by Gary N. Griswold
This solution to copyright protection uses software envelopes which authenticate each access by communicating with an authorization server on a wide area network. It decrypts the information for display, print, or copying when the authorization is approved. This method is specifically suited to controlling information which has been delivered to customer machines over a wide area network.
Many celebrate the freer environment of electronic networks: the ease of data modification, copying, and multiple use usher in a relaxed attitude toward copyright. They believe that copyright holders must accept the less controlled environment of electronic networks. However, they are ignoring the property rights granted to authors and publishers in article 1, section 8, item 8 of the U.S. Constitution. The decision to place intellectual property on electronic networks is the prerogative of rights holders.
Because publishers do not share this relaxed vision of copyright, the current providers of electronic services are delivering information which does not require extraordinary protection, for example: open discussions, such as USENET; perishable information, such as news services; and government information, such as patent databases. However, any new system which wishes to leverage its content from the trillions of dollars in intellectual property already existing in the world, must address the property owner’s concerns of property protection, or risk losing their cooperation.
Mr. Timothy King, Vice President of Corporate Development at John Wiley and Sons, has identified the following key concerns.
- Will the integrity of information be preserved?
- Will attribution for all information be ensured?
- Will the quality of the content and form of information be maintained? Will creators and copyright holders be able to control the use of their work and to receive compensation for that use?
The legal problem must be solved. The High Performance Computing and Communications Act of 1991 (HPCC) specifically requires that the National Research and Education Network (NREN) include a means to protect copyright:
(c) NETWORK CHARACTERISTICS. -- The Network shall -- ... (5) be designed and operated so as to ensure the continued application of laws that provide network and information resources security measures, including those that protect copyright and other intellectual property rights, and those that control access to data bases and protect national security; (6) have accounting mechanisms which allow users or groups of users to be charged for their usage of copyrighted materials available over the Network and, where appropriate and technically feasible, for their usage of the Network;
To date, the problem remains unresolved. In his December 8th, 1992 presentation to Congress on the NREN, Dr. Allen Bromley, Director of the Office of Science and Technology Policy, had the following to say about the current status of copyright protection.
The technical mechanism appropriate to protect copyright of material distributed over the network is as yet unclear. ... Because consensus has not been reached in this complex area, implementation of technical measures on the Network has not yet been scheduled.
There are an abundance of applications which require a solution to this problem if they are to be performed legally and without negative implications for publishers. Libraries, which are currently using FAX for inter-library loan, are looking forward to delivering the journals over the NREN. Likewise, the Colorado Alliance of Research Libraries (CARL) Uncover Project and Engineering Information’s Article Express are looking forward to NREN delivery. The CUPID project (Consortium of University Publishing and Information Distribution) is planning a distributed network architecture that will permit university presses to establish servers containing their copyrighted products in electronic form. These university press servers will be used for distributed publishing on the Internet. Libraries have made extensive progress in putting bibliographic information on-line, and look forward to implementing digital libraries in which they deliver copyrighted information. Also, information retrieval systems, such as Wide-Area Information Service (WAIS), deliver the query result to the machine of the customer. At present, such systems are not being used for the delivery of information that requires protection. One can also conceive of additional applications which could appear once adequate copyright protection were available. For example, news could be delivered by broadcast over the NREN, but only received by subscribers. Means to filter the information to subscriber requirements would also be part of such a system. Journal subscriptions could be delivered electronically. That is, each month a copy of the latest journals could be file transferred to the machines of each subscriber. Also, an electronic retail service could be provided so that customers could search by author, title, and subject indexes and request electronic delivery of titles they wished to purchase.
Many solutions to this problem have been suggested. The following is a discussion of some of the more important.
Many have suggested a simple system: A library charges for each transmitted article and pays the publisher or the Copyright Clearance Center a royalty for each copy. This method is being used effectively by CARL (Colorado Alliance of Research Libraries) for FAXed journal articles. However, as we move to the electronic distribution of information, the ease with which information can be repeatedly distributed, for no fee after the first distribution, threatens the prudence of using this approach on computer networks.
Digital signature use of public key encryption has been suggested as a means to protect copyright. A hashing algorithm is used to create a unique number from the content of a document. This number is encrypted with the private key of the originator. The receiver of such a document can obtain the public key of the assumed source of the document from a central key facility. However, while this important technology verifies the source and content of the document, it does nothing to prevent the creation or use of copies.
Public key encryption has also been suggested as a way to encrypt information. By using the public key of the receiver, only the receiver can decrypt it with their private key. However, while this is mathematically very secure, nothing prevents people from distributing encrypted information along with their private keys. The elegant security of public key encryption prevents anyone from identifying the source of the offending private key and copyright infringement.
John H. Ryder and Susanna Smith describe a simple solution for the electronic dissemination of software. Before the customer receives the copyrighted software product in working form, he or she is presented with a number of screens of text which display a license agreement. The customer must follow certain steps on the keyboard to signify that they agree to the terms of the license agreement. However, while this method makes certain the customer understands their licensing rights, it does nothing to insure that the customer lives up to those obligations.
Martin E. Hellman describes a means to limit access and bill usage of software, video games, video disks, and videotapes. This is accomplished via an encrypted authorization code, which contains information related to an identification of the computer, a product, a number of uses requested, and a random or non-repeating number. When entered into the customer’s base unit, the authorization code permits use of the specified software product for the specified time.
Victor H. Shear describes a system and method to meter the usage of distributed databases, such as CD-ROM. This method describes a hardware module which must be part of the computer used to access the distributed database. This module retains records of the intellectual property viewed. Once the module becomes full, it must be removed and delivered to someone who will charge for the usage and set the module back to zero.
Hellman’s and Shear’s methods both require hardware modules, which must be constructed into the customer’s computer, in order to control access. These methods will not be practical until a very large number of computers contain these modules. Hardware manufacturers will be hesitant to include these modules in the design of their computers until there is sufficient demand for these specific systems.
A solution to the copyright protection problem is described in the following section. Patent applications have been filed on the pivotal aspects of the innovation.[9,10,11]
Description of the Innovation
Our approach is as follows: copyrighted information is transmitted in an encrypted form, and is transmitted in a software “envelope”. The copyrighted information and the software envelope together comprise an executable program which can decrypt the copyrighted information and present it to the user. The capabilities of the envelope intentionally limit the user’s access to the copyrighted information to those capabilities which are appropriate under copyright law for the specific kind of copyrighted information contained. For database information, the software envelope should enable the user to search indexes and display text. For CAD information, the software envelope should permit the display of the information and permit the user to manipulate attributes of the display. For video information, the software envelope should display the video. For audio information, the software envelope should display the audio information. For text, the software envelope should display and turn pages. For hypertext information, the software envelope should allow the user to thread through the information. These are only some of the ways these software envelopes can control different kinds of copyrighted information.
Finally, the software envelope uses a method to check for authorization to access and to track the usage of the software envelope and copyrighted information over the same telecommunication network used to transmit them to the user. The tracking method works as follows. Automatic messages are sent between the software envelope and a central authorizing site. Each time a customer starts to use a copyrighted work, a message is automatically sent from the work. Also, at a regular interval, additional messages are sent. Sent at regular intervals, they are a measure of use. When the messages arrive at the central authorizing server they are verified. A reply is sent back, which is an authorization to continue or a denial of authorization. If no valid message returns, a denial is assumed by the software envelope. Whenever a denial is received or assumed, the use of the software or copyrighted information product is discontinued. The diagram in Figure 1 illustrates this method of tracking copyrighted information.
The system of authorization and usage measurement capabilities described above can be used to license information products in a variety of ways to suit a variety of information licensing policies. It can be used to enforce site licenses by preventing off-site access and limiting the number of concurrent uses. It can be used to limit duration of use, analogous to returning a book to a library, by disabling use of an information product after a period of time. It can be used to implement an electronic subscription by providing an unending duration of use of the product on one machine. It can also be used to meter and charge for each use of the information.
The software envelope would provide the user with the ability to view the information product, but it would not provide any way to edit or extract from it. This is needed, because otherwise the displayed information could be used as a source from which to create a new copy which is not subject to this copyright protection scheme. Second, it would insure the authenticity of the information products, by preventing the automatic creation of altered copies. Third, it would interfere with plagiarism, which has become an increasing problem because of the abundance of easily copyable electronic information. Fourth, it would prevent the automated generation of derivative works.
Other Licensing Requirements
So far, we have only discussed controlling licenses for viewing information, but the same method can be used to control licensed printing. While the rightsholder may choose to give the customer a license to view and to print, they could require an additional expense for the action of printing. In this case, the authorization request would indicate that printing is requested and the reply would indicate whether the customer is licensed. The act of printing would be recorded for the purpose of charging. In some computer operating system environments, insuring the security of the document will require the installation of a special print server, which is capable of decrypting while printing.
This system permits unlimited copying on the network, and yet limits the use of those copies to licensed customers. However, a customer may need to take an electronic copy of a document onto a machine which is not connected to the Internet. For machines which contain internally readable serial numbers or firmware private keys, we can license and control the act of making copies. Each copy made will contain the internal identifiers of the machine on which it is to run. It will still be encrypted, and requires a similar software envelope for presentation. Instead of checking for further authorization over the network, the software envelope checks that it is running on the machine to which it is licensed.
This method assumes the existence of a network used in the delivery of electronic information. This network should also be capable of sending connectionless datagrams. Analog telephone is both too slow for sending large amounts of data, and would require an explicit telephone call with each use of an information product. Integrated Services Digital Network (ISDN) telephone, because of its minimum 64 K bps speed, would be much more suitable for the transmission of information products. Also, the authorization datagrams which this method requires could be sent over the signaling channel without placing a call. Similarly, on the Internet, the authorization datagrams can be most efficiently transmitted and processed as User Datagram Protocol (UDP) datagrams. Digital Cellular would also be a very suitable network.
At this time, we have a demonstration version of our technology running on the Internet. The system consists of three main programs: 1) a license authorization program called “authorize”; 2) a program for creating protected files called “product”; 3) and a program for viewing the protected files called “read”. The authorization server runs on one machine on the Internet in Albany NY, and will control access to any documents created using the “product” program. Copies of “product” and “read” are available upon request.
While the above prototype has many capabilities, it has many limitations which make it less than a commercial product. While it does register the creation of new protected products, authorizes access, tracks usage, and permits customers to register upon receiving a denial, it does not include a customer billing module or a publisher payment module. While the software envelope provides the essential features needed to display the decrypted information, it lacks the user interface quality one would expect in a commercial product. Finally, the viewer program is written to run on Sparcstations. Versions are not yet available for other computers. Despite all of the above limitations, the Demonstration Prototype performs an important service by demonstrating how licenses can be managed over the Internet.
We will be able to proceed with this step as soon as the necessary funding is available. This system should be limited in the number of products sold and the number of customers serviced in order to facilitate revision of the system as we learn from its use. However, this system should provide the full scope of functionality required in a commercial version. That is, it should manage licenses for viewing, printing and node-locked copying, and it should maintain a full database about its customers and publishers, which should be used to bill customers and pay publishers. The system should provide a higher quality presentation program which is available on a wide variety of platforms. Such a viewer could be developed by InfoLogic, but it would be more efficient to have the developers of an existing viewer integrate InfoLogic’s license control mechanism into their viewer. Finally, the license server will be redundantly implemented to guarantee 100% uptime.
There are a variety of applications for which the described method of copyright license management would be very useful. These include: electronic retailing, inter-library loan, library circulation, and distributed information services. The following is a description of how each of these applications could function using the copyright protection mechanisms described in this report.
Publishers and printers have automated their methods of production so that typeset copies of books or journals exist in electronic forms, such as Standard Graphics Markup Language (SGML) or Postscript. From these electronic copies, the pages are printed. These same electronic forms are a useful source for electronic distribution. In addition, scanned copies of older books are a source of electronic distribution.
After printing their books and journals, the publisher could license the electronic sources to the electronic retailer. The only task the publisher needs to perform is signing the license agreement. There is no need for a second tier of distribution. The electronic retailer could offer to pay for each copy delivered to the customer. Considering the absence of printing, inventory, warehousing, and returns, the publisher could earn a considerably larger margin than they receive on paper copies. Considering the absence of two-tier distribution in this model, the electronic retailer could sell the copies for less than the cost of paper copies.
Those currently connected to the Internet include most universities; most national laboratories; most private research laboratories doing government work, or collaborating with universities; and a growing number of smaller organizations, especially technical. As a result of this profile, it appears that PSP/STM (Professional Scholarly Publishing and Scientific, Technical and Medical) are the publishing segments where the demand will occur first.
To begin using the system, the customer would request a copy of the electronic retailer’s client program over the network. The client program could be delivered free, or for a nominal charge. The first time the customer used this client program, they would be asked to enter identifying information. This program would enable them to browse through the title, author, and subject catalog of books and journals in the electronic retail server. They could request any book, whereupon they would be required to enter charging information, such as a credit card number. The book or journal would be delivered to them electronically.
For universities and organizations the system would permit the site licensing of the information, while at the same time permitting the licensing to individuals or licensing by the duration of time used. People would be able to share electronic documents freely, and all accesses to a site licensed document within the site would be permitted. However, if someone off the licensed site were to receive a copy, they would be denied access when they attempted to access it.
Inter-library Loan and Document Delivery
Inter-library loan and document delivery services are very similar, except that one is a library service and the other commercial; one usually pays copyright royalties while the other usually does not. Using this copyright management method they become even more similar.
When a document is requested for delivery, it is located, scanned into a computer, and immediately converted to an encrypted file. The protected file can be transferred to the requester’s machine and a licensing entry permitting one concurrent use of the document can be made at the same time. Once received, the document can be freely accessed by the requester on the machine to which the document was sent. Should the requester pass the document along to others, they will not be able to access the document until they have secured a license to the document. At the same time that they receive a denial of access from the license server, they will be given the opportunity to enter charging information on the screen which will permit them to access the information.
On a periodic basis, the license management system will generate administrative reports which detail the following: 1) library charges for documents delivered; 2) library receipts for documents provided; 3) copyright royalties for documents provided; 4) copyright royalties for additional licensees added to previously delivered documents. These documents could be the basis for payments between libraries and the Copyright Clearance Center.
A possible use of this technology is for each library to maintain a license server to manage the copies of books and periodicals which have been checked out from their library in electronic form. In addition to the technology previously described, the digital library card catalog must contain a record of the number of copies owned and number of copies borrowed for each item in the electronic card catalog. Such a system would work as follows.
Each time someone wishes to check out an electronic copy of a book or periodical, the current “number owned” by the library and the current “number checked out” from the library would need to be looked up to be certain that a copy is available.
When a book or article is checked out from the library, a licensing entry for the user would be entered into the license database. A termination date, such as two weeks, would be entered in the license to represent the borrowing period. The card catalog’s record of the number of copies checked out from the library would need to be updated to indicate that the copy has been removed from the library.
When the two-week borrowing period of the book or periodical terminates, the copyrighted work would cease to be accessible by the library patron, even though the copy still exists on his or her computer. On a nightly basis, the library’s system could look in the licensing database for copies which have terminated on that day and decrease the “number of copies checked out” shown on the electronic card catalog. This action is analogous to returning the book or periodical to the library shelf.
Advantages of Standardization
If this technology were consistently implemented by libraries and electronic retail services, it would be possible for the holder of a copy checked out from the library to purchase the same item from a retail service. The customer would use the software envelope of a retail service to try to access the library copy of the document. Upon getting a denial of access, they would fill out the charging information requested on their screen by the electronic retailer. Once this step was completed, they would be purchasing a copy of the book or periodical.
Distributed Information Services
Currently, providers of on-line services fill their large computers with quantities of information and charge the customers for the use of the infrastructure needed to access that information. Using the methods in this paper, much more efficient information services are possible. For example, one could provide a bibliographic information retrieval service at no cost, since money would be made on the sale of information.
Before using this system, the customer would need to provide certain charging information, such as corporate purchase orders, or credit card numbers. The customer would search the on-line bibliographic database for documents on particular topics. Once documents are selected by the user, the documents or abstracts of the documents could be delivered to the user by file transfer. Access to the information could be measured in a variety of ways. By default, it may make sense to charge the customer for the time each document is accessed. Time would be measured in intervals, such as every 15 minutes. In addition, the customer could be charged for printing out a copy of the documents. Finally, the customer could be given the opportunity to purchase permanent electronic copies that they may store and view at any time without further charge. The license servers can be apprised of these events by automatic messages, sent between the software envelopes and the license server.
One of the side effects of these methods of distribution is to lower the amount of infrastructure needed to deliver information, because most of the information access occurs on the customer’s own computer. Lowering the cost can in turn lower price and thus increase profit. Any lowering of price of the currently expensive electronic information is apt to increase demand. We need to build into our selling systems a positive feedback loop which would lower costs of operation, to lower prices, and increase demand. Increased demand would lower the per unit production costs, which increases demand even more. At the same time, we must retain and even increase the use of peer review and editorial filtering to insure the availability of the highest quality information. This technology facilitates the lowering of operational costs, while providing a mechanism to compensate for the time and effort that went into production.
1. Tim King, “Critical Issues for Providers of Network Accessible Information”, EDUCOM; Summer 1991, Page 82.
2. High Performance Computing and Communications Act of 1991 (HPCC), Section 15 USC 55112 (c).
3. Dr. Allen Bromley, Director of the Office of Science and Technology Policy, “The National Research and Education Network Program: A Report to Congress”, December 1992, Page 2.
4. CARL Systems, Inc., Uncover and Uncover2–the Article Access and Delivery Solution, unpublished article, 1992.
5. Public-Key Cryptography Standards, RSA Data Security, Inc., June 1991.
6. John H. Ryder and Susanna R. Smith, “Self-verifying Receipt and Acceptance System for Electronically Delivered Data Objects”, United States Patent 4,953,209; August 28, 1990.
8. Victor H. Shear, “Database Usage Metering and Protection System and Method”, United States Patent 4,977,594, December 11, 1990.
9. Gary N. Griswold, “License management system for information products located at user site periodically requesting usage authorization via communication network”, Application for International PCT patent, 1992.
10. Gary N. Griswold, “System and method for protecting and licensing information products on an electronic network”, Application for United States Patent, 1992.
11. Gary N. Griswold, “System and method for protecting and licensing software on an electronic network”, Application for United States Patent, 1991.
Gary Griswold is President of InfoLogic Software, Inc., a consulting firm which develops software in technical applications including: Very Large Scale Integrated (VLSI), CAD, Image Recognition, Computer Aided Software Engineering (CASE), Manufacturing Automation, and Management Information Systems. Recently, his primary technical interest has been copyright protection for networked information. He holds an M.S. (Union College, Schenectady, NY) and a B.S. (University of Washington, Seattle).
Gary Griswold InfoLogic 1223 Peoples Avenue Troy, NY 12180 Tel: (518) 276-4840 FAX: (518) 276-4841 e-mail: email@example.com