[3538] in cryptography@c2.net mail archive
Security scheme for e-books
daemon@ATHENA.MIT.EDU (John R Levine)
Fri Oct 23 23:06:52 1998
Date: Fri, 23 Oct 1998 22:19:06 -0400 (EDT)
From: John R Levine <johnl@iecc.com>
To: cryptography@c2.net
The topic of electronic books came up in another list to which I subscribe,
along with the copy protection thereof, and I invented this scheme off the
top of my head. It's hard to believe it's original, so does anyone recognize
it from somewhere? Assume the cartridge I describe is some sort of smart
card with a PROM, the printed serial number is a public key, and the
corresponding private key is burned into the on-board software.
Note that I'm thinking about books which typically cost $20 or less, so
this doesn't have to be million dollar crypto.
-----
I follow the crypto scene fairly closely, and I don't see anything that will
allow for hard to copy on-line distribution without tying the distributed
material number to the serial number of a display device. That's sort of OK
for software which we all expect to throw away in a couple of years when we
upgrade, but that's unacceptable for books which people routinely lend, give
away, or sell.
Honestly, that's the biggest sticking point I see in e-books. I suspect that
we'll end up with a scenario like this: e-books will live in little ROM or
PROM cartridges, about the size of the cartridges that digital cameras
use. You'll be able to plug a few of them simultaneously into the
back of your e-book player.
Most people will buy ROM e-books at a store like they buy paper books. For
downloadable books, you'll be able to buy blank cartridges at the store
really cheaply, maybe $10 for a package of 12. Then when you want to buy
your downloadable e-book, in the process of buying it you enter the serial
number printed on a blank cartridge, and the book you download is encrypted
with a key that's only unlocked by loading the book into that blank
cartridge, at which point you peel off the serial number sticker and write
the name of the book on the cartridge. Now you have a thing that you can
plug into your e-book, but more importantly resell, lend, or give away just
like a real book.
I suppose if I were a bad guy, I could make rogue blank cartridges with
serial numbers of all zeros, which would let me read out a book from one cart
and copy it to one of the rogue cartridges. But it seems to me that if you
need rogue cartridges to pirate $20 books, it's probably secure enough.
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
