A Java-based platform for intellectual property protection on the World Wide Web

Thomas J. Alexandre

Swedish Institute for Systems Development (SISU),
Electrum 212, S 164-40 Kista, Sweden


We propose in this paper a flexible and simple electronic commerce platform aimed at regulating the use and transfer of intellectual property. We translate and enhance the traditional use of paper-based contracts into the digital world by creating digital contracts that can become alive and perform actions once they have been signed (e.g. perform on-line verifications, payment or keep people informed about their status). The digital contracts we present are lightweight software components that benefit both from traditional and agent-enhanced distributed programming techniques. They are built upon emerging technologies such as java, distributed objects, the World Wide Web, modern cryptographic techniques and mobile agents. We will present an implementation in the education sector.

Intellectual property rights; Copyright; Digital contracts; Agents

1. Introduction

Nobody can prevent users from copying and redistributing copyrighted material once they have had access to it, unless this digital information is manipulated within a trusted environment (hardware or software that makes sure copying or viewing is regulated), which is certainly not the case of the common desktop PC. Rather than assuming a trusted environment, we propose in this project entitled TAHUTI* to use the traditional commerce approach of "Contracts" to regulate the use and transfer of digital property. Long before the digital age, people have been doing commerce through contracts legally forcing them to respect what they take responsibilities for by signing them. Thanks to the emergence of modern cryptography techniques this notion of contracts translates well in the digital world: software can apply digital signatures to documents on behalf of users. General Architecture Beyond the storage of static information contained in a digital contract, software may also act as a private notary, who manages the contract, archives it in a secure place and from time to time checks on its status or takes some actions as specified in the contract.
The diagram on the left illustrates the electronic commerce architecture of our proposal. Its consists of a simple 3 steps protocol where an End-User has the opportunity of agreeing on a digital contract initiated by a Content Provider: Based on selected preferences from end-users, content providers may deliver them locked compound goods with the option of reviewing and agreeing on License Terms, e.g. buying or subscribing for a given period of time. This involves a push-based electronic commerce model where compound goods are assembled and sent on a regular basis in an encrypted form. Such goods may include text, graphics, sounds, videos, software components and virtually any kind of bit stream. Upon agreement and signature of the contract by the end-user, the key is forwarded to unlock the goods. Because both parties now hold a copy of the signed contract, they may use their copy in case of dispute resolution about the terms of the contracts. Some related work include technologies such as Intertrust's DigiBox or IBM's Cryptolope [1,2].

2. Digital contracts as mobile agents

What makes a digital contract unique and dynamic in our proposal compared to its paper-based equivalent is its ability to take some actions on what was specified in its clauses. For instance, one clause in the contract may have specified that members of AAA will get a 20% discount on the purchase of a referenced magazine edition when it is available. The contract itself, once signed, may first travel to the server hosting the referenced magazine, wait there until it is available, then move to the AAA site to check if the end-user who signed the contract is a member, and finally travels to the online payment service to complete payment. Our digital contracts use state-of-the-art public-key cryptography for signature and encryption. For efficiency reasons however, and as already done in existing electronic commerce systems, the digital content is encrypted using private-key algorithms and only the private-key is encrypted using public-key encryption. We have written a prototype of our protocol into Objectspace's Voyager environment to benefit from both traditional and agent-enhanced distributed programming techniques. Voyager enables to construct lightweight java ORBs that can roam the network and communicate remotely [3].

3. Example in the education sector

In this application of home learning, a school organization proposes to deliver daily a set of digital pages to a student in accordance with her preferences. The first set of documents concerns an introductory class on agents, that contains multimedia material such as videos, text and software. Push-based lessons on agents Because the student doesn't know how far she will want to go into the lessons, she has the opportunity to agree to buy incrementaly the lessons instead of buying the whole package. She might agree to only buy the video part if she thinks she is more responsive to images than text. Furthermore, as a student of another partnering school she might benefit from a 50% discount, and may be also to pay only at the end of the month when she receives her grant. The digital contract once signed will travel back to the School for logging purpose (which will also give interesting feedback on the items she has agreed on and the ones she has disregarded), check that she is indeed a student and move to the payment service.

4. Conclusion and future work

In this paper we have introduced the notion of digital contracts to regulate the use of and transfer of digital information. Because our contracts are designed as java bean components, they are easy to manipulate in visual tools. We are currently focusing on the integration of our model with the new DOI (Digital Object Identifier) proposal from CNRI (Corporation for National Research Initiatives) and more generally with their recent Internet-draft submission to IETF of a Persistent Global Naming Service, the Handle System [4].

* This work has been done as part of the Content Management research programme at SISU. An extended version of this paper can be found at http://www.sisu.se/~alexandr/publis/.

[1] Cryptolope container technology, White Paper, IBM Infomarket.
[2] O. Sibert et al., Securing the content, not the wire, Intertrust Technologies Corporation.
[3] ObjectSpace Inc., Agent-enhanced distributed computing for java, White Paper, March 1997.
[4] S. Sun, A persistent global naming service, submitted as IETF Internet-draft, November 1997.