`
`I D Bramhill and M R C Sims
`
`The act of breaching copyright is probably the most common civil offence, and is often not considered as being unlaHful by
`the pe1petrator. The revenue that is lost by a copyright owner when illegal copying takes place can be significant. Losses
`may become unacceptably large in the future given the expected explosion of computerised, multimedia services. This paper
`discusses the problems copyright owners face when flying to maintain cost-effective control of their copyright in a digital
`age. It then proposes an initial model of a softyvare-based system that provides copyright protection of multimedia
`i1~{ormation when delivered by Internet-based services.
`
`1.
`
`Introduction
`
`A uthors and artists have certain tights when
`
`they
`produce a work-of-art- these rights are automatically
`assigned to them and no registration is needed. These
`include copy rights. When a copy of a work-of-art is made
`some fee can lawfully be claimed by the author for its use. If
`an author' finds evidence that someone is making copies of
`his work-of-art without permission he can take the infringer
`to a cou11 of law and reclaim lost revenue. Authors would
`naturally like to maximise the amount of revenue that
`comes to them from others making copies of their work-of(cid:173)
`art with a minimum amount of effort on their own part.
`Copyright infringement is a civil offence and so the onus is
`on the author to protect his work-of-art. Traditionally this
`has been easy due to the physical nature of works-of-art -
`generally it costs Jess and is more desirable to buy a high(cid:173)
`quality copy of a book from a store than to make an illegal
`copy. Due to the increase in electronic distibution of
`infotmation and the reduction in cost of storage of such
`information, copyright infringement is increasing. New
`mechanisms are needed to ensure that authors preserve their
`revenue stream.
`
`1.1
`
`Copyright and copy protection
`
`Data that is in the digital domain can be reproduced,
`error free, with as little effort as a 'drag-and-drop' operation
`using a graphical user inteiface. If the same process is
`repeated on the first generation copy the result is a perfect
`second- generation copy. An equivalent process in the
`analogue domain would be to repeatedly use a photocopier
`on its own output, but this results in a rapid reduction in
`quality after a small number of copy generations. When we
`1 The author/owner/user, depicted as male throughout thi s paper, could
`equally be female.
`
`work in the digital domain we have the ability to pass on a
`peifect copy to anyone, anywhere in the world .
`
`The great benefit for a recipient of digital data is the
`increase in quality of the copy that he receives. Some of the
`benefits for the sender are that he can provide a better
`service, to more people, in Jess time, and at a fraction of the
`cost. Because the material is in digital form there is Jess
`physical protection available for it and so copyright owners2
`have lost some of the control they once had. This reduces
`that
`they can collect. The
`the amount of revenue
`international Jaws for copyright give the owner the right to
`make a charge for the supply of a copy of an original work(cid:173)
`of-art. Therefore owners want to encourage copies to be
`made of their work-of-art
`to
`increase
`their revenue.
`Copyright owners also want to be able to control the copies
`once they have been made in order to protect future
`revenue. A copy protection system provides them with a
`method of controlling copies, it does not attempt to
`prevent copies from being made, because this is not
`possible.
`
`Being unable to prevent a copy from being made would
`not be a problem if one could detect the act of copying. If
`this were the case, then copyright owners could still collect
`revenue when their works-of-art are used.
`
`Unfortunately it is not feasible to detect the act of
`making a copy when it matters, that is, when combating
`organised piracy. For example, the digital information to be
`
`2 Copyright owner: a person, or organisation, that owns the copyright for a
`work-of-art (whi ch can be a piece of text, music, painting, film ). The
`copyright owner can be someone other than the author of a work-of-art,
`e.g. Michael Jackson is the owner of the copyright of many works-of-art
`of which Lennon and McCartney are the authors. Sometimes thi s paper
`shortens the term 'copyright owner' to just 'owner' .
`
`63
`
`BT Techno! J Vol 15 No 2 Apri l 1997
`
`NETAPP ET AL. EXHIBIT 1007
`Page 1 of 17
`
`
`
`COPYRIGHT IN A DIGITAL AGE
`
`copied can always be put into a computer that is not
`that has no kind of
`connected to any network, and
`communications capability. Although the initial recovery of
`the information can be detected and charged for, once put
`into the pirate computer the process of making multiple
`copies cannot be detected.
`
`1. 2
`
`The impact of new technology
`
`Copyright-protected material is starting to be provided
`by many new delivery methods; this makes it susceptible to
`new threats. An example of such a new delivery method is
`Digital Video Disc (DVD) which had its world market
`launch delayed by concern over copyright issues:
`
`•
`
`•
`
`' .. the studios have said .. . that no titles will be released
`until all the outstanding copy protection issues have
`been resolved to the satisfaction of all parties ' [I] ,
`
`' .. everyone agrees that copy protection is the most
`visible
`issue. The movie industry has steadfastly
`upheld their intention to withhold publishing titles until
`they are convinced there is an acceptable means for
`protecting their assets from being copied. The method
`of copy protection used, they insist, must also be
`applied to computers . Therein lies the problem.' [2].
`
`The DVD format allows 133 minutes of broadcast
`quality video and sound to be held on a disc that has the
`same physical dimensions as a music CD (compact disc).
`DVD is sometimes called Digital Versatile Disc because it
`can carry any information, not just video. It is therefore
`expected
`to be of significant
`interest
`to computer
`manufacturers who see it as providing a step change in the
`capacities available with CD-Read Only Memory (CD(cid:173)
`ROM) giving DVD-ROM.
`
`Initial capacity for a DVD-ROM wi ll be 4.7 gigabytes,
`rising to a capacity of 17 gigabytes for double sided, dual(cid:173)
`layer technology. It is expected that DVD-recordable drives
`will soon appear. A date of mid-1997 is currently predicted
`[3] and machine prices, when driven by a powerful
`computer industry, will quickly fall to be similar to that of
`CD-recordable drives
`(currently found
`for
`less
`than
`US$2000). It can therefore be seen that perfect copies of
`works in wh ich the film industry have literally invested
`billions of American dollars, will now be available as
`source material for 'professional' and ' home' pirating using
`personal computers.
`
`1.3 DVD protection
`
`The agreed industry-wide mechanism for the protection
`of copyright in the DVD system comprises a number of
`techniques as described below.
`
`64
`
`BT Techno! J Vol IS No 2 April 1997
`
`Each DVD player and disc pressing will be suppl ied
`with one of six regional codes, this will ensure that a disc
`that is released in North America will not function on a
`DVD player that is bought in Europe.
`
`Some of the digital information will be protected using a
`process called encryption3 . The specific implementation
`will be
`licensed by a governing body so
`that
`the
`manufacture of DVD players can be controlled . The movie
`soundtrack and imagery will be encrypted as two separate
`streams of information (see Fig 1). The DVD player uses its
`licensed technology to access information on the di sc that
`tells it how to decrypt the streams.
`
`II...__,.,------~ >
`sound >
`video >
`
`~===::
`
`' - - - - - - - - " '
`
`DECRYPT
`
`Fig I DVD protection.
`
`A DVD player will not have connectors that give access
`to the decrypted digital information. The analogue video
`signal that is output wi ll be protected by a technique owned
`by a company called Macrovision. This technique causes
`recorded video quality to be reduced .
`
`It is hoped that laws will be imposed to make it illegal to
`sell or possess technology that tries to circumvent the
`copyright protection mechanism for the DVD system. An
`alternative approach is for industry to also design the
`circumvention technology and to patent it. This approach
`has
`the benefit
`that someone building and
`selling
`circumvention technology can be sued for patent violation
`in
`and
`this
`is more easily achieved
`internationally
`comparison to proving copyright violation.
`
`1.4
`
`Identifying requirements
`
`In the DVD example requirements for the copyright
`protection mechanism came from the owners identifying the
`environment in which the work is going to be used . The
`environment is that of traditional retail distribution, selling
`physical
`items
`to anonymous customers. This paper
`considers a different environment having its own require(cid:173)
`ments and which possibly poses the greatest challenge to
`
`3 Encryption is a process that is part of an area called cryptography. We
`make reference to these areas many times in thi s paper and so will give a
`definition of some of the terms; greater depth of the subject can be found
`' A cipher is a secret method of writing, whereby
`in Phoenix 14].
`plaintex t. .. is transformed into ciphertex t. The process of transformin g
`plaintex t into ciphertex t is call ed ... encrypt ion ; the reverse process ... is
`called ... decryption. Both e ncryption and decryption are controlled by a
`cryptographic key.' [5].
`
`NETAPP ET AL. EXHIBIT 1007
`Page 2 of 17
`
`
`
`COPYRIGHT IN A DIGITAL AGE
`
`system can justly make the claim of being absolutely secure.
`With the additional requirement of checking for users
`possessing recording devices, the amount of revenue that
`could be lost has been reduced to users having photographic
`memories. Each time a decision is made on how a copy
`protection system functions we must consider how to
`minimise the possible threats, and must decide if the
`maximum potential fraud is below the threshold of what is
`considered an unacceptable loss to the owner.
`
`2.2
`
`Cryptography to the rescue
`
`Now we consider the scenario of the owner needing to
`take the manuscript out of the vault to allow access by a
`user who cannot physically get to it. The owner can take the
`original manuscript to the user but if the manuscript is
`stolen in transit then the owner will have lost the work-of(cid:173)
`art. The owner can make a copy of the manuscript and take
`that to the user; but if the copy is stolen, he still suffers a
`significant loss. The owner is faced with a similar problem
`to that of a government wanting to send a message
`to
`their spy
`in another
`containing secret information
`country. If the message is intercepted by an enemy, then he
`should not be able to determine the secret information.
`Governments have long achieved such protection by use of
`cryptography 'which embraces methods for rendering data
`unintelligible to unauthorised parties' [8].
`
`By using an encryption process the poem owner can
`create a copy of his poem as a ciphertext version which he
`takes to the user (see Fig 2). The owner uses the matching
`decryption process to recover a plaintext copy of the
`original which they show to the user. Here cryptography is
`being used to provide confidentiality; if the owner loses the
`ciphertext, no one can recover the original plaintext of the
`poem without access to the decryption process and the
`cryptographic key .
`
`The fictitious owner has protected his poem in transit,
`is faced with another problem. As soon as
`the
`but
`
`copyright in the digital age. The environment is that of
`providing works-of-art using Internet-based services.
`
`There are a number of schemes published or currently in
`use such as that proposed by Choudhury et al [6] and Adobe
`Acrobat® [7]. This paper proposes altematives to some of
`the published mechanisms and extends others. It also
`combines mechanisms to create a complete end-to-end
`solution.
`
`This environment provides a significant challenge
`because owners wish to supply digital information on a
`world-wide basis into many individual environments where
`they have no direct control, a situation unlike that of DVD.
`The copyrighted material is therefore supplied to a uset4 by
`a copy protection system, but once on a user's personal
`computer he can make many attempts to subvert the copy
`protection system and so resell the material as his own over
`the Internet. Should the user find a significant weakness in
`the protection mechanism he could even render the entire
`system useless by publicising the weakness.
`
`In addition to the requirements imposed by using the
`model of Internet-based services there are a number of
`requirements that must be satisfied if a copy protection
`mechanism is to be attractive to users and owners. For
`example, the owners do not want to have to perform many
`processes to gain an adequate level of protection. Also,
`users do not want to have to go through a registration phase
`each time they want access to information from a new
`source. Such
`requirements were
`considered when
`developing_ our proposed mechanism.
`
`2. Can prevention work?
`
`2.1
`
`An example of extreme prevention
`
`Consider a work-of-art that takes the fmm of written text
`
`that is the original manuscript of a poem. The owner
`can easily prevent copyright infringement by never allow(cid:173)
`ing any user to read the poem, and this can be ensured by
`keeping it locked in a security vault. The obvious problem
`here is that this approach will not result in the collection of
`any revenue, unless he charges a fee for access to the vault.
`
`For our fictional owner it appears that he is still
`maintaining control, but there is a problem. The user can
`easily reproduce the poem from memory and resell it once
`he leaves the vault. If the work-of-art is a novel the user can
`read it aloud into an audio recorder and reproduce it later, or
`even memorise it. The owner could make a restriction that
`no manner of copy technology, such as an audio recorder or
`camera, ever leaves the vault but he is still faced with the
`problem of a user with a photographic memory.
`
`This copy protection system has a very high level of
`control but we can see from it that no copy protection
`
`4 A person, or organjsation who makes use of a copyrighted work-of-art.
`
`Fig 2
`
`Cryptography terminology.
`
`65
`
`BT Techno! J Vol IS No 2 April 1997
`
`NETAPP ET AL. EXHIBIT 1007
`Page 3 of 17
`
`
`
`COPYRIGHT IN A DIGITAL AGE
`
`decryption process is applied, the plaintext is revealed, and
`so the amount of control he has over the work is again
`reduced. The poem's owner can maintain control by never
`leaving the plaintext unattended, but this is not possible
`when network delivery is involved.
`
`2.3
`
`Trust in cJ:yptography
`
`Cryptography is normally used to protect the transfer of
`information between two parties that trust each other.
`
`2.4 Making a viable solution using Cl)'ptography
`
`If we are to use cryptography to protect information in
`an environment of limited trust, we must limit access to the
`plaintext. Figure 4 shows the journey a work-of-art takes to
`get to the brain of the user. At some point in this journey the
`decryption must happen, i.e. the work-of-art must leave the
`area trusted by its owner. This should happen as late as
`possible to make it difficult for a fraudster to get control of
`the plaintext.
`
`fictitious government encrypts
`For example, our
`plaintext and sends the ciphertext to their spy. The spy
`knows the decryption process and the cryptographic key
`and recovers the plaintext message. Once the spy has read
`the plaintext message, it is destroyed to ensure the spy' s
`own safety.
`
`Ideally we would like to petform the decryption when
`the encrypted work-of-art is in the brain of the user but this
`idea is clearly unachievable and unacceptable. The next best
`approach is to decrypt the information just before it reaches
`the eyes and ears of the user.
`
`•
`
`•
`•
`•
`•
`•
`•
`
`•
`
`•
`•
`
`•
`
`•
`•
`
`•
`•
`•
`•
`•
`•
`•
`•
`•
`•
`•
`
`This can be achieved by requmng the user to have a
`special device that petforms the decryption process but
`which is configurable only by the sender. This device must
`also control the use of the work-of-art, so that without it the
`work-of-art is unusable6. For example, to prevent quality
`copies of a video tape being made, a distributor could
`supply the user with a tape that is encrypted such that it can
`only be played in that user's video player. The video player
`must be tamper-proof, must incorporate a television screen
`and provide no means of attachment to any other recording
`device.
`
`Clearly this would be an expensive way to distribute all
`video tapes, but could possibly be a solution when a small
`number of users require information of high value. Because
`the decryption process now occurs in hardware and not in
`the brain, fraudsters 7 have an opportunity to make copies,
`for example, by using a video camera to record the images
`on the screen. The quality of the copies made using such a
`technique would probably be so low as not to pose a
`significant threat to the copyright owner.
`
`Any solution that requires expensive devices at the
`user's machine will be limited to special applications. This
`paper considers a model of information provided by
`Internet-based services to a world-wide client base. To
`reduce the costs of a copy-protection system to a level that
`is acceptable to both owners and users we consider that only
`a software-based copy protection mechanism utilising
`cryptography will be commercially viable. We therefore
`need to consider the problems that this may present.
`
`6 Jn some cases an owner may want to control the use of the work-of-art.
`For instance, an owner of a j ournal may wish to control how it is viewed,
`if it can be printed to paper, and the leve l of qualjty when printed.
`
`7 A fraudster is a person, or organisation, who attempts to make
`unauthorised copies for financial gain or attempts to provide users with the
`means to make unauthorised copies. A fraud ster will usually be a user.
`
`Commercial companies use cryptography to protect
`information
`sent by
`computers operating between
`departments. These departments can trust that each will not
`disclose the decryption process or the cryptographic key.
`
`When using cryptography in an Internet-based copy(cid:173)
`protection mechanism, we cannot consider the computer of
`the user to be trustworthy. We must regard all of the users as
`potential pirates because we know there are a small number
`of real pirates trying to defraud the system. Figure 3 shows
`how the · areas that the sender trusts alter between the
`traditional use of cryptography (a) and a situation where the
`recipient is untrustworthy (b).
`
`r------,
`I
`.. __________ ,
`computer
`I
`receiving
`encrypted r----------, encrypted
`.. ______ ,
`.. ______ ...
`I --------
`area trusted by
`sender
`
`computer
`sending
`
`message
`
`I
`I
`
`I
`
`I message
`I
`
`a) traditional use - sender trusts receiver
`
`computer
`sending
`
`message
`
`I
`I
`
`I
`I
`
`'------------ , receiving
`encrypted r----------- • encrypted
`--------
`.. ______ ,
`area trusted by
`sender
`
`computer
`
`message
`
`b) protecting copyrights - sender does not trust receiver
`
`Fig 3
`
`Trust in cryptography.
`
`5 For the decryption process to succeed the cryptographic key mu st be the
`correct key. We must ensure that all parties who should have the correct
`key have it when they need it, and mu st ensure that any party who should
`not have the key cannot obtain it without expending a significant level of
`effort. To do thi s requires 'cryptographic key manage ment ' which is a
`large subject area and is not covered by thi s paper·.
`
`66
`
`BT Technol J Vol IS No 2 April 1997
`
`NETAPP ET AL. EXHIBIT 1007
`Page 4 of 17
`
`
`
`source of
`
`software
`
`speaker/
`display
`
`eye/ear of
`
`brain of
`
`COPYRIGHT IN A DIGITAL AGE
`
`Fig 4 Where to decrypt.
`
`•
`
`•
`
`•
`
`•
`
`•
`
`•
`
`•
`
`•
`
`•
`
`computer
`the
`components which
`the physical
`comprises (size of memory, presence of CD drive),
`
`characteristics of the physical components (manu(cid:173)
`facturer, number of tracks on a hard disk),
`
`location of static information on a hard disk (bad
`sectors),
`
`location of long-lived files on a hard disk (operating
`system executables),
`
`operational characteristics,
`
`logical directory and fi le structures,
`
`files specifically created to identify the machine,
`
`data added to long-lived files to identify the machine,
`
`the configuration of applications and the operating
`system .
`
`-,.----
`1
`
`•
`•
`•
`•
`•
`•
`•
`•
`
`•
`
`+
`
`•
`•
`•
`•
`
`•
`•
`•
`•
`•
`•
`• I
`•
`•
`•
`•
`•
`•
`
`3. Challenges for a software-only solution
`
`3.1
`
`Binding software to a user
`
`T he first problem to be considered is that a software-only
`
`solution is subject to all of the problems faced by
`information in the digital domain , i.e. its elements can be
`easily copied and distributed. We therefore need to ensure
`that a duplicate of the copy protection software of one user
`is of no use to anyone other than that user.
`
`This implies the need for a strong8 one-to-one binding
`between the software of a user, and the user. The binding
`could be achieved by making it undesirable for users to
`distribute copies of the software, e.g. by making it display
`sensitive information about the user, such as their home
`address or other personal information. However, thi s would
`probably be unacceptable to users.
`
`The best way to achieve the binding is to use smart
`cards9. Smart cards have been designed to provide strong
`identification of a person, so the strong binding we require
`can be achieved by binding the software to the smart card,
`and the smart card to the user. Although smart cards provide
`a secure cryptographic environment they should not be used
`to decrypt the work-of-art. If smart cards were used in thi s
`way, a fraudster would only need to intercept the plaintext
`output to access the work-of-art (see Fig 5) . Unfortunately
`the smart cards also need to be distributed to the users
`before the work-of-art can be used ; this may be unaccept(cid:173)
`able in some circumstances .
`
`3.2
`
`Binding software to a machine
`
`Another way to achieve the strong binding we require is
`to bind the decryption software to the computer on which it
`is run or the terminal from which it is used. Biometrics
`identify a human to a high level of probability. A number of
`characteristics are measured to do this. Similarly, a number
`of characteristics of a computer can be measured to achieve
`a similar level of probability of its identity, which we call a
`'cybermetric ' . Examples of such characteristics are:
`
`8 Strong means that it ca nnot be eas ily tampered with, broken or forged .
`
`9 Smart card s are usuall y credit card sized dev ices made of plastic th at
`have micro-electronic circuits embedded within. The circuitry provides a
`secure, tamper-resistant computing envi ronment th at can be used to
`implement cryptographic mechani sms .
`
`I
`I
`I
`I
`I
`
`@smart]:
`card
`1
`I
`I
`
`. -, r - - - - .a
`
`--------
`area trusted by
`sender
`------.,
`sending L---------- . 1 receiving
`computer
`
`I plaintext
`I output
`I
`I
`
`I
`I
`I
`I
`
`I
`I
`
`1 computer
`
`I
`
`encrypted r---------- -
`message
`
`I
`I
`L------..1
`
`-
`
`• encrypted
`message
`
`Fig 5
`
`S mart card decryp1ion.
`
`For fraudsters to make use of a software decryption
`process belonging to another user, they would have to
`recreate both the logical and physical characteristics of that
`machine, and the characteristics of the way the original user
`operated all of the separate app li cations.
`
`3.3
`
`Binding a work-of-art to a user
`
`In the earlier example of the tamper-proof video player,
`there was a one-to-one relationship between an instance of a
`work-of-art and the special viewing equipment. If a user
`gave their video tape to another user with a similar device
`then his video tape cou ld not be played on the second user's
`equ ipment.
`
`67
`
`BT Techno! J Vol IS No 2 April 1997
`
`NETAPP ET AL. EXHIBIT 1007
`Page 5 of 17
`
`
`
`COPYRIGHT IN A DIGITAL AGE
`
`This approach also needs to be taken with a software(cid:173)
`only copy-protection mechanism. When information is
`given
`to
`the user,
`the owner needs
`to control
`that
`information. If the work-of-art is stored in a manner that can
`be read only by the software of the user to whom it was sold
`then control has been maintained. This can be achieved by
`using a different cryptographic key in every software
`instance.
`
`3.4
`
`Reverse engineering
`
`The major weakness of all software processes is that a
`fraudster can
`take apart
`the software using reverse
`engineering techniques; we recognise that this cannot be
`prevented. The intention is to engineer the copy-protection
`mechanism in such a way as to make the act of breaking it
`uneconomical for a fraudster, i.e. the cost is larger than the
`cost of compliance.
`
`Once reverse-engineering techniques are used to find
`how one instance of the software functions, the entire
`software system is broken since all instances work the same
`way. Ideally what is required is that such an attack only
`breaks that one instance of the software, limiting the fraud
`potential to that user. What is required is the ability to
`produce software that provides identical functionality in
`every instance, but which provides this functionality in a
`unique manner for each instance. This is not achievable
`with current technology but will be the subject of further
`research.
`
`to produce the same
`What may be achievable is
`functionality in a limited number of instances and to
`repeatedly clone each of these functional instance to give a
`large total population. It may then be acceptable
`to
`randomly distribute the clones around the world if the
`number of clones of any particular functional instance is
`small compared to the overall population size. When a clone
`of a functional instance is broken, the impact is limited to a
`fraction of the total population; the fraudster will have to
`track down the other clones of the same functional instance
`without being discovered.
`
`The worst case scenario is that all of the users of the
`functional instance are informed of the illegal method, and
`all users convert to the illegal method of access. The
`number of functional instances that are required needs to be
`calculated by reviewing the acceptable level of fraud and
`this figure may be small, thus making the approach feasible.
`
`3.5
`
`Trust
`
`deliberate intent, then an unacceptable level of fraud could
`result. When supplying copyrighted
`information
`to a
`software copy-protection mechanism the owner must be
`assured
`that the software can be trusted
`to conectly
`implement the specified scheme and do nothing else.
`
`4. Detecting illegal copies
`
`Expecting the ·worst
`
`4.1
`A t
`the
`this point we recall earlier statements on
`J-\impossibility of creating a peiiect system, and that
`software can be broken given enough resources. Both result
`in loss of control of the work-of-art by the owner. When a
`fraudster breaks the system we can accept that control has
`been lost or we can look for techniques that allow a degree
`of control to be maintained.
`
`When an owner is made aware of an illegal copy he will
`have to prove to a legal system that he is the original owner
`and that his copyright has been infringed . If the illegal copy
`is a pirate music CD of a well-known recording artist the
`proof is likely to be simple but the owner has no way of
`knowing who supplied the original CD. If the own~r could
`discover the source of the forgery he could deny that user
`access to future work. This is clearly not possible with
`physical objects that are available throughout the world, but
`what of information that is supplied by an Internet-based
`service?
`
`4.2
`
`Steganography
`
`As we cannot detect the act of making a copy we want
`to be able to identify which user let their legally obtained
`copy be illegally copied. This can be achieved by detection
`schemes [9] that rely heavily upon a field of expertise
`referred to as
`'steganography'. Schneier [10] gives this
`definition: 'S teganography serves to hide secret messages in
`other messages, such that the secret's very existence is
`concealed', in other words the secret message is subliminal.
`
`An example of steganography is a message between two
`spies, printed in the personal column of a newspaper. The
`message,
`'Hamlet, meet me at midnight on the castle
`battlements, Your Late Father' is understandable to all
`readers, but it only has a hidden meaning between the two
`who know the code. For example Hamlet might know that
`'castle battlements' indicates that the meeting should really
`take place on the bridge over the river, and the word 'late'
`means that one hour should be added to the time of
`'midnight'.
`
`Each clone of each instance must ensure the protection
`of the information with which it deals. For example, the
`owner of a work-of-art may wish for each clone to control
`the action of printing. If this control is not implemented
`because of an unintentional error in the clone, or because of
`
`68
`
`4.3 Digital watermarks
`
`Steganography is the underlying technology of digital
`watermarking. Watermarking a piece of paper takes place at
`the time of manufacture, but a digital watermark can be
`
`BTTechnolJVoll5No2Aprill997
`
`•
`•
`
`..
`..
`
`•
`
`•
`
`•
`
`•
`
`•
`
`NETAPP ET AL. EXHIBIT 1007
`Page 6 of 17
`
`
`
`embedded at any time. It is usually required that a digital
`watermark should not intrude on the normal use of the
`work-of-art.
`
`show how a digital watermark might be
`To
`accomplished consider how a digital recording is made. The
`analogue sound is sampled at fixed
`intervals, and the
`frequency is represented as a number. The number can be
`stored in binary form, transfened electronically and then a
`close approximation of the sound is recreated by di gital-to(cid:173)
`analogue circuitry. The system works because the human
`ear is not capable of recognising the quantisation errors in
`the process. This means that a change in the least significant
`bit (LSB) cannot be noticed by the human ear, and by
`altering some of the least significant bits of digital words in
`a pre-arranged manner we can uniquely ' watermark' each
`recording [I I].
`
`An electronic version of an image represents the real
`one by quantization just as a sound signal, but instead of
`sampling frequencies the amount of red , green and blue at a
`small point (a pixel) are sampled. Each of the three colours
`is often allocated 8 bits of information, to recreate the
`colour of a pixel requires all 24 bits to be recombined . If the
`least significant bit of an 8-bit value is changed, this gives a
`very small change in the rendered colour and this change is
`not detectable to human sight. lmage information has been
`lost but it can now be used for a watermark. If a maximum
`limit (I 0% is common) is placed on the number of pixels
`that are changed the overall effect will not be detected by
`viewing, but provides a significant bandwidth for a
`watermark.·
`
`This approach works because, to a human eye, the level
`of signal represented by the low-order bit does not carry any
`representable information; therefore the bit is redundant.
`Figures 6- 9 show a simple way to use this redundancy to
`store a watermark in an image. Figure 6 shows an image to
`be watermarked. Figure 7 shows the LSBs of the red
`components of each of the pixels (black corresponds to a
`one, and white to a zero). If these bits are replaced with the
`watermark shown in Fig 8, the result is the image in Fig 9.
`To recover the watermark, the LSBs of the red components
`of Fig 9 are examined 10
`
`4.4
`
`The lack of redundancy
`
`The similarity of Figs 6 and 9 show that the bits that we
`replaced were redundant in the original image. This is the
`key element in how staganographic methods often function ;
`they require redundancy (or noi se) to be present. For thi s
`reason it is very difficult to apply such techniques to
`information representations with little or no redundancy,
`such as character codes. If a change is made to the least
`significant bit of a character code, the change results in a
`
`10 This tec hnique can eas il y be extended so that the original image is
`needed to recover the watermark.
`
`•
`•
`•
`
`•
`
`+
`
`+
`
`•
`
`•
`•
`
`+
`
`..