DIGITAL MUSIC ELECTRONIC COMMERCE
Addressing the super distribution model
Carlos Serrão and Joaquim Marques
ISCTE/Adetti, Ed. ISCTE – Av. Das Forças Armadas – 1600-082 Lisboa – Portugal
IPCB, Av. Pedro Alvares Cabral Nº12 – 6000 Castelo Branco - Portugal
Keywords: Digital Music, DRM, Super-Distribution, P2P Business Models
Abstract: Music is from far one of the most important types of media that is being exchanged in today's open
networks. Users, pushed by a growing number of factors are exchanging more and more music files using
popular P2P sharing technologies, such as Kazaa, e-Mule or Gnutella. If from one side this fact is important
and positive, from the other side it is driving to a growth in the number of piracy situations, related to the
violation of the authors copyright. Super distribution is from far the most popular electronic business model
on the Internet and the World Wide Web. This is especially true when digital formatted content, such as
music, videos or even books are considered. What are the main reasons for these facts? - Because it works.
This paper proposes an approach to address such IPR issues trough the usage of an open DRM architecture.
1 SUPER-DISTRIBUTION
The tremendous potential of “super-distribution” on
the Internet has been demonstrated by the peer-to-
peer file sharing systems, such as Napster and
Gnutella. To date, this technique has mainly been
limited to illegal distribution of copyrighted material
by communities of Internet users, although it is now
also being used legitimately by media companies for
advertising and to promote products/services.
Whilst super-distribution has shown its tremendous
potential, this e-commerce model has yet to achieve
commercially sustainable revenues, mainly due to
the lack of any mechanisms for content protection
and payment for licensed material. Super-
distribution and peer-to-peer technologies have
therefore initially been used mainly for the illegal
distribution and copying of copyrighted material.
However, once a licensing scheme has been adopted
and interoperability issues have been addressed,
super-distribution is likely to be one of the key
techniques used to promote and sell digital media
(Bill, 2003).
2 OPENSDRM DESCRIPTION
OpenSDRM deploys a traditional DRM solution for
content rights protection (Siegert, Serrão, 2003) that
can be applied for publishing and trading of digital
multimedia content. Additionally, the security
architecture proposed started from the OPIMA
international specifications (IEC/ITA, 2000),
MPEG-4 IPMP Extensions (King, Kudumakis,
2001) (Lacy, Rump, Kudumakis, 1998) and the
emerging MPEG-21 IPMP architecture (Bormans,
Hill, 2002) as well as with some of the proposals for
JPEG2000 standard Part 8 – JPSEC – JPEG2000
security (Kudumakis, 2003). This DRM solution is
composed of several optional elements covering the
content distribution value chain, from content
production to content usage. It covers several major
aspects of the content distribution and trading:
content production, preparation and registration,
content, interactive content distribution, content
negotiation and acquisition, strong actors and user’s
authentication and conditional
visualization/playback (EC, 2002).
OpenSDRM is composed by a set of external and
internal components which interact with each other.
The components and actors that interact externally
with the OpenSDRM architecture (Serrão, Neves,
Barker, Balestri, Kudumakis, 2003) are: User, IPMP
Tools Provider, Content Provider, Payment
Infrastructure and Certification Authority.
The internal components of the OpenSDRM
platform and the corresponding interfaces are:
Media Application, Media Delivery Server,
375
Serrao C. and Marques J. (2004).
DIGITAL MUSIC ELECTRONIC COMMERCE Addressing the super distribution model.
In Proceedings of the First International Conference on E-Business and Telecommunication Networks, pages 375-378
DOI: 10.5220/0001389803750378
Copyright
c
SciTePress
Commerce Server, Authentication Server, License
Server, IPMP Tools Server, Registration Server,
Content Preparation Server and the Payment
Gateway.
3 SUPER-DISTRIBUTION IN
OPENSDRM
In this section a description on how OpenSDRM
handles the super-distribution model is provided.
Basically, the super-distribution scenario is very
simple: a user obtains content and gives it away to
his friends, that after may give the same content to
its own friends and so on. However, for this section
we consider the following two scenarios:
1 The User buys content and gives to a Friend:
this scenario demonstrates the case in which the
User obtains a content file (music) and then shares it
with a friend;
2 The User buys content and gives to a Friend
together with its own access rights (license): this
second scenario, only makes sense in the sense that
the DRM is protecting the content. It covers the
hypothesis in which a User acquires the content and
afterwards gives it to a friend and at the same time
gives him also part of its own acquired rights.
The following sections will provide more detail
about these scenarios, and explain how the
OpenSDRM platform can handle them while, at the
same time protects IPR. Another important and
relevant aspect relates to the fact that the content and
the licenses are protected (Serrão, Neves, Trezentos,
2003) (Serrão, Neves, Kudumakis, Barker, Balestri,
2003).
3.1 Normal content acquisition
Acquiring content secure by the OpenSDRM is a
straightforward process already explained in other
publications (Serrão, Neves, Trezentos, 2003)
(Siegert, Serrão, 2003), however the process can be
described in the steps presented bellow:
Figure 1: Normal Scenario
The user (Ua) selects music to download on the
COS; COS validates Ua on the AUS; Ua negotiates
with the COS the appropriate content license
conditions for the music; COS requests to the LIS to
produce a license with the appropriate conditions
negotiated for the content and for the Ua; COS
signals the MDS to prepare the content to be sent to
the Ua; COS processes with the PGW the payment
for the Ua; Ua downloads the content; When Ua
tries to play the music, the player verifies that the
music is protected and contacts the LIS to download
the license for it; Ua downloads the license; The
player renders the music according to the license;
The license is stored securely on the player.
The user (Ua) is then able to listen to the music
according to the conditions established on the
license it has acquired on the COS. Currently the
license supports two types of expiration: play count
and time limit.
3.2 Passing content to a friend
Whenever the content is on the Ua side, it is
protected through strong encryption. Therefore, even
if the user gives the music to other users, they won’t
be able to listen to it. OpenSDRM focus is not on the
prevention of file sharing, but rather in preventing
that this share is completely uncontrolled.
Figure 2: Give content scenario
OpenSDRM supports the possibility that a user
can give content to its friends to normal means –
therefore enabling the super distribution model. The
files can even be shared through popular P2P
systems. The bottom question in this case is the fact
that the receiving user (Ub) cannot access to the
ICETE 2004 - WIRELESS COMMUNICATION SYSTEMS AND NETWORKS
376
music without the appropriate license. Therefore, Ub
needs to obtain a license from LIS in order to listen
to the content. The process can be depicted in the
following: Ua gives music to Ub; Ub gets the
content and tries to open it using the player; The
player detects that the Ub doesnt have the
appropriate license to listen to the content; The user
(Ub) contacts the COS and searches for the specific
music track; COS validates Ub on the AUS; Ub
negotiates with the COS the appropriate content
license conditions for the music; COS requests to the
LIS to produce a license with the appropriate
conditions negotiated for the content and for the Ub;
Ub downloads the license; The player renders the
music according to the license; The license is stored
securely on the player.
This is a typical case of super distribution,
controlled by DRM. However, in some situations, it
is not very practical. If we consider that Ub, would
just like to listen to the music one or two times
immediately, he would first have to acquire a
specific license for that purpose, which may take
some more time, and money. A variance from the
solution presented in this section is presented next.
This is the case in which Ua transfers not only
content but also some of its own rights to Ub.
3.3 Passing content and rights to a
friend
In fact, a more attractive scenario involves not only
the transfer of content, but also the transfer of usage
rights. This is the case, for instance, in which a User
wants to give its content to a friend and at the same
time, pass its own rights (or part of them) as well.
Figure 3: Give content and rights scenario
The user usage rights are expressed in ODRL
format, using some relevant fields, such as
‘keyvalue’, ‘uid’, ‘count’ and ‘individual. These
fields are use in the license to personalize it to a
specific content and user. Considering this license,
the owner might be willing to give part of its rights
(the ability to listen to the music ten times) to a
friend.
This procedure can be described in the following
steps: Ua gives content to Ub; Ua also wishes to
transfer some of its own rights to Ub; Ua signals LIS
that he is going to transfer rights to Ub; LIS asks to
Ua what rights does he wish to transfer; LIS updates
Ua license; LIS produces Ub license; Ub plays the
content in the player; Ub downloads license from
LIS; Player renders content.
4 CONCLUSIONS
One of the business models that have been under
consideration for many years (super distribution)
involves the insertion of DRM functionalities into
the P2P mechanisms, enabling consumers to
continue to share freely content files through file
sharing networks but only in a way that ensures that
the usage occurs on terms established by the rights
owner. However, due to the lack of the protection
functionality required to support such models don’t
have much success. The majority of DRM systems
can be distinguished by two essential features: (a)
the ability to deliver content usage rules
independently of the content; (b) the persistency on
content protection when acquired by a user granting
the access and use according to the permissions
granted to that user. In this way, content downloaded
for use on a particular device cannot be transferred
to a second device unless the permission obtained by
the user for that content expressly permits such a
transfer.
OpenSDRM is according to these, implementing
a set of security functionalities that enables a P2P
network to support the most three common content
distribution business models: a) Subscription model
and Pay-per-view; b) Aggregator model and c) the
Reseller model.
Although content has its own security when
transferred from device terminals OpenSDRM
implements also a licence management process,
centralized on clearinghouses that enables and
ensures compatibility when a user need more rights
than the ones transferred. This service would
provide publishers with information about player
devices and also support to alternative business
models such as pay-per-view or subscription based
pricing models based on secure licenses issued.
Players with Internet connectivity could also support
DIGITAL MUSIC ELECTRONIC COMMERCE – Addressing the super distribution model
377
online security verification and downloadable
security updates.
In conclusion, some of the OpenSDRM
functionalities that contribute to the success of super
distribution can be resumed in the following:
It is easy to use and convenient in the sense
consumers can share (redistribute) his content;
Provides enough value to convince a
significant number of users to choose it over free
exchanges because a network of clearinghouses
providing higher quality content and more efficient
distribution can negotiates personalized licenses;
Can give to the user a new consumer
experience contributing in this way to the
enhancement of its acceptance by encouraging users
to exchange content;
Can contribute to the acceptance of a new
standard;
It is secure and flexible enough for both
traders and consumers;
• Enables portability and offline distribution.
REFERENCES
King J., Kudumakis P., 2001, MPEG-4 IPMP
Extensions, 8th ACM Conference on Computer
and Communications Security (CCS-8),
Philadelphia, Pennsylvania, USA
Lacy J., Rump N., Kudumakis P., 1998, MPEG-4
Intellectual Property Management & Protection
(IPMP) - Overview & Applications Document,
ISO/IEC JTC1/SC29/WG11/N2614
Serrão C., Neves D., Trezentos P., 2003, Open
Source Security Analysis: Evaluating security of
Open Source Vs Closed Source Operating
Systems, ICEIS 2003, Angers, France
Serrão C., Neves D., Kudumakis P., Barker T.,
Balestri M., 2003, Open Sdrm – An Open And
Secure Digital Rights Management Solution,
IADIS, Lisboa
Siegert G., Serrão C., 2003, An Open-Source
Approach to Content Protection and Digital
Rights Management in Media Distribution
Systems, ICT Conference 2003, Copenhagen
IEC/ITA, 2000, Open Platform Initiative for
Multimedia Access (OPIMA) -
http://www.telecomitalialab.com/opima
Bormans J., Hill K., 2002, MPEG-21 Overview v.4,
ISO/IEC JTC1/SC29/WG11/N4801
Serrão C., Neves D., Barker T., Balestri M.,
Kudumakis P., 2003, Open Sdrm – An Open And
Secure Digital Rights Management Solution,
IADIS 2003, Lisboa,
http://zeus.iscte.pt/~cjcs/artigos_apresenta/74.pdf
Kudumakis P., 2003, MOSES: MPEG OPEN
SECURITY FOR EMBEDDED SYSTEMS,
http://www.crl.co.uk/projects/moses/Public/docs/
Panos%20Kudumakis%20FullPaper%20for%20
WIAMIS2003.pdf
EC, 2002, Digital Rights: Background, Systems,
Assessment, Commission Staff Working Draft,
Commision of the European Communities
ISO 2002, International Organisation For
Standardisation Organisation Internationale De
Normalisation Iso/Iec Jtc1/Sc29/Wg11 Coding
Of Moving Pictures And Audio , ISO/IEC
JTC1/SC29/WG11/N5231, Shanghai,
http://www.chiariglione.org/mpeg/standards/mpe
g-21/mpeg-21.htm
Bill R., 2003, Integrating DRM with Peer-to-Peer
Networks - Enabling the Future of Online
Content Business Models,
http://www.giantstepsmts.com/P2PDRMwhitepa
per.pdf
ICETE 2004 - WIRELESS COMMUNICATION SYSTEMS AND NETWORKS
378