Swedish Institute for Systems Development (SISU),
Electrum 212, S 164-40 Kista, Sweden
Nobody can prevent users from copying and redistributing copyrighted material once they have had access to it, unless this digital information is manipulated within a trusted environment (hardware or software that makes sure copying or viewing is regulated), which is certainly not the case of the common desktop PC.
Rather than assuming a trusted environment, we propose in this project entitled TAHUTI* to use the traditional commerce approach of "Contracts" to regulate the use and transfer of digital property.
Long before the digital age, people have been doing commerce through contracts legally forcing them to respect what they take responsibilities for by signing them.
Thanks to the emergence of modern cryptography techniques this notion of contracts translates well in the digital world: software can apply digital signatures to documents on behalf of users.
Beyond the storage of static information contained in a digital contract, software may also act as a private notary, who manages the contract, archives it in a secure place and from time to time checks on its status or takes some actions as specified in the contract.
The diagram on the left illustrates the electronic commerce architecture of our proposal. Its consists of a simple 3 steps protocol where an End-User has the opportunity of agreeing on a digital contract initiated by a Content Provider: Based on selected preferences from end-users, content providers may deliver them locked compound goods with the option of reviewing and agreeing on License Terms, e.g. buying or subscribing for a given period of time. This involves a push-based electronic commerce model where compound goods are assembled and sent on a regular basis in an encrypted form. Such goods may include text, graphics, sounds, videos, software components and virtually any kind of bit stream. Upon agreement and signature of the contract by the end-user, the key is forwarded to unlock the goods. Because both parties now hold a copy of the signed contract, they may use their copy in case of dispute resolution about the terms of the contracts. Some related work include technologies such as Intertrust's DigiBox or IBM's Cryptolope [1,2].
What makes a digital contract unique and dynamic in our proposal compared to its paper-based equivalent is its ability to take some actions on what was specified in its clauses. For instance, one clause in the contract may have specified that members of AAA will get a 20% discount on the purchase of a referenced magazine edition when it is available. The contract itself, once signed, may first travel to the server hosting the referenced magazine, wait there until it is available, then move to the AAA site to check if the end-user who signed the contract is a member, and finally travels to the online payment service to complete payment. Our digital contracts use state-of-the-art public-key cryptography for signature and encryption. For efficiency reasons however, and as already done in existing electronic commerce systems, the digital content is encrypted using private-key algorithms and only the private-key is encrypted using public-key encryption. We have written a prototype of our protocol into Objectspace's Voyager environment to benefit from both traditional and agent-enhanced distributed programming techniques. Voyager enables to construct lightweight java ORBs that can roam the network and communicate remotely .
* This work has been done as part of the Content Management research programme at SISU. An extended version of this paper can be found at http://www.sisu.se/~alexandr/publis/.
 Cryptolope container technology, White Paper, IBM Infomarket.
 O. Sibert et al., Securing the content, not the wire, Intertrust Technologies Corporation.
 ObjectSpace Inc., Agent-enhanced distributed computing for java, White Paper, March 1997.
 S. Sun, A persistent global naming service, submitted as IETF Internet-draft, November 1997.