Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book General > News

Notices

Reply
 
Thread Tools Search this Thread
Old 03-25-2008, 03:37 PM   #1
Taylor514ce
Actively passive.
Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.
 
Taylor514ce's Avatar
 
Posts: 2,042
Karma: 478376
Join Date: Feb 2008
Location: US
Device: Sony PRS-505/LC
Public Key Cryptography

In several of the DRM / Piracy threads, I've mentioned the idea of using Public Key Cryptography as a system for allowing unlimited personal use of purchased media without shackling that use to a particular format or device.

The result has been a resounding brief silence, and then the resumption of the thread with ideas like watermarking or embedded chid-porn tracking viruses... umm, ok... what's wrong with using a system that already works?

I'm no expert, but the central idea behind public key cryptography is that your key comes in two parts, a public part you share, and a private part you keep private. It's just a big number, so

Core Concept #1: You can store your key anywhere you like, such as on an SD card or USB device.

To purchase a book, the book seller would encrypt your personal copy of your book with your PUBLIC key, which you can "give" them as part of the transaction. This could be completely automated. To read the book, decrypt it with your private key. Again, all this can be automated, and has been, in several systems (email, https, WiFi, etc.)

Core Concept #2: Nothing in this scheme ties you to a specific device.

What if I lose my key? Most key's are generated via a seed value, such as a simple password. For example WEP encryption on WiFi routers use a seed value. That's why you can have several different computers on your home WiFi network, but exclude all of your neighbors. If you lose your key, you can regenerate it (usually).

This seems like a perfect way to sell individual, unique copies of books, without limiting the buyer to specific devices or number of devices.

Keep your library of encrypted books anywhere you like, on a PC, on an SD card, on an e-book reader. Keep your key on an SD card. Combine the two, read your books.

What am I missing?

Last edited by Taylor514ce; 03-25-2008 at 03:44 PM.
Taylor514ce is offline   Reply With Quote
Old 03-25-2008, 03:40 PM   #2
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 45,594
Karma: 28548962
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
It's too convenient

But seriously, as far as automation is concerned, you can require users to upload a public key to some open public key server.

Also, it will require a little more in the way of effort on the booksellers part as well as at the users part (giving your private key to reader software).
kovidgoyal is offline   Reply With Quote
Old 03-25-2008, 03:47 PM   #3
Taylor514ce
Actively passive.
Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.
 
Taylor514ce's Avatar
 
Posts: 2,042
Karma: 478376
Join Date: Feb 2008
Location: US
Device: Sony PRS-505/LC
In the world I imagine, you simply store your key on an SD. E-book storefronts and reader software all ask for your key, which you provide simply by inserting your SD.

Nothing prevents the key exchange from being completely automated, as it already has been in several different systems. Your browser automatically performs key exchange and decryption whenever you visit a secure web site. It's invisible to the user.

As you point out, a lot of the infrastructure is already there via public key servers, web storefront software, and email programs.

Last edited by Taylor514ce; 03-25-2008 at 03:50 PM.
Taylor514ce is offline   Reply With Quote
Old 03-25-2008, 03:57 PM   #4
BruceW
Connoisseur
BruceW has learned how to read e-booksBruceW has learned how to read e-booksBruceW has learned how to read e-booksBruceW has learned how to read e-booksBruceW has learned how to read e-booksBruceW has learned how to read e-booksBruceW has learned how to read e-books
 
BruceW's Avatar
 
Posts: 55
Karma: 773
Join Date: Apr 2007
Location: Ottawa Canada
Device: Sony Reader
One of the problems with your "key" solution is that you have to purchase the use of a "key" for usually periods of one or more years. If you forget to renew your key, you are in a world of hurt. I really do not know how they handle re-issuing an expired key? Could this cause you to not be able to decode your encrypted books?
BruceW is offline   Reply With Quote
Old 03-25-2008, 04:03 PM   #5
Taylor514ce
Actively passive.
Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.
 
Taylor514ce's Avatar
 
Posts: 2,042
Karma: 478376
Join Date: Feb 2008
Location: US
Device: Sony PRS-505/LC
You're referring to existing implementations of public key cryptography for other uses. There's no reason to require keys to expire.
Taylor514ce is offline   Reply With Quote
Old 03-25-2008, 04:11 PM   #6
Steven Lyle Jordan
Grand Sorcerer
Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.
 
Steven Lyle Jordan's Avatar
 
Posts: 8,478
Karma: 5171130
Join Date: Jan 2006
Device: none
A system like this can be convenient, as long as it doesn't require you to keep different keys for every different application... you could end up with dozens of keys to keep track of!

If you can keep it down to 1 key, even one that can be generated from an easily-remembered password (like WEP), it's not so bad. All of your devices have that key loaded onto them (only 1-2 keys at a time), and every digital file you purchase has that key embedded into it when you buy it (and that key only has to be embedded, so the vendor does not have to save it).

Speaking as a consumer, I wouldn't have a problem with this system. Speaking as a vendor, I wouldn't have a problem with it. The catch is, can you get every hardware and software vendor to agree to the same protocol?
Steven Lyle Jordan is offline   Reply With Quote
Old 03-25-2008, 04:15 PM   #7
Steven Lyle Jordan
Grand Sorcerer
Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.
 
Steven Lyle Jordan's Avatar
 
Posts: 8,478
Karma: 5171130
Join Date: Jan 2006
Device: none
The only other thing about these keys is, if they can be removed from the file (and they probably can), the file can still be illegally copied and disseminated. Without the key, the file can't be traced to whomever sent it out illegally. So it doesn't solve the pirating problem.
Steven Lyle Jordan is offline   Reply With Quote
Old 03-25-2008, 04:21 PM   #8
Taylor514ce
Actively passive.
Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.
 
Taylor514ce's Avatar
 
Posts: 2,042
Karma: 478376
Join Date: Feb 2008
Location: US
Device: Sony PRS-505/LC
Steve,

You miss the point. You don't have to keep track of the key. You remember your seed value, a password, albeit a good one.

You purchase an e-book reader or install reader software. You are prompted for your password as part of the install. The software generates your key and STORES it.

When you purchase a book, you'll likely do it via a device or reader software (why have a separate storefront?). The purchase encrypts your book with your key, automatically. All you have to do is complete the transaction and start reading.

The protocols for public key cryptography are already established. I would suggest that every online vendor already uses it.

It isn't foolproof. For example, someone could decrypt all of their books outside of the reader application, and create and distribute plain-text copies. You'd have to read them with a text editor, browser, or a black market reader application that didn't require a key.

I think we all acknowledge that piracy won't go away, we also acknowledge that DRM doesn't prevent it, so as a solution to a problem, it's a failure. The problem with DRM is that it ties you to a DEVICE and FORMAT, whereas encryption does not: you're only tied to a number.

When you enter the mindset of trying to "solve the pirate problem" you are doomed to fail. I'm not trying to solve the pirate problem, it can't be solved in any manner that would still allow commerce.

Cryptography solves the legitimate problem of "how can I take reasonable efforts to protect the commercial value of intellectual property without shackling the end-user to a specific device or resorting to nebulous legal concepts such as 'licensing'."

[EDIT] Steve, the key isn't simply added to the file and thus easily removed. The file is encrypted using the key... the bytes are complete reorganized/scrambled into a new order that can only be unscrambled by running an algorithm with it (the file) plus your private key as variables.

Last edited by Taylor514ce; 03-26-2008 at 06:27 PM. Reason: Corrected Typo...
Taylor514ce is offline   Reply With Quote
Old 03-25-2008, 04:39 PM   #9
Steven Lyle Jordan
Grand Sorcerer
Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.Steven Lyle Jordan ought to be getting tired of karma fortunes by now.
 
Steven Lyle Jordan's Avatar
 
Posts: 8,478
Karma: 5171130
Join Date: Jan 2006
Device: none
Quote:
Originally Posted by Taylor514ce View Post
Steve,

You miss the point...
No, no, I did get the point. I agree with your description of how it can be applied. My only concern is that it won't stop piracy, any more than any other form of DRM that has been discussed elsewhere on these forums.

DRM's tying people to specific devices is actually a side-effect of the actual intent, which is to prevent illegal sharing... which DRM doesn't do well. Encryption may make it easier for the user to specify as many devices as he owns to read a file, but it still doesn't prevent illegal sharing well (because, as you pointed out, the encryption can still be removed).

If it won't do the real job, which is to prevent illegal sharing... if it's essentially no better than writing your name on the inside of a book's cover, in pencil... then I'm not sure why it should be used. Yes, it's more flexible than many other DRM systems, but beyond that, it has little impact.

I do agree, though, that it probably will placate many consumers who do not like the present "lose a device, lose all my content" DRM systems... it does have that going for it. If vendors insist on some form of DRM, it might as well be encryption-key-based, to make it more palatable.
Steven Lyle Jordan is offline   Reply With Quote
Old 03-25-2008, 05:00 PM   #10
Taylor514ce
Actively passive.
Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.
 
Taylor514ce's Avatar
 
Posts: 2,042
Karma: 478376
Join Date: Feb 2008
Location: US
Device: Sony PRS-505/LC
You have a slightly rose-colored vision of the intent of DRM, I think. DRM doesn't prevent illegal sharing AT ALL. It only restricts honest consumers willing to keep the DRM intact to a particular device or set of devices. Why would a hardware vendor like Sony wish to restrict purchased content to their device? Hmmm. I can think of a reason that has nothing to do with piracy.

You're still thinking in terms of "stopping piracy". Sorry, but since that's impossible, it isn't what I'm trying to address. I'm talking about a way of ensuring secure transations, protecting my own rights to my purchases, and giving publishers and vendors a reasonable degree of protection.

The system that has worked for the software industry is a good model, I think.
Taylor514ce is offline   Reply With Quote
Old 03-25-2008, 05:03 PM   #11
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 45,594
Karma: 28548962
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
Quote:
Originally Posted by Steve Jordan View Post
If it won't do the real job, which is to prevent illegal sharing... if it's essentially no better than writing your name on the inside of a book's cover, in pencil... then I'm not sure why it should be used. Yes, it's more flexible than many other DRM systems, but beyond that, it has little impact.
Just to be clear, there cannot be a technological solution to the problem of preventing illegal file sharing.
kovidgoyal is offline   Reply With Quote
Old 03-25-2008, 05:17 PM   #12
Jadon
Hermit
Jadon can eat soup with a fork.Jadon can eat soup with a fork.Jadon can eat soup with a fork.Jadon can eat soup with a fork.Jadon can eat soup with a fork.Jadon can eat soup with a fork.Jadon can eat soup with a fork.Jadon can eat soup with a fork.Jadon can eat soup with a fork.Jadon can eat soup with a fork.Jadon can eat soup with a fork.
 
Posts: 192
Karma: 9425
Join Date: Oct 2006
Device: Kindle Keyboard, Kobo Glo
Quote:
Originally Posted by Taylor514ce View Post
It isn't foolproof. For example, someone could decrypt all of their books outside of the reader application, and create and distribute plain-text copies. You'd have to read them with a text editor, browser, or a black market reader application that didn't require a key.
As long as a "black market reader application" was possible, it's not likely the vendors would buy into the system. Short of Vernor Vinge's "Secure Hardware Environment," where copyright control and government access is universally mandated and built into every chip, it seems impossible to prevent.
Quote:
Originally Posted by Taylor514ce View Post
I think we all acknowledge that piracy won't go away
Unfortunately, no. The idea that leakage will occur, and it's absolutely impossible to prevent, is what freaks out the people who want to control everything. To them, good enough is not good enough.
Jadon is offline   Reply With Quote
Old 03-25-2008, 05:25 PM   #13
Peter Sorotokin
speaking for myself
Peter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it is
 
Posts: 139
Karma: 2166
Join Date: Feb 2008
Location: San Francisco Bay Area
Device: PRS-505
Quote:
Originally Posted by Taylor514ce View Post
In several of the DRM / Piracy threads, I've mentioned the idea of using Public Key Cryptography as a system for allowing unlimited personal use of purchased media without shackling that use to a particular format or device.

(snip)

What am I missing?
There are DRM systems that work roughly as you describe, although there are more pieces that are needed for a practical solution (for instance, number of the devices has to be limited in some way).
Peter Sorotokin is offline   Reply With Quote
Old 03-25-2008, 05:33 PM   #14
Taylor514ce
Actively passive.
Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.Taylor514ce ought to be getting tired of karma fortunes by now.
 
Taylor514ce's Avatar
 
Posts: 2,042
Karma: 478376
Join Date: Feb 2008
Location: US
Device: Sony PRS-505/LC
Quote:
Originally Posted by Peter Sorotokin View Post
There are DRM systems that work roughly as you describe, although there are more pieces that are needed for a practical solution (for instance, number of the devices has to be limited in some way).
Please to explain why?
Taylor514ce is offline   Reply With Quote
Old 03-25-2008, 05:42 PM   #15
Peter Sorotokin
speaking for myself
Peter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it isPeter Sorotokin knows what time it is
 
Posts: 139
Karma: 2166
Join Date: Feb 2008
Location: San Francisco Bay Area
Device: PRS-505
Quote:
Originally Posted by Steve Jordan View Post
DRM's tying people to specific devices is actually a side-effect of the actual intent, which is to prevent illegal sharing... which DRM doesn't do well. Encryption may make it easier for the user to specify as many devices as he owns to read a file, but it still doesn't prevent illegal sharing well (because, as you pointed out, the encryption can still be removed).
DRM intent is to get content owners to make as much of their content available in electronic form as possible without inconveniencing users too much. If you are a DRM vendor, ultimately you have to convince copyright holder to distribute his content.

DRM is an evolving area, but many people would say that a hight quality DRM system would stay out of the way as much as possible as long as what is being done with the content corresponds to the content's license.
Peter Sorotokin is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Shorty key on my K3 pen_sq Amazon Kindle 1 09-04-2010 12:34 PM
What in the world is a key file? surrealmind IMP 2 04-08-2010 12:21 AM
Unutterably Silly The key to understanding Texans Nate the great Lounge 84 08-14-2009 10:51 AM
access key RandallFlagg Calibre 4 03-25-2009 11:50 AM
Free Cryptography book by MIT Press Colin Dunstan Deals and Resources (No Self-Promotion or Affiliate Links) 3 10-06-2004 09:47 AM


All times are GMT -4. The time now is 02:32 PM.


MobileRead.com is a privately owned, operated and funded community.