Solved

Please help us protect copyrighted material

Posted on 2015-01-22
9
121 Views
Last Modified: 2015-01-24
We are a company that develops methods to protect rights holders digital assets using techniques similar to what Digimarc and/or steganography uses.  We have been developing a method which will call back to a database the exact location of a file based off packet information, but the problem has been getting the code to activate when a mouseover takes place.

 I am sure there are different ways of accomplishing this task, but we need help generating the code that calls back to the database telling us the location of this downloaded file. We have tried php, and java, but we are still struggling with the coding method that can help us get this task done.

 If you have worked on something like this, please provide theory, proof of concept code, or any other assistance.
0
Comment
Question by:vdavid23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40565758
If I open a file of any type unless it is an executable then the .video .document will open using its default action which will not phone home to the rights holder .. with digital rights and a file that supports digital rights management then opening the file can phone home to get the token that allows the file to be opened.

Simply mousing over the file in explorer will do nothing. Same with transferring the file from an unprotected location to another will not phone home. Digimark and other steganography if each file that is distributed is changed will only allow you to find out who leaked the file by getting the file information and matching it to your database.
0
 
LVL 2

Author Comment

by:vdavid23
ID: 40565894
I appreciate your comment, I agree in part with most of what you are saying, but our research is showing that it is possible to develop a call home method with a simple mouse over. Now granted, the example links I have provided show a very rudimentary form of the mouse over scripting process, but we feel at Goldmarc Solutions what we were originally told by others could not be done, we did.

I feel we just have not found the appropriate individual(s) with a background in this technology that can perform the tasks we are requesting. The most basic part of the process we want to accomplish is inserting the call home function in the stegged image, video, music or Ebook. Once we accomplish this, then we will review the methodology in which we want to approach the person who is sharing the digital media.

There are several things we need to explore after getting the fundamentals down first.  In fact, we may later abandon the whole concept of a call home method entirely, but we are exploring all our options now that we have successfully achieved the first part of the process which can be seen at www.goldmarcsolutions.com


http://forums.unfiction.com/forums/viewtopic.php?t=28896&start=1425 
http://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html
https://support.google.com/webmasters/answer/3024344?hl=en
0
 
LVL 62

Expert Comment

by:gheist
ID: 40566043
it is pretty illegal to embed exploits in files, and chances are high next patch update closes the loophole.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:vdavid23
ID: 40566445
I've requested that this question be closed as follows:

Accepted answer: 0 points for vdavid23's comment #a40565894

for the following reason:

Silly answers
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40566446
Not very professional of you.  Post a link to a picture that you have encoded I will download this picture and put it on an external web server and I defy you to identify the ip address of the web server.. in fact I will put it on several servers and open the file on those servers and I'd like a report of the ip addresses as they phoned home.. you will have encoded the information into the files so when they phone home you should be able to query your database and confirm the ip addresses
0
 
LVL 62

Expert Comment

by:gheist
ID: 40566476
Once the file is on the disk or displayed on the screen you have no control where it goes after (For primitive means - backup, and big display wall)
0
 
LVL 33

Expert Comment

by:shalomc
ID: 40566999
So you have found  way to steg a png file. That is very nice.
if I am to download the file into my pc and open it in an image processing software, you will not know about it. There is no  mechanism in the software to call home.
If I copy and paste it into my presentation, you will not know about it. There is no mechanism that you can trigger in my presentation to call home.
If I capture the screen and then paste it into my web page, you will not know about it. Steg is lost.
If I modify any aspect of the image, even change quality by 1%, this will very likely destroy your steganography.

The only thing that can work, is when I download the file from the "protected" web site A, use it as-is in another web site B, and also embed in the web site B some javascript code that will:
* Trigger a mouseover event
* Call home with an Ajax call and report the file to your server
* Your server then downloads the file and checks for watermarks.
However, this is a stupid scheme. The perpetrator has to deliberately install spying javascript into his web site, and tag the image as violating copyright :)

Your best alternative is to convince Google, the Mozilla Foundation, Opera and Microsoft to embed spying code into the browsers, that will report to you on every image viewed on earth. You will only need a cluster of 50,000 web servers to process the requests.

Your second best alternative is to develop a browser addon that people will have to download and deliberately infect their computers with. This is what a lot of malware does, so the technicalities can be found, although not on EE.
You still need a lot of servers and a lot of bandwidth. I know a company that has a browser addon similar to alexa, and they process 50K transactions a second with a humongous cluster. Their bandwidth bills alone are more than $30K a month.

Sometimes the best answer is that what you ask for is not feasible, and it is not a silly answer. It is just an answer you don't like. That's life.
0
 
LVL 62

Accepted Solution

by:
gheist earned 0 total points
ID: 40567051
For PNG file it is much simpler... Just recompress and wipe surplus data... At least that is done when publishing on thw web...
0
 
LVL 62

Expert Comment

by:gheist
ID: 40568437
e.g. advancecomp -> advpng.exe
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question