System for controlling access and distribution of digital property

Abstract

A method and device are provided for controlling access to data. Portions of the data are protected and rules concerning access rights to the data are determined. Access to the protected portions of the data is prevented, other than in a non-useable form; and users are provided access to the data only in accordance with the rules as enforced by a mechanism protected by tamper detection. A method is also provided for distributing data for subsequent controlled use of those data. The method includes protecting portions of the data; preventing access to the protected portions of the data other than in a non-useable form; determining rules concerning access rights to the data; protecting the rules; and providing a package including: the protected portions of the data and the protected rules. A user is provided controlled access to the distributed data only in accordance with the rules as enforced by a mechanism protected by tamper protection. A device is provided for controlling access to data having protected data portions and rules concerning access rights to the data. The device includes means for storing the rules; and means for accessing the protected data portions only in accordance with the rules, whereby user access to the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data.

Description

1. FIELD OF THE INVENTION[0001] This invention relates to the control of distribution and access of digital property as well as to the payment therefor.2. BACKGROUND OF THE INVENTION[0002] The development and deployment of digital information networks is accompanied by new concerns for the protection of rights to data and information. The U.S. Congress Office of Technology Assessment identified the following key developments relevant to the area of this invention: there has been an overall movement to distributed computing; boundaries between types of information are blurring; the number and variety of service providers has increased. Information Security and Privacy in Networked Environments, Congress, Office of Technology Assessment, OTA-TCT-606, Washington, DC: U.S. Government Printing Office, September 1994.[0003] Computer networks allow more interactivity; and, most significantly, electronic information has opened new questions about copyright, ownership, and responsibility for...

AI Technical Summary

Problems solved by technology

In the past, when information was stored in analog form, the copying and redistribution of such information, while problematic, did not account for as much economic loss as is possible today.

Today's high fidelity systems are very accurate, but they are not flawless.

Indeed, copying a vinyl record to a cassette tape results in a small, but noticeable, reduction in sound quality.

If multiple generations of recording (e.g., cascaded recordings) were undertaken, the resulting product would be noticeably inferior to the original.

Similarly, when multiple generations of photocopies of an image are made, the quality of the resulting image is typically poor, with many dark and light areas that were not present in the original image.

As a result of the ability to copy a file with no loss of fidelity, it is now almost impossible to differentiate a digital copy from the digital original.

Additionally, print publishers hesitate to expand into the network marketplace because they are unable to control (in the sense of receiving compensation in return for rights) secondary distribution of their products as well as incorporation of their products into derivative products.

Such changes in cost and convenience of necessity impact business decisions concerning producing, distributing, promoting, and marketing.

Of those prior art systems which make some use of encryption, none protects the data after it has been decrypted.

Further, in all of the prior art, access is all or nothing, that is, once access is granted, it cannot be controlled in any other ways.

This makes it difficult to control copying, secondary distribution, as well as to obtain payment for all uses.

The safety problem is closely related to the fundamental flaw in Discretionary Access Control (DAC) that malicious code can modify the protection state.

The prior art, including cryptographic processes, tokens, dongles, so-called "uncopyable" media, various executable software protection schemes, and executable software for printing that places an identifier on all printed output in a fashion not apparent to a human, fails to limit either secondary distribution or distribution of derivative works.

The problem of copying by the authorized user is simply not addressed.

Schemes that include identifiers on printed material, although they may aid in identifying the source of copied material, do not prevent secondary distribution.

However, once access has been granted to information that information is subject to manipulation and redistribution without further limitation.

Further, dongles have proven to be unpopular because of the need to keep track of them and ensure that they are separately secured.

Uncopyable media, generally used either to control distribution of information or to control usage of executable software, are unpopular because of the user's inability to create a backup copy.

Further, most so-called uncopyable disks have fallen victim to general-purpose duplication programs, rendering their protection useless.

Even where partially effective, the uncopyable disk did not serve as a deterrent to capturing information and redistributing it.

However, such a security function may be capable of being defeated by a knowledgeable attacker.

A successful attack is judged as being beyond normal practicality.

Capture of an analog output results in some degradation of signal quality.

But the market for bootleg copies of videos, for example, appears to be insensitive to such quality if the price is right.

A captured digital signal suffers degradation of quality only as a result of bit errors (i.e., if the data capture was not completely accurate).

Creating an unauthorized local copy, or disseminating the data without authorization each results in an original-quality copy without compensation to the owner.

One manifestation of this threat is in uncontrolled hardware.

Semiconductor memory is volatile and does not retain data when power is removed.

Images