Copyright infringement and theft has increased enormously in the computer age, particularly with respect to information data transfers through the Internet. Further, electronic email and the communication and connectivity of local and wide area networks (LANs and WANs, respectively) have facilitated unauthorized use of copyrighted materials by permitting tagging and/or enclosing of almost any electronic media, such as application software, authored text files and graphics, and musical sounds.
On-line services such as COMPUSERVE(trademark) and AMERICA ONLINE(trademark) do provide some measure of copyright protection by assessing on-line charges to the access of protected databases and to the download of selected files. However, there is little to prevent that on-line user from retransmitting any downloaded files to another user connected on the Internet. If the user is also connected to a network, those downloaded files are also subject to remote access from yet another unauthorized user.
The problems associated within electronic copyright infringement are well known, particularly by those parties injured by the unauthorized use of copyrighted materials. For example, the unauthorized copying of copyrighted magnetic diskettes, and the electronic email and tagging and/or enclosing of copyrighted files can result in a direct monetary loss to the owner of the copyrighted works, in addition to an unaccounted for gain for the unauthorized user. With the expansion of the Internet and other computerized networks, the aggregate amount of such losses and gains is substantial.
Even the U.S. Commerce Department recognizes that serious copyright problems exist with the burgeoning growth of electronic data transfers between networked computers and particularly through the Internet. Early in September 1995, for example, the Commerce Department issued a white paper entitled xe2x80x9cIntellectual Property and the National Information Infrastructure.xe2x80x9d The paper highlights the need to protect copyrighted information that is resident in cyberspace, where unauthorized users can copy original works of authorship, including movies and books, by pressing a couple of keystrokes. See, V. Sussman, Copyright wrong? A fight brews over who gets to own the future (cyberspace), U.S. News and World Report, Sep. 18, 1995, v119 n11 p99(1).
In the prior art, methods have been developed to enhance copyright protection of electronic media. For example, ATandT Bell Laboratories has developed a system which makes tiny adjustments to the spacing between words so that every copy of a document utilizing the system is xe2x80x9cunique.xe2x80x9d These electronic adjustments are detectable by computers only because they are too small for the human eye to notice. By way of another example, DIGIMARC, a company in Portland, Oreg., recently announced a system that encodes data into an image by carefully adjusting the digital representation of individual pixels. As in the ATandT system, the encoded data is not noticeable to the eye and enables some traceability of unauthorized copyright uses. See, S. Steinberg, editor of Wired Magazine, Los Angeles Times column, p2, part D, Aug. 31 (1995).
However, such systems operate only to detect unauthorized usage of copyrighted works in digital form. They do not manage the access to copyrighted works, nor do they provide any systematic way of controlling the rights to copyrighted electronic media.
More particularly, the tracing of copyright clearances to users of copyrighted electronic media in the prior art is a tedious and often impossible task. Specifically, authors and multimedia developers have had only two practical methods for protecting their copyrights of electronic works: one method is to rely upon copyright laws and international treaties to prohibit unauthorized use of the media; and the other is to encrypt the data, so that access is restricted to those users with a decryption key.
In the first method, media developers typically do nothing; or they attach a textual copyright warningxe2x80x94sometimes called a xe2x80x9cwatermarkxe2x80x9dxe2x80x94to the media. This type of xe2x80x9cprotectionxe2x80x9d ensures free access to the media, but it works only for those honest users and derivative developers who view the work and decide whether they want to license it. However, users and developers of such media cannot be sure of the authorship or integrity of the media. Authenticity is thus sometimes increased by restricting access to the media, such as through the use of a password. By way of example, a password-protected World Wide Web page provides some measure of authenticity, but also discourages the open and free propagation of the information in the media.
In the second method, media developers can utilize powerful encryption tools, readily available in the public domain, such as those tools based on the RSA public key algorithm (Rivest, Shamir, and Adleman, 1977). However, the use of encryption to protect copyrights only serves to restrict access to the information within the media, like the password described above. Moreover, after the work is decrypted on the recipient""s computer, the problems of copyright heritage and permissions for derivative development and use of the media remain.
These two methods favor either the user or the owner of the media. In the first method, for example, there is no electronic protection coupled to the media; and it thus favors the free and fair use of the media at the expense of the owners"" rights. On the other hand, the second method of encryption favors the owners"" rights, at least to a degree. Neither method affords both fair use and ownership protection; and neither provides for automatic management of media rights, including the controlled access to media in derivative works. Further, these methods do not intervene in managing copyrights, and are beneficial only after the copyright issue becomes a problem.
It is, accordingly, one object of the invention to provide systems and methodologies to manage copyrighted electronic media, thereby solving or reducing the afore-mentioned problems.
Another object of the invention is to provide a method for maintaining an electronic bibliographic record of successive data transfers of protected electronic media.
Still another object of the invention provides systems and methods for packaging and unpackaging electronic media within an electronic container to facilitate the management of copyrighted electronic media.
These and other objects of the invention will be apparent from the description which follows.
As used herein, a xe2x80x9ccopyrighted workxe2x80x9d means any work that is authored and protected by U.S. and international copyright laws, including, without limitation, literary works; musical works, including any accompanying words; dramatic works, including any accompanying music; pantomimes and choreographic works; pictorial, graphic, and sculptural works; motion pictures and other audiovisual works; sound recordings; and architectural works. xe2x80x9cElectronic mediaxe2x80x9d means any electronic form or digital representation of a copyrighted work, including multimedia objects, and including any form or digital representation (1) stored within computer memory, (2) resident on CD-ROM and/or magnetic disks, (3) transmitted as a digital file through email, an on-line service such as COMPUSERVE(trademark), the World Wide Web (WWW), and/or the Internet; and (4) communicated as a digital file within or into a computer network, such as a LAN or WAN, and including any communication obtained through remote access, such as through application software like PC ANYWHERE(trademark) and TIMBUKTU(trademark). xe2x80x9cDOCUMENTxe2x80x9d means an electronic or digital file that is constructed according to the invention by packaging the electronic media into a secure document format to manage or otherwise enable the control, access, and/or licensing of the media.
The invention provides for the secure electronic copyright management and automatic identification of ownership of creative works distributed as digital or electronic media, particularly over computer networks. Briefly, one aspect of the invention provides a system which packages electronic media into a secure document format (hereinafter xe2x80x9cDOCUMENTxe2x80x9d), including a data container for the media and a minimum permissions data set to specify the minimum authorizations needed to view or otherwise access the media. The DOCUMENT can also include a document header, a document identifier, a source works extensions module which maintains a bibliographical history of the media, and a digital signature to authenticate the media. The DOCUMENT and the associated network-based tools, described below and constructed according to the invention, enable the attachment of minimum permissions to copyrighted works and the subsequent on-line licensing of the media.
More particularly, and in another aspect of the invention, the DOCUMENT containing the media is registered on a registration server and licensed through an authorization server. Potential licensees view the DOCUMENT through the authorizations within the minimum permissions data set, and communicate with the authorization server, if desired, to obtain a license to the media. Once licensed, the licensee can utilize the media in accord with an auxiliary permissions data set that is assigned to the DOCUMENT during the on-line licensing transaction.
Subsequent viewers and/or users of the DOCUMENT also communicate with the authorization server. Thus, in another aspect, the invention provides for the licensing of the media to creators of derivative works, i.e., those who modify an original work of authorship and who obtain authorization to do so through an augmentation in the permissions data set. As above, the modified DOCUMENT is then registered on a registration server and licensed through an authorization server. The DOCUMENT in this aspect preferably includes a sourceworks extension module which records the original and derivative authorship of the media. By retaining such information, a copyright xe2x80x9cfamily treexe2x80x9d or electronic bibliographic record is maintained for the media. Preferably, the authorship information in the sourceworks extensions is resident as a data element within the DOCUMENT. However, the sourceworks extensions can also be maintained on or through the authorization servers, depending upon the number of servers used in the registration of derivative uses of the media.
Like the sourceworks extensions, the invention can also record any and all users who access the media. In accord with this aspect, the DOCUMENT includes a usage module which records selected information about each user who accesses the media. The selected information can include, for example, a unique address of the user, individual or company accessing or utilizing the media, or the actual identity of the user. Preferably, the user information stored in the usage module is recorded and stored only after auxiliary permissions are augmented to the minimum permissions data set; and typically, the user""s identity or location is recorded in the course of the licensing transactions with the authorization server. Like the sourceworks extensions, the usage module can also be resident with the DOCUMENT, as another data element, and/or with the authorization server. In the latter case, each time a user communicates with an authorization server to license a particular media, the user""s identity or location are recorded and stored therein.
Accordingly, the invention provides several advantages in the automation and tracing of copyright clearances for both the initial users and derivative developers of electronic media. Unlike the methods in the prior artxe2x80x94i.e., the method of relying on copyright laws and treaties to protect copyrighted works, and the method of encrypting the media through electronic keysxe2x80x94the DOCUMENT format and system architecture of the invention provide for (1) both fair use and ownership protection; and for (2) automatic management of media rights, including the controlled access to media in derivative works. Specifically, the system of the invention attaches certain minimum permissions to a widely-distributed version of the media packaged as a DOCUMENT, thus being generally usable for free personal use. The DOCUMENT creator or author determines these minimum permissions in the spirit of fair use, and the permissions data set are subsequently updated to an auxiliary permissions data set through on-line licensing should the user be interested in more advanced licensing or uses of the media.
In other aspects, the invention provides an encrypted electronic signature and optional data encryption, to enhance or guarantee the authenticity of the entire work, including authorship. More particularly, in other aspects, the DOCUMENT encapsulates the required data in a secure fashion using encryption; and the digital signatures are based on message digests resulting from one-way hash functions.
In still other aspects, the system of the invention utilizes client/server system architecture based upon the TCP/IP network protocol standard. Those skilled in the art will appreciate that other network protocol standards can be used without departing from the scope of the invention.
In accord with further aspects of the invention, users can unpackage or unwrap DOCUMENTs through a controlled environment, specifically from within a compatible application or program extension, i.e., a Plug-in, which can provide the requisite controls over document use.
The invention also provides a set of easy-to-use network-based tools for registering and administering copyrights of electronic creative works. In one aspect, for example, a viewing module is provided to view and edit media-packaged graphic, image, video, audio, and textual objects. This viewing module, referred to herein as a xe2x80x9cVIEWER,xe2x80x9d is generally required for viewing and editing DOCUMENTs.
In still another aspect, a packaging module is provided to encapsulate a newly created work in a secure, digitally-formatted packagexe2x80x94i.e., a DOCUMENT. The packaging module, referred to herein as a xe2x80x9cPACKAGER,xe2x80x9d is particularly useful to authors, creators and publishers who seek to secure their copyrighted works and who seek to encapsulate other information with the works, such as authorship, ownership, minimum permissions, and source works extensions. Accordingly, a user of the PACKAGER can selectively package such information with the media to formulate a DOCUMENT.
In other aspects, a registration server provides registration and authorization services on a platform such as Windows NT or Unix. The registration server is used by information creators who want users of their works to easily identify ownership and potential licensing terms, and to transact and license those works on-line. The Authorization server, on the other hand, is used by information creators and users to obtain access to creative works and to license those works for their own use. Typically, in accord with another aspect, the registration server for each DOCUMENT operates as the authorization server for all subsequent licensing transactions to that DOCUMENT.
The invention provides certain other advantages over the prior art in that creators and publishers of electronic media have direct control of the copyrights they hold through the use of authorization and registration servers. Further, the invention is preferably compatible with widely accepted object technology standards, e.g., OLE and OpenDoc, to ensure compliance with the widest possible range of applications and on several platforms.
The invention also provides for automated and controlled network-based copyright management. The registration server can be scaled to fit the needs of any authorization and registration service, from single-author shops to massive centralized clearinghouses.
In still another aspect, the VIEWER provides a mechanism for users to gain access to copyrighted DOCUMENTs. Specifically, the VIEWER in this aspect ensures that operations performed on media-packaged data objects are in compliance with the permissions that have been granted to the user.
In other aspects, a user can transact a license to the DOCUMENT through the VIEWER and the on-line communications with the authorization server. More particularly, the VIEWER in this aspect (i) generates a licensing request signal in response to inputs by the user, and (ii) communicates that signal to the authorization server assigned to that DOCUMENT. This request, sometimes denoted herein as a xe2x80x9cLicense Request,xe2x80x9d provides an entry point for on-line licensing of media-packaged works. In this way, a successfully licensed user can obtain auxiliary permissions to the DOCUMENT of interest, thereby extending the set of operations which the user may perform for a given work.
In still other aspects, the VIEWER operates to display selected registry information about the DOCUMENT. This display, sometimes denoted herein as the xe2x80x9cRegistry Information Display,xe2x80x9d provides information such as authorship, ownership, and the licensing terms associated with the electronic media, thereby facilitating the user""s review and evaluation of the DOCUMENT prior to licensing. The registry information is preferably stored in the DOCUMENT itself, and/or at the DOCUMENT""s registration server.
A record of the media source works is also available through the VIEWER, in accord with another aspect of the invention. As discussed above, the sourceworks extensions provide a bibliography of the authors of the media so that the appropriate authors are credited with their works even after the works are edited by a derivative author. The sourceworks extensions are typically available within a displayxe2x80x94sometimes denoted herein as the xe2x80x9cSource Works Displayxe2x80x9dxe2x80x94at the user""s computer terminal.
In accord with other aspects of the invention, the VIEWER provides standardized tools and procedures for obtaining a certified digital identification of a DOCUMENT, and for becoming a licensed user to that DOCUMENT.
In another aspect of the invention, a PACKAGER encapsulates authorship, ownership, minimum use permissions, source works information and the associated creative works in a secure package. The PACKAGER has several aspects, including:
Through the PACKAGER, a user can display the status of permissions for each source work, obtain authorship, ownership, and licensing information from the source work""s registration server, and selectively obtain auxiliary permissions as required for each source work.
The PACKAGER allows the author to check clearances for all sources of a work in progress and to engage in VIEWER-like licensing transactions to obtain or upgrade auxiliary permissions.
The PACKAGER allows the author to verify and modify the information that is encapsulated with the packaged media in a DOCUMENT.
Registration is the final step in setting up a DOCUMENT in accord with the invention; and the PACKAGER provides a registration client and procedure for registering a new creative work.
Like the VIEWER, the PACKAGER provides standardized tools and procedures for obtaining a certified digital identification and for becoming an authorized user.
In another aspect of the invention, a Software Development Kit (SDK) is provided to enable developers of multimedia applications, games, or multimedia authoring tools (including applications for content creation) to incorporate VIEWER and PACKAGER functionality into their applications.
The invention thus facilitates the management of copyrighted works and ensures that the media packaged within a DOCUMENT is authentic. The invention further enables the packaging of useful and selective information with the creative work, such as document identification, ownership, permissions, and sourceworks extensions. These features are provided, at least in part, by the VIEWER, PACKAGER and registration/authorization server. Through the registration server, for example, information providers of any size can take advantage of rights management for their creative works, and users on a network connected to the server enjoy easy and secure on-line licensing of the works managed therein.
In accord with a preferred aspect of the invention, the VIEWER and PACKAGER do not impose perceivable overhead during the course of normal rendering or editing of the work. The execution of VIEWER and PACKAGER functionality is quick to ensure that network functions have good performance within the available network bandwidth.
In still other aspects of the invention, VIEWER, PACKAGER, Registration Server Modules and Authorization Server Modules are operable on Win95, Windows NT, MacOS and Unix-based platforms.
In other aspects, the VIEWER and PACKAGER of the invention operate in conjunction with OLE and OpenDoc.
The invention also provides a system for authorizing access to copyrighted electronic media. An authorization server is connected for data transfer between an internal memory and at least one external data processor, and an internal storage stores selected information about the electronic media, e.g., the licensing terms for gaining auxiliary permissions to the media, the copyright ownership of the media, and revenue estimates about the media. A relay section that is responsive to a request signal by the data processor communicates the selected information to the data processor. A data comparison section receives response signals from the data processor and compares the selected information with the response signals. In this way, the data comparison section generates an acceptance signal when the response signals correspond to at least a part of the selected information, and communicates the acceptance signal to the data processor to authorize access to the media.
The system can also store the media within a storage memory, in another aspect. This memory can be within a computer connected for electronic data transfer with the data processor, whereby the computer is responsive to the acceptance signal to transfer either (1) authorizations to access the media or (2) the media to the data processor.
The system preferably includes a process section for tagging an encrypted digital signature to the media, thus authenticating the media. Another sectionxe2x80x94including a source works extension modulexe2x80x94can also be included to append a bibliographic record to the media, the bibliographic record forming a digital representation that specifies information that references each source work and access restrictions associated with the source work.
The system can further include a section for appending auxiliary permissions to the media, the auxiliary permissions forming a digital representation that specifies an authorized use of the media, such as viewing, copying or editing the media.
In yet another aspect, the system includes an access control section for withholding access authorization to a portion of the media, the access control section thus being responsive to the acceptance signal to remove access restrictions to the portion. In this way, permissions and access to copyrighted media can be provided to specified parts of a complex multimedia object, e.g., one which includes written text, graphics and sounds.
The invention further provides a system which controls selective access to electronic media. The system includes one or more servers that communicate via a data transfer link between an associated system memory containing the media and at least one external data processor. A communication section communicates content-specific permission information about the media to the data processor, the permission information specifying data processor actions which are restricted and which require augmented access privileges to perform. A storage section enables the storage of selected other information about the media; while a relay section, responsive to a request signal by the data processor, communicates the other information to the data processor. A data comparison section receives response signals from the data processor and compares the other information with the response signals, the data comparison section generating an acceptance signal when the response signals correspond to at least a part of the other information. An access section restricts data transfers between the data processor and a portion of the media, the access section being responsive to the acceptance signal to remove data transfer restrictions between the data processor and the portion within the system memory.
The communication section of this aspect can include one of (i) a stand-alone software module, (ii) a plug-in software module corresponding to an application environment that generated or modified the media, (iii) a program extension corresponding to an application environment which generated or modified the media, (iii) a software module integrated into an application environment by way of a source code library or linkable object code performing substantially similar functions.
Although other communication protocols are suitable for the invention, communication standards based upon the TCP/IP network protocol are preferred.
The invention also provides methods for authorizing data transfers of copyrighted digital media, including: affixing content-specific permission information to the media, the permission information specifying actions which are restricted and which require augmented access privileges to perform; storing selected information about the electronic media on an authorization server connected for data transfer with at least one computer; electronically communicating selected information about the media to the computer; receiving response signals from the computer and comparing the selected information with the response signals; and generating an acceptance signal when the response signals correspond to at least a part of the selected information, thereby authorizing access to the media.
The invention also provides for optional encryption of the data within the secure container. Accordingly, the methods of the invention include, for example, the step of encrypting the media through an RSA public key algorithm.
The method of this aspect can also include the step of communicating a digital representation of at least one of (i) a copyright ownership of the media, (ii) a set of licensing terms for the media for different user classifications, and (iii) revenue estimates about the media.
In another aspect of the invention, a method is provided for maintaining an electronic bibliographic record of digital media, including: opening an object container containing the digital media, the object container including a representation of the media, a data identifier of media, and data specifying minimum permissions required to access the media; editing the digital media in an application environment; and attaching the data identifier and minimum permissions data to the edited media into a source works list. The source works list provides, among other information, a bibliographic record of the authorship represented in the media.
Such a method can also include the steps of unencrypting the media, and encrypting the media after attaching the data identifier and permissions data into the source works list.
A method of the invention also includes a process for determining the authenticity of digital media, including the step of affixing an encrypted digital signature to the media. In this aspect, the DOCUMENT is authenticated by encoding a signature representing the registration of the media. By way of example, a private key is resident with the registration server which is under strict control of the system. The authenticityxe2x80x94in this examplexe2x80x94is thus granted by the registration server and proven by the digital signature in the DOCUMENT. Alternatively, in another example, the private key is provided to the user of a particular application, again under the tight control of the system.
In yet another aspect, a computer network is provided for managing original works of authorship, including: a process actuation section for affixing copyright information to a binary data element corresponding to an authored media; a process actuation section for affixing minimum permission information to the data element, the permission information specifying access restrictions to the data element; a server for storing information concerning the rights to the media, the server including a control module for controlling access to the data element according to the minimum permission information by restricting data transfers between the server and one or more computers networked with the server; a process section for tagging the data element with supplemental information; and a process section for maintaining copyright information through derivative uses of data element throughout the network.
The invention also provides a PACKAGER, which is a system for packaging electronic media within a secure electronic container. The PACKAGER includes a first process section for attaching a data identifier to the media; and a second process section for attaching minimum permissions data to the encrypted media, the minimum permissions data specifying minimum acceptance terms required to electronically access the media.
In other aspects, the PACKAGER includes a process actuation section for attaching a digital signature to the media, the digital signature providing an authentication to the media; and a process actuation section for affixing source works extensions to the media, the source works extensions specifying a bibliographic record of the media. This bibliographic record is a digital representation that specifies bibliographic information about the authors and minimum permissions of the media, thereby providing persistence through generations of derivative use of the media.
A VIEWER system is also provided for unpackaging electronic media configured within a secure electronic container. A first process actuation section recognizing permissions data attached to the media, the permissions data specifying one or more authorizations needed to electronically access the media; and a second process actuation section opens the media when a user has the authorizations corresponding to the permissions data.
In other aspects, the system includes a communication section that engages an authorization server when the user does not have the requisite minimum authorizations of the permissions data set; or when a user desires to augment the permissions to a particular media by transacting a license to that media. The communication section thus includes a process section for transmitting transactional information to the server, and for receiving, from the server, auxiliary permission to utilize the media.
The methods of the invention can include the steps of encrypting the media, and/or transferring the container to the data processor via one of point-to-point email, CD-ROM, ftp, gopher, smtp (email), and http (World Wide Web). In one aspect of the invention, for example, the registration server first authorizes a user with a PACKAGER through log-in process to establish a secure line, such as known in the art. The user and PACKAGER then generate the registration information relating to the particular DOCUMENT, and transmit the information and a message digest to the registration server. Upon receipt, the registration server returns a xe2x80x9cregistration certificate,xe2x80x9d in digital form, that is signed by the server""s private key. The registration server""s public key is widely known, so that the registration server can operate as a certification authority for the packaged-media. The registration certificate is then passed through secure channels, and the PACKAGER attaches the digital signature to the DOCUMENT. Accordingly, authenticity is demonstrated to anyone with a VIEWER or PACKAGER that has access to the DOCUMENT.
In an alternative aspect, if the communication channel is unsecured, the registration certificate is encrypted via public key to the user""s public key.
These and other aspects and advantages of the invention are evident in the description which follows and in the accompanying drawings.