Commencement of digital library transaction and use
In the commencement of digital library transaction, both the publishers (and a trustee who is involved in the transaction), and users will want to ensure that their respective partners are indeed who they claim to be which mean that they have to authenticate each other.
Similarly, the content to be authentic is required for the publisher and the users, which mean that the given publishers has actually published the content that no one has added or removed from the package. It is safe to eavesdropping; the content should not be transferred and stored in a readable format.
It is often forgotten, but the requirements of authenticity and integrity are not only relevant to the content, but also may bring the contents of the contract offer, and which provides the terms and conditions, under which the user can apply the content. The publishers may have to prove that the user to accept the terms and conditions and the user might be needed a right to do signed copy.
Once readers accept the offer of the contract then both the publisher and the readers must adhere by the terms and conditions. That includes payment and compliance to the copyright from the perspective of publishers and the right to use the information from the reader's point of view. It may also be important for the privacy of the readers, no third party should be able to track that what content is being read by which reader.
The content items of the digital library may be very large so that the separation is often useful to distribute large amounts of data encryption and key management control the content through the release of information distribution and licensing. Then, the distribution can take over a cheap broadcast channel to access the content can be controlled through a non-broadcast channels. This channel is basically a "key exchange” between the user's personal computer and dedicated the patent / license clearing house. The distribution of the actual contents of all the data, it is envisaged how to enable, not only the Internet, but also including digital cable TV, satellite broadcast, CD-ROM publication, and so this concept, known as "super distribution” that gives a very a flexible use of the most appropriate distribution method to the publisher.
The good news is that the present technology provides a sufficient foundation to meet both the demands of users and publishers:
- The authentication of the publisher and the reader are provided by the entity authentication.
- By using the message authentication or digital signatures, it can check the content, the contract offer and acceptance.
- The secrecy of the content is provided by encryption.
- The digital signatures can provide non-repudiation of offer or contract. ( and non-technical means, implementation of the recognized contracts).
- The copy-protected content can be identified through the use of digital marking on the content to determine the content owner and identify the user to obtain a copy of the original. In addition, the user's computer program may be forced to copy protection.
There are diversity ways to deploy these techniques in the security systems and some of them are suitable for digital libraries.
If the user reading the file with the Web browser likes Netscape 3.0, there is the key at the bottom left corner. If the key is solid which indicate that the user and the server are connected by an encrypted channel.
At the beginning, the browser asks the server's public key certificate which was signed by a trusted agency. The browser has been seeded by the browser's manufacturer with the public keys that you may want to trust. Because the browser now know and believe the server's public key, in which the data can be encrypted and sent to the server. In sending large amounts of encrypted data with the slow public key algorithm, the browser uses a common technique- it will choose a random key, it is encrypted with the public key algorithm and send it to the server, and proposed that the new key or session key is used together witha fast symmetric encryption algorithm to protect the rest of the session.
It may also be that a server can ask the browser to send the user's own public key certificate to return to the server so that it can be sure who it is talking to.
The key icon will not tell the user whether to use SSL or SHTTP, a uniform above are equivalent. Secure Sockets Layer, by definition, works in a very low level of Internet protocols and all use of the Internet protocols such as FTP, Telnet, URL, etc. can also be protected by SSL. In contrast, SHTTP limited to HTTP protocol, it is the one applied by the web.
The SSL was originally proposed by Netscape, but it has been submitted to the validation of the Internet Engineering Task Force (IETF). SSL is the ignorance of the high-level details of the protocols, and what is being transported. It is given by the application-independent of SSL a greater flexibility, but there is the disadvantage that point -to -point protection of the data can only be offered during the communication process. In the source and target environment, data is in the clear. It is not in SSL's capableness to protect the data when the host of the system has been damaged, or detect and repair when the key is a compromised.
SHTTP is more of an application protocol. SHTTP is a superset of HTTP, and to increase the authentication, confidentiality, and integrity. The system does not rely on any particular encryption system, key infrastructure, or encrypted format. Messages are encapsulated in SHTTP, including various forms of encryption, signing, or authentication. Messages may be encapsulated several packages to achieve a variety of security features. It can provide header definitions for key transfer, the transfer of certificates, and similar administrative functions.
SHTTP including several major certification program for their support. Certification can provide a critical information, or to obtain from elsewhere. As in SSL, if client authentication is not necessary, the client's public key is not required.
A secure HTTP message consists of a status line followed by Internet text message headers and some content. Content can be raw data, a secure HTTP message, or HTTP message.
What is wrong with SSL /SHTTP that protected content and digital library users? From viewpoint of the user, there may not much. In these protocols, the eavesdropping protection system is very good. It is ensured that the authenticity of the information, if the user trusts the server because they know that they are connected to it, not to a liar.
The main disadvantages of SSL / SHTTP are not to the reader, but to publishers and information keeper - the library staff. Publishers must be running a secure server to ensure authenticity in an SSL or SHTTP world. Many publishers have found that operating, maintaining and supporting of the server are not their strengths—the publishers want to concentrate on the quality of the information, not to become as a computer services bureau. It is better to let somebody worry about how the information is sent to end-users.
Secondly, the encryption that can provide the copyright protection? It is protection, yes, but the main attack on the possibility of an effective link from the end user who is on the re-allocation of the received data than they are entitled to against the eavesdropping. End-users must be given a valid key. It is far better in protecting the content with the digital marking (fingerprinting, watermarking). Since SSL and SHTTP are in too low operating, they cannot express the concept of content have to be marked.
All awkwardnesses of the SSL and SHTTP current publishers, they also present the librarians, some additional observations. In order to provide the same integrity and authenticity to ensure to their customers, librarians must operate a secure server, management is not only the technical aspects of the protocols, but also responsible to the physical secure environments: locked rooms, electronic and physical limited access, etc. And then how the librarians could track a variety of terms and conditions of publishers and their various items of content?
Even in the digital world, there are many advantages of the role of middle tier library among publishers and consumers and then from the viewpoint of security, the middle tier must be fully integrated into the system to meet all security requirements of digital libraries. In this paper, we demonstrated the various possibilities for the security systems and discourse their usefulness for digital library system. In the common security systems, which are useful to defend less complex, point-to-point transactions, a number of weaknesses in the digital library and then secure container technology seem well suited for digital libraries. Secure containers also seem to be suited to the old which increasingly tend to be executed by digital means.
Need an essay? You can buy essay help from us today!