« iepriekšējāTurpināt »
keys need to be exchanged in this transaction. Without the private key of the intended recipient, the work cannot be read, manipulated or otherwise deciphered by other parties. Of course, if a decrypted copy is made and shared, then others could manipulate the work unless other means are used to protect it.
There may be instances where someone other than the communicating parties needs access to the encrypted data. A key escrow system is one way such access might be obtained. A key escrow system would hold the key needed to decrypt an encrypted transmission in "escrow." Such a system could be maintained by a private organization or the government, and anyone seeking access to an encrypted transmission would have to demonstrate their need for the key through a process, such as obtaining a search warrant, that ensures the legitimate privacy and security needs of users of encrypted transmissions.
3. DIGITAL SIGNATURES
Mathematical algorithms can also be used to create digital "signatures" that, in effect, place a "seal" on a digitally represented work. Generating a digital signature is referred to as "signing" the work. The algorithms can be implemented through software or hardware, or both. The digital signature serves as means for authenticating the work, both as to the identity of the entity that authenticated or "signed" it and as to the contents of the file that encodes the information that constitutes the work. Thus, by using digital signatures one will be able to identify from whom a particular file originated as well as verify that the contents of that file have not been altered from the contents as originally distributed.
A digital signature is a unique sequence of digits that is computed based on (1) the work being protected, (2) the digital signature algorithm being used, and (3) the key used in digital signature generation. 512 Generating a digital signature uses cryptographic techniques, but is not encryption of the work; the work may remain unencrypted so it can be accessed and used without decryption. In fact, digital signatures and encryption can be used simultaneously to protect works. Generally, a signature is computed for a copyrighted work first and then the work (including the seal) is encrypted. When the work is to be used, the work is decrypted, then the signature (i.e., the seal) is verified to be sure the work has not been modified (either in its original or encrypted form). If the work is never changed, the seal need never be removed or changed. If the work is changed, a new seal must be computed on the revised information.
Typically, the digital signature is incorporated in some manner in the transmission that constitutes the work. Often, the sender will also distribute his public key as well. The signature serves as a "seal" for the work because the seal enables the information to be independently checked for unauthorized modification.513 If the seal is verified (independently computed signature matches the original signature), then the work is a bona fide copy of the original work i.e., nothing has been changed in the file that constitutes the work.
Innovative new techniques are being developed to address security or management driven concerns relating to dissemination and use of digitally-encoded information.
The signature is generated using the binary digits of the work plus the value of the private key as inputs to the computation defined by the algorithm. Thus, the digital signature for an information object is a unique sequence of digits for that work. Specifically, a signature is not the same for different works using the same private key. 513
Anyone who has access to an information object, in addition to having access to the work, also has access to the digital signature for the object. Consequently, the digital signature for the object may be recomputed and used to independently confirm the integrity of the object by comparing it to the digital signature appended to the object.
For example, methods have been developed that can encode digitized information with attributes that cannot be disassociated from the file that contains that information. This field of technology has been termed "steganography" and been conceptually referred to as "digital fingerprinting" or "digital watermarking."
In essence, using steganographic techniques, a party can embed hidden messages in digitized visual or audio data. The embedded information does not degrade or otherwise interfere with the audio or visual quality of the work. Instead, the embedded information can only be detected if specifically sought out.
More advanced steganographic techniques based on statistical or entropically-directed encoding are proving to be difficult to defeat. For example, one system modulates a known noise signal with the information to be embedded and adds the "scaled" signal to the original data. Once encoded in this fashion, the steganographically encoded identification data is distributed throughout the work as subliminal noise and, like noise, cannot be fully eliminated from the work. Thus, one can ensure detection of an embedded message even after substantial corruption of the data, such as might occur through compression/decompression, encoding, alteration or excerpting of the original data. By providing a means to indelibly tag a work with specific information, steganography is likely to play a complementary role to encryption as well as authentication techniques based on digital signatures.
D. CONTROLLING USE OF PROTECTED WORKS
Content providers will rely on a variety of technologies, based in software and hardware, to protect them against unauthorized uses of their information products and services.
One example can be found in the Audio Home Recording Act. This Act requires that manufacturers of
digital audio recording devices and digital audio interface devices incorporate features that limit serial copying." The hardware is programmed to read certain coding information contained in the "digital subcode channel" of digital sound recordings and broadcasts. Based on the information it reads, the hardware circuitry will permit unrestricted copying, permit copying but label the copies it makes with codes to restrict further copying, or disallow copying. The serial copy management system allows unlimited first generation copying -- digital reproduction of originals (such as CDs distributed by record companies), but prevents further digital copying from those reproductions.
Similar systems can be implemented through hardware, software or both, using the concepts discussed above (e.g., rendering software and encryption technology). For example, files containing works can include instructions used solely to govern or control distribution of the work. This information might be placed in the "header" section of a filesió or another part of the file. In conjunction with receiving hardware or software, the information, whether in the header or elsewhere, can be used to limit what can be done with the original or a copy of the file containing the work. It can limit the use of the file to view- or listen-only. It can also limit the number of times the work can be retrieved, opened, duplicated or printed.
See 17 U.S.C. S 1002 (Supp. V 1993). 515
See H.R. REP. No. 102-873(I), 102d Cong., 2d Sess., reprinted in 1992 U.S.C.C.A.N. 3578, 3579-80, 3583 n15. 516
A "header" is a section of a digital work where information, data, codes and permitted uses may be embedded. Such information may actually be embedded anywhere in the work, but for ease of reference, this Report refers to such information as embedded in a header. Terms such as "label" and "wrapper" are also used to refer to what this Report refers to as a "header."
E. MANAGING RIGHTS IN PROTECTED WORKS
Systems for managing rights in works are being contemplated in the development of the NII. These systems will serve the functions of tracking and monitoring uses of copyrighted works as well as licensing of rights and indicating attribution, creation and ownership interests. A combination of file- and system-based access controls using encryption technologies, digital signatures and steganography are, and will continue to be, employed by owners of works to address copyright management
Such security measures must be carefully designed and implemented to ensure that they not only effectively protect the owner's interests in the works but also do not unduly burden use of the work by consumers or compromise their privacy. And measures should be studied to ensure that systems established to serve these functions are not readily defeated.
To implement these rights management functions, information will likely be included in digital versions of a work (i.e., copyright management information) to inform the user about the authorship and ownership of a work (e.g., attribution information) as well as to indicate authorized uses of the work (e.g., permitted use information). For instance, information may be included in an "electronic envelope" containing a work that provides information regarding authorship, copyright ownership, date of creation or last modification, and terms and conditions of authorized uses. As measures for this purpose become incorporated at lower levels (e.g., at the operating system level), such information may become a fundamental component of a file or information object.
Once information such as this is affiliated with a particular information object (e.g., data constituting the work) and readily accessible, users will be able to easily address questions over licensing and use of the work. For example, systems for electronic licensing may be developed based on the attribution or permitted use information