Voidstar is on the right track here... PKI is great and secure... the real problem is that the local private key may not be important enough to the user to ensure they dont abuse it by sharing it... my point is, if someone can share their private key in a PKI scheme then its no different to sharing serial numbers... but that got me thinking... what if?
What if private keys were registered or linked to something important like your credit card number... the idea here is that if the cards reported stolen, then the users public key is no longer used for copy control via PKI... maybe an independent authentication service would work here... but also what happens when a user copies their key onto another machine and forgets to remove it after using their software.... its a bit of a conundrum but worth a brainstorming session at the Uniloc labs I bet...
What if private keys were registered or linked to something important like your credit card number... the idea here is that if the cards reported stolen, then the users public key is no longer used for copy control via PKI... maybe an independent authentication service would work here... but also what happens when a user copies their key onto another machine and forgets to remove it after using their software.... its a bit of a conundrum but worth a brainstorming session at the Uniloc labs I bet...
clipped from www.voidstar.com I'm not sure I should suggest this to anyone but I can't be the first to see |
W00t. Somebody reads me. The question is what are you trying to prevent with DRM? The DRM providers want complete control. But you can't control a secret you've handed to someone else, or the decrypted version they've used the secret to create.
ReplyDeleteBut I still think there's something in here with a combination of an always connected machine and PKI that goes some of the way to providing some protection.
But then I've been thinking about this stuff off and on since trying to copy protect high priced commercial software back in the early 90s and still haven't found or seen an answer.