Solved

Please help us protect copyrighted material

Posted on 2015-01-22
9
114 Views
Last Modified: 2015-01-24
We are a company that develops methods to protect rights holders digital assets using techniques similar to what Digimarc and/or steganography uses.  We have been developing a method which will call back to a database the exact location of a file based off packet information, but the problem has been getting the code to activate when a mouseover takes place.

 I am sure there are different ways of accomplishing this task, but we need help generating the code that calls back to the database telling us the location of this downloaded file. We have tried php, and java, but we are still struggling with the coding method that can help us get this task done.

 If you have worked on something like this, please provide theory, proof of concept code, or any other assistance.
0
Comment
Question by:vdavid23
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40565758
If I open a file of any type unless it is an executable then the .video .document will open using its default action which will not phone home to the rights holder .. with digital rights and a file that supports digital rights management then opening the file can phone home to get the token that allows the file to be opened.

Simply mousing over the file in explorer will do nothing. Same with transferring the file from an unprotected location to another will not phone home. Digimark and other steganography if each file that is distributed is changed will only allow you to find out who leaked the file by getting the file information and matching it to your database.
0
 
LVL 2

Author Comment

by:vdavid23
ID: 40565894
I appreciate your comment, I agree in part with most of what you are saying, but our research is showing that it is possible to develop a call home method with a simple mouse over. Now granted, the example links I have provided show a very rudimentary form of the mouse over scripting process, but we feel at Goldmarc Solutions what we were originally told by others could not be done, we did.

I feel we just have not found the appropriate individual(s) with a background in this technology that can perform the tasks we are requesting. The most basic part of the process we want to accomplish is inserting the call home function in the stegged image, video, music or Ebook. Once we accomplish this, then we will review the methodology in which we want to approach the person who is sharing the digital media.

There are several things we need to explore after getting the fundamentals down first.  In fact, we may later abandon the whole concept of a call home method entirely, but we are exploring all our options now that we have successfully achieved the first part of the process which can be seen at www.goldmarcsolutions.com


http://forums.unfiction.com/forums/viewtopic.php?t=28896&start=1425 
http://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html
https://support.google.com/webmasters/answer/3024344?hl=en
0
 
LVL 62

Expert Comment

by:gheist
ID: 40566043
it is pretty illegal to embed exploits in files, and chances are high next patch update closes the loophole.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 2

Author Comment

by:vdavid23
ID: 40566445
I've requested that this question be closed as follows:

Accepted answer: 0 points for vdavid23's comment #a40565894

for the following reason:

Silly answers
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40566446
Not very professional of you.  Post a link to a picture that you have encoded I will download this picture and put it on an external web server and I defy you to identify the ip address of the web server.. in fact I will put it on several servers and open the file on those servers and I'd like a report of the ip addresses as they phoned home.. you will have encoded the information into the files so when they phone home you should be able to query your database and confirm the ip addresses
0
 
LVL 62

Expert Comment

by:gheist
ID: 40566476
Once the file is on the disk or displayed on the screen you have no control where it goes after (For primitive means - backup, and big display wall)
0
 
LVL 33

Expert Comment

by:shalomc
ID: 40566999
So you have found  way to steg a png file. That is very nice.
if I am to download the file into my pc and open it in an image processing software, you will not know about it. There is no  mechanism in the software to call home.
If I copy and paste it into my presentation, you will not know about it. There is no mechanism that you can trigger in my presentation to call home.
If I capture the screen and then paste it into my web page, you will not know about it. Steg is lost.
If I modify any aspect of the image, even change quality by 1%, this will very likely destroy your steganography.

The only thing that can work, is when I download the file from the "protected" web site A, use it as-is in another web site B, and also embed in the web site B some javascript code that will:
* Trigger a mouseover event
* Call home with an Ajax call and report the file to your server
* Your server then downloads the file and checks for watermarks.
However, this is a stupid scheme. The perpetrator has to deliberately install spying javascript into his web site, and tag the image as violating copyright :)

Your best alternative is to convince Google, the Mozilla Foundation, Opera and Microsoft to embed spying code into the browsers, that will report to you on every image viewed on earth. You will only need a cluster of 50,000 web servers to process the requests.

Your second best alternative is to develop a browser addon that people will have to download and deliberately infect their computers with. This is what a lot of malware does, so the technicalities can be found, although not on EE.
You still need a lot of servers and a lot of bandwidth. I know a company that has a browser addon similar to alexa, and they process 50K transactions a second with a humongous cluster. Their bandwidth bills alone are more than $30K a month.

Sometimes the best answer is that what you ask for is not feasible, and it is not a silly answer. It is just an answer you don't like. That's life.
0
 
LVL 62

Accepted Solution

by:
gheist earned 0 total points
ID: 40567051
For PNG file it is much simpler... Just recompress and wipe surplus data... At least that is done when publishing on thw web...
0
 
LVL 62

Expert Comment

by:gheist
ID: 40568437
e.g. advancecomp -> advpng.exe
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
hibernate example issues from command prompt 10 51
Tomcat: Unable to run tomcat service. 2 24
JAVA API design with micro service cloud in mind 1 49
Bot application - advice 3 39
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question