Triarche Research Logo Triarche Research Group
Network Architecture Link E-Commerce Link Marketing Campaigns Link Research Link Technical Assessment Link
Genesis Myth Link Consultants Link Commentary Link Partners Link International Bureaus Link Contact Us Link Homepage Link
International art 1 International art 2 International art 3 International art 4

Burning the Jolly Roger
Technical Solutions For Armoring Data Puts Creatives Back in Control

by Peter Cassidy

This article is adapted from a talk given on intellectual property control at the Digital Commerce Society of Boston in October, 1998.

It is easy to be fatalistic about the loss of control of intellectual property. Allegedly intelligent people like Esther Dyson and Bill Gates have told us copyright as we know it today is doomed.  That is a rather pre-mature assessment though it is certainly true that for the near term analogue media and unprotected digital media will be naked to exploitation.

There are, for example, a number of simple-to-use software packages that allow anyone to convert sound files on a music CD to MP3 format to be played on a computer. With a little more trouble, most anyone can take an analogue recording of Maria Callas, play it on their stereo, pipe it into their computers, digitize it and place it on a server in New Caledonia to be downloaded.

Whether that server can survive denial of service attacks or mail-bombing attacks sponsored by Maria Callas' fans, heirs, attorneys, publicists and publishers is another issue altogether. (I figure if oil companies can hire their own armies as they do in the Third World then it is not unthinkable that Sony might someday hire their own counter-hackers and cyber-mercenaries to strike back.)  How the forces of creation and distribution will respond to piracy threats the Internet poses remains to be seen - but we will survey some of the means of control that are being developed today.

One thing should be understood.  Piracy of electronic intellectual property is not inevitable and neither is it insuperable.  Every time a superseding technology has given tools to pirates, such as cassettes and VHS tapes, industry has found a way to contain the losses those with asset control technologies - such as the copy defeating schemes built into video-tape versions of movies.  Given our moment in history, the early dawn of the Internet age, this kind of piracy is to be expected. It is merely the kind of exploitation that can take place between the eras when one technology has made new and quantum gains on its predecessors. Once, the fusion of intellectual property and media was enough to ensure that its owners could reasonably be expected to profit from its consumption. Most people didn't have the means to lift music from records, so fans would actually have to go out and buy the records of their favorite artists.

Today, a high proportion of ordinary households have the technical capacity to take software, music recordings, visual media and images in hand digitize them if need be and transmit them to millions of people over the Internet. Evolving almost as quickly as the interlopers' sophistication in acquiring and distributing ill-gained wares, however, are technical solutions to foil pirates, technologies of varying potency, persistence and adaptability.

My sense is that the publishers can be just as savvy and just as adept as the copyright interlopers and, in fact, have a profit motive to retain control over their copyrighted works that most casual copiers the real enemy of copyright do not have. Technical solutions that will allow creators and publishers to control digital proprietaries are quickly making their way to market that will make it very difficult to steal intellectual property and forcing the bulk of consumers to pay - or not play.

Intellectual property control and management solutions, in fact, is one of the most active segments of the information technologies industry today. A month doesn't go by that I don't trip over another new IP-protection technology, or that I don't get a call from one company or another developing new software to foil pirates.  The key technology that will allow creators and publishers to frustrate interlopers is cryptography and all the marking and protection schemes into which it is integrated.

Depending on the scheme that is developed, cryptography can be used to mark digital works, to limit access along a number of parameters (discriminating by individual, by machine, by network node, by time, by number of simultaneous users, etc.), to create audit trails of usage - and to reveal the identities of consumers. With these capabilities, creators can not only protect their works - but sculpt some incredibly flexible business models.

One example: Software might be, in its demonstration mode, protected by a time-bombing system that will give browsers a trial period of, say, 30 days. After it is licensed (assuming payment through a credit card), that software could be conditioned with license management technologies which deny access to all but the licensed user - and digitally marked so that when and if the software is passed along, the identity of the licensed user is exposed when the software is licensed upstream by another consumer.

In this scenario, the software is protected in two ways - first by simple time-bombing and then, after purchase, by license management. Using these techniques, however, has effected a rather sophisticated affinity scheme that could give, for example, discounts on updates for consumers that have passed around the software to others who have become licensed users.  All of that is technically possible today. The exciting part is that a lot of this is coming true.

Though cryptography is the mainstay disciplines that informs most all protection systems, intellectual property control and protection technologies fall into three broad functional categories.

  • i. Presentation control technologies designed to stop copying, printing or mailing of intellectual property objects viewed on the Web.
  • ii. Execution control technologies to prevent (unlicensed) software programs and other digital works from running.
  • iii. Watermarking designed to weave a (visible or invisible) mark of ownership and other data within an intellectual property object.
All of these technologies have specific application scenarios in which they are best suited. As all of these technologies and the larger public Public Key Infrastructure (PKI) mature, however, creators and publishers will combine them to effect the most appropriate protection and control scheme for a given digital artifact. Already, companies offering complimentary protection and control systems are coming together and offering compound solutions.

This summer, GLOBEtrotter Software and Preview Systems announced a formal agreement to market their respective license management and electronic software distribution technologies. GLOBEtrotter markets license management systems that are very popular on the Unix platform. Preview is the developer of the ZipLock ESD System, an electronic package of sorts that enables a Try-Before-You-Buy scheme for software and mediates payment.

What is most encouraging is that industry is increasingly working to develop standards for protection and control systems.

Last year, members of the electronics manufacturing and recorded music and video industries issued a specification for a so-called Content Scrambling System (CSS) that would encrypt material that is shipped on DVD. Licensing the technology - and extending it to PCs with DVD is controversial.

In Fall of 1998, the Open Group fast tracked a technical specification for software license management systems.

The open question for all technologies of protection and control is when a usable PKI will make these solutions as simple and easy to deploy as, say, 800-number ordering systems. That, of course, is contingent on the power of the market to overwhelm the US politico-military complex that is disrupting the development of cryptography and/or the US government's ability to wrest control of cryptographic policy development from the military intelligence plexus.

What follows is a review of some of the control and protection technologies that are making their way into increasing use by publishers today. Though I focus on innovators who market applied technologies, most all of their approaches are effected by publishers who roll their own solutions. While I doubt that packaged solutions will ever replace home-brewed, standards-making will bring conventions to what are now more or less ad hoc constructions.

To date, these e-books are some of the most elegant deployments of public key infrastructure systems yet placed on the consumer market.  The books come with the public keys embedded - when the customer dials in, the server encrypts the manuscripts with the appropriate, reciprocal private key before sending it.  That way only that it can be read is when it is decrypted by the consumer's private key in his e-book.  The wonder of them is that they each use PKI to protect manuscripts - but that the consumer never has to touch any technology.

i. Presentation control technologies.

Basically, presentation control technologies create the context for the viewing of proprietaries. These frameworks control who will see the protected work and what power they will have to manipulate it. Some of these technologies got their earliest use by companies vending text often the contents of expensive reports. These systems make sure that anyone who views your material cannot lift it electronically by copying, forwarding it, mailing it or printing it, making theft a good deal more difficult.

One the most established companies in this space is a UK outfit called C-dilla, Limited that is making a number of intellectual property control systems. The company's SafeDisc technology typically protects text and/or software.

Everything in a company's - or an artist's - catalogue can be made available for the licensed user on a CD-ROM. However, the user who pays for a license will be supplied with a key to access the file on the pre-registered target disc in order to access the proprietary content. Access allows the user only to see the data. The viewer is modified so that he cannot copy or print the material in any way.

C-dilla has transferred a lot of this technology to the Web with its more recently developed SafeCast suite. With SafeCast artisans can display parts of works, abstracts, low-quality images or images with visible watermarks and vend the images of maximum resolution to paying customers who choose an image or work they want to buy via CD-ROM or through download right from the Web.

Coming out this year is a similar system by InterTrust of Sunnyvale, California. The InterTrust architecture is based on two principal software technologies: the DigiBox is a cryptographic container for any kind of digital media including music, software, images, or text to secure intellectual property against unauthorized use; the InterTrust Commerce Node is a software suite that resides on end users' computers and negotiates the transactions for them and keeps track of their usage.

A consumer pulls something off the Web that is encased in a DigiBox, perhaps an image or a QuickTime streaming video presentation. When the browser detects the DigiBox, a helper application hands it off to the InterTrust Commerce Node, which unpacks the item and displays the content abstract, rules of usage, and the pricing scheme. That unencrypted artifact can only be seen on that consumers' browser. Should he send the data file to someone else, the receiver's browser would not be able to display it.

Adding another dimension of security to data presentation Digital Delivery, Inc. of Massachusetts released GeoSecure, a system that restricts file access that allows conditioned files to be viewed only in specific locations.  Using GPS signals broadcast by satellite and an outboard receiver, creators can limit exactly who views protected data, under what conditions - and the precise physical location in which they may be viewed within a 50 meter radius.  The system builds on the company's Confidential Courier scheme that controls individual access to protected files, defining terms of usage by user and time.

Most recently, an Israeli start-up called Csafe has introduced a technology to thwart copying, forwarding, printing and mailing of Web pages that are viewed by ordinary browsers surfing Web pages and Intranet resources.  Pirates are forced to photograph the pages off the monitor, leaving them with a rendering of very low quality. (Anyone who has had artwork printed exactly as it appears on-screen understands just how awful a display space a monitor is.)

Consumer Market

One of the most important developments in the presentation control technologies industry has actually taken place in the consumer market with the advent of electronic books.  Once the stuff of science fiction, they are here today with a number of competitors on the market.  Each uses a handheld reading palette that is integrated with devices to connect the e-books to the Internet for access to libraries of electronic book manuscripts and periodical literature.

By the end of last year there were at least three e-books on market: NuvoMedia's Rocket eBook, the Millennium Reader from Librius, and the SoftBook from SoftBook Press.  The books arrive without content. With the Rocket eBook and Millennium Reader, users connect their e-books to their computers via docking stations.  The e-books connect to their respective libraries through communications software that speaks to the docking station. With the SoftBook, users need connect the unit to a phone line to dial into the Soft-Book Press server.

ii. Execution Control Technologies:

Some of the greatest strides in execution control technologies have been made in the software industry. Software companies were among the first industries exposed to substantial harm by the Internet though also they had the most substantial experience in mitigating the dangers of piracy.


Around 15 years ago, commercial and industrial software makers began shipping their software with hard keys dongles that fit into one port or another on the machine in which the software would execute. If the software doesn't get an answer-back from the dongle while it is working, it simply stops. It's primitive but it works. The dongle business continues to grow with such companies as Rainbow Technologies, Aladdin, Hardlock.

Dongles, however, are destined to be superseded by much more flexible License Management systems. LM systems basically encode the dongle into the software.

License Management

These systems typically protect software by establishing a license server and an event log on the host during software set-up; a semi-smart agent embedded in the software searches for the proper licenses on the license server and checks the log for activity, reconciling, for example, the number of people currently using a program against the maximum allowed.

When license-managed software is successfully invoked, it scribbles a note in the event log to be read when someone else requests the software. Typically, these systems are applied by the developer to prevent piracy. Many have features, however under used, that can be used to sculpt extraordinarily specific licenses, for example, reserving the software for use by a particular department or even for specific users for a given period of time.

License management technologies that software vendors used were initially designed to make it impossible for protected software to execute anywhere but on the machines of the licensees and then only to the extent allowed by the license on file. They are most prevalent in the Unix platform where industrial and commercial software vendors have applied them to secure titles that could cost well into six figures per installations.

The Open Group has recently issued a technical specification for license management system.  Now that the specifications are being published and companies can update their license management tools to meet those specifications, the Open Group is working on a test bed and certification system for License Management systems (its own "UL seal of approval" for LM systems).  How quickly the standard will attract support is still an open question.

The principal proponents were mainframe makers and companies that develop LM products for mainframe and Unix platforms. Though Microsoft was absent from the discussions and proceedings of the LM committee at GUIDE, a mainframe user group, which developed the technical specification and the technical requirement document that preceded it, Oracle and Sybase have both sent their own representatives to the last mark-up meeting in August. See Globetrotter's article on software licensing, Isogon's software assest management prowess, and Rainbow, who acquired Elan and Wyatt River, publishers of LM systems.

Audio/video scrambling systems

Because of the threat of the Internet as a channel for piracy all new media will be forevermore designed as protected media. DVD discs published by the big film studios, for example, are protected by a scheme called the Content Scrambling System (CSS) created by an alliance of big content and electronic companies - among them Phillips, Sony, Matsushita and Hitachi. The insistence on a protection scheme by the big content developers like Sony delayed the release of DVD players last year for several months.

CSS decoding chips in the players read the encrypted data and allow the content to be displayed on televisions. Data Files from DVD discs can be sent around the Internet but you would have to burn it into new media and then put the disc into a player enough to stop the casual copying that makes up the lion's share of piracy. Arguments are going on now about how and if there is going to be a software version of CSS for computers, given the large computational overhead it demands.

With the advent of the Internet, however, the entertainment industry faced its greatest threat.  A medium that could deliver unlimited copies as perfect as the original anywhere in the world.  Clearly the media was only going to get more pervasive and more capacious. Not that the industry was ill-prepared for the task.  Copy protection schemes are nothing new to the video entertainment industry.

There are a number of scrambling schemes that have been used on cable television for years in the United State and Europe that are being adapted for digital media and the Internet. No doubt the Internet will be used to transmit lots of stolen content but just is likely is that this media will be used another pay-per-view channel as bandwidth expands.

As well as adaptions of existing technologies for protecting audio and video content, a good deal of innovation is taking place in the development of purely Net-specific control and protection technologies. One good example of those is Cognicity's AudioKey. AudioKey is a suite that includes a client-side RealAudio plug-in that reads files that are protected and enhanced the AudioKey server-side software which embeds control data into music streams.

As I've pointed out before, control technologies are not only about denying access to pirates. It's about relationship building. In this vein, AudioKey, links digital content to the individual's player. The Web surfer that uses this system can use the links and features that are embedded in the sound file such as transcripts, lyrics, profiles and special promotions. See Macrovision, a company that makes scrambling technologies for cable and satellite TV companies, Videodiscovery's discussion of CSS within context of discussion about DVD, DVD Digital's background on DIVX, and Cognicity.

In February of 1998, an alliance of entertainment and consumer electronics industry titans announced a common encryption standard to be used to protect music and videos - however they are distributed, on CDs or through the Internet.  The proposed encryption technology could be deployed on television  sets, PCs, set-top boxes used by cable TV and satellite services, VCRs and on digital video disk (DVD) players.

Several major music industry players - including Sony Music, Warner Music and BMI have - already announced that they will develop a standard for recorded music they hope to have standard for securing music this year.  That coalition - the so-called Secure Digital Music Initiative (SDMI) - will, however, run into electronics device manufacturers like Samsung, Creative Labs, Philips and Diamond Multimedia rushing their own products to market - with or without integrating compatible technology.

Every coalition and manufacturer's security scheme uses an encryption system.  Songs are downloaded and arrive in the consumers computer encrypted.  Once payment is negotiated, appropriate keys are provided so that the consumer's player can unlock the song and play it.  The details of how keys are delivered and managed and how the content is unlocked must be faultlessly co-ordinated otherwise it will not work.  The fast-growing market for MP3 players, however, could compel the electronics makers to market before the security systems are perfected.

iii. Watermarking technologies.

Late in January of this year, Liquid Audio, MP3, CDnow and a number of music entertainment companies formed a coalition to watermark digitally distributed music.  The technology, which puts codes into content that reveal the owner's - and often the licensee's - identities when scanned by a watermark reader.  A number of watermarking schemes are under consideration by different industry groups - and some are included in the specification for DVD technologies issued last year.

No doubt this technology will get less headline space than anti-piracy schemes.  The application profile is less dramatic than those systems that stop the thieves.  Watermarking technologies are the content industries' "digital branding irons" that could expose transgressions against copyright holders and, as well, enable easy clearance of copyrighted material in ways not possible with traditional analogue media.

Though they cannot lock out pirates, watermarking has promise for allowing creators and companies to brand intellectual property objects - thus facilitating  affinity schemes and discounting regimes that require consumers to surrender tokens or tokenized items to receive program benefits.  As well, watermarks can be the markers by which automated spiders find and report on the whereabouts of proprietaries.

Watermarking schemes weave a code into the very fabric of digital creations. Some schemes include only the creators' digital imprimaturs yet the most sophisticated ones also implant the identities of the distributor and final consumer into the images or sound and video media as a commerce enabler and a determent to copying.

Today, the applications for watermarks are much more mundane.  Typically, they are applied to images, video and audio works with the mark of the creator or licensed distributor.  Graphic software companies are making the most aggressive move toward incorporating watermarking management technologies as features in their own software packages, principally as plug-in watermarking systems that embed an indelible signature throughout the work.

Adobe's Photoshop Version 4 and the latest releases of Corel Draw and Photopaint incorporate a plug-in of PictureMarc, a digital watermarking technology by DigiMarc Corp. of Portland, OR. PictureMarc embeds an ID number into every image by altering certain pixels, creating an invisible pattern inside of the image.

When a user opens a PictureMarc-ed file, either within a DigiMarc-enabled version of Photoshop or using Digimarc's stand alone viewer, the copyright symbol appears in the title bar with a link back to Digimarc's MarcCentre online registry. That link will bring viewers to the home page of the creator at the MarcCentre with contact information and usage specifications. Creators don't have to join the MarcCentre, however, as it's offered as a separate service.

Like a hologram, the watermark remains even if the image is cropped or published or both. Pull up a fragment from within any Digimarc-enabled application and the watermark will again report the copyright. A paper-based magazine stole your image? Scan it and pull it up in the viewer and the mark will appear again.

These systems are not perfect. First, there are cracker programs like StirMark or Unsign that are designed to remove or corrupt watermarks to make them unreadable. Some powerful graphics programs like Kai's Power Tools have filters and effects that will distort the bits that are marshalled by the watermark. Some will be more resistant to this kind of corruption than others and those that aren't robust enough to resist the simplest attacks will be subject to the swift and unbridled criticism of the Web.

Here is a cursory survey of watermarking technologies:


Corbis Corporation, a digital image archive founded by Bill Gates after he acquired the Betteman Archives. Corbis isn't marketing its proprietary watermarking system, yet, but it's a neat example of how an on-line stock photo shop could give clients a full view of available images without exposing them to mundane screen capture techniques. (To remove the Corbis watermark a huge, stylized "C" you hold down the CNRTL and left-mouse-button keys together, neutralizing key sequences usually reserved for printing, copying and mailing commands.)

Signum Technologies, Ltd.

Signum Technologies, a British company, has already, licensed its SureSign watermarking technology to the British Telecom Picture Library and to the BBC.

SureSign enables users to both embed and detect fingerprints in images. Creators can process images one by one or with another SureSign batch converter to imbed their "fingerprint" that can be located by freeware detection software offered by Signum.

Informix and NEC

First out of the gate with a database/server and watermarking solution was Informix and NEC Corp. In early December, the companies announced the Informix Universal Server with an image DataBlade module that uses NEC's TigerMark watermarking system which was developed specifically to distribute music and video over the Internet.

Informix had developed, after the company acquired Illustra, a firm with strong multimedia database technology, a server with the capability to move any form of media. With NEC's TigerMark watermarking system, Informix could put all the tools in the suite together for the multimedia artisan: database, server management and copyright management.

NEC's watermarking technique allows unique identification of copyright owners, buyers and the distributors, thus providing a deterrent to illegal copying. What's more, NEC places a watermark in parts of the signal stream that cannot be removed without substantially degrading its quality.

This means that if someone want to get into the pirate media business, he is going to either get real masters without a consumers ID on it or find someone who doesn't care if he is fingered as a an accomplice to a thief. So far, it remains to be seen if anyone has taken up NEC's technology for a sound or video-media application.

The first NEC DataBlade, called the TigerMark Image DataBlade, allows owners of images to add watermarks to images stored in Informix's object-relational Universal Server. DataBlades are modules that can share processing space with the Universal Server core engine.

Giovanni Miami-based BlueSpike developed Giovanni as a watermarking system for music though the company says it can apply the scheme to any digital media that does not require 100 percent accuracy in reproduction like software.

Giovanni was published as part of the DVD specification last year, along with NEC's watermarking scheme. Creator Scott Moscowitz said Giovanni is robust enough to stand up against filters and programs like StirMark.

Giovanni is a three-channel watermarking technology in which each channel is accessible by a separate key that is used to burn rights ownership and distribution data into the music or video or image object at the point of sale.

One channel would contain copyright data with that key held by the creator.

The second channel in the same copy may be designated a distribution channel with a key held by the intended distributor in the same way a distribution agreement is made between parties.

The third channel may be designated as an "ownership channel" where consumer's information is watermarked as the consumer is paying for the content.

The distributor would be free to issue an "ownership key" to the purchaser to validate the purchaser as if he were being issued a receipt. All three channels are distinct and become an audit trail accessible by the three separate keys, ensuring privacy and efficiency in identifying a given copy of content.

An artist or his representative, say, a record company executive, coming upon a bogus copy could recover the keys, unlock the data in each channel and track it back to the purchaser, thus exposing the infringer.

For more literature on and examples of sophisticated watermarking systems, see Bluespike, publisher of Giovanni's digital watermarking system, Microsoft's Corbis Archives, Signum Technologies' pages on its watermarking systems, and a treatise on techniques to defeat watermarking.

US Offices: 38 Rice Street Suites 2-0/2-2
Cambridge, Massachusetts, USA 02140
VOX: 1-617-491-2952     FAX: 1-815-364-3002

| Genesis Myth | Consultants | Commentary | Partners | International Bureaus | Network Architecture | Marketing Campaigns | E-Commerce Stategies | Research | Technical Assessment | Homepage | Contact Us |

All Rights reserved: Triarche Research Group Copyright: 1995-2003