Intellectual property is the modern-day equivalent of the Touchstone. Handled properly, the computer software and commercial databases in which companies have invested heavily to develop turn into a profitable revenue stream. In the process, they create capital value for the business and its shareholders. How long and how strong the stream proves to be is determined by the degree of protection afforded to the Intellectual Property Rights (IPR) involved.
For the publisher of software or information to reduce what the retail trade refers to as 'shrinkage' is therefore a high priority, and a whole sector of the security industry has evolved to combat loss from this direction. One vendor identified the need to secure payment for 'soft products' downloaded over the Internet and met the challenge with a solution which has already won widespread acceptance. Embracing the whole concept of Rights Management rather than just a requirement for payment by end users, the Net Secure system from the UK-based company C-Dilla meets the demands of those in the information publishing sector as well as the software resellers, software publishers and independent developers. But given that knowledge of 'payment' in whatever form would normally imply knowledge of the recipient's identity, it would follow that the same solution set would be of relevance to corporates distributing sensitive information to executives across a network on a confidential basis.
If C-Dilla has 'cracked the code', then it has tapped a lucrative seam for its own shareholders while protecting the intellectual rights of its customers and potentially stimulating the greater use of the Internet as a vehicle for electronic trade. That the company has expanded into the Internet arena from handling Rights Management in a closely related arena would suggest that the developers have approached the problem with a detailed knowledge of the issues involved.
With its headquarters in Reading, C-Dilla was established in 1991 specifically to assist in the protection of intellectual property being distributed by publishers of software and information. Its first implementation was a technique for protecting and controlling access to databases distributed on CD-ROM. The company's customers were all publishers of information for whom a disk copied without permission represented the loss of income, the compromising of their IPR and hence a threat to their capital asset.
For the organisations involved, their move to CD-ROM format from paper-based delivery provided dramatic cost savings in reproduction and distribution. But transferring to a high density electronic medium introduced a serious problem. It was that the volume of information which can be delivered on a single CD-ROM is potentially huge (650 MB for the current standard disk format), may make it worthwhile duplicating the contents - or even part of them - for financial gain.
The process of copying the contents of a book containing a broadly equivalent amount of information would be both time-consuming and less rewarding, however: valuable information is less readily available unless the person making the illicit copy is prepared to reproduce several dozen volumes to extract a comparable amount of material.
With experience of managing the rights of access to a medium like a CD-ROM, it was entirely logical that C-Dilla should expand its horizons to meet the challenges that are being thrown up by the Internet as it becomes the vehicle for electronic commerce transactions. Both the benefits and the pitfalls of using Web sites as shop windows for 'soft products' became apparent.
For the vendor of software and any other intellectual property which can readily be digitised, the Internet had the makings of a highly cost-effective delivery tool. Security of transmission was not a problem: the passage of files to any given destination would probably be so random and short-lived that it would be nigh on impossible to intercept the valuable data. Where the problem lay was in securing access to the intellectual property when it had been delivered successfully.
For a corporate purchaser buying software on a regular basis from a vendor, credit terms would normally apply, allowing the software to be supplied over the Internet with minimal risk. But the corporate arena is only one part of the total marketplace available to vendors. Small businesses and private consumers, for example, have probably a greater total demand for software to be delivered over the Internet but vendors could not risk sending out material for which there is no certainty of their being paid.
In security parlance, the situation is one where a trusted sender cannot ensure that the material is being taken on board by a trusted receiver. The result is that the occasional business purchaser and virtually the whole of the end-user community must make payment - usually by credit card or cleared cheque - directly to the vendor before they can gain access to the software.
While it is commercially important for the vendor to receive payment before delivery under these circumstances, that company is asking purchasers to put blind faith in the reliability of the telephone network. As Toby Gawin, the Sales Director at C-Dilla explained, "Many customers are naturally reluctant to hand over money in whatever form may be required until they are sure that the goods for which they are paying will be delivered, as expected, over the Internet." Given that a typical application file can extend to 30 MB or more, with updates perhaps a third of that size, any hesitation on the customer's part is perhaps understandable. Telecoms circuits and modems are not perfect so that the line can go down during downloading. It can be difficult, however, to prove to a vendor that the soft products have not been received and thereby justify sending the file again.
The solution is a vehicle which allows the vendor to deliver software over the Internet to the customer's computer, but where the package is locked in some way to prevent access until a security 'wrapping' has been peeled off at a signal from the vendor. This would give customers the comfort of knowing that the software being purchased has been received in good order before they release funds to the supplier. There would, in effect, be confidence on both sides of the divide.
Publishers of business information delivered over the Internet are in a similar position to their colleagues in the software industry. Contract purchasers will have been checked out as a credit risk before they start taking delivery, but there exists a vast marketplace which involves the transfer to casual customers of what are extracts from complete reports.
If the information can be supplied to these users at a sensible cost, this opens up vast tracts of market potential for the data owners. Customers who could never have been reached under a 'corporate delivery' regime would be able to utilise information sources and help add further value to the proprietors' revenue stream.
It was to meet this challenge of delivering software and business information in a way which is both acceptable to the customer and commercially secure that C-Dilla launched its Net Secure system in 1997. The principle is simple, yet is likely to have far-reaching implications for the supply of virtually any intellectual property over the communications networks.
The product is 'wrapped' in a C-Dilla security shield for which a unique key is required to access the value it contains. Inherent in the wrapping layer is a utility which checks the integrity of the contents and can request re-transmissions of the software until it can verify the 'quality' of the parcel to the purchaser. Only at that juncture is the financial transaction completed to the satisfaction of both parties; the vendor releasing the key that peels off the security wrapper.
Significantly, on the Internet front, C-Dilla confined itself at first to the process of electronic software delivery (ESD) through its NetServer line. The product set encompassed the NetServer technology, the wrapping element for each unit supplied, and the keys required to unlock that security shield. The company had not become involved in the payments process which subsequently triggered the release of the authorisation key.
Recognising the potential added value that such a service could provide to its software and information vendor customers, C-Dilla extended its scope in the first half of 1998 to the processing of customer payments. Market research had shown that a number of potential customers were limiting their involvement with electronic software distribution because they would have to go through a separate process of having plastic card payments approved, then taking the authorisation and feeding this back into the NetServer system to issue the key which releases the C-Dilla wrapper.
If that process could be simplified - by incorporating the card clearance in the NetServer cycle, it was argued - the concept would become more acceptable to software and information suppliers. C-Dilla has therefore established a bureau operation which accepts credit card transactions received for clearing through National Westminster Bank. Freed from the hassle of managing their own on-line credit card services, vendors are more ready to start sending their applications by ESD.
No new commercial risks are being introduced to the payment chain as a result of C-Dilla offering a bureau facility; all of its customers being approved card-accepting merchants having cleared major credit-checking hurdles in order to accept payments in the first instance.
The payment processing facility was implemented first by companies with some of the greatest requirements for a secure delivery medium combined with a card processing capability. Stuart Keeler, the Commercial Director at C-Dilla, explained how a major UK software reseller had adopted the integrated approach to selling software from a Web site. "Net Secure was loaded behind a site which Software Warehouse was already using for downloading products to end users. The customer simply selects the software they require and presses the Download key.
"The software is transferred within a Net Secure wrapper over the Internet to the target computer. It then displays the C-Dilla wrapper screens when the appropriate integrity checks have been carried out. The customer has the assurance at that stage that the product has been downloaded satisfactorily. Only then are the payment details entered and routed through our bureau to the card processing centre. When the 'All Clear' is received from the card centre, we generate the key which is issued over the Internet to peel back the wrapper."
The imposition of a security shield like Net Secure will prevent fraud by professional software pirates, for whom the time involved in cracking an access code could not be warranted by the typical value of the package being transferred - certainly under £1,000 and most probably less than £300 if falling software prices are any indication. Can a software vendor justify, however, the installation of the Net Secure server technology and support the cost of the keys themselves?
In practice, Net Secure achieves two distinct objectives. The first is that it provides the vendor with an accurate database of its authorised users, having enforced the registration of the end user as a pre-requisite for access to the downloaded product.
The second is perhaps less obvious until the payment cycle is taken into account. Payment over the Internet produces an 'instant' payment, whereas traditional distributor channels hold payment back for as much as 60 days. Those benefits are important, but the associated cost has to be realistic. Recognising this point, C-Dilla has priced its keys virtually on a royalty basis, with its customers purchasing blocks of keys in quantities to suit their immediate requirements. The pricing structure is such that it would be viable for a supplier to 'wrap' a module worth under £5 without having an impact on its profits. There is no barrier of a critical mass which a vendor must reach before it becomes feasible to implement a Net Secure environment.
The fact that a vendor might see fit to protect even the lowest value elements sent over the Internet would suggest that the professional software pirate was only one of the perceived threats. Indeed, on the security front, a perennial problem is the amateur hacker for whom the challenge of breaking the delivery key is more important than taking actually taking possession of a copy of the software. Once that code has been broken, however, the effect is the same, and the vendor's intellectual property is at risk; this time from copies of its products circulating round university campuses and message boards. The Net Secure key management routine has, therefore, to be several orders of magnitude stronger than the computational skills of the would-be code breaker. C-Dilla management argues that its Net Secure algorithms, which employ a one-time key, meet that requirement. No less important, the company's algorithms for key management are advancing at a rate which will keep the company's product ahead of the 'enemy' far into the future.
By the same token, the fact that C-Dilla came first into this marketplace and remained without competition for at least a year, would suggest that it will continue to retain its technical lead over broadly similar products which might emerge in due course from other vendors.
The Forecast Growth of the Business-to-Consumer (B2C) sector of electronic commerce will herald a change in end-user perceptions of loading credit card information over the Internet. Within this dynamic marketplace, digital wrapping technology is seen as an important stimulus to the growth of 'soft' products such as computer software sales over the Internet. Vendors of commercial information, for example, need to be able to keep track of their customers both for marketing and security purposes. Supplying the 'master' files of a database on CD-ROMs protected by C-Dilla electronic watermarking prevents a purchaser from duplicating the data, while a parallel Net Secure key mechanism can be used to ensure the registration of the user with the vendor. Only when the purchaser has communicated with the vendor over the Internet and provided the necessary details will the key be provided to unlock the software. Mindful that all users may not have immediate access to the Internet, C-Dilla has built into the 'wrapper' displays a provision for users to telephone the vendor's call centre. With the rights to access the master database secured, however, providing updates to the information is straightforward: the material is downloaded from the Internet using Net Secure to ensure access only by the end-user registered with the vendor.
This two-tier approach to supplying soft products would appear to meet vendors' demands for securing the delivery of large data files and their updates. Techniques are already in hand, however, for downloading files to customer premises at very high data rates. Toby Gawin again: "We have been running a pilot scheme using Eutelsat's HotBird 13 satellite to download Internet content into 200 homes using satellite modems. The end user clicks on to the vendor's Web site, which routes the software through the satellite network and downloads to the customer's receiver at the rate of 6 MB per second.
"The UK's cable operators are also experimenting with cable modems for delivering high volumes of information to their customers. The greater the speed of delivery, the higher the volume (and the implicit value) of material sent over the Internet, and hence the greater the need to control the access rights.
A potential 'hit list' of some 7500 software vendors - a significant number of whom are now C-Dilla customers - would suggest that ESD will come to dominate the company's activities for the next decade. Developments in the multimedia industry, however, are stimulating demand for more widespread application of the CD-ROM watermarking technology on which C-Dilla was founded. The migration of VHS recording systems to digital video disk (DVD) makes it essential to safeguard recordings against copying. While duplicating analogue VHS material produces copies of noticeably poorer quality thereby limiting the attraction of illicit copying - digital images copy perfectly every time. As a result of its work in the field of Rights Management for vendors of digital information, the UK company entered into a joint marketing and development agreement with the Macrovision Corporation of the US early in 1998. Macrovision is the acknowledged market leader in analogue video copy protection and its deal - which saw the US company taking a near 20% stake in C-Dilla will take it forward into the digital arena faster than it would otherwise have been able to do. The relationship extends to giving C-Dilla a world-wide marketing and distribution network for its product line. Notwithstanding this strategic relationship on the multimedia front with Macrovision, C-Dilla has demonstrated that it can meet from its own resources the requirements of a rapidly growing sector within electronic commerce.
In addressing the demands of IPR owners for a reliable and cost-effective approach to managing rights in electronic software distribution, the UK security specialist has probably achieved more to sustain the balance sheet value of its customers than either its own management or that of its customers would fully appreciate.
For more information please contact:
The DataCash website: Click Contact Link Contact: Gavin Breeze DataCash Tel: +44 (0)171 820 7733 Mobile: +44 (0)370 752 563 Email: Click Contact Link
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
