|  03-25-2008, 03:37 PM | #1 | 
| Actively passive.            Posts: 2,042 Karma: 478376 Join Date: Feb 2008 Location: US Device: Sony PRS-505/LC | 
				
				Public Key Cryptography
			 
			
			In several of the DRM / Piracy threads, I've mentioned the idea of using Public Key Cryptography as a system for allowing unlimited personal use of purchased media without shackling that use to a particular format or device. The result has been a resounding brief silence, and then the resumption of the thread with ideas like watermarking or embedded chid-porn tracking viruses... umm, ok... what's wrong with using a system that already works? I'm no expert, but the central idea behind public key cryptography is that your key comes in two parts, a public part you share, and a private part you keep private. It's just a big number, so Core Concept #1: You can store your key anywhere you like, such as on an SD card or USB device. To purchase a book, the book seller would encrypt your personal copy of your book with your PUBLIC key, which you can "give" them as part of the transaction. This could be completely automated. To read the book, decrypt it with your private key. Again, all this can be automated, and has been, in several systems (email, https, WiFi, etc.) Core Concept #2: Nothing in this scheme ties you to a specific device. What if I lose my key? Most key's are generated via a seed value, such as a simple password. For example WEP encryption on WiFi routers use a seed value. That's why you can have several different computers on your home WiFi network, but exclude all of your neighbors. If you lose your key, you can regenerate it (usually). This seems like a perfect way to sell individual, unique copies of books, without limiting the buyer to specific devices or number of devices. Keep your library of encrypted books anywhere you like, on a PC, on an SD card, on an e-book reader. Keep your key on an SD card. Combine the two, read your books. What am I missing? Last edited by Taylor514ce; 03-25-2008 at 03:44 PM. | 
|   |   | 
|  03-25-2008, 03:40 PM | #2 | 
| creator of calibre            Posts: 45,598 Karma: 28548962 Join Date: Oct 2006 Location: Mumbai, India Device: Various | 
			
			It's too convenient   But seriously, as far as automation is concerned, you can require users to upload a public key to some open public key server. Also, it will require a little more in the way of effort on the booksellers part as well as at the users part (giving your private key to reader software). | 
|   |   | 
|  03-25-2008, 03:47 PM | #3 | 
| Actively passive.            Posts: 2,042 Karma: 478376 Join Date: Feb 2008 Location: US Device: Sony PRS-505/LC | 
			
			In the world I imagine, you simply store your key on an SD. E-book storefronts and reader software all ask for your key, which you provide simply by inserting your SD. Nothing prevents the key exchange from being completely automated, as it already has been in several different systems. Your browser automatically performs key exchange and decryption whenever you visit a secure web site. It's invisible to the user. As you point out, a lot of the infrastructure is already there via public key servers, web storefront software, and email programs. Last edited by Taylor514ce; 03-25-2008 at 03:50 PM. | 
|   |   | 
|  03-25-2008, 03:57 PM | #4 | 
| Connoisseur        Posts: 55 Karma: 773 Join Date: Apr 2007 Location: Ottawa Canada Device: Sony Reader | 
			
			One of the problems with your "key" solution is that you have to purchase the use of a "key" for usually periods of one or more years. If you forget to renew your key, you are in a world of hurt. I really do not know how they handle re-issuing an expired key? Could this cause you to not be able to decode your encrypted books?
		 | 
|   |   | 
|  03-25-2008, 04:03 PM | #5 | 
| Actively passive.            Posts: 2,042 Karma: 478376 Join Date: Feb 2008 Location: US Device: Sony PRS-505/LC | 
			
			You're referring to existing implementations of public key cryptography for other uses. There's no reason to require keys to expire.
		 | 
|   |   | 
|  03-25-2008, 04:11 PM | #6 | 
| Grand Sorcerer            Posts: 8,478 Karma: 5171130 Join Date: Jan 2006 Device: none | 
			
			A system like this can be convenient, as long as it doesn't require you to keep different keys for every different application... you could end up with dozens of keys to keep track of!   If you can keep it down to 1 key, even one that can be generated from an easily-remembered password (like WEP), it's not so bad. All of your devices have that key loaded onto them (only 1-2 keys at a time), and every digital file you purchase has that key embedded into it when you buy it (and that key only has to be embedded, so the vendor does not have to save it). Speaking as a consumer, I wouldn't have a problem with this system. Speaking as a vendor, I wouldn't have a problem with it. The catch is, can you get every hardware and software vendor to agree to the same protocol? | 
|   |   | 
|  03-25-2008, 04:15 PM | #7 | 
| Grand Sorcerer            Posts: 8,478 Karma: 5171130 Join Date: Jan 2006 Device: none | 
			
			The only other thing about these keys is, if they can be removed from the file (and they probably can), the file can still be illegally copied and disseminated.  Without the key, the file can't be traced to whomever sent it out illegally.  So it doesn't solve the pirating problem.
		 | 
|   |   | 
|  03-25-2008, 04:21 PM | #8 | 
| Actively passive.            Posts: 2,042 Karma: 478376 Join Date: Feb 2008 Location: US Device: Sony PRS-505/LC | 
			
			Steve, You miss the point. You don't have to keep track of the key. You remember your seed value, a password, albeit a good one. You purchase an e-book reader or install reader software. You are prompted for your password as part of the install. The software generates your key and STORES it. When you purchase a book, you'll likely do it via a device or reader software (why have a separate storefront?). The purchase encrypts your book with your key, automatically. All you have to do is complete the transaction and start reading. The protocols for public key cryptography are already established. I would suggest that every online vendor already uses it. It isn't foolproof. For example, someone could decrypt all of their books outside of the reader application, and create and distribute plain-text copies. You'd have to read them with a text editor, browser, or a black market reader application that didn't require a key. I think we all acknowledge that piracy won't go away, we also acknowledge that DRM doesn't prevent it, so as a solution to a problem, it's a failure. The problem with DRM is that it ties you to a DEVICE and FORMAT, whereas encryption does not: you're only tied to a number. When you enter the mindset of trying to "solve the pirate problem" you are doomed to fail. I'm not trying to solve the pirate problem, it can't be solved in any manner that would still allow commerce. Cryptography solves the legitimate problem of "how can I take reasonable efforts to protect the commercial value of intellectual property without shackling the end-user to a specific device or resorting to nebulous legal concepts such as 'licensing'." [EDIT] Steve, the key isn't simply added to the file and thus easily removed. The file is encrypted using the key... the bytes are complete reorganized/scrambled into a new order that can only be unscrambled by running an algorithm with it (the file) plus your private key as variables. Last edited by Taylor514ce; 03-26-2008 at 06:27 PM. Reason: Corrected Typo... | 
|   |   | 
|  03-25-2008, 04:39 PM | #9 | 
| Grand Sorcerer            Posts: 8,478 Karma: 5171130 Join Date: Jan 2006 Device: none | 
			
			No, no, I did get the point.  I agree with your description of how it can be applied.  My only concern is that it won't stop piracy, any more than any other form of DRM that has been discussed elsewhere on these forums.   DRM's tying people to specific devices is actually a side-effect of the actual intent, which is to prevent illegal sharing... which DRM doesn't do well. Encryption may make it easier for the user to specify as many devices as he owns to read a file, but it still doesn't prevent illegal sharing well (because, as you pointed out, the encryption can still be removed). If it won't do the real job, which is to prevent illegal sharing... if it's essentially no better than writing your name on the inside of a book's cover, in pencil... then I'm not sure why it should be used. Yes, it's more flexible than many other DRM systems, but beyond that, it has little impact. I do agree, though, that it probably will placate many consumers who do not like the present "lose a device, lose all my content" DRM systems... it does have that going for it. If vendors insist on some form of DRM, it might as well be encryption-key-based, to make it more palatable. | 
|   |   | 
|  03-25-2008, 05:00 PM | #10 | 
| Actively passive.            Posts: 2,042 Karma: 478376 Join Date: Feb 2008 Location: US Device: Sony PRS-505/LC | 
			
			You have a slightly rose-colored vision of the intent of DRM, I think. DRM doesn't prevent illegal sharing AT ALL. It only restricts honest consumers willing to keep the DRM intact to a particular device or set of devices. Why would a hardware vendor like Sony wish to restrict purchased content to their device? Hmmm. I can think of a reason that has nothing to do with piracy. You're still thinking in terms of "stopping piracy". Sorry, but since that's impossible, it isn't what I'm trying to address. I'm talking about a way of ensuring secure transations, protecting my own rights to my purchases, and giving publishers and vendors a reasonable degree of protection. The system that has worked for the software industry is a good model, I think. | 
|   |   | 
|  03-25-2008, 05:03 PM | #11 | |
| creator of calibre            Posts: 45,598 Karma: 28548962 Join Date: Oct 2006 Location: Mumbai, India Device: Various | Quote: 
 | |
|   |   | 
|  03-25-2008, 05:17 PM | #12 | |
| Hermit            Posts: 192 Karma: 9425 Join Date: Oct 2006 Device: Kindle Keyboard, Kobo Glo | Quote: 
 Unfortunately, no. The idea that leakage will occur, and it's absolutely impossible to prevent, is what freaks out the people who want to control everything. To them, good enough is not good enough. | |
|   |   | 
|  03-25-2008, 05:25 PM | #13 | 
| speaking for myself            Posts: 139 Karma: 2166 Join Date: Feb 2008 Location: San Francisco Bay Area Device: PRS-505 | 
			
			There are DRM systems that work roughly as you describe, although there are more pieces that are needed for a practical solution (for instance, number of the devices has to be limited in some way).
		 | 
|   |   | 
|  03-25-2008, 05:33 PM | #14 | 
| Actively passive.            Posts: 2,042 Karma: 478376 Join Date: Feb 2008 Location: US Device: Sony PRS-505/LC | |
|   |   | 
|  03-25-2008, 05:42 PM | #15 | |
| speaking for myself            Posts: 139 Karma: 2166 Join Date: Feb 2008 Location: San Francisco Bay Area Device: PRS-505 | Quote: 
 DRM is an evolving area, but many people would say that a hight quality DRM system would stay out of the way as much as possible as long as what is being done with the content corresponds to the content's license. | |
|   |   | 
|  | 
| Thread Tools | Search this Thread | 
| 
 | 
|  Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post | 
| Shorty key on my K3 | pen_sq | Amazon Kindle | 1 | 09-04-2010 12:34 PM | 
| What in the world is a key file? | surrealmind | IMP | 2 | 04-08-2010 12:21 AM | 
| Unutterably Silly The key to understanding Texans | Nate the great | Lounge | 84 | 08-14-2009 10:51 AM | 
| access key | RandallFlagg | Calibre | 4 | 03-25-2009 11:50 AM | 
| Free Cryptography book by MIT Press | Colin Dunstan | Deals and Resources (No Self-Promotion or Affiliate Links) | 3 | 10-06-2004 09:47 AM |