Many methods and protocols are known for transmitting data in digital form for multimedia applications (including computer applications delivered over public networks such as the internet or World Wide Web (“WWW”). These methods may include protocols for compression of data, such that it may more readily and quickly be delivered over limited bandwidth data lines. Among standard protocols for data compression of digital files may be mentioned the MPEG compression standards for audio and video digital compression, promulgated by the Moving Picture Experts Group. Numerous standard reference works and patents discuss such compression and transmission standards for digitized information.
Digital watermarks help to authenticate the content of digitized multimedia information, and can also discourage piracy. Because piracy is clearly a disincentive to the digital distribution of copyrighted content, establishment of responsibility for copies and derivative copies of such works is invaluable. In considering the various forms of multimedia content, whether “master,” stereo, NTSC video, audio tape or compact disc, tolerance of quality will vary with individuals and affect the underlying commercial and aesthetic value of the content. It is desirable to the copyrights, ownership rights, purchaser information or some combination of these and related data into the content in such a manner that the content must undergo damage, and therefore reduction of its value, with subsequent, unauthorized distribution, commercial or otherwise. Digital watermarks address many of these concerns. A general discussion of digital watermarking as it has been applied in the art may be found in U.S. Pat. No. 5,687,236 (whose specification is incorporated in whole herein by reference).
Such prior art applications have been drawn to providing basic digital watermarking functionality. For instance, it has been known to provide an apparatus or method for encoding or decoding independent information, including a digital watermark, represented as a series of data bits into or out of a series of digitized samples, wherein the apparatus contained:                a) a sample buffer for holding, accessing, and transforming digitized samples;        b) a digital signal processor for performing sample modifications and spectral transformations;        c) a memory for storing information representing:                    1) a mask set, including one or more masks,            2) a start of message delimiter (wherein at least one of the masks in question, or the start of message delimiter, are random or pseudo-random),            3) a mask calculation buffer,            4) a first buffer holding the independent information,            5) an information bit index,            6) a message size, representing an amount of information,            7) one index into each of said one or more masks,            8) a state of a decoding process,            9) a table representing a map function,            10) a flag indicating whether a complete message has been decoded or encoded,            11) a number of samples for reading into said sample buffer, and            12) a flag indicating a size of a message that has been decoded;                        d) a first input for acquiring a plurality of digital samples;        e) a first output for outputting a plurality of modified digital samples;        f) a second input for inputting a plurality of values to the one or more masks, the start of message delimiter, the mask calculation buffer, the first buffer, the table and the number of samples;        g) a third output for outputting the independent information stored in the first buffer as a result of the decoding process and a value of the state of the decoding process to an attached digital circuit;        h) one or more data buses for transferring information from:                    1) the first input to the sample buffer,            2) the sample buffer to the digital signal processor,            3) the digital signal processor to the sample buffer,            4) the sample buffer to the first output,            5) the second input to the memory, and            6) the memory to the third output; and                        i) a clock for generating a clock signal for driving the digital signal processor and the data bus(es), and for controlling the operation of the apparatus.        
Further applications of basic digital watermarking functionality have also been developed. Examples of such applications are shown in U.S. Pat. No. 5,889,868 (whose specification is incorporated in whole herein by reference). Such applications have been drawn, for instance, to implementations of digital watermarks that were deemed most suited to particular transmissions, or particular distribution and storage mediums, given the nature of digitally sampled audio, video, and other multimedia works. There have also been developed techniques for adapting watermark application parameters to the individual characteristics of a given digital sample stream, and for implementation of digital watermarks that are feature-based—i.e., a system in which watermark information is not carried in individual samples, but is carried in the relationships between multiple samples, such as in a waveform shape. For instance, natural extensions may be added to digital watermarks that may also separate frequencies (color or audio), channels in 3D while utilizing discreteness in feature-based encoding only known to those with pseudorandom keys (i.e., cryptographic keys) or possibly tools to access such information, which may one day exist on a quantum level.
A matter of general weakness in digital watermark technology relates directly to the manner of implementation of the watermark. Many approaches to digital watermarking leave detection and decode control with the implementing party of the digital watermark, not the creator of the work to be protected. This weakness removes proper economic incentives for improvement of the technology. One specific form of exploitation mostly regards efforts to obscure subsequent watermark detection. Others regard successful over encoding using the same watermarking process at a subsequent time. Yet another way to perform secure digital watermark implementation is through “key-based” approaches.
This paper draws a distinction between a “forensic watermark,” based on provably-secure methods, and a “copy control” or “universal” watermark which is intended to be low cost and easily implemented into any general computing or consumer electronic device. A watermark can be forensic if it can identify the source of the data from which a copy was made. For example, assume that digital data are stored on a disk and provided to “Company A” (the “A disk”). Company A makes an unauthorized copy and delivers the copy to “Company B” (the “B disk”). A forensic watermark, if present in the digital data stored on the “A disk,” would identify the “B disk” as having been copied from the “A disk.”
On the other hand, a copy control or universal watermark is an embedded signal which is governed by a “key” which may be changed (a “session key”) to increase security, or one that is easily accessible to devices that may offer less than strict cryptographic security. The “universal” nature of the watermark is the computationally inexpensive means for accessing or other associating the watermark with operations that can include playback, recording or manipulations of the media in which it is embedded.
A fundamental difference is that the universality of a copy control mechanism, which must be redundant enough to survive many signal manipulations to eliminate most casual piracy, is at odds with the far greater problem of establishing responsibility for a given instance of a suspected copying of a copyrighted media work. The more dedicated pirates must be dealt with by encouraging third party authentication with “forensic watermarks” or those that constitute “transactional watermarks” (which are encoded in a given copy of said content to be watermarked as per the given transaction).
The goal of a digital watermark system is to insert a given information signal or signals in such a manner as to leave little or no evidence of the presence of the information signal in the underlying content signal. A separate but equal goal is maximizing the digital watermark's encoding level and “location sensitivity” in the underlying content signal such that the watermark cannot be removed without damage to the content signal.
One means of implementing a digital watermark is to use key-based security. A predetermined or random key can be generated as a map to access the hidden information signal. A key pair may also be used. With a typical key pair, a party possesses a public and a private key. The private key is maintained in confidence by the owner of the key, while the owner's public key is disseminated to those persons in the public with whom the owner would regularly communicate. Messages being communicated, for example by the owner to another, are encrypted with the private key and can only be read by another person who possesses the corresponding public key. Similarly, a message encrypted with the person's public key can only be decrypted with the corresponding private key. Of course, the keys or key pairs may be processed in separate software or hardware devices handling the watermarked data.
Two conventional techniques for providing key-based confidentiality and/or authentication currently in use involve reciprocal and non-reciprocal encrypting. Both systems use non-secret algorithms to provide encryption and decryption, and keys that are used by the algorithm.
In reciprocal algorithm systems, such as DES, the same key and algorithm is used both to encrypt and decrypt a message. To assure confidentiality and authenticity, the key should be known only to the sending and receiving computers, and were traditionally provided to the systems by “secure” communication, such as courier.
In the prior art there have been developed systems wherein a common key may be developed by the sender and receiver using non-secure communications. In such systems, as described in U.S. Pat. Nos. 4,200,770, 5,375,169 and 5,583,939, each party to a communication generates a numerical sequence, operates on the sequence and transfers the result to the other party. By further operation using the transferred result and the locally generated sequence, each party can develop the identical encyphering key, which cannot be obtained from the transferred results alone.
As implemented for use over the internet, the most common prior art encryption systems are those denoted by the Secure Socket Layer (SSL) and IPSEC protocols.
In non-reciprocal systems, such as described in U.S. Pat. No. 4,218,582, a first party to a communication generates a numerical sequence and uses that sequence to generate non-reciprocal and different encrypting and decrypting keys. The encrypting key is then transferred to a second party in a non-secure communication. The second party uses the encrypting key (called a public key because it is no longer secure) to encrypt a message that can only be de-crypted by the decrypting key retained by the first party. The key generation algorithm is arranged such that the decrypting key cannot be derived from the public encrypting key. Similar methods are known for using non-reciprocal keys for authentication of a transmission. In this application, the non-secure “public” key is used to a message that has been encrypted using a secure “private” key known only to the originating party. In this method the receiving party has assurance that the origination of the message is the party who has supplied the “public” decrypting key. Prior art systems for key generation have often relied upon supposedly-random or quasi-random numbers generated by a fixed mathematical algorithm.
Adaptations of key systems specifically used in conjunction with digital watermarking have been developed, as disclosed in, for example, U.S. Pat. No. 5,822,432 (which is incorporated in whole herein by reference). Such adaptations have included, for instance, providing methods for the human-assisted generation and application of pseudorandom keys for the purpose of encoding and decoding digital watermarks to and from a digitized data stream. In such methods, a pseudorandom key and key application “envelope” may be generated and stored using guideline parameters input by a human engineer interacting with a graphical representation of the digitized data stream. Key “envelope” information is permanently associated with the pseudo-random binary string comprising the key. Key and “envelope” information may then be applied in a digital watermark system to the encoding and decoding of digital watermarks. Such a method can improve encoding and decoding with digital watermarks by providing: separation of the encoder from the decoder; increased information capacity (relative to spread spectrum methods); destruction or degradation of content when attempts to erase watermarks take place; detection of presence of watermarks without ability to access watermark information; multi-channel watermark capability; use of various classes of keys for watermark access control; support for alternative encoding, decoding, or other component algorithms; and/or use of a digital notary to authenticate and time stamp watermark certificates.
While, as described above, various prior art approaches do exist for implementation of digital watermarking (though not necessarily for forensic or copy control use), there are additional desirable features for digital watermarking systems that are not currently believed to be available. For instance, it would be desirable to be able to secure a data signal by using data reduction techniques to reduce the data signal into a reduced data signal; in conjunction with cryptographic techniques, so that an output signal can reliably and efficiently be securely delivered.
It would further be advantageous to user remainder signals (produced by data reduction techniques) as a vehicle for performing encryption upon and using in conjunction with encrypting/decrypting of a data signal to be secured.
It would likewise be desirable to combine data reduction techniques to reduce a data signal into a reduced data signal; produce a remainder signal from the data signal; and then embed complementary watermarks in reduced data signal and the remainder signal, for effective and secure delivery of an output signal.
It would still further be desirable to combine scrambling techniques in conjunction with data reduction techniques such that data signals can be reduced and transmitted on a secured basis.
It would likewise be desirable to provide cost-efficient and universal systems for digital watermarking, and to provide systems adaptable both to copy protection and forensic tracing of “pirated” data signals to detect and deter unauthorized copyists thereof.
It would also be desirable to provide a system of digital watermarking that is highly compatible with known and future methods for compression of data used in conjunction with electronic transmission thereof.
It would further be desirable to provide digital watermarking techniques in conjunction with known and effective “key” systems for cryptography and data signal protection.
The prior art does not meet these needs.