Copyright Protection Allowing for Fair Use Team 9 David Dobbs William Greenwell Jennifer Kahng Virginia Volk

Fair Use Music Distributor BuyerFriend World

The Copyright Act and Fair Use "the factors to be considered [in determining fair use] shall include - 1. The purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes; 2. The nature of the copyrighted work; 3. The amount and substantiality of the portion used in relation to the copyrighted work as a whole; and 4. The effect of the use upon the potential market for or value of the copyrighted work."

Court Precedents Currently there are no court cases dealing specifically with the issue of fair use and the distribution of digital music on the Internet. 1. Universal City Studios vs. Sony – Found that home recording of TV is legal because it can be done for noncommercial, private fair use. 2. Playboy vs. web publishers – Scanning and posting copyrighted images on the Internet is illegal because an individual has no right to "become an alternate publisher of the material.” (Samuelson 11)

Current Software SDMI Music Distributors can limit the number of copies of the music that can be made or even prohibit copying. Liquid Audio Liquid Passports allow users to play music on multiple machines but are not designed to let the user pass the music to another person.

Design Goals Allow second-hand distribution by original buyer only. Preclude distribution by clients other than the original buyer. Allow revocation of distribution by specific clients. Reduce load on MDC’s server Preclude access to the content outside of the music distribution protocol.

Buying Music File Sent to Customer Encrypt (using Session Key) Hash Sign (using MDC’s Private Key) Buyer’s Private Key Encrypt (using Buyer’s Public Key) Encrypt (using Player’s Secret Key) Session Key

Giving Music to a Friend Buyer’s client checks to ensure music is valid & can be shared. Buyer’s client looks up recipient’s public key. Recipient looks up sender’s public key. Server ensures recipient’s public key is valid and returns that key to the client. Client encrypts file to recipient’s public key and buyer’s private key, and sends file to recipient. Server ensures that key is valid and returns that to recipient. Recipient client verifies signature and allows playback of the file.

Trusted Playback: The Secret Trusted playback can be achieved if a shared secret exists, known only to the producer and the player. Authentication: The producer can ask the player to perform some transformation on a random value that can only be done with the key. Uniqueness: If you need the secret to play content, no other player will be able to play back content.

Any Questions?

First Security Check: Sender’s Client Hash Sign (using MDC’s Private Key) Buyer’s Private Key Step 1: Verify Signature on header. Step 2: Verify hash of music. Step 3: Hash sender’s public key. If the hash value doesn’t match, then the client will terminate the process.

Second Security Check: Key Lookup If a request is made for a non-existent public key, the server will not return a value, and the client will terminate the sending or receiving procedure. If a key pair is found to be compromised, it can be revoked. During this step, the server will return no value, and the client will terminate the procedure.

Re-Encryption Sender’s client decrypts the session key, and then re- encrypts it to use the receiver’s public key. Entire file is then encrypted using the sender’s private key. Encrypt (using Sender’s Public Key) Encrypt (using Player’s Secret Key) Session Key Encrypt (using Receiver’s Public Key) Encrypt (using Player’s Secret Key) Session Key Old Session Key New Session Key

Third Security Check: Receiver’s Client Authentication of Sender by key lookup Decryption: if the encrypted file received doesn’t decrypt using the receiver’s private key, attempt to play fails. Verify signature Verify hash of music Hash Sign (using MDC’s Private Key) Buyer’s Private Key