tract, and the publisher wants to give access to the right people, who are allowed to exercise the provisions of the contract. Just about any piece of information that has some value that someone can exercise some right with regard to is the type of thing that you want to be able to control in this sort of system.
At InterTrust Technologies, we give the publishers tools that allow them to place the content in a container that provides any type of protection that the publisher wants. It can be encrypted or not; it can have integrity protection or not. There could be rules associated with the information placed in the container. There also could be other containers linked to that first container that contain additional rules, such as rules that the publisher thought of later on or rules that say that the previous rules are revoked.
Then you go through a distribution chain, which may have several tiers. According to the rules, people can do various things. They could change the unit price of an object that has commercial value, for example, or they could decide that you can forward it to someone else. Just about any action can be controlled at any level of the distribution chain.
Eventually, however, these things get back to the consumer. In our space, the consumer has to agree to rules, either implicitly or en masse. For example, if there is a license associated with something, then the user must agree to the license, which may make an implicit agreement for many other transactions that might happen down the road. But somehow or other, the consumer must be informed about the rules associated with the things that impinge on the consumer.
As an example, a rule might say that an audit record will be created if you engage in a specific transaction—an audit record that itself becomes protected content. This is done in a way such that the consumer is told, “You can have this piece of content for free. We will collect some unlinked, anonymous information about it, but we need to aggregate that information with information from other people.”
InterTrust’s role is to ensure that such things are done in a fair and accurate manner. For example, if someone says, “I will not collect data for an audit record about your use of this,” we can tell whether that statement is true, because we designed many of the mechanisms. The rules say that if an audit record is supposed to be created but instead an anomaly occurs, then the transaction will not go through. The idea is to have automation not just within the Web, but within any local area networks or personal area networks, such that the consumer could, for ex-