The present invention relates to the transfer of intellectual property in the form of digital information. The invention finds particular application in the protection of intellectual property distributed in electronic format through a distributed computer network such as the internet, and will be described with particular reference thereto.
The electronic environment is rapidly facilitating the creation, storage and distribution of intellectual properties. As ease of access to these properties increase, so does the demand of the owners and/or distributors of this property to protect its integrity, and the interests of the creators. Security of the digitized intellectual property is of great concern to publishers who are interested in the internet as a new publishing medium, as it has been shown the technology which facilitates operation of the internet also facilitates mis-use and/or mis-appropriation of intellectual property.
A person wishing to mis-use digitized intellectual property will be able to intercept the material on the internet, on an intranet, and/or at an end-user's computer. Also, given enough computing time, cryptographic envelopes containing intellectual property can be broken. The length of time required is proportional to the length of the key. A 40-bit DES key may require several days or weeks of compute time but a 128-bit RC4 key may require tens or hundreds of years. If the key is embedded in a browser, the attacker will opt to extract the key and avoid the brute force search of key-space.
In this regard, with existing World Wide Web (WWW) browsers, once the intellectual property leaves the WWW server, a WWW browser is not obligated to enforce any rights with respect to the intellectual property. A user may freely save, print, or copy to a clip-board. thus, the internet, and especially the World Wide Web (WWW), have made distribution of digitized printed materials a trivial exercise. The academic and publishing communities among others, are therefore rightly concerned about the mass distribution of data which has been neither editorially scrutinized, nor subjected to peer review. Further, intellectual property rights holders are concerned about the potential for illegal re-distribution or unauthorized use of their copyrighted materials, and the right to be duly compensated for legal use of their materials. They also have a desire to exercise control over how their intellectual property may be re-used by others.
Thus, fundamental to the creation, maintenance and use of an on-line multi-media repository, such as an electronic library, are the issues of intellectual property ownership, protection and use compensation. The long term success of the library of the future is directly connected to the ability of computer systems to address these fundamental issues.
It is therefore considered desirable to provide a system of rights management protection which allows intellectual property owners to follow their property onto the internet. In investigating the issues surrounding this topic, the inventors gathered primary requirements for such a system from publishers and librarians. Organizations and individuals in these categories are crucial to the existence and successful operation of an electronic library. Interviews were also conducted with rights reproduction organizations (RROs), attorneys, auditors and patrons. The participants recognize the advent of new technologies offers new ways to disseminate information and manage its uses. In gathering requirements for a system, it became apparent those interviewed were familiar with the existing issues. They also accepted the pivotal roll of copyright law in the reproduction and distribution of copyrighted works, while understanding that the law has not addressed many of the issues facing those who create and distribute the digitized works.
Publishers, who hold most rights to printed materials, require that ownership of intellectual property be carried into the electronic world, and that the electronic version of each work is protected from tampering, unauthorized and illegal copying and distribution. Proper compensation must be made to rights-holders for use of their materials.
In order to execute these mandates, the owners/operators of the electronic library and the rights-holders whose work is to be digitized need to enter into a license agreement that among other concepts:
identifies the owner of the materials; PA1 identifies the material that will be digitized and stored in the library, repository, etc.; specifies the parameters for the use of the material; provides general guidance as to how the material may be scanned, stored and presented; stipulates compensation due the rights-holder; and, defines the duration of the license. PA1 the license agreement data be stored in a secure and protected database; PA1 the permissions parameters be enforced for each access of the intellectual property; PA1 permissions rules governing their holdings be available to the rights-holder at all times; and, PA1 appropriate controls be implemented to ensure the integrity of all system data (both permissions, rules and the digitized intellectual property). PA1 the legal language of the agreement; and, PA1 the list of parameters defining rules for storage, use and access to the electronic intellectual property, as well as royalties for compensation to the rights-holders.
Further, requirements of the publishers include:
Librarian requirements focus on creating digitized holdings that are locatable and searchable, and also allow for patron privacy. Librarians identified the Machine Readable Catalog (MARC) as the protocol of choice for cataloging. They also required that full-text search capability be implemented for text holdings. Unless billable charges occur, the system must protect patron privacy, as is now done in the traditional library setting.
Both publishers and librarians desire that statistics be collected regarding usage. For example, tracking various categories of users which are accessing the materials. This information will allow publishers to establish trends and will also be beneficial to library staff to plan acquisitions. Such a system should also be able to produce reports as requested by licensors and administrators.
To address these issues, the inventors have reviewed existing technology, including browsers which are capable of simultaneously rendering multi-media intellectual property into a variety of presentation formats specific to the type of property (i.e. text, image, audio, video, etc.). It has been noted that although browsers and intellectual property have traditionally been separate entities in rights management systems, it may be desirable to have intellectual property and the corresponding rights embedded in a browser executable program as data, in such a way that a browser must be executed to make use of the intellectual property.
A previously noted important aspect of existing WWW browsers, which function in a Hyper-Text-Mark-Up Language (HTML) environment, is that once the content leaves a WWW server, the WWW browser is not obligated to enforce any rights with respect to the intellectual property. Particularly, such a browser freely saves, prints or copies downloaded information. The present inventors have, therefore, considered that it may be beneficial to provide an additional browser configuration that a server trusts to accept intellectual property along with the associated rights, and which will enforce the rights. If the server is to be able to trust that the additional browser is authentic and not an imposter program which will violate the rights, the server must have means of authenticating the browser.
With attention to authenticity, the inventors believe at least two issues must be addressed. First, if the browser was created by a third party outside of the control of the server, there is no guarantee that the rights will be enforced. Second, if the browser was created by the server and sent to the end-user computer the user may be able to modify the browser to disable rights enforcement or to discover keys to intellectual property cryptographic envelopes.
Therefore, the inventors have considered it to be beneficial, in order to reduce the risk of attacks against a browser while resident on the end-user computer, to have the server impose a finite lifetime for a given browser to be trusted, after which the browser expires and a new instance of the browser must be downloaded from the server. It has been considered that the expiration interval may vary according to the browsers destination and/or environment. Thus, if the end user is from an arbitrary internet address, the interval may be kept short due to a lack of trust, however, if the destination environment is, for example a student computer on a campus intranet or a secure library workstation, the interval may be longer.
Thus, the present invention is directed to providing library functions relating to the acquisition, mounting, access, distribution, and use of intellectual properties in electronic form. The system will exercise server, workstation and network hardware and software, and implement applications designed to control and monitor the access and use of licensed intellectual property.
A formal license agreement between the inventors or users of this system and the intellectual property rights holder will be executed before the intellectual property is digitized for presentation in the system. Each license agreement will contain two equally binding components: