1. Field of the Invention
The invention relates to cryptography, particularly a technique including both apparatus and an accompanying method, for imparting to passive and active software objects, such as correspondingly content and executable code, a substantial degree of protection against break-once-run-everywhere (BORE) attacks and for restricting access and use of resulting protected objects that have been, e.g., downloaded, via a networked connection, to a client computer. Such a technique is particularly˜though not exclusively, suited for use in a digital rights management (DRM) system executing in the client computer.
2. Description of the Prior Art
Content, such as video and audio recordings, and other multi-media presentations, is increasingly being provided to consumers in digital form. Digital recordings provide enhanced clarity, attributable in part to a substantially diminished noise level, over that commonly provided by conventional analog media. Facilitating this trend is an increasing availability, from a wide range of manufacturers, of relatively economical consumer-oriented digital recording and playback equipment, such as, for example, those employing compact disc (CD) and digital audio tape (DAT) formats.
Unfortunately, the very characteristics of digital content that make it quite attractive to consumers also significantly foster its illicit duplication, i.e., piracy. In that regard, by virtue of digitized data which embodies content on a legitimate copy, whether that data constitutes, e,g., a sound recording, a video recording or a photograph, each subsequent copy of that data will, for all practical purposes, exactly match the original content; thus, providing the same fidelity as the legitimate copy. Hence, a pirate, having access to a legitimate copy, could, rather readily, massively produce illicit copies that, at least from a standpoint of its content, might not be distinguishable from its legitimate copy. Obviously, the ease with which such high quality illicit copies could be generated has caused substantial alarm among content providers, particularly given a substantial loss of revenues that could result from lost sales attributable to widespread piracy.
One of the oldest and usually least effective techniques used to deter illicit copying is simply to append a copyright and other legal proprietary rights notices to an object as distributed on mass (magnetic or optical) media. The intention in doing so is to place a third party on notice that a copy of that object, as embodied in the media, is legally protected and that its publisher may take legal action to enforce its rights in the object against that party to prevent illicit copying. While these notices are often necessary in many jurisdictions to secure full legal remedies against illicit copying, in practice, these notices have provided little, if any, real protection against third party copying. In that regard, in those countries with relatively lax enforcement of intellectual property rights, sales lost to illicit copying of an object, such as a popular movie or audio recording, often significantly dwarf legitimate sales of the same object.
As such, these providers, typified by, e.g., movie studios and music publishers, have turned to technical rather than just legal approaches to deter illicit copying.
In that regard, these providers have recently persuaded hardware manufacturers, of consumer electronic audio and video recording devices, to incorporate appropriate copy-protect circuitry into their products, such as DAT recorders, to actively limit an amount through which content stored on digital media, such as a DAT, containing a legitimately purchased copy, can itself be copied further. In that regard, data encoded on the legitimate copy is read by the copy-protect circuitry in a DAT recorder and used to essentially inhibit that recorder from making more than one copy of that content onto another DAT.
Widespread use of the Internet is a rather recent development that is also significantly fueling the expanding use of digital content. Given the availability of relatively inexpensive but rather sophisticated personal computers with attendant web browsers and multi-media players and the widespread global proliferation of inexpensive consumer Internet connections, the Internet is emerging as an excellent vehicle through which content publishers can cost-effectively distribute content to large numbers of customers—regardless of where these customers are located. This content can range from audio or video clips, to recorded songs to entire movies. Software, in the form of application programs, is increasingly being distributed through the Internet to the consuming public. However, the number of consumers that purchase software in this manner is currently rather small, though rapidly growing, compared to those that obtain physically packaged software through a more conventional distribution channel.
PCs, being general purpose in nature, do not contain copy-protect circuitry of the type used with, e.g., DAT recorders. Hence, conventional hardware-centric anti-piracy measures, such as those used with DAT and other consumer recording devices, are simply ineffective to preclude illicit copying of digital content distributed over the Internet. Thus, content providers are once again faced with a possible attendant loss of substantial revenues, though through a different distributional vehicle, due to illicit copying.
Hence, extensive effort is currently underway in the art and aimed at developing a so called “digital rights management” (DRM) initiative to counter expected piracy of Internet accessible content.
Underlying this initiative is a basic concept, akin to that in copyright, of bifurcating ownership of those bits themselves, that constitute a content object, from rights to use these bits. This use can encompass, e.g., rendering that object, in the case of passive content, or executing that object in the case of an active object containing executable code. As presently envisioned in the art, the DRM initiative would permit any individual to freely and at no cost access and download, through his(her) client PC, a file containing a desired object from a web site associated with a corresponding publisher. Once downloaded, ownership of the content bits themselves would pass to the individual, i.e., an “owner”. However, the rights to use the object contained in the file would remain with the publisher of the object and be licensed to the owner of the bits based on a license fee paid to the publisher by that owner. By remitting a certain fee, typically through an Internet transaction, the owner would be provided with a software license which delineates the rights to which that owner can then use these bits. For example, in the case of a downloaded song, for a relatively modest fee, the license may permit the owner to play the object, here content for the song, just once. For a larger fee, the license may permit the owner to play that song a certain number of times or freely play the song during a certain time period, such as a week or month. For an even larger fee, the license may be configured to permit the owner to play the song on an unlimited basis, i.e., as much as (s)he wants and whenever (s)he wants.
In particular, the downloaded file would contain a software “lock” of some sort which inhibits the client PC from suitably handling an object contained in that file, such as, in the case of a video clip, locally rendering the object on a computer display. period, such as a week or month. For an even larger fee, the license may be configured to permit the owner to play the song on an unlimited basis, i.e., as much as (s)he wants and whenever (s)he wants.
Once the owner downloads a desired file, then, through a separate transaction conducted with a publisher of the object contained in that file, such as a music publisher, (s)he would receive and locally store a software certificate from the publisher. The certificate would contain the software implemented license as well as a suitable secret value (“secret”) as noted above, the license would specify, in view of the license fee paid by the owner a degree of access (license grant) to which that owner is given to the object. When the owner desires to subsequently access and use the content, appropriate software, e.g., a DRM process, executing in the client PC would first obtain the certificate from local storage; ascertain, from conditions of the license grant set forth in the certificate, whether the desired access and use is allowed; and then, if so, use the secret to unlock the object, and finally permit the object to be subsequently handled, such as played in the case of a passive audio clip, as desired by the user and in accordance with the license grant. Any object that did not contain an appropriate software “lock” would be unaffected by a DRM process; that process would essentially ignore that object and hence not restrict its subsequent use.
While widespread adoption of the DRM initiative, as least as broadly envisioned, is expected to appreciably restrain illicit copying of Internet distributed software objects, underlying this initiative is the development and use of a practical and effective locking mechanism, particularly one employing cryptographic encryption, for use with such objects. Thus far, the art fails to teach such a mechanism.
Traditionally, cryptographic measures have involved encrypting a plaintext object—whether it be a message or a document, in some fashion, into a ciphertext object through a cryptographic algorithm, i.e., a so-called “cipher”, that relies on a secret value (henceforth just a “secret”). Depending on the specific cipher used, this secret can be, e.g., a simple key known only to a sender and a recipient, or can be a private key of a public/private key pair. Upon receipt of the ciphertext object, each such individual would then convert the ciphertext object, through a process, inverse to that of the cipher, using his(her) secret, to yield the plaintext object.
While these traditional cryptographic measures, depending on the particular cipher used, can be extremely secure against third-party cipher attacks, they are ill-suited for use for distributing objects, such as content files, to massive numbers of recipients, particularly to individual PCs.
In that regard, sophisticated cryptographic ciphers, such as those using, e.g., so-called RSA (Rivest-Shamir-Adelman) or Diffie-Hellman type ciphers, exist for decrypting ciphertext. Though these ciphers are extremely secure, because of their nature, they are not suited for use in encrypting large objects, i.e., performing bulk encryption. Furthermore and importantly, if an object were to be protected through, use of appending a digital signature to that object, even a signature computed using, e.g., RSA, a pirate could easily remove that signature from the file containing the object and thereby gain unfettered access to an underlying unprotected object.
Therefore, faced with these deficiencies, the art, in the context of digital rights management, appears to be considering the use of watermarking. In essence, a watermark is an identifier that, in the context of a software object, would be tightly integrated into that object but would not be discernible to a third party. Furthermore, that party will likely experience considerably more difficulty in removing a correctly implemented watermark from a software object than removing a digital signature.
When the object is accessed, a cryptographic process, using a secret provided in a DRM certificate, would reveal the presence of the watermark embedded in the object and then detect its value. The secret would define an approximate location (e.g. in the time and frequency domain) at which the watermark can be found.
If the correct watermark were then detected, i.e., an identical match then existed between the watermark embedded in the object and its expected value provided in the license, the DRM process would then unlock” that object.
Disadvantageously, this approach relies on embedding a single watermark into an object. If a pirate were to discover the watermark—even in view of its difficulty of detection, thus breaking the “lock”, the pirate could then excise the watermark from the object, and illicitly copy the object and massively distribute resulting illicit copies free and clear of any restriction on their use otherwise imposed through digital rights management, Any recipient of such an illicit copy of the object could, in turn, make copies of that object and further distribute those copies free and clear of its prior software “lock”, and so forth with subsequent recipients. Thus, the watermarked object could be susceptible to what we refer to as a “break-once-run-everywhere” (BORE) attack. Through such a successful attack, once the pirate uncovers the single cryptographic parameter, in this case a watermark, protecting the object, (s)he then possesses the unprotected object at which point the publisher has effectively ceded significant control over consumer access and use of that object to the pirate. Hence, protection that a content publisher would otherwise gain through use of digital rights management, at least with respect to the illicit copies, would be completely lost.
However, given enough resources, particularly processing capacity, money and time, a pirate could break the watermark, thus nullifying protection afforded by digital rights management. If sufficient demand exists in the marketplace for a given object—which is particularly true for a popular feature length movie, then the pirate may well have adequate economic motivation to incur the investment in time, cost and effort needed to break the watermark. In that regard, the pirate will likely incur the investment if the resulting gains to be had through illicit copying sufficiently outweigh all the associated costs of time, effort and money needed to break the watermark and make and distribute the illicit copies.
BORE attacks, against watermarked objects, are not limited to pirates but can also arise from third-party “hackers”, i.e., individuals who are often not motivated by monetary gain but do possess sufficient expertise and computing resources to break cryptographic protection and post, on the Internet, a resulting unprotected object for widespread distribution.
Nevertheless, the DRM initiative holds significant promise as a mechanism that will sufficiently restrict illicit copying of Internet accessible software objects and hopefully, by doing so, assure a sufficient financial return to publishers of those objects for their legitimate consumer access and use. Moreover, DRM, if adopted, should facilitate increased use of the Internet as a cost-effective mechanism for distributing software objects to a large universe of consumers.
However, for DRM to be effective against attempted piracy, a serious need exists in the art for an adequate software “lock” that can be utilized with software objects. The lock must be sufficiently resistant to BORE attacks such that substantial costs would be incurred by any third-party, particularly a pirate, who attempts to break the lock—costs that are sufficiently high as to outweigh any likely financial gain to be had from illicit copying. Moreover, the “lock” should be sufficiently difficult to detect and sufficiently robust to withstand attack from ˜hackers”. Furthermore, the ˜lock” should be practical, particularly when used with large software objects, and not require a separate secret for each different recipient.