Encrypted Universal Model Format - COPYRIGHT PROTECTION


I wanted to float an idea that I have been discussing with @Judas about the concept of a universal model format. The idea, for example, could work with the FBX format. We could work with Autodesk to come up with an encrypted say, FBY format to which the 3D modeler would ultimately pack all the textures and data into and then it go through an encryption process so that no matter who is in possession of the new encrypted FBY format file, they can’t edit it in anyway.


Interesting discussion. How would Interface read it, if it is encrypted?


Oauth, public/secret key pair - callback to auth server.


Would this require a different keypair for each piece of content?


There’s no way of answering that without having a feel for if “protected” assets will have access to a central authorization service or each asset will have to be a self-contained package containing all data necessary to establishing ownership, rights of use and etc. I have my own ideas I’m implementing for my domains, but, to a certain extent - some of this becomes difficult to work with in an open environment. Just as HF has some portions of its architecture that aren’t public code/knowledge - this subject may require some similar… obfuscation.


Nice idea, but it feels something is misisng or going wrong.
If autodesk is making some FBY format, it need to be open so blender can implement it.
But as soon its open. i think the protection is gone. Offcorse its harder to crack the keypair.

Missing a few puzzle pieces


It’s an entire system that has to be created. How a model is encrypted is just a single leaf of a tree in forest. It ties into identity systems for creator, authorized user as a placer of object, viewer for seeing object,. An inventory system for control of asset placement restrictions (count, locations etc), and a mass of other things that all work together providing an asset system vs just spewing out a data stream to anyone knowing a URL for it. SL/OS relies upon only having one source for an asset as part of control - here we will need to either mimic that (hopefully not) or create robust protocols that allow an asset to exist anywhere but only be useful to those whom it should be useful to.

Some of it can be distributed, hopefully, allowing object packages to live anywhere yet still be controlled. It’s a far from simple system to engineer and, likely will require some form of centralized system that’s trusted in general terms. At a minimum you have to rely on the existing HF centralized system for identity as it’s the only recognized source of who we are.


But the centralized system only need to store owner info , creator, owner , date etc. no real assets. Thats a big difference in costs compared to SL


Sky tv in the uk is encrypted, U get a card that goes in your satellite tv box then u can watch tv. its been like that for oh 20 years and has never been cracked, or we would all have free satellite tv or well i would.

So i imagine for hifi you have some code generated linked to your user name verified against your password from the name server that locks and unlocks things if it matches up.
Hifi cant be the only instance of needing to do this. What does everyone else do?


Yup - something like that. But it not being cracked duration is directly related to care taken in the basis of implementation.


I think @Judas with his example of the encrypted TV is an example, albeit it partially-related, nonetheless a working example of how this concept is workable and successful.

@OmegaHeron quite brilliantly captured the terminology I was struggling with. A, “Central Authorization Service”, is literally the framework needed to connect the appropriate public and private keys to guarantee authenticity.

This development would then allow completely decentralized hosting with no fear of grabbing the hosted product (in our example the new FBY encrypted file) and manipulating and/or re-hosting.


In the example, the theoretical FBY format would be implemented to any popular format including Blender. The conversion utility would be open source.


I like the idea of a model format that includes some form of copy protection, leaving the specifics of encryption/authorization, and the like to those more well versed than I am. As a content creator, and someone who was there in the days of the big market boycott when content creators were protesting how rampant copybotting was getting, but at the end of the day, by the nature of needing to download the object to the local machine, there’s always a way to dig it out. Encryption though would certainly limit the level of it happening.


oh oh oh can we stick em in password protected rar or zip files where the passwords are tied to ur name? Then it will work for any file format


Sorry judas, sofar i know that system where cracked in the past, Also the CI+ system we use here for cable tv seems crackable. Or it where cracked.

I would not bet on ‘it’s never cracked’.


As you say it’s about limiting, you can’t really have 100% security, but you can make things hard enough to be a deterrent. Just for the sake of clarification regarding the Sky example, it is actually possible to crack Sky’s encryption. it’s uses Nagra encryption. From what I know people have been able to crack it, but because the encryption is updated so often it made it too hard to simply sell cards to unlock it like with other systems.

That’s semantic though, the point is the system does a good job.


¬.¬ and who do i see about one of these knock off set top boxes :wink:


I am not a big consumer in SL but I do like to buy and use things that others have made. In HiFi I am looking forward to being able to buy UI modules, avatar bots and other things that were not practical to create in other worlds.

I don’t think that HiFi should directly provide any IP protection for interface, stack manager or assignment clients.

I feel that in many scenarios for a true 3d web (Virtual World), you would not want the overhead of asset copy protection (games on tablets or mobile, spaces used to promote RL products or places, etc. to name a few).

I would like any IP protection mechanism to be provided as an add-in opt-in service as in HTTP vs HTTPS. And even so, I worry about the cost in terms of performance and bandwidth with avatars, wearables, distributed asset servers and assignment clients.


There is one crazy alternative. Everything is fully open source, no IP allowed.


or we only have stolen content like in open sim :smiley:

runs to hide