The present invention relates to electronic copy protection of digital documents, and in particular, to protection of digital documents against unauthorised copying and access.
With the rapid growth of the Internet and multimedia technology, distribution of digital content, hereafter referred to as digital documents, is pervasive. Such digital documents include text, software programs, graphics, video or audio in digital formats. Unlike non-digital documents, digital documents can be copied and disseminated easily without any degradation in quality. Obviously, a market in which digital documents are easily copied because of inadequate copy protection adversely affects commerce including consumer interests. Hence, security of digital documents is critical to ensure a commercially stable environment.
Conventionally, the security of digital documents involves using a cryptographic system to prevent unauthorised copying of such documents. A cryptographic system, or cryptosystem, has an encryption key to convert plaintext into ciphertext and a decryption key to recover the plaintext from the ciphertext. If the encryption key and the decryption key are identical, the cryptosystem is called a symmetric key cryptosystem. If the encryption key and the decryption key are different and determining the decryption key from the encryption key is computationally infeasible, the cryptosystem is called an asymmetric key cryptosystem or public key cryptosystem. In a public key cryptosystem, anyone can encrypt a message using the public encryption key. However, only the holder of the corresponding private decryption key can decrypt the ciphertext and recover the message.
Another common aspect of digital document security is the use of digital signatures, which is an electronic analogy of hand-written signatures. In a digital signature scheme, a user has a private signature key, or private key and a public verification key, or public key. Only the holder of the private key can generate a valid digital signature on a message, but anyone with the corresponding public key can verify the validity of the digital signature. In a public key cryptosystem or digital signature scheme, it is often important to securely bind a public key with the legitimate user""s ID. Such a binding can be achieved using the public key certificates, which contain at least the user""s identity, his/her public key, and a validity time interval, and are digitally signed by a certification authority.
A one-way hash function ( ) has the properties that:
1) for any message m, the hash h(m) is easy to compute;
2) given h(m), finding m is computationally infeasible; and
3) finding two messages that have the same hash is also computationally infeasible
For more information on cryptosystems, digital signature scheme, one-way hash functions, and public key certificates, reference is made to A. Menezes, P. Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996, or C. Kaufman, R. Perlman, and M. Speciner, Network Securityxe2x80x94Private Communication in A Public World, PTR Prentice Hall, Englewood Cliffs, N.J., 1995.
U.S. Pat. No. 5,935,246 describes a method of copy protection for protecting software against copying with a challenge mechanism embedded in each protected item of software. In operation, the challenge mechanism sends a random challenge to the customer""s signature server. The signature server signs the challenge using the customer""s private key and then returns the signed challenge to the challenge mechanism. The challenge mechanism then verifies the signed challenge, using the customer""s public key, and prohibits the customer from using some or all of the protected item of software unless the verification is successful. However, U.S. Pat. No. 5,935,246 uses a public key cryptosystem that requires each user to have a private key and public key pair. Hence, disadvantageously, anyone with knowledge of a legitimate user""s private key can access and run protected software entitled to the legitimate user.
U.S. Pat. No. 5,513,260 describes a method for copyright protection for various recording media such as compact discs (CDs). Coupled with the combination of symmetric and asymmetrical encrypting methods, an authentication signature is recorded on the media only when copy protection is required. The nature of this signature is such that the signature is not transferred to illicit copies made on CD recorders. When an original protected disk is played, the presence of the signature causes the player to correctly decrypt the program data. However, when a copy of a protected CD is played, the absence of the signature causes the player to generate false data, which prohibits the disk from playing normally. However, the copy protection scheme in U.S. Pat. No. 5,513,260 requires modification to CD players and such modification undesirably adds to the costs of such CD players.
U.S. Pat. No. 4,903,296 describes copy protection of software on magnetic medium with a special key having two marks made on the surface of the magnetic medium. These two marks are in the form of absence of material and domains that cannot be formed by conventional magnetic disk write heads. Additionally, an encrypted key, which is critical for running the application, is built into a special purpose hardware subsystem. Hence, software or computer systems need the hardware subsystem to apply the copy protection technique of U.S. Pat. No. 4,903,296. Unfortunately, this makes copy protection as described in U.S. Pat. No. 4,903,296 less flexible for adapting to existing software or computer systems.
U.S. Pat. No. 4,866,769 describes a method of copy protection of personal computer software distribution in diskettes through the use of a unique identification stored in read-only-memory of personal computers. A source ID is provided with every software distributed. A personal computer ID is used with the source ID of a distribution diskette to produce an encoded check word using an encryption method. This check word is then used to verify that the software is being used on a designated personal computer. However, U.S. Pat. No. 4,866,769 is also not flexible in copy protection as a separate and different copy of a software is required for each personal computer.
WO9842098 describes a technique of digital rights management in which a digital product is encrypted and freely distributed through uncontrolled channels. Security fragment(s) of the encrypted digital product are withheld and provided only upon communication with a license server. A customer uses a reader software to purchase a license. Such reader software examines components of a reader system to develop a reader system signature. Using the reader system signature, the license server encrypts a product decryption key and the security fragment(s). The product decryption key and the security fragment(s) are then provided to the reader system. When the customer wishes to use the digital product, a new reader system signature is generated to decrypt the digital product. However, the technique as described in WO9842098 requires personal information of a client to be provided to the license server and some users may not be comfortable disclosing such personal information. Furthermore, the license server encrypts documents only upon transmission of such documents to a client. Consequently, documents stored in the license server are not encrypted and, hence, can be fraudulently accessed by unauthorised users.
According to one aspect of the invention, there is provided a method for copy protecting encrypted documents in a client-server system using an unsecured communication channel, the client-server system having at least one client and at least one server for storing encrypted documents, the method including the steps of:
receiving an encrypted document from the server by a client;
authenticating communications between the client and the server;
decrypting by the client the encrypted document using a decryption key when the step of authenticating is successful to derive a decrypted document;
preventing storage of the decrypted document on a storage device at any of the at least one client;
in response to a user request at the client to save the decrypted document, encrypting the decrypted document with a host specific key associated with the client to provide a re-encrypted document; and
saving the re-encrypted document in a storage device of the client.
According to another aspect of the invention, there is provided an apparatus for copy protecting encrypted documents in a client-server system using an unsecured communication channel, the client-server system having at least one client and at least one server for storing encrypted documents, the apparatus including:
means for receiving an encrypted document from the server by a client;
means for authenticating communications between the client and the server;
means for decrypting by the client the encrypted document using a decryption key when the step of authenticating is successful to derive a decrypted document;
means for preventing storage of the decrypted document on a storage device at any of the at least one client;
means for encrypting the decrypted document with a host specific key associated with the client to provide a re-encrypted document; and
means for saving the re-encrypted document in a storage device of the client.
According to a further aspect of the invention, there is provided a computer program product having a computer usable medium having a computer readable program code means embodied therein for copy protecting encrypted documents in a client-server system using an unsecured communication channel, the client-server system having at least one client and at least one server for storing encrypted documents, the computer program product including:
a computer readable program code module for receiving an encrypted document from the server by a client;
a computer readable program code module for authenticating communications between the client and the server;
a computer readable program code module for decrypting by the client the encrypted document using a decryption key when the step of authenticating is successful to derive a decrypted document;
a computer readable program code module for preventing storage of the decrypted document on a storage device at any of the at least one client;
a computer readable program code module for encrypting the decrypted document with a host specific key associated with the client to provide a re-encrypted document; and
a computer readable program code module for saving the re-encrypted document in a storage device of the client.