Skip to main content

Great Idea for Copy Control just doesnt go far enough

Voidstar is on the right track here... PKI is great and secure... the real problem is that the local private key may not be important enough to the user to ensure they dont abuse it by sharing it... my point is, if someone can share their private key in a PKI scheme then its no different to sharing serial numbers... but that got me thinking... what if?
What if private keys were registered or linked to something important like your credit card number... the idea here is that if the cards reported stolen, then the users public key is no longer used for copy control via PKI... maybe an independent authentication service would work here... but also what happens when a user copies their key onto another machine and forgets to remove it after using their software.... its a bit of a conundrum but worth a brainstorming session at the Uniloc labs I bet...
clipped from www.voidstar.com
I'm not sure I should suggest this to anyone but I can't be the first to see
this. There is a way for DRM to work and to be effectively unbreakable. Use PKI.
But it relies on the customer having a unique key pair. The provider encrypts
the content using the customer's unique public key. The content is then
decrypted with the customer's secret key. This could be encapsulated in the
player software (iTunes say) and made pretty much transparent. On installation
the player software would report it's newly generated public key back to the
provider who would then use it when the provider created the file for download.
In addition the encoded file could be signed by the provider and the signature
checked against the Provider's public key.

Comments

  1. AnonymousMarch 18, 2007 at 7:17 PM

    W00t. Somebody reads me. The question is what are you trying to prevent with DRM? The DRM providers want complete control. But you can't control a secret you've handed to someone else, or the decrypted version they've used the secret to create.

    But I still think there's something in here with a combination of an always connected machine and PKI that goes some of the way to providing some protection.

    But then I've been thinking about this stuff off and on since trying to copy protect high priced commercial software back in the early 90s and still haven't found or seen an answer.

    ReplyDelete

Post a Comment

Please feel free to contribute. Comments are moderated for fairness and language.

Real Time Web Analytics