The operation of CloakX is very similar for both audio and video content. First, a rights owner such as an author or distributor uses the CloakX Publisher application to extract and encrypt Critical Media Fragments (CMFs) from the digital content and define usage-rights information for the content. The Publisher application then bundles the encrypted CMFs and usage information with the modified digital content and distributes the resulting package to the CloakX network.
An end user can freely obtain the CloakX encoded content via download or sharing (either physical or P2P). After registration and payment (if required) the appropriate authorizations and CMF decryption keys are securely transferred to the user's SCD. Note that the usage rights acquired by the user are associated with an SCD, not with a specific computer or player. The user can then play the digital content in any CloakX enabled device or computer by simply transferring the encoded content to the device and connecting the SCD to the device. The user is free transfer the encoded content to any number of devices.
In addition, the content publisher determines how many SCDs can simultaneously hold the information for specific content. Typically , each user is allowed to load the information on three to five SCDs. This allows the user significant freedom in how, when, and where the content can be played. For example, it may be convenient for the user to keep one SCD with (or embedded in) a portable player, while a second SCD is kept with their home video/sound system, and a third SCD is kept in their pocket for use in the car, at work, or at a friend's house.
CloakX provides a "Buy Once, Play Anywhere" solution. A user is not locked in to a specific vendor's device. CloakX published content is supplied in a canonical format. A CloakX enabled device can easily transcod this format to a format acceptable to the device. New playback devices and applications can be supported by providing an appropriated device specific transcoding plugin.
For video applications the content can be delivered over a LAN directly to a set top playback device. These devices will contain a significant amount disk storage making it possible for customers to accumulate large video libraries. During operation the user's SCD must be inserted into the set top box. Optionally, vendors may produce a set top box with an imbedded CloakX compatible decryption engine. In this case, the box itself serves as one of the user's authorized SCDs, so a separate external SCD needn't be present during playback.
Finally, users are actively encouraged to and compensated for distributing copies of CloakX enabled content for purchase by others. Users can create uniquely tagged copies of licensed content for distribution to others. When a distributed copy is subsequently purchased by another user, the distributing user receives compensation.
The CloakX system is ideal for the distribution and licensing of computer software. As with audio/video content, the process begins when a software author or distributor uses a CloakX Software Publisher application to to extract and encrypt Critical Code Fragments (CCFs) from the software applicaiton and define usage-rights information for the software. The Publisher application then bundles the encrypted CCFs and usage information with the modified software application and distributes the resulting package to the CloakX network, and/or other more traditional distribution channels.
Software vendors also have the option of providing software pre-loaded on a custom-branded SCD/Flash memory device.
CloakX-ernabled software applications can be installed on any number of computer systems. A user can run any installed copy by simply connecting an SCD containing the authorization and CCF decryption key for that application.
The software publisher determines how many SCDs can simultaneously hold the information for a specific software application Typically , each user is allowed to load the information on two or three SCDs. This allows the user significant freedom in how, when, and where the software can be used.
With this flexibility a user could, for example, choose to permanently allow a software application to run on their office computer, and use a portable SCD to allow 'roaming' operation on other computers.
Unlike typical activation schemes, a CloakX-enabled application is easily moved from one computer to another.
As with other digital content, a user is able to receive compensation for distributing tagged copies of licensed CloakX enabled applications for purchase by others.
To date, digital books (also known as eBooks) have failed to gain wide acceptance. There are two reasons: first, lack of lightweight, low-power high resolution viewing devices and, second, overly restrictive digital rights management schemes.
But there is a solution on the horizon. Sony has introduced the PRS-500 Portable Reader System, which addresses the first problem, and CloakX offers an attractive alternative to existing eBook DRM schemes.
Digital book content is easily handled by the same CloakX publishing and distribution infrastructure used for video, music and software. When publishing a CloakX enabled ebook, an author can specify the usage rights associated with the content; at a minimum, the user is always granted the same rights that would be associated with the purchase of a physical book. These include:
- The ability to sell, give, or loan the ebook to another person
- The ability to make copies consistent with copyright fair usage. CloakX printed copies are watermarked to discourage abuse of this right.
In addition, CloakX provides the user with advantages unavailable with physical books:
- The user can make backup copies of the ebook.
- The user can load the ebook on multiple devices and use any copy by connecting the SCD.
- The user can receive compensation by distributing copies of the ebook for sale to others.
XPay is the CloakX patent pending integrated payment system. Because the CloakX system is based on PKI, the digital signing process can be used to certify financial exchanges between authenticated parties.
Unlike a credit card transaction, in our systme, no confidential information must be exchanged between the two parties because the authentication that is done with an an account number is instead carried out by the signing process. Effectively, the seller presents an electronic invoice, which is then signed by the buyer and both parties receive certified copies.
Collection of funds can be accomplished in a variety of ways, for example, by means of a connection to existing credit, debit or wire transfer (ACH) accounts. Because both parties verify the process via non-repudiated transactions, it is not necessary for the parties to be connected to the Internet at the time of the purchase. Thus, it is possible for two parties to transfer funds simply by plugging their SCDs into the same computer and communicating through a common application. This capability means that it is possible to perform financial functions in a variety of offline settings as well as the common SSL - browser purchase environment.
The classic approach to federated identity is to have a master/slave relationship between a series of websites connected via SSL and XML. The primary site performs the login/authentication and these credentials are passed to secondary sites via an SSL connection. This is not a good risk model due to its hierarchical nature.
CloakX replaces this with a more secure scheme that eliminates the master slave relationship. The process is straightforward:
- User connects SCD and presents SCD pass-phrase via randomly placed on-screen keyboard simulator (to reduce key logging potential) or via SCD keypad if so equipped.
- User selects secure site via URL.
- Connection is made to the site via browser embedded in SCD.
- Remote site generates random one-time password and encrypts with user's public key.
- User SCD decrypts pass phrase and echos and digitally signs the result.
- Site verifies echo, signature and opens SSL connection
CloakX applications are a perfect match for today's university environment. Campus CloakX consists of a bundled application set that provides capabilities of significant value to college students:
Campus CloakX offers these benefits:
- Can be subsidized by colleges and universities (through student fees or other means)
- Provides students with legal access to music, video, ebook and software downloads
- Offers unrestricted sharing within the student community (including any other participating schools)
- Offers secure two-factor identification and authentication system for campus activities
- Offers secure cashless electronic payment capability
- Offers possible tie-in to MySpace.com, FaceBook.com, and other such websites
One of the growing issues faced by corporations today is the need to verify conformance to software license agreements while struggling to keep software expenditures to a minimum. When software applications are purchased on an ad hoc basis, it is far to easy for a company to lose track of how many licenses of each package are owned, what versions are they, and where and by whom they are being used.
As a result, companies are often faced with two prospects - run the risk of violating license agreements by erroneously running software in violation of license agreements, or avoid violations by purchasing more copies than are required.
Corporate CloakX can help. With Corporate CloakX, companies can purchase CloakX enabled software packages and pool all the licenses into one or more corporate SCDs. Licenses are then checked out from this pool and assigned to the SCDs of individual employees or specific workstations as required. Likewise, when a employee leaves the company or no longer needs to use a specific software package, the license is transferred back from the employee SCD to the pool SCD.
With Corporate CloakX, a company can provide real-time license compliance reports. The SCD usage license serves as proof of ownership ensuring that the company can make full use of upgrade and quantity discount offers.
Software dissemination is simplified. The company is free to pre-install multiple CloakX enabled applications on as many computers as they desire. An employee can then use authorized applications on any of the computers simply by connecting their SCD.
The Federated Identity capability provided by the CloakX SCD can be used as the basis for other security and access control requirements - such as accessing sensitive personal data on an HR website, or enabling secure VPN access to internal network resources from outside a corporate firewall.
CloakX applications involve the acquisition and storage of large quantities of digital content, be it in the form of video, music, images, ebooks or software. Users need a secure but convenient way to protect such data from loss due to computer failure, disk drive crashes, theft, or accidental deletion.
Corporate users recognize the importance of a robust backup strategy, and can justify the expense of backup servers and system administration staff to configure and maintain those servers. CloakX Distributed Data Backup addresses this need for home and SOHO users who do not have the luxury of a full time I.T. staff.
In sum, the benefits are these:
- Allows for either on-demand, scheduled, or continuous backup
- Operates in the background and is effortless (is similar to Google desktop)
- Peer-to-Peer backup. Critical data from each computer is securely encrypted and distributed amongst the other computers in a group.
- Focus is on data restoration, but can be used for full system recovery if sufficient backup capacity is allocated.
- Is especially efficient for small groups in which multiple computers tend to contain a high percentage of the same files for music, videos, and software.
CloakX digital media distribution includes support for a General Purpose Ad Server (GADS, patent pending)
When publishing to CloakX, the content owner has the option of providing ad-supported content. In this case, ads locations are coded into the video stream, but actual ad content is not embedded. Instead, ads are periodically received and cached from a broadband connected ad server. These cached ads are then dynamically inserted into the playback stream at the designated locations. Ad viewing history is collected, and returned to the ad server so the content owner can receive compensation for viewed ads. With GADS, the content owner can offer ad-supported content for a reduced price, possibly free, since with each viewing new advertisements can be inserted.
With ad-supported content, the user is not be able to skip over the ads. (remember, there is no such thing as a free lunch). However, the content owner can choose to offer a buyout option. With a buyout option, the customer can, at any time, choose to pay a fee to eliminate the ads in a specific video stream.
Feedback from the GADS process produces a valuable database of user preferences by providing the ability to score ads based on buyout factor. Those ads which are most objectionable will receive the highest number of buyouts.