[Paper Overview] [DRM-Workshop Homepage]

Panthéon-Assas - Position Paper

Digital Rights Infrastructures

Michel de Rougemont, mdr@lri.fr
University Paris II Panthéon-Assas

1. Position

The management of digital rights requires a large scale infrastructure which can authenticate the origin of files for a client and trace files to prove their origins for a server or a copyright authority. The first problem is also addressed in the context of Public-Key Infrastructures, when documents need to be authenticated. The public keys are recorded and certificates (for example {AZ98}) are issued to validate their authentication. The infrastructure is hierarchical with Verisign {Ver00}, a complete graph in the case of PGP {Zim95} and mixed solutions can also be found. The need of insurances for certificates has recently appeared as Insurance Certificates written [Z, K, a] assert that K is insured by Z for up to a dollars.

The second problem can be addressed with the current watermarking technologies but there is no large-scale infrastructure which would play the role of a Copyright Authority.

We propose the generalization of the PKI techniques to encompass a Copyright Authority, the development of insurance policies for public-keys, certificates and watermarks. The next two sections describe some of the desirable goals for Watermarking and for the management of PKIs.

2. Watermarking

A standard technique for JPEG images is described in {CKLS97}, whereas the SDMI technique {Ini00} applies to music files. Another more elaborate technique presented in {QP99} marks the function realized by a program (and not the code of the program). These techniques generate marking keys associated with an author. This information should be recorded by a Copyright Authority built around a Copyright Certification Authority and a Copyright recording Authority, managed as public keys are.

The marking techniques need many improvements. In particular one should be able to mark certain sections of the files and not the whole file. In the case of a program producing many outputs f1,...,fk, only some of these values should be marked.

There should be degrees of marking as there are security levels. The marking level would directly influence the insurance policies against illegal copies.

3. Keys Infrastructure

The generation of certificates concern public-keys but also digital ID's for programs. It could include copyright marks with the same technique within a new Copyright Authority. It is however important to develop insurance techniques for both keys, certificates and trademarks, and this remains a research problem.

The central issues remain the litigation criteria, a set of rules defining "Copyright infringements" and "illegal copies", i.e. the definition of digital rights. The World Intellectual Property Organization (www.wipo.org) defines these concepts within States Organizations but a new technical setting is needed to go further.

References:

• [AZ98]C. Adams and R. Zuccherato. Internet x.509 public key infrastructure data certification server protocols. Internet Draft, PKIZ Working Group, 1998.
• [CKLS97] I. Cox, J. Kilian, T. Leighton, and T. Shamoon. Secure spread spectrum watermarking for multimedia. IEEE transactions on Image Processing, (6):1673--1687, 1997.
• [Ini00] Secure Digital Music Initiative. http://www.verisign.com/netsure. 2000.
• [QP99] Gang Qu and M. Potkonjak. Hiding signatures in graph coloring solutions. Unformation Hiding, pages 348--367, 1999.
• [Ver00] Verisign. http://www.verisign.com/netsure. 2000.
• [Zim95] P. Zimmermann. The official pgp user's guide. MIT Press, 1995.