Cryptographic Containers and the Digital Library

  • Jeffrey Lotspiech
  • Ulrich Kohl
  • Marc A. Kaplan
Part of the DUD-Fachbeiträge book series (DUD)


Today, information is distributed on the Internet and other communication infrastructures mainly for free. However, once information or digital contents is assigned some value, a means is needed to protect its copyrights and control its use.

In this paper we describe an approach for rights management in the digital library. A digital library is a huge repository of digital content which is offered to the community of its users. The first step to control the use of its content is encryption. Encrypted content is not usable unless the decrypting or unlocking keys are acquired. The management of all keys involved in content transactions and their appropriate use is the task of rights management.

After a short introduction into issues of electronic publishing we present in section 2 the cryptolopeTM 1 technology as a container for both encrypted content and information to purchase the content which serves as the basis for rights management. The second section will introduce the structure of cryptolopes and the procedures to use them. In the third section we will present the results of a digital library pilot project for rights management using cryptolope-like technology. The fourth section gives an outlook on advanced cryptolope transactions. We conclude the paper with a summary in section 5.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Ryoichi Mori, Masaji Kawahara: Superdistribution: The Concept and the Architecture. Transactions of the IEICE, Vol. E 73, No. 7, My 1990. Google Scholar
  2. [2]
    Marc A. Kaplan: IBM Cryptolopes, SuperDistribution and Digital Rights Management. Working Paper, VI.3.0, December 1996. Google Scholar
  3. [3]
    Cryptolope Showcase Homepage.
  4. [4]
    IBM infoMarket Homepage,
  5. [5]
    Cryptolope Container Technology. Whitepaper., March 1997.
  6. [6]
    Mark Stefik: The Digital Property Rights Language. Manual and Tutorial. Xerox Corporation, February 1997.Google Scholar
  7. [7]
    Neal R. Wagner: Fingerprinting. Proc. IEEE Symposium on Security and Privacy, 1983.Google Scholar
  8. [8]
    Ronald Rivest, Adi Shamir, Leonard Adleman: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, Vol. 21, pp. 120–126, 1978. MathSciNetzbMATHCrossRefGoogle Scholar
  9. [9]
    ISO 1995: International Standardization Organization: Information Technology - Open Systems Interconnection - The Directory: Authentication Framwork. International Standard 9594–8, ISO, Geneva 1995. Google Scholar
  10. [10]
    Internet Engineering Task Force: Internet Public Key Infrastructure. http://www.ietf.Org/
  11. [11]
    Public Key Cryptosystems (PKCS) Standards Homepage. RSA Laboratories 1997.
  12. [12]
    Verisign Digital ID Center Homepage.
  13. [13]
    Edgardo Gerck: Overview of Certification Systems: X.509, CA, PGP and SKIP.
  14. [14]
    Ulrich Kohl: Benutzerbezogene Datensicherheit in Kommunikationssystemen (User Oriented Security in Communication Systems). VDI Fortschrittberichte, Reihe 10, Nr. 446, VDI Verlag 1996Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlagsgesellschaft mbH, Braunschweig/Wiesbaden 1997

Authors and Affiliations

  • Jeffrey Lotspiech
    • 1
  • Ulrich Kohl
    • 1
  • Marc A. Kaplan
    • 2
  1. 1.Almaden Research CenterIBM Research DivisionSan JoseUSA
  2. 2.Thomas J. Watson Research CenterIBM Research DivisionHawthorneUSA

Personalised recommendations