques and technology associated with watermarks, watermark embedding, and watermark detecting. In addition, those of ordinary skill in the art are familiar with the typical problems associated with proper watermark detection after a marked signal has undergone changes (e.g., unintentional noise and malicious attacks).
Desiderata of Watermarking Technology
Watermarking technology has several highly desirable goals (i.e., desiderata) to facilitate protection of copyrights of content publishers. Below are listed several of such goals.
Perceptual Invisibility. The embedded information should not induce perceptual changes in the signal quality of the resulting watermarked signal. The test of perceptual invisibility is often called the “golden eyes and ears” test.
Statistical Invisibility. The embedded information should be quantitatively imperceptive for any exhaustive, heuristic, or probabilistic attempt to detect or remove the watermark. The complexity of successfully launching such attacks should be well beyond the computation power of publicly available computer systems. Herein, statistical invisibility is expressly included within perceptual invisibility.
Tamperproofness. An attempt to remove the watermark should damage the value of the digital good well above the hearing threshold.
Cost. The system should be inexpensive to license and implement on both programmable and application-specific platforms.
Non-disclosure of the Original. The watermarking and detection protocols should be such that the process of proving digital good content copyright both in-situ and in-court, does not involve usage of the original recording.
Enforceability and Flexibility. The watermarking technique should provide strong and undeniable copyright proof. Similarly, it should enable a spectrum of protection levels, which correspond to variable digital good presentation and compression standards.
Resilience to Common Attacks. Public availability of powerful digital good editing tools imposes that the watermarking and detection process is resilient to attacks spawned from such consoles.
False Alarms & Misses
When developing a watermarking technique, one does not want to increase the probability of a false alarm. That is when a watermark is detected, but none exists. This is something like finding evidence of a crime that did not happen. Someone may be falsely accused of wrongdoing.
As the probability of false alarms increases, the confidence in the watermarking technique decreases. For example, people often ignore car alarms because they know that more often than not it is a false alarm rather than an actual car theft.
Likewise, one does not want to increase the probability of a miss. This is when the watermark of a signal is not properly detected. This is something like overlooking key piece of evidence at a crime scene. Because of this, a wrongdoing may never be properly investigated. As the probability of misses increases, the confidence in the watermarking technique decreases.
Ideally, the probabilities of a false alarm and a miss are zero. In reality, a compromise is often made between them. Typically, a decrease in the probability of one increases the probability of the other. For example, as the probability of false alarm is decreased, the probability of a miss increases.
Consequently, a watermarking technique is needed that minimizes both while finding a proper balance between them.
Quantization Index Modulation (QIM)
To that end, some have proposed embedding a watermark by indexing the signal (e.g., host data) during the watermark embedding. This technique is called quantization index modulation (QIM) and it was briefly introduced above.
In general, quantization means to limit the possible values of (a magnitude or quantity) to a discrete set of values. Quantization may be thought of as a conversion from non-discrete (e.g., analog or continuous) values to discrete values. Alternatively, it may be a conversion between discrete values with differing scales. Quantization may be accomplished mathematically through rounding or truncation. Typical QIM refers to embedding information by first modulating an index or sequence of indices with the embedded information and then quantizing the host signal with the associated quantizer or sequence of quantizers. A quantizer is class of discontinuous, approximate-identity functions.
The major proponent of such QIM techniques is Brian Chen and Gregory W. Wornell (i.e., Chen-Wornell). In their words, they have proposed, “dither modulation in which the embedded information modulates a dither signal and the host signal is quantized with an associated dither quantizer” (from Abstract of Chen-Wornell article from the IEEE Trans. Inform. Theory).
See the following documents for more details on Chen-Wornell's proposals and on QIM:                B. Chen and G. W. Wornell, “Digital watermarking and information embedding using dither modulation,” Proc. IEEE Workshop on Multimedia Signal Processing, Redondo Beach, Calif., pp. 273-278, December 1998;        B. Chen and G. W. Wornell, “Dither modulation: a new approach to digital watermarking and information embedding,” Proc. of SPIE: Security and Watermarking of Multimedia Contents, vol. 3657, pp. 342-353, 1999;        B. Chen and G. W. Wornell, “Quantization Index Modulation: A class of Provably Good Methods for Digital Watermarking and Information Embedding,” IEEE Trans. Inform. Theory, 1999 and 2000.Limitations of Conventional QIM        
However, a key problem with conventional QIM is that it is susceptible to attacks and distortions. Conventional QIM relies upon local characteristics within relative to specific representation of a signal (e.g., in the time or frequency domain). To quantize, conventional QIM relies exclusively upon the values of “individual coefficients” of the representation of the signal. An example of such an “individual coefficients” is the color of an individual pixel of an image.
When quantizing, only the local characteristics of an “individual coefficient” are considered. These local characteristics may include value (e.g., color, amplitude) and relative positioning (e.g., positioning in time and/or frequency domains) of an individual bit (e.g., pixel).
Modifications—from either an attack or some type of unintentional noise—can change local characteristics of a signal quite dramatically. For example, these modifications may have a dramatic affect on the color of a pixel or the amplitude of a bit of sound. However, such modifications have little effect on non-local characteristics of a signal.
Accordingly, a new and robust watermarking technique is needed to find the proper balance between minimizing the probability of false alarms and the probability of misses, such as QIM watermarking techniques. However, such a technique is needed that is less susceptible to attacks and distortions to the local characteristics within a signal.