`System (EBX)
`Version 0.8
`
`
`
`The complete technical specifications for the Electronic Book Exchange (EBX)
`system for interoperable applications and devices that use public-key
`cryptography for copyright protection and distribution of electronic books.
`
`The EBX system is being developed by the EBX Working Group, whose
`members are Adobe Systems Incorporated, the American Library Association,
`Audible, ContentGuard, DigitalOwl.com, Glassbook, GlobalMentor, Nokia,
`RightsMarket.com, SoftLock.com, Thomson Consumer Electronics, Versaware,
`and Yankee Rights Management.
`
`July 2000 Draft
`
`Copyright © 2000 Book Industry Study Group, Inc. All rights reserved.
`
`Editorial contact:
`
`Glassbook, Inc., 1601 Trapelo Rd., Waltham, MA 02451
`781-434-2000 ebx-editor@glassbook.com
`
`Petitioner Apple Inc. - Exhibit 1030, p. 1
`
`
`
`2
`
`EBX System Specification – Draft 0.8
`
`09/06/00
`
` 1
`
` AN OVERVIEW OF THE EBX SYSTEM..........................................................................6
`1.1
`TERMS..............................................................................................................................6
`1.2
`ROLES ..............................................................................................................................7
`1.3
`SYSTEM PRINCIPLES.........................................................................................................8
`1.3.1 Consumer Needs..........................................................................................................8
`1.3.2 Bookseller and Distributor Needs.............................................................................10
`1.3.3 Publisher Needs.........................................................................................................10
`1.3.4 Author Needs.............................................................................................................11
`1.3.5 Library Needs............................................................................................................11
`1.4
`ASSUMPTIONS ................................................................................................................12
`1.5
`BASIC DESIGN................................................................................................................12
`1.6
`VOUCHERS .....................................................................................................................14
`1.7
`FUNCTIONAL MODEL .....................................................................................................15
`1.7.1 Publishing..................................................................................................................15
`1.7.2 Distribution to Online Booksellers and/or Distributors ...........................................16
`1.7.3 Delivery to Consumers..............................................................................................17
`1.7.4 Transfer Between Consumers – “Give/Lend” ..........................................................18
`1.7.5 Transfer Between Libraries and Consumers.............................................................19
`2 TRUST MODEL...................................................................................................................21
`RELIANCE ON TRUST FOR NEGOTIATION OF DETAILS.....................................................21
`2.1
`RESULTS AND EFFECTS OF THE TRUST MODEL ..............................................................21
`2.2
`2.3
`NEED FOR PRESCRIPTION ...............................................................................................22
`2.4
`TRUST MODEL OVERVIEW .............................................................................................22
`2.4.1 Behavior of Components in a Multivendor Environment..........................................22
`2.4.2 Future Versions.........................................................................................................22
`2.4.3 Evaluation and Rating of Products from Different Manufacturers ..........................23
`2.4.4 Trustedness and Trust Services.................................................................................24
`2.4.5 List of Trust Services.................................................................................................25
`2.4.6 Factors Affecting the Value of Content.....................................................................26
`CHARACTERIZING TRUST LEVELS ..................................................................................28
`2.5
`2.5.1
`Scope of Particular Failures.....................................................................................28
`2.5.2
`Skill, Tools and Expense Required to Cause Failures ..............................................29
`2.5.3 Trust Levels and Certification...................................................................................30
`2.5.4 Perspectives on the Six Levels of Trust .....................................................................32
`2.5.5 Definitions of Trust Levels ........................................................................................32
`3 FOUNDATION TRUST SERVICES .................................................................................38
`3.1
`PKI: FOUNDATION MECHANISM FOR AUTHENTICATION................................................38
`3.1.1 Requirements.............................................................................................................38
`3.1.2 Overall EBX Certificate Authority Architecture .......................................................39
`3.1.3 Vendor Certificate Authorities ..................................................................................41
`3.2
`COMPONENT TRUST LEVEL CERTIFICATION...................................................................43
`3.2.1 Certification Criteria.................................................................................................44
`3.2.2 Certification Methods................................................................................................45
`3.2.3 Certification Entities .................................................................................................46
`
`Petitioner Apple Inc. - Exhibit 1030, p. 2
`
`
`
`3
`
`
`
`EBX System Specification – Draft 0.8
`
`09/06/00
`
`3.2.4 Reviews......................................................................................................................46
`4 TRANSFER PROTOCOL...................................................................................................47
`4.1
`TRANSFER PROTOCOL AND TRANSPORT PROTOCOLS.....................................................48
`4.2
`DOMAINS OF TRUST .......................................................................................................48
`4.3
`EXAMPLE OPERATION – E-BOOK PURCHASE..................................................................49
`4.4
`NOTATIONAL CONVENTIONS AND GENERIC GRAMMAR.................................................50
`4.5
`HTTP IMPLEMENTATION NOTE: EBX HTTP REQUEST ................................................50
`4.6
`HTTP IMPLEMENTATION NOTE: EBX HTTP HEADER EXTENSIONS ............................51
`4.6.1 EBX-Action Header...................................................................................................51
`4.6.2 EBX-Version Header.................................................................................................51
`4.6.3 EBX Challenge-Response Headers ...........................................................................52
`4.7
`RECEIVING FULFILLMENT INSTRUCTIONS (HANDOFF)....................................................53
`4.7.1 Handoff Request to Voucher Server..........................................................................53
`4.7.2 Voucher Server Processing of Handoff Request .......................................................53
`4.7.3 Handoff Response from Voucher Server (XML fulfillment instructions)..................54
`4.7.4 Client Processing of Handoff Response from Voucher Server (XML fulfillment
`instructions)............................................................................................................................56
`GETTING VOUCHER(S) ...................................................................................................56
`4.8
`4.8.1 Voucher Request to Voucher Server (purchase, borrow) .........................................56
`4.8.2 Voucher Server Processing of Voucher Request (purchase, borrow).......................58
`4.8.3 Response from Voucher Server (purchase, borrow) .................................................59
`4.8.4 Client Processing of Response from Voucher Server for Voucher Request (purchase,
`borrow) 60
`4.8.5 Acknowledgment Request to Voucher Server (ACK) ................................................61
`4.8.6 Voucher Server Processing of Acknowledgment Request (ACK)..............................62
`4.8.7 Acknowledgment Response from Voucher Server (ACK) .........................................62
`4.8.8 Client Processing of Acknowledgment Response from Voucher Server (ACK)........63
`GETTING ENCRYPTED E-BOOK(S)...................................................................................63
`4.9
`4.9.1 Content Request to Content Server (purchase, borrow) ...........................................63
`4.9.2 Content Response from Content Server (purchase, borrow) ....................................63
`4.10 GIVING OR LENDING A BOOK (CONSUMER TO CONSUMER).............................................64
`4.10.1
`Transfer Request from Owner to Receiver (give, lend).........................................64
`4.10.2
`Transfer Response from Receiver to Owner (give, lend) ......................................65
`4.10.3
`Owner Processing of Transfer Response from Receiver (give, lend) ...................67
`4.10.4
`Voucher Transmission Request from Owner to Receiver (give, lend) ..................68
`4.10.5
`Receiver Processing of Voucher Transmission Request (give, lend)....................69
`4.10.6
`Voucher Transmission Response from Receiver to Owner (give, lend)................69
`4.10.7
`Owner Processing of Voucher Transmission Response from Receiver (give, lend)
`
`70
`4.10.8
`Content Transmission Request from Owner to Receiver (give, lend) ...................70
`4.10.9
`Content Transmission Response from Receiver to Owner (give, lend).................71
`4.11 ELECTRONIC MAIL TRANSFER........................................................................................71
`4.12 EBX ERROR HANDLING AND FLOW...............................................................................71
`4.12.1
`HTTP Implementation Note ..................................................................................71
`4.12.2
`Successful Requests to Voucher Servers ...............................................................71
`4.12.3
`Failed Requests to Voucher Servers......................................................................72
`
`Petitioner Apple Inc. - Exhibit 1030, p. 3
`
`
`
`4
`
`
`
`EBX System Specification – Draft 0.8
`
`09/06/00
`
`Discussion of Voucher Fulfillment and ACK........................................................73
`4.12.4
`5 VOUCHER ENGINE MODEL...........................................................................................75
`5.1
`VOUCHER ENGINE PROCESSING .....................................................................................75
`5.2
`VOUCHER ENGINE RULES ..............................................................................................75
`5.3
`VOUCHER ENGINE INTERFACES......................................................................................76
`5.3.1 Create Voucher .........................................................................................................76
`5.3.2
`Issue Voucher ............................................................................................................77
`5.3.3 Revoke Voucher.........................................................................................................77
`5.3.4
`Import Voucher .........................................................................................................78
`5.3.5 Delete Voucher..........................................................................................................78
`5.3.6
`Issue Nonce ...............................................................................................................78
`5.3.7
`Issue Credentials.......................................................................................................79
`5.3.8 Encrypt Content.........................................................................................................79
`5.3.9 Decrypt Content ........................................................................................................79
`5.4
`VOUCHER ENGINE PROCESSING OF EBX RIGHTS...........................................................80
`5.4.1 Writing EBX Rights in a Voucher .............................................................................80
`5.4.2 Enforcing EBX Rights in a Voucher..........................................................................81
`6 METADATA FORMAT......................................................................................................82
`6.1 METADATA ELEMENT ....................................................................................................82
`6.1.1
`Identifier Element......................................................................................................82
`6.1.2 Format Element.........................................................................................................83
`6.1.3 Metadata Example.....................................................................................................83
`7 VOUCHER FORMAT.........................................................................................................85
`RIGHTS SPECIFICATION ..................................................................................................85
`7.1
`7.1.1 Rights Overview ........................................................................................................85
`7.1.2 Licensee.....................................................................................................................86
`7.1.3 Transfer Rights..........................................................................................................86
`7.1.4 Usage Rights .............................................................................................................87
`7.1.5 Authorization context ................................................................................................87
`7.1.6 Consideration............................................................................................................87
`7.1.7 Portion.......................................................................................................................88
`7.1.8 Target ........................................................................................................................88
`7.1.9
`Scope .........................................................................................................................89
`7.1.10
`Consumer’s knowledge of rights...........................................................................89
`VOUCHER OBJECT..........................................................................................................89
`7.2
`7.2.1 EBX-Voucher – Voucher start-tag ............................................................................90
`7.2.2
`ID – ISBN, DOI, or URN element .............................................................................90
`7.2.3 ContentKey – Content decryption key element .........................................................91
`7.2.4 CopyCount – Count of authorized copies element....................................................91
`7.2.5 Rights – Basic permissions element ..........................................................................92
`7.2.6 Lending – Lending Timeout and Status Element.......................................................92
`7.2.7 PersonalUse – Personal use element........................................................................93
`7.2.8 MAC – Message Authentication Code element........................................................93
`8 FORMAT OF OTHER OBJECTS .....................................................................................95
`
`Petitioner Apple Inc. - Exhibit 1030, p. 4
`
`
`
`5
`
`
`
`EBX System Specification – Draft 0.8
`
`09/06/00
`
`CREDENTIALS OBJECT FORMAT .....................................................................................95
`8.1
`8.1.1 Credentials – Credentials start-tag...........................................................................95
`8.1.2 AuthenticationScheme ...............................................................................................96
`8.1.3 Nonce.........................................................................................................................96
`8.1.4
`SignedData................................................................................................................97
`9 APPENDIX A: CERTIFICATION POLICIES AND PROCEDURES ..........................98
`
`APPENDIX B: APPLICABLE LAWS..........................................................................99
`10
`10.1 U.S. EXPORT LAWS........................................................................................................99
`10.2
`(U.S.) DIGITAL MILLENNIUM COPYRIGHT ACT ...........................................................100
`11
`APPENDIX C - CONTENT FORMAT REQUIREMENTS.....................................101
`
`APPENDIX D - CONTENT FORMAT USAGE GUIDELINES .............................102
`12
`12.1 OPEN EBOOK FORMAT .................................................................................................102
`12.1.1
`Container File Format ........................................................................................102
`12.1.2
`Encryption ...........................................................................................................103
`12.1.3 Metadata..............................................................................................................103
`12.1.4
`Display Properties...............................................................................................103
`12.1.5
`Font Embedding ..................................................................................................103
`12.1.6
`Open eBook Book Design Guidelines .................................................................103
`APPENDIX E - REFERENCES ..................................................................................105
`
`13
`
`APPENDIX F - EDIT HISTORY ................................................................................107
`14
`14.1 VERSION 0.1.................................................................................................................107
`14.2 VERSION 0.2.................................................................................................................107
`14.3 VERSION 0.3.................................................................................................................107
`14.4 VERSION 0.4.................................................................................................................107
`14.5 VERSION 0.5.................................................................................................................108
`14.6 VERSION 0.6.................................................................................................................108
`14.7 VERSION 0.7.................................................................................................................108
`14.8 VERSION 0.8.................................................................................................................108
`
`
`
`Petitioner Apple Inc. - Exhibit 1030, p. 5
`
`
`
`6
`
`EBX System Specification – Draft 0.8
`
`09/06/00
`
` 1
`
` An Overview of the EBX System
`This document describes the Electronic Book Exchange (EBX) system. The EBX system
`defines the way in which electronic books (e-books) are distributed from publishers to
`booksellers and distributors, from booksellers to consumers, between consumers and between
`consumers and libraries. It describes the basic requirements of electronic book reading devices
`and the electronic books themselves.
`
`It also describes how these “trusted” components interact to form a comprehensive copyright
`protection system that both protects the intellectual property of authors and publishers as well as
`describes the capabilities required by consumers. In addition, the model describes in general
`how products and revenue for those products are generated and managed.
`
`The EBX system does not define a specific “content” file format (e.g., PostScript, PDF, HTML,
`XML). However, it does assume a minimum set of capabilities and features in the content and
`these are described in an appendix to this document.
`
`1.1 Terms
`The following terms are part of the EBX system.
`•= E-book – A digital object that is an electronic representation of a book. While an e-book
`can consist of a single page, it is normally thought of as an electronic analog of a multi-
`page hardcover or paperback book. An e-book is the so-called "content" in the EBX
`model. An e-book may come in a variety of formats, including, but not limited to, PDF,
`Open eBook Publication Structure 1.0, and various other textual and multimedia formats.
`•= E-book Reading Device – Typically a hand-held electronic device that is capable of
`displaying one or more e-books. Non-dedicated devices such as notebook and desktop
`PCs and PDAs can also be used as e-book reading devices.
`•= E-book Reading System – The combination of an e-book reading device with software
`or hardware that enforces copyrights and permissions. The system contains a voucher
`engine.
`•= Voucher – A digital object that describes an e-book’s transfer and usage permissions and
`copyrights. These are also called intellectual property rights. A voucher can be passed
`from one entity in the system to another entity. For example, a publisher can use a
`voucher to pass the permission to sell multiple copies of an e-book to a bookseller, or a
`consumer can use a voucher to pass the permission to use a copy of an e-book for a
`specified period of time (i.e., lend the e-book).
`•= Voucher Engine – The software or hardware that creates, imports, modifies, and reads
`vouchers. The voucher engine enforces copyrights and transfer and usage permissions.
`•= Protocol Engine – The software or hardware that generates, transmits, and receives
`network messages using the transfer protocol defined in this specification.
`
`Petitioner Apple Inc. - Exhibit 1030, p. 6
`
`
`
`7
`
`
`
`EBX System Specification – Draft 0.8
`
`09/06/00
`
`•= Voucher Server – The computer system that is responsible for delivery of vouchers from
`one place to another. This system operates a voucher engine.
`•= Content Server – The computer system that is responsible for delivery of e-book content
`from one place to another.
`•= Title – A copyrighted work prepared by a publisher.
`•= Copy – An individual instance of a title, sold by a bookstore, lent by a library, etc.
`
`1.2 Roles
`The EBX system includes roles that interact with each other. A role is a function within the EBX
`system, not an entity (an individual or organization). An entity can assume more than one role,
`and a role can be distributed across more than one entity. An entity can also delegate a role to
`another entity.
`
`The EBX system includes the following roles:
`•= Publisher – Creates e-books and their associated vouchers and sells them to booksellers
`and libraries (either directly or through distributors).
`
`The publisher is the root source for initial encryption of e-books and creation of the
`associated vouchers for those books. The permissions for further modification, transfer,
`or sale of the vouchers are specified in the initial vouchers.
`The publisher operates a voucher server to create e-books and vouchers and to transfer
`them to others.
`•= Voucher Distributor – Obtains vouchers from publishers and distributes them to
`booksellers, consumers, or libraries.
`
`The voucher distributor operates a voucher server.
`•= Content Distributor – Obtains e-books from publishers and distributes them to
`booksellers, consumers, or libraries.
`
`The content distributor operates a content server.
`•= Bookseller – Sells e-books to consumers or libraries.
`
`This role represents where value (if any) is exchanged to acquire e-books and the
`vouchers for those e-books. The bookseller is the role that authorizes the consumer or
`library to purchase an e-book.
`•= Library – Purchases e-books from publishers, booksellers and distributors and lends
`them to consumers.
`
`This role is similar to bookseller, except that value is not typically exchanged, and the e-
`books that the consumer obtains have vouchers that expire after a period of time (the loan
`period).
`
`Petitioner Apple Inc. - Exhibit 1030, p. 7
`
`
`
`8
`
`
`
`EBX System Specification – Draft 0.8
`
`09/06/00
`
`•= Consumer – Purchases e-books from booksellers or borrows e-books from libraries.
`
`The consumer’s e-book reading system is activated when the consumer completes a
`purchase transaction with a bookseller or a loan transaction with a library. The e-book
`reading system negotiates with the voucher server and/or content server specified by the
`bookseller or library to transfer e-books and vouchers from the voucher and content
`servers to the e-book reading system.
`A consumer may also give or lend an e-book to another consumer. The two consumers’
`e-book reading systems negotiate with each other to transfer e-books and vouchers from
`one e-book reading system to the other.
`Following are some examples of assumption and delegation of roles by entities:
`•= A publisher can delegate its publisher role to a distributor.
`•= A bookseller can delegate its bookseller role to a distributor.
`•= A bookseller can assume the voucher distributor or content distributor role for the books
`it sells.
`•= A library can assume the voucher distributor or content distributor role for the books it
`lends.
`
`1.3 System Principles
`[Editorial note. This section has not yet been edited for Version 0.8. It might more appropriately
`appear in an introduction that is not part of the specification.]
`
`The EBX system is designed around a number of basic principles that reflect the needs of the
`people who will use it. These principles are specific to the copyright and distribution
`requirements, not the content format.
`
`1.3.1 Consumer Needs
`These needs represent the requirements of the people who matter most in an electronic book
`system: the people who actually read the books. The system must satisfy the consumer or else
`there is no market at all for electronic books. The paper book has undergone centuries of
`evolution, and consumers have grown accustomed to its current capabilities. A viable e-book
`system must at least provide an equivalent to paper book capabilities, and in most cases it must
`enhance those capabilities. To put it simply: to consumers, electronic books must be a clear
`improvement over paper books.
`
`•=
`
`Interoperability – Consumers need to be able to read any book, from any publisher on
`any device. They do not want to be in a position where the reading device or software
`that they own is incapable of reading a book that they desire.
`•= Ease of Use – This is an obvious consumer requirement, but it bears repeating. If the
`system is not extremely easy to use, consumers will simply continue to buy paper books.
`
`Petitioner Apple Inc. - Exhibit 1030, p. 8
`
`
`
`9
`
`
`
`EBX System Specification – Draft 0.8
`
`09/06/00
`
`Obtaining a book electronically must be easier than going to a bookstore to buy a paper
`book, easier than going to a library to borrow a book, easier than packing a book in a box
`to mail to a friend, easier than lugging a stack of books on a trip or to school and easier
`than filling a home with bookcases to create a family library.
`•= Transparent Performance – One of the compelling advantages of e-books is “instant
`gratification.” In other words, when a consumer wants a book, he/she can get the book
`immediately. Therefore, the system must perform its necessary tasks very quickly:
`downloading, re-encrypting, transferring, displaying, etc. In fact, all of these operations
`should be so quick that they become transparent.
`•= Giving and Lending (First Sale) – Consumers know that once they buy a copy of a
`paper book, within the limits of the rights of the copyright laws, the copy is their
`possession, and they can dispose of the copy as they wish. They can give their copy of
`the book to another consumer, they can lend their copy for a limited time to another
`consumer, they can give the copy to a public library for lending to other consumers, and
`the can sell a book to a used bookstore. A recent survey showed that about 60% of
`consumers in the U.S. borrow books from their public libraries. Consumers also expect
`that a copyright holder is paid for a book only the first time it is sold. In the U.S. this is
`known as the “First Sale” clause of the Copyright Act.
`•= Copyright Law Help (Fair Use or Personal Use) – Copyright laws are complicated and
`seemingly ever changing. While most consumers are law-abiding, they get frustrated by
`constantly being told what they can and cannot do with electronic media. The fine print
`in so-called “shrink-wrap” software license agreements and “FBI Warnings” on
`videotapes and disks can be difficult to understand and lessen the enjoyment of the
`entertainment. Electronic books may be able to avoid the fine print and warnings by
`making automatic what you can and cannot do with a copyrighted work.
`•= Backup – Consumers have experience with the unreliable nature of computer storage
`devices and will require a way to either make backup copies of their e-books or entrust a
`third-party guardian service to keep backups of their e-books.
`•= Backward Compatibility – Consumers want to buy e-books with the confidence that the
`e-book titles they buy today will be readable on the devices of tomorrow.
`•= Privacy – Consumers expect that their e-book purchases, borrowing, and subsequent
`transfer records will remain private and not be made available to third-parties. Some
`consumers even demand the ability to perform e-book transactions anonymously, as they
`do with paper book purchases today (e.g., with e-cash).
`•= Added Value – For consumers to make the leap to e-books, there has to be additional
`value in e-books over and above paper books. For example, immediate delivery,
`searching, categorizing, word lookup, and e-mail lending provide additional value to e-
`books.
`
`Petitioner Apple Inc. - Exhibit 1030, p. 9
`
`
`
`10
`
`
`
`EBX System Specification – Draft 0.8
`
`09/06/00
`
`•= Authenticity of Content- Consumers need assurance that a particular copy of an e-book
`is exactly as published by the publisher and has not been tampered with or modified.
`•= Preview – Consumers would like to be able to preview e-books before they buy them.
`•= Refund – Consumers need a way to get a refund if a particular e-book is not what they
`wanted. The exact refund policy will be at the discretion of the bookseller.
`
`1.3.2 Bookseller and Distributor Needs
`These needs represent the requirements of booksellers and distributors, whether they are online
`or brick-and-mortar stores.
`•= Copyright Protection – Booksellers and distributors have a permission that will be
`granted by publishers: to make copies of e-books for sale to consumers, other booksellers
`and libraries. Booksellers and distributors require that the e-book system transparently
`enforce the rights of the copyright owners.
`•= Scalability – A large online bookseller may have a Web site that sells to millions of
`customers. An online book distributor may have a site that distributes to thousands of
`booksellers. On the other hand, a small bookshop on Main Street may have a kiosk that
`sells to a hundred local consumers. The e-book system must be extremely scalable to
`span these different needs.
`•= Liability Security – Booksellers need the copyright protection system to protect e-book
`titles on bookseller servers to lim