The blog of content protection

Flattr is a new Swedish “social network”. The goal of Flattr is to remunerate the creators of content you like on the Net. Our does it work?
You have to register and define a monthly sum that you will distribute. Once registered, you can add a flattr button on any of your content (blog, videos, pictures, songs…). When a flattr member likes your content, he pushes the corresponding button. Of course, you do the same. At the end of the month, your monthly sum will be equally shared between the contents you liked. The corresponding value will be credited on the account of each content owner you liked. Let’s suppose that your monthly sum is 2€. If you clicked on 10 buttons, each creator will receive 0.2€. If you clicked only once, the happy creator will be granted 2€. If you did not click, the 2€ will be given to a charity.

It is a nice business model. Flattr takes a fee of 10%. It uses a kind of micropayment.

Some potential issues:

• It will only work if there is a network effect. For that, they need to have attractive content in other words get the buy-in of creators
• Attractive content? One of the potential issues is the ownership of a piece of content. How to prove the ownership? How to avoid appropriating copyrighted contents?

Why such cryptic title? Does Sweden not give you a hint? One of the founders is Petter Sunde. Petter Sunde is also one of the founders of The Pirate Bay.

In any case, an interesting initiative to follow up.

In February, I reported about a new concept Digital Personal Property. IEEE is launching a project to develop this DRM, so called Consumer-ownable Digital Personal Property. It is P1817.

The main goal is to mimic the features of a physical good. In other words, if you would be able to enforce the uniqueness of the instance of a digital good, then there would be no serious reason to limit drastically. In other words, you would be able to act like with a physical book. You could lend it, or sell it. In economic terminology, the challenge is to turn a digital good into an excludable good. By nature, digiatl goods are non-rival and non-excludable.

The main technical concept is that the piece of content is encrypted and can be distributed freely. But the decryption key will be

moveable but uncopiable

. Actually, the decryption key, so called playkey, will be double, one in a server repository and the other one for the user. To lend a piece of content, Alice will hand herplaykey to Bob… To return the piece of content,Bob will send back her playkey. Meanwhile, Alice should not have anymore her playkey.

I see several issues with this proposal.

• - There must be only two instances of the playkey (one in a server, and one at the consumer). The technical challenge will be the moveable but uncopiable playkey. One of our Holy Grails. Some enforcements are foreseen.

  Counterfeit Handling
  The playkey banking system facilitates the identification of counterfeited playkeys.
  Playkey pair synchronization occurs, during which the system checks the validity of the playkeys with the issuer and the registrar. There are at least two approaches to handling counterfeits: (1) The consumerʼs player is notified, after which the user interface always highlights the item as counterfeited, and (2) the consumerʼs playkey vault is directed to
  invalidate the device playkey, notify players of its invalid status, and refuse to provide further services for that playkey. The first approach leaves the counterfeit usable, and depends on the social stigma of owning and using forged goods to discourage its further use and encourage reporting of the forgery to vendors and publishers. The second approach prejudges intent and guarantees that the consumer victim pays the price of
  the illegal activity. Either way, there exists the opportunity for vendors or publishers to offer rewards for information leading to the identification of the counterfeiters.

• How to handle the multi format issue? Today, many customers complain about non compatible format protected by DRM content. For instance, if you use different resolution or codec. Take as an example a Blu-Ray disc and a SD file for Windows player. This does not nicely map in the physical world. A book has no incompatibility of format with your eyes. If we would like to push the comparison, the challenge would be to be able to provide the same book but with different languages.

  Currently, the foreseen answer by the industry is the digital rights locker.

Will it succeed? I don’t know. In any case, I will be very interested to study the solution making a digital data structure “moveable but uncopiable”.

Since the seminal work of Paul KOCHER (founder of CRI), side channel attacks have challenged many cryptographers and implementers. In a nutshell, side channel attacks use side information to guess secret keys. A simplified explanation: let’s imagine that your AES implementation takes longer when processing a “1” of the secret key than a “0”, by measuring the processing time you may guess the secret keys (without any intrusion). This is called a timing attack. There are other available side channel pieces of information such as power, electro-magnetic … Side channel attacks are devastating.

There is no standard way to compare the efficiency of different side channel attacks. Under the initiative of Telecom Paris Tech, the DPA contest expects to benchmark these attacks.

The second edition, DPA contest V2, allows different teams to compare their respective Differential Power Analysis attacks (DPA) against an unprotected AES implementation. Results will be presented in one coming crypto conference.

CES period is always interesting time because many initiatives are disclosed or present their progress. In the field of DRM, two interesting news:

Disney starts to unveil more about its KeyChest technology. CNBC presented the following spot.

At the same time, DECE made a press release presenting their latest milestones. In a nutshell, DECE has:

• defined a common file format In the FAQ, it seems that it is compliant with Microsoft’s PIFF,
• selected a company that will host the rights locker,
• and announced that five DRMs will support it (Adobe, Marlin, Microsoft PlayReady, OMA and Widevine

Both KeyChest and DECE use the new concept of rights locker. In very simplistic terms, a rights locker is a database that stores the usage rights that a customer purchased. This database should be shared by content distributors. The promise is that if you purchase one piece of content, it may be played back (if you paid as such) on any of your devices (or at least on the devices compliant with this rights locker) independently of the DRM used by the device. In other words, the usage rights will be linked to a customer rather than to his/her devices.

This is a great progress in electronic content distribution. One of the strongest complains of customers is the lack of interoperability of DRMs. This is an answer.

Without doubt, this blog will come back on the topics of rights locker in the future.

Amazon has filed an interesting patent titled System and method for marking content. The idea is rather simple. Create a dictionary of synonyms. To uniquely mark a piece of textual content, permute a set of defined words by selected synonyms. Of course, the patent explores all the alternatives, but in a nutshell this is the main idea.

For the fun, here is the first claim

1. A system, comprising: a processor; and a memory comprising program instructions, wherein the program instructions are executable by the processor to: receive a request for particular content; extract a copy of the requested particular content from a content collection, wherein the particular content includes textual data; substitute a synonym for each of one or more selected words in the textual data of the copy, wherein to substitute a synonym for each of one or more selected words, the program instructions are further executable by the processor to: access a synonym database comprising a plurality of key words, wherein each key word is associated with one or more synonyms in the synonym database; and select a particular synonym to substitute for a particular selected word in the textual data of the copy from one or more synonyms associated with a key word in the database that matches the particular selected word in the textual data of the copy; and return the copy with the substituted synonyms in response to the request.

Does it work? For watermark, there are typically three parameters to examine:

• • Transparency: There are some issues. First of all, it probably is not applicable to literature. Synonyms are rarely perfect and authors may not accept modifications of their text. Nevertheless, for many texts, and for non-purists, it may be rather transparent. Although I’m not sure that there may not be some readable artifacts.
• • Robustness: It is obvious that it is easy to detect some substitutions. If the content is not protected in integrity, it is rather easy to wash or forge a new marked content. If the purpose is to fight piracy (such as illegal redistribution), it will not work. The hacker will remove the integrity protection and substitute.
• • Payload: This depends of the text’s length and the variety of the used vocabulary.

It is an interesting approach although not robust. In some specific contexts, it may have some interest.

Thanks to JJQ for pointing to this patent.