Pre-Grant Publication Number: 20070136608
Filing Date: December 06, 2020
Inventors: Darko Kirovski, Kamal Jain
Assignee(s): Microsoft Corporation
Current U.S. Classification: 713, 713/193000

The present application claims priority to U.S. Provisional Patent Application, Attorney Docket No. MS1-2838USP1 to Kirovski et al., entitled, “Distributed Off-line Economies for Digital Media,” filed Dec. 5, 2005.


The proliferation of multi-functional portable devices has impacted the way digital media is marketed and played. The impact has been so great that lawmakers have begun to question traditional copyright laws, meant for an earlier age when content to be protected was bound to material artifacts and not instantly reproducible-and distributable-as pure digital information. Considering the size of the music market alone, estimated at around $12 billion in the U.S., there have been surprisingly few solutions that uniquely address the distribution economics of digital media.

As shown in FIG. 1, most, if not all, economic ecosystems for digital media are based upon on-line systems 100 that market, recommend, sell, and store each media clip into a user's personal computer or portable media player, via the Internet 102. A popular example of such a system is APPLE'S combination of an online store 104, ITUNES, with a media player device, the IPOD 106 (Apple Computer, Inc., Cupertino, Calif.). Typically, a digital rights management (DRM) system is used to protect the rights of the media content's copyright holder 108 by encrypting the media with a secret key 110 securely stored into the media player. Such systems 100 suffer from the exposure of the secret key 110. Once revealed, the key 110 can be used to arbitrarily edit the DRM information. In addition, the “analog hole” problem has plagued DRM systems. Once decrypted (into human-intelligible form) and played, the media content can be captured in its “plaintext” (non-encrypted) format, re-recorded, and distributed at will, thereby losing its previous protection.

These two problems, compromise of the secret key 110/DRM information, and re-capture of the raw analog version of the content as re-distributable media, have driven copyright holders 108 to seek their revenue on-line-primarily via client-server architectures, where the majority of the marketing, storage, and processing burden is imposed upon the servers while limiting customers to purchasing clips only when they are connected to the Internet 102.

As shown in FIG. 2, the on-line economic platform just described does not address the widespread phenomenon of file sharing 200, in which a dubious file sharing service 202 hosting convenient search mechanisms and enormous media availability does not support the possibility of selling/purchasing content for the benefit of the copyright holder 108. In most file-sharing platforms 200, content distribution is economically isolated from copyright holders 108.


Systems and methods are described for an off-line economy for digital media. In one implementation, exemplary media devices of buyer and seller participate in the off-line economy by performing secure off-line transfers of digital media content between themselves. The media devices store proof of the off-line sales transactions, so that a percentage of the sale price can be applied to a copyright owner and a percentage of the sale price can be applied to the seller as an incentive. Even resale of pirated media content benefits the copyright holder. The off-line economy opens an effective and inexpensive distribution channel for copyright holders and allows buyers to obtain media content anywhere, at any time, from any participant in the off-line economy without connecting to the Internet. The off-line economy allows copyright holders and media sellers to optimize pricing by market probing.

This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.


FIG. 1 is a diagram of a conventional schema for downloading media content on-line.

FIG. 2 is a diagram of a conventional on-line multimedia file-sharing system.

FIG. 3 is a diagram of exemplary off-line media distribution transactions.

FIG. 4 is a diagram of an exemplary off-line media distribution scenario.

FIG. 5 is a diagram of exemplary media playing devices that each include an exemplary off-line media distribution engine.

FIG. 6 is a block diagram of the exemplary off-line media distribution engine.

FIG. 7 is a flow diagram of an exemplary cryptographic protocol for the exemplary off-line economy.

FIG. 8 is a flow diagram of an exemplary method of marketing off-line bandwidth for uploading purchased media content.

FIG. 9 is a diagram of a revenue data diffusion pattern for illustrating exemplary market probing pricing.

FIG. 10 is a flow diagram of an exemplary method of distributing media content via off-line transactions.



As shown in FIG. 3, this disclosure describes an off-line economic platform 300 driven by free trade that enables off-line marketing and off-line distribution of media content. In the off-line economic platform 300, owners of media content, that is, users or customers “on the street,” can resell their purchased-or even pirated-media content, such as a song clip, to others such that revenues are controlled by the copyright holder 108, i.e., a designated amount of the revenue 302 is automatically applied to the copyright holder 108, e.g., through a service provider 304. Another designated part of the revenue 306 is retained by the off-line seller, as an incentive for participating in the distributed off-line economy 300.

The term “off-line” is used herein to mean that the “transfer-of-goods” part of each transaction occurs between seller and buyer in a peer-to-peer manner, that does not require connection to the Internet 102 or other communication link to the world outside the seller and buyer. Although the Internet 102 can be used as the communication channel for transferring goods between such a seller and a buyer, it is not required. Thus, “off-line” means that, as to the transfer of goods (in this case digital media content), no communication link(s) besides that between seller and buyer are required. Thus, an MP3 player that can upload media content to another MP3 player via a Bluetooth connection can participate in the off-line digital economy 300. In one implementation, the transaction between an off-line seller and buyer is sent to a service provider 304 at some later time. The service provider 304 then acts as a clearinghouse for the monetary accounts of seller, buyer, and copyright holder 108, and credits or debits each account accordingly. Other implementations may use e-cash-electronic currency-thus keeping more aspects of the transaction off-line, and rendering to the service provider 304 a modified role.

Technologically, devices that play media and communicate with each other can be readily created, for example, by adding Bluetooth capability to an IPOD. To create a device that can securely participate in the off-line economy 300, however, an exemplary off-line media distribution engine 308 can be used in each device. The off-line media distribution engine 308 meets several challenges with regard to implementing an off-line economy 300 for digital media. First, the off-line media distribution engine 308 enforces transaction integrity via a cryptographic protocol. Second, implementations of the off-line media distribution engine 308 are built to reflect the fact that user incentives drive the off-line economy 300.

The distributed off-line economy 300 itself includes different economic strategies and trade-offs that can benefit both copyright holders 108 and consumers. Compared to existing on-line digital media stores 104, the exemplary off-line economic platform 300 establishes an important balance: copyright holders 108 can recruit a powerful marketing and sales force with marginal investment and via various types of incentives; users are offered the ability to sell to make a profit or purchase content they like anywhere, anytime, and to/from anyone. In other words, instead of having to connect to a single central source and perform various formalisms to buy a media clip—process that almost begs for competition from black market and gray market entrepreneurs—the exemplary off-line economy 300 described herein grants an incentive (e.g., money) to anyone and everyone who wants to distribute media content, perhaps especially those who would have distributed the content illegally anyway. By drawing even pirates into the market, the off-line economic model 300 presented herein redirects even unauthorized distribution of media content to profitable revenue for the copyright holder 108. That is, a media pirate is likely to participate legally in the exemplary off-line economy 300 rather than illegally outside the off-line economy 300, if the pirate can make approximately the same amount of money either way.

FIG. 4 shows an exemplary off-line distribution scenario 400 in which a user 402 obtains or creates a pirated song clip, and resells the song clip within the exemplary off-line economy 300. The first resale initiates further resale transactions. In this case, the song clip is a popular and catchy song clip, and each person who buys the song clip eventually resells the clip to two other people. By the time twenty-five buy/resale cycles have occurred, there have been over 33.5 million (225) off-line buyers, resulting in corresponding revenues (33.5 million times the copyright holder's percentage of each sale) for the copyright holder 108.

FIG. 5 shows that many kinds of devices can participate in the exemplary off-line economy 300. For example, a media playing device, such as an MP3 player or an IPOD 106, can include an off-line media distribution engine 308 to securely participate in the off-line economy 300. Likewise, a personal computer 502 and a cell phone 504 can also include respective off-line media distribution engines (308′, 308″) to participate in the off-line economy 300. The buying and selling of digital media content is just one implementation of the off-line economy 300. With respective technology, other goods could be transacted via the off-line economy 300, such as analog media content or even non-media goods. However, the distributed off-line economy 300 is described below in terms of systems for distributing digital media content, such as digital recordings-of music, video, movies, etc.

Exemplary Off-line Economy For Digital Media

The exemplary distributed off-line economy 300 for digital media offers many advantages over conventional marketing schemata for digital media content. For example: off-line sales—an owner of a copy of a particular digital content, which may even be obtained illegally, can sell the content to a third party without the immediate assistance of the copyright holder. immediate purchase—pending a successful data transfer, the buyer can start playing the content immediately. incentive-based sales—proceeds from the transaction are partitioned, for example, into two parts: one part can be assigned to the copyright holder 108 and another part can be credited to the participating sales-force; the incentives are credited towards the parties, e.g., once either seller's or buyer's device later establishes a connection to the service provider 304.

One aim of the off-line economic platform 300 is to enable selling digital content by anyone, anywhere, at anytime—posing almost no restrictions to the network and business models that can be established within the platform. For example, client-server, peer-to-peer, or multi-hop wireless network topologies can all be used in the exemplary off-line economy 300.

One of the first incentive-based digital media economies was brought about by WEEDSHARE technology (Shared Media Licensing, Inc., Seattle, Wash.). In the WEED system, when a user purchases a media file, the transaction proceeds are shared, with the artist or copyright holder 108 receiving 50% of the price, Shared Media Licensing, Inc., receiving 15% for service and software maintenance costs, and the last three sellers in the chain of transactions receiving 20%, 10%, and 5%, respectively, of the sale price. All sales are executed on-line and all participants are interconnected to the WEEDSHARE servers during transactions.

Other types of incentive-based systems have been proposed for peer-to-peer systems with an emphasis on the free-rider problem, i.e., the existence of users that participate in sharing files only as consumers, not contributors, thereby increasing contributors' costs. Golle et al. proposed a system where users pay for downloads and get paid for uploads using a quantized micro-payment system or by distributing “points”-incentives to share files (P. Golle, K. Leyton-Brown, I. Mironov, and M. Lillibridge, “Incentives for sharing in peer-to-peer networks,” ACM Electronic Commerce, pp. 75-87, 2001.) With both types of rewards, their incentive-based systems focus on file-sharing without addressing copyright holders' benefits. Another class of problems associated with solutions to thwart free-riders is whitewashing, i.e., non-contributing users creating new accounts under different pseudonyms to avoid penalties associated with free-riders.

Nearly all incentive-based peer-to-peer mechanisms are focused on limiting free-riders, who themselves are usually a consequence of the availability of free content on peer-to-peer systems. Free content has recently been greatly reduced in file-sharing systems due to legal action from copyright holders.

The exemplary off-line economy 300 aims at a different part of the content distribution spectrum where copyright holders 108 are not isolated economically from the distribution channels. The exemplary off-line economy 300 can sway users from peer-to-peer distribution that is divorced from the copyright holder 108 into another model using the convenience of immediate off-line transactions, which directly benefits both copyright holders 108 with improved inexpensive marketing and customers with media availability and economic participation in the distribution chain.

Since copyright holders 108 have the incentive to resell their content, they may engage in countless marketing strategies. The exemplary off-line economic platform 300 can support both push and pull marketing. Conventional approaches to push marketing are local and global broadcasts and multicasts, while conventional approaches to pull marketing are, for example, data searches in a network of storage systems.

In the exemplary off-line economy 300 for digital content, although the monetary transactions typically involve three parties or more, the act of selling and buying digital content is peer-to-peer. The exemplary off-line media distribution engine 308 enables the act of selling/buying digital media to be performed off-line with preservation of transaction integrity. While using a peer-to-peer transfer of goods, the exemplary off-line economy 300 can be implemented within many different types of conventional sales models, besides money or coupon payment for the media content. The off-line media distribution engine 308 can be used in the context of coupon redemption, gift certificate schemata, rewards programs, multi-tier sales schemata, script sales, bartering systems, loan paybacks, cross-licensing of media content and/or use, sales promotions, loss-leaders, charitable fundraising, etc. The off-line economic platform 300 can also enable sophisticated forms of trade such as market-basket, subscriptions, auctions, trade-for-fee, and multi-party or multi-item discounts. The off-line economic platform 300 and the associated off-line media distribution engine 308 are not tied to any particular transaction model, but can be used in the context of many transactions or activities in which there is a transfer of goods, the goods in this case being media content. Finally, in one implementation, the act of committing a transaction can be based on a client-server architecture.

In one implementation, the proceeds of each trade are updated upon connecting the seller's or the buyer's portable media player to a global network such as the Internet 102 or a wireless access point. An efficient cryptographic protocol enforces integrity of payments even in the event of lack of trusted (tamper-proof) hardware.

Media player devices can be tampered with, i.e., it is safest to assume that all DRM secrets can be revealed and altered. As a consequence, media player devices will be able to share unprotected files with other media player devices outside of the exemplary off-line economic platform 300, in the same manner that existing conventional media playing devices can be commandeered and exploited. In the exemplary off-line economy 300, even with devices and/or DRM “broken,” sellers, copyright holders 108, and buyers should not be able to claim benefits from transactions that did not occur and should not be able to alter the details of an actual transaction. Hence, in one implementation, the off-line economic platform 300 only needs to deploy “best-effort” anti-piracy mechanisms such as existing DRM technologies and tamper-resistant hardware, while relying on incentives for sellers to build the economy.

Stated a different way, if incentives are not significant, users are likely to participate in file sharing without the control of copyright holders 108. But for sufficient incentives, users are likely to drive sales for their own and the copyright holders' 108 economic benefit. To implement this off-line economy 300 based on incentives and the aforementioned tradeoffs, the off-line media distribution engine 308 introduced above, with its cryptographic protocol that enables off-line transactions, will now be described.

Exemplary Engine

FIG. 6 shows the exemplary off-line media distribution engine 308 of FIGS. 3-5 in greater detail. The off-line media distribution engine 308 typically resides in a media-playing device, such as those shown in FIG. 5. The illustrated configuration of the exemplary off-line media distribution engine 308 is meant to provide only one example arrangement for the sake of description and overview. Many other arrangements of the illustrated components, or similar components, are possible within the scope of the subject matter. Such an exemplary off-line media distribution engine 308 can be executed in software, hardware, or combinations of hardware, software, firmware, etc.

In one implementation, the off-line media distribution engine 308 has a (peer-to-peer) communication engine 602 and a transaction engine 604. The communication engine 602 establishes off-line communication with a potential buyer or seller of digital media content. The transaction engine 604 performs the various stages of a media sale in a secure manner, within the context of the off-line economy 300. The off-line media distribution engine 308 may also include components such as marketing tools 606, a sales presentation manager 608, a service provider interface 610, a media transfer engine 612, a content assurance engine 614, transaction history storage 616, and a reputation engine 618. These will be discussed in greater detail, further below.

The communication engine 602 may further include a protocol stack 620, such as a Bluetooth stack; an authenticator 622, a data encrypter 624, and a data compressor 626. The authenticator 622 may further include a certificate manager 628, a session manager 630, a key manager 632, and an account verifier 634.

The transaction engine 604 may further include price and license negotiators (636 and 638), a purchase manager 640, a receipt manager 642, and an acknowledgement manager 644. The purchase manager 640 may further include a transaction requester 646 and a purchase “button” interface 648 to receive actuation signals from a physical purchase switch. The receipt manager 642 may further include a receipt sender 650 (used by the seller) and a receipt verifier 652 (used by the buyer). The acknowledgement manager 644 may further include an acknowledgement sender 654 (used by the buyer) and an acknowledgement receiver 656 (used by the seller).

As shown in FIG. 7, the exemplary off-line media distribution engine 308 shown in FIG. 6 implements a cryptographic protocol that enables an off-line transaction of digital content between two connected devices isolated from a global network such as the Internet 102. Four entities typically exist in an atomic off-line transaction: seller s, buyer b, service provider p, and trusted authority t. The service provider is contracted by copyright holders 108 to market and/or organize the sales of their digital content. The service provider p is responsible for realizing the payments in the off-line economy 300 and distributing incentives, e.g., via credit cards, accounts, or other forms of banking. Much like traditional e-commerce transactions, the trusted authority t issues a public-private key-pair to each entity including certificates that authenticate the distributed public keys. This information is used so that users can authenticate each other and prove identities when buying clips or redeeming credits for transactions made.

In one implementation, the off-line media distribution engine 308 uses RSA as a public-key cryptosystem, by following the IEEE 1363-2000 standard IFSP- and IFVP-RSA version 2. For a given participating entity x, its public-key & private-key pair can be denoted as {px, rx} respectively. In order to vouch for the authenticity of the public key, the certificate manager 628 of each entity (except the trusted authority t) possesses a certificate cx={px, sx}, which contains the signature SxX=SPrt(px) where function SPa(b) denotes RSA's signing primitive of message b using private key a. Certificates are verified by proving px=VPpt(sx), where function VPa(b) denotes RSA's verification primitive of signature b using the public key a. Just as in modem certificate verification protocols, the public key p, can be assumed known to all devices. Finally, the certificate manager 628 of each device contains a certificate of the service provider, cp={pp, sp=SPrt(pp)}, upon enrolling in an off-line market service.

Characteristics of Exemplary Off-line Transactions

Each individual “atomic” transaction fulfills several objectives to overcome corresponding threat models. A basic premise is that either the buyer's or the seller's device is likely to be eventually connected to a global network, such as the Internet 102, at some time following an off-line transaction. This is one way that transactions are eventually committed with the service provider 304 so that the buyer is billed the price of the media content and the seller is credited with the corresponding incentive (e.g., a percentage of the sales price). In one implementation, to commit a transaction, it is sufficient that only one of the participants connects with the service provider 304.

In such an off-line economic platform 300, a main objective is to prevent manipulations that may benefit either of the entities in an unfair manner. This objective is now presented as a list of system characteristics for one implementation of the off-line media distribution engine 308: Non-repudiation of executed transactions: a buyer should not be able to repudiate a transaction after which the buyer downloaded the digital content from the seller. Mutual initiation: a seller should not be able to create an arbitrary transaction with a certain buyer unless the seller gains total unauthorized control over the buyer's media device either physically or via a software virus. In one implementation, the latter case can be prevented by demanding physical action to initiate a transaction, such as a “purchase” physical button that enables data transmission only when the button is actuated. Limited damage in case of device loss: a lost media playing device (e.g., 106) should enable the party who finds it to realize only limited financial gain y, defined by the user. Amount r equals the limit of purchasing power that a device may have between two synchronization events with the service provider. Device revocation: when an adversary misappropriates a media playing device, the adversary can “break” its tamper-resistance, and edit the protection limit r continuously to take advantage of transactions that will be identified as fraudulent by the service provider 304 too late to be stopped. Then, after the adversary obtains digital content from the seller off-line, the seller later discovers that the transaction was fraudulent when the seller connects to the service provider 304. Such buyers are sometimes defined as “ghosts.” To prevent this exploitation by ghosts, lost or misused devices can be identified, catalogued, and the resulting list can be distributed to all devices upon connection with service providers 304. Thus, an updated seller device should be able to verify the financial validity of the buyer before realizing a transaction (and vice versa). Transaction integrity: both buyers and sellers should not be able to alter any of the information generated about committed transactions. Robustness to communication failure: upon communication failure, a buyer or seller should not be able to enjoy the benefits of the transaction, without all details of the transaction being reflected. For example, a buyer could pay for a media clip and lose the communication connection during download. When connecting with the service provider 304, the buyer should be able to present a transaction receipt and resume the download. Media piracy prevention via traditional methods: the off-line media distribution engine 308 should be able to protect copyright holders 108 from piracy via traditional DRM methods such as symmetric encryption and licenses. This vulnerability is seldom absent as encryption keys can be reverse engineered from players and decrypted content can be captured either digitally or using an analog recorder. Penalizing clients who do not commit transactions: certain sellers may refuse to receive their sales credits in order to benefit their “buyers” with free content. That is, a user may decide to never connect the media device online to the service provider 304, or may “break” the media device and remove its history of non-committed transactions. In both cases, the user may be penalized by not being able to participate in the distributed off-line economy 300 and by having to invest time, effort, and funds into “breaking” the tamper-resistant media device. These additional direct and indirect costs incurred by the adversary are meant to offset the likelihood for content piracy that might be present because of a convenient wireless transfer between sharing devices. Transferring sale proceeds to the lawful copyright holder 108: the off-line media distribution engine 308 should prevent an adversary from altering the DRM information of an existing digital content copyrighted by holder h1 to point to holder h2 (≠h1), and thereby sell the content for the benefit of h2. The engine 308 should be able to either prevent or detect such activity, and to provide proof of misbehavior in the off-line economic system.

The list of system characteristics somewhat resembles off-line usage of credit cards, with sellers being able to verify the defunct credit cards of cancelled members upon connecting with the issuing bank. One convenience of the off-line media distribution engine 308 is that it implements a credit card-like payment system that supports an incentive-based economy, which in turn benefits all parties involved in the distribution of digital content.

In one implementation, the off-line media distribution engine 308 satisfies the above list of system characteristics. That is, the buyer and seller authenticate each other, the buyer sends a signed incentive to buy, the seller sends a receipt, and only after acknowledgement by the buyer that the buyer received the receipt, the atomic transaction—transfer of the media goods from seller to buyer—is executed.

Initially, the authenticators 622 contained in the seller's and the buyer's devices authenticate each other. This is a task already provided for in many conventional cryptographic protocols such as SSL3.0 and TLS1.0. For example, if the TLS version 1.0 Handshake Protocol is used, the off-line media distribution engines 308 on each side of an off-line transaction perform several tasks: The respective certificate managers 628 exchange certificates, cb and cs; then, each certificate manager 628 verifies the other side's certificate by proving that ps=VPpt(ss) and pb=VPpt(sb) The respective key managers 632 exchange information to compute, for example, a 48-byte master-secret used to create session keys. The two engines 308 agree that their respective encrypters 624 and data compressors 626 are compatible during the private communication that is to ensue. The respective session managers 630 establish a session identifier as well as a flag specifying whether the session is resumable if interrupted.

In order to implement the device revocation capability, as described above, the seller's account verifier 634 checks whether the buyer has a valid account with the service provider 304. For this reason, in one implementation, service providers 304 synchronize connected media player devices with a latest list of “invalid” devices (i.e., via their public keys). In one implementation, in order to prevent the list from growing excessively long, each account has an expiration date specified in the account's certificate. Devices with expired accounts cannot purchase content. Thus, if buyer's account is expired or is on the list of revoked playing devices, the transaction is aborted by the account verifier 634. Otherwise, the off-line media distribution engine 308 proceeds with the buyer's commitment.

Because some malicious sellers may alter DRM information to redirect the benefit of transactions to a fabricated copyright holder 108, certain sellers may also be revoked by the account verifier 634. In this case, the buyer's account verifier 634 checks the seller against the seller's account expiration date or against a database of revoked seller accounts.

A content assurance engine 614 in the off-line media distribution engine 308 aims to make sure that the buyer receives the content that has been marketed by the seller. Note that the seller may forward a version of the content that is of inferior quality as a marketing ploy to the potential buyer. Thus, when committing to a purchase, the buyer wants an assurance that the clip of interest, a, has a particular identity and quality. The content assurance engine 614 can take many forms. Below are two examples.

A first implementation of the content assurance engine 614 is designed for the common scenario in which the buyer likes the media clip (e.g., by hearing or seeing it), but does not know the author (artist) or the title of the clip. In this scenario, the seller provides to the buyer the clip's cut-out (i.e., preview, header, promo, advertisement, etc.), ac, which has been approved by the copyright holder 108 as an advertisement. In addition, the copyright holder 108 can provide purchasing data, such as that in Equation (1):
m′1={ID(a), s′1=SPrp(H(ac, ID(a)))},  (1)
where ID(a) returns the distinct identifier and descriptor of media clip a. This descriptor may include the clip's coding quality, version, copyright holder 108, license agreement, and price. Function H(a) may return a cryptographic hash (e.g., SHA-256) of the clip a. By allowing the buyer to listen to or see ac, by computing H(ac, ID(a)), and by verifying against s′1 using the service provider's public key pp, this version of the content assurance engine 614 assures that the buyer will ultimately receive the clip a that the service provider 304 associated with the preview advertisement ac.

Perhaps even more importantly, various marketing tools 606 can help the seller keep a competitive advantage on the market, for example, by not revealing the author and title of the advertised clip to a prospective buyer. This may increase the likelihood of the buyer buying the clip a on the basis of how it sounds or looks, regardless of its title and author. Implementations of the off-line media distribution engine 308 can enable this feature, in order to discourage a potential buyer from gaining the media clip's metadata—e.g., title and artist—in order to buy the clip elsewhere, that is, to prevent an occurrence of “discover only, buy elsewhere” (DOBE). To activate this feature, a seller who owns clip a can request the service provider 304 to provide a second kind of advertisement and purchasing data: {circumflex over (m)}′1={I{circumflex over (D)}(a), s′1=SPrp(H(ac, I{circumflex over (D)}(a)))}, where I{circumflex over (D)}(a) does not contain identifying information for clip a. The advertisement purchasing data {circumflex over (m)}′1 can also be provided to a buyer by a seller as part of the sale. Another marketing tool 606 is the ability to attach a price to the advertisement m,, which a buyer (i.e., a potential future reseller) must pay to obtain. Finally, after purchasing the clip, the buyer obtains the full ID(a), with identifying information of the media clip a.

A second implementation of the content assurance engine 614 is designed for the common scenario in which the buyer knows the artist (author) and/or title, and buys the media clip “sight unseen,” without preview. In this scenario the seller sends to the buyer fully informative purchasing data, as in Equation (2):
m″1={ID(a), s″1=SPrp(H(ID(a)))}.  (2)
Given the purchasing data of Equation (2), the buyer's content assurance engine 614 can verify that the seller is offering the desired clip, sometimes even without media preview.
Exemplary Off-line Transaction

The transaction engine 604 is truly flexible in keeping with the many possible marketing venues of an off-line economy 300 in which the off-line media distribution engine 308 may securely perform off-lines transactions. Thus, the price negotiator 636 and the license negotiator 638 allow the final price tag of a media clip to be adapted, dickered, negotiated, subjected to auction, etc. In sophisticated implementations of the off-line media distribution engine 308, the license negotiator 638 may arrive at a licensing “deal” in which the seller sells rights to use or sell media content in a certain manner, e.g., in a limited capacity or a limited number of copies or for a limited time.

Since the transaction engine 604 allows for flexibility and the pricing and licensing may be negotiated between buyer and seller, copyright holders 108 should exercise care in setting up pricing rules for their media content. Buyers and sellers may very well seek alternative payment channels (e.g., cash, trade, barter). In one extreme example, a copyright holder 108 does not assign a minimum price to the media content a to be distributed. The copyright holder 108 merely. relies on incentives to the seller in the form of a percentage of revenue to motivate selling the content at as high a price as practical. In this example, the seller sells clip a at high price, but in under-the-table cash, thereby circumventing the off-line economy's incentive system. Then, the seller records a transaction price of $0 in the transaction history storage 616, to be reported to the service provider 304 as such. This allows the seller to retain the full realized revenue. In order to overcome this potential problem, the copyright holder 108 should use lower-bounded pricing minimums when setting up pricing/incentive rules.

In a typical transaction, when the buyer desires to purchase certain digital content, the purchase manager 640 has a transaction requester 646 that commits to the purchase by sending a signed intent of purchase (“purchase request”) to the seller. From a contracts perspective, e.g., Article 2 of the Uniform Commercial Code (UCC)—“Sales”—the signed purchase request can be considered an “offer” and the receipt to be received back from the seller can be considered an “acceptance.” Thus, in this sense, the transaction engines 604 of seller and buyer set up and execute legally binding contracts. However, very little of the fulfillment of the contracts is left up to the choices of the participants, the devices automatically execute the contracts, as they form.

The intent to purchase, m2, can be represented by m2={i, S2=SPrb(H(i))}, where i={m′1, ||m″1, b, s, Pc} and Pc contains purchase information such as date/time/location, license, and price. Participants who wish to protect their privacy can choose whether to record such data within the transaction receipt. Message PC can also include a request to buy an advertisement {circumflex over (m)}1 for clip a, as described above. Thus, the buyer sends m2 to the seller as a transaction request—an “offer” meeting all the criteria of a UCC Article 2 sales offer. The seller's purchase manager 640 can verify the buyer's purchase request using the buyer's public key pb. In order for both sellers and buyers to protect their privacy, their public keys pb and ps can be used as pointers to transaction participants in message i, instead of their buyer and seller identities.

In one implementation, in order to prevent a software attack on the buyer's device as described above (“Mutual Initiation” section) the purchase manager 640 may allow the buyer's purchase request (commitment) to be sent to the seller only upon a signal at the purchase “button” interface 648 indicating actuation of a hardware-assisted approval by the buyer, e.g., that a “purchase” button on the buyer's device has been pressed.

The seller's receipt manager 642 can generate a UCC Article 2 compliant “acceptance” for the buyer's “offer,” and allows the buyer to claim the purchase to the service provider 304 via an electronic receipt, m3, from the seller. The receipt sender 650 may construct the receipt as: m3={Pr, SPrs(H(j))}, where j={m2, Pr} and Pr contains receipt information required by the service provider 304. The buyer's receipt verifier 652 can verify the receipt using the seller's public key ps from the key manager 632. If the verification is successful, the buyer can claim clip a from the seller or if communication is unexpectedly terminated, the buyer can claim clip a from the service provider 304. If the latter event of broken communication occurs, the service provider 304 can credit the incentive to the seller's account based on the buyer's input, even without synchronization with seller's device.

In one implementation, upon receiving and verifying seller's receipt, the buyer's acknowledgement manager 644 sends an acknowledgement signal, m4, back to the seller. The acknowledgement sender 654 may build the acknowledgement message as m4=SPrb(m3). When the seller's acknowledgement receiver 656 verifies the received acknowledgement, the seller can then claim the incentive, independent of any communication between the buyer and the service provider 304.

Hence, the buyer can commit the transaction with the service provider 304 independent of the seller after receiving the seller's receipt, m3. On the other hand, for the seller to claim incentives independent of the buyer, the seller has to receive the buyer's acknowledgement, m4.

Upon receiving and verifying the acknowledgement, m4, the seller's media transfer engine 612 can start with an upload of the purchased media clip, via the communication engine 602. The media content to be transferred is encrypted with a session key derived by the key manager 632. The buyer can immediately start enjoying the purchased clip, even though there has been no communication with the service provider 304. If the transaction included the corresponding advertisement purchasing data {circumflex over (m)}′1, as described above (i.e., a clip preview), then the seller uploads this data as well.

The act of downloading the media clip in the off-line economy 300 is a matter of mutual agreement between the buyer and the seller. The downloading can be interrupted by lack of power, communication, or even intentionally at either one of the devices. Importantly, the overall transaction is not affected by an unsuccessful media content download, as both buyer and seller have their respective receipts, as retained in the transaction history storage 616, to claim the media content and the incentive independently of the other entity.

The off-line economy 300 may introduce certain nuanced fairness issues, to be described below. The performance of the media transfer engine 612 (i.e., the bandwidth usage for uploading the media content) can also be priced and guaranteed.

The seller is credited with incentives upon the following two events: The seller received a valid acknowledgment, m4, in which case the off-line media distribution engine 308 submits the following message, {m3, m4}, to the service provider 304. Upon successful verification of signatures in m3 and m4, the service provider 304 credits the seller with the incentive and forwards the remainder of the revenue to the copyright holder 108 associated with clip a. In an alternate case, the buyer never received the purchased digital content. When the buyer contacts the service provider 304 to download the media content from its server with a proof of purchase—the seller's receipt m3—the seller then is credited with his incentive. Both actions are executed pending a successful verification of signatures in the receipt, m3, by the authenticator 622.

Hence, communication failure can occur in the latter steps of the transaction and still the transaction can be committed, either by the buyer or the seller contacting the service provider 304. If communication failure or some other nonconforming occurrence happens in the earlier steps, i.e., before the seller's receipt is received by the buyer, then the transaction is voided.

Reputation Incentives

Interestingly, communication between the seller's and buyer's devices can be terminated for whatever reason after the seller's receipt is received but before the buyer's acknowledgement is sent. In such a case, reporting the transaction is up to the buyer. If the transaction is reported, the buyer obtains the purchased media content and the seller receives the incentive. If the buyer decides not to obtain the purchased media content, then the seller never receives the incentive, as the transaction is never fully committed by the buyer to the service provider 304. Later, the buyer could possibly obtain the same media content from some other source. Such a course of action may be perceived as unfair to the first seller. This problem was introduced above as the “discover only, buy elsewhere” (DOBE) scenario. The DOBE fairness issue can be addressed by the off-line media distribution engine 308 from two perspectives.

First, the scenario introduced above, of enabling a seller to advertise a clip without revealing identifying information about the clip, can prevent the DOBE scenario in which the buyer goes elsewhere to purchase the clip. Since the advertisement purchase data {circumflex over (m)}′1 can be priced, then in a free market the probability that a buyer will leave a transaction with information about the clip is likely to make the price tag on {circumflex over (m)}′1 higher. Hence, if a seller deems that a DOBE scenario is likely in the present environment, the seller can purchase a non-identifying preview, {circumflex over (m)}′1;, to add to the marketing tools 606 for the sales presentation manager 608 to use while marketing.

Even without using an advertisement purchase data message that does not identify the media clip, the seller can still take certain actions to prevent a DOBE scenario. A reputation engine 618 can report the receipt of m2 from the buyer to the service provider 304. As m2 contains ID(a), with a simple lookup into its transaction database, the service provider 304 can verify whether the buyer has bought the same clip elsewhere. Then, several actions are possible. The least costly is to affect the buyer's reputation. Just as in common trading markets such as EBAY, a buyer's or a seller's reputation is evaluated from a set of positive and negative transaction closures. This approach may have certain negative effects on the off-line economy 300. If users see their reputation as an important leverage, it is beneficial for sellers to use a push marketing model to push advertising to prospective buyers hoping that they will be the first seller to offer a clip that the buyer will eventually buy. As buyers can shop for only few clips at once, one way to prevent being flooded with advertising for the media clips, is to disable push marketing.

But since the benefits of push marketing are likely to be higher than the adverse effect of DOBE scenarios, in one implementation of the off-line economy 300, preventing DOBE is the responsibility of the seller, and buyers who commit DOBE—window shop with one seller but buy with another seller—are not penalized in the off-line economy 300.

The concept of buyer and seller reputations, common in on-line marketplaces, can be enforced in the exemplary off-line economy 300 as well. For example, the service provider 304 can maintain reputations by issuing reputation certificates to users upon their synchronization. Each certificate may include a reputation quantifier that can be verified by the reputation engine 618 of another party or by the other party's account verifier 634. Upon claiming a sale transaction, the service provider 304 updates the user with the most current reputation status. If the user is a seller, this reputation update should be credited before issuing the corresponding transaction incentive to the seller. Otherwise, sellers can receive credits and never update their favorable reputation mark.

Finally, since a user with a “broken” media player device can reinstate a favorable reputation at will, frequent expiration dates on such reputation certificates can ensure that users perform frequent updates of their reputation status.

Marketing the Off-line Bandwidth

The transfer of goods while both devices are off-line, that is, the media download, has functional value for both the buyer and the seller. The buyer can obtain and play the content immediately. The seller, however, may expend additional energy to transfer a relatively large media file to a buyer. The seller may choose to avoid uploading the media file in order to preserve energy, which in some circumstances might be deemed as unfair. A Bluetooth-enabled device transfers data at a rate of approximately 721 Kbps or less; low-cost Zig-Bee transfers data at rates up to 250 Kbps; and relatively expensive 802.11g devices transfer data at approximately 54 Mbps. Because a typical media clip can be in the 2-8 MB range, download can take substantial time and produce a significant energy bill. To address this issue, in one implementation, the off-line media distribution engine 308 enables the seller to price the actual download into the transaction. Thus, the buyer can obtain a purchase receipt for one price and both the purchase receipt and the actual media content for another, higher price.

In order to realize such a transaction, the buyer can specify the type of transaction (purchase receipt only or purchase receipt plus the media content) as well as the price when creating the purchase request, m2. This can be denoted in the field Pc during formation of the buyer's purchase request.

FIG. 8 shows one exemplary method 800 of uploading the purchased media content to the buyer for a price. In this implementation, at the time of content upload, the seller partitions the content a into K packets and sends them independently to the buyer. The purpose is to require the buyer to upload all K packets in order to play any perceptually significant portion of clip a. Thus, the seller's key manager 632 initially generates a fresh encryption key k, encrypts clip a in CBC mode (denoted as Ek(a)), and creates a message e=k||Ek(a). The seller's media transfer engine 612 then partitions message e into K parts, {e . . . , eK}, which it sends to the buyer in decreasing order of their index, i.e., part e1 is the last, K-th packet, eK 802 sent to the buyer. The buyer's media transfer engine 612 follows the receipt of each packet with an acknowledgement of receipt. The last two acknowledgements in the process, ackK−1 804 and ackK 806, are signed by the buyer's authenticator 622, where ack1=SPrb(H(i||j)). After receiving ack−1 804, the seller transfers the last packet, eK 802. The buyer can decrypt and play the media content 808 after this last step. However, the buyer is still required to send ackK 806 to the seller. When the seller's media transfer engine 612 receives ackK 806, the seller can claim the additional pricing incentive to the service provider 304 for uploading the sizable media clip by supplying ackK 806 with the transaction receipt and the receipt acknowledgment (m3, m4) used to otherwise claim an incentive.

Several incident cases may arise in this procedure. First, the buyer may receive eK 802 but fail to send ackK 806 to the seller due to loss of power or broken communication. However, the buyer can acknowledge the completion of this transaction when the buyer's off-line media distribution engine 308 synchronizes with the service provider 304. Hence, in this particular case, the seller depends upon the buyer to eventually communicate with the service provider 304 in order to claim the seller's incentives.

Secondly, after receiving eK 802, the buyer may maliciously choose to not send ackK 806 to the seller so that the buyer can obtain the service of downloading the content off-line for free (although the buyer must still must pay for the purchase receipt in order to free-ride the download of the content).

Third, the buyer may not have sent ackK 806 because the buyer's media transfer engine 612 never received eK 802; in this case the seller cannot distinguish between the first and second scenarios above because communication with the buyer has ceased.

In one implementation, the off-line media distribution engine 308 can address the problem of distinguishing between the malicious and non-malicious scenarios described above using at least two strategies. In a first strategy, users are not allowed to decide upon individual protocol actions. Thus, in order to be able to alter the protocol steps, the buyer would have to “break” the media device's tamper-resistance and alter its software; two actions that would incur substantial cost. Second, after an incomplete transaction the seller can inform the service provider 304 of the incident. The report includes ackK−1 804 in addition to the other messages (m3, m4) described above for claiming the seller incentive. Since the likelihood of the third case described above is relatively small, the service provider 304 can affect the reputation of the buyer and additionally charge the buyer for the seller's incentive.

Thus, user reputation becomes a probabilistic reflection of economic trustworthiness. Even a perfectly policy-obeying buyer is expected to have certain small percentage p of negative feedback. This expectation can be reduced proportionally to the size of eK, i.e., for that reason, it can be assumed that eK=k. For systems where p<<10−2, malicious parties can obtain negligible benefits by performing the malicious second scenario, above, at a rate of approximately every 1/p transactions.


In any setting where tamper-resistant hardware hosts protected software, the issue of privacy is typically raised. Privacy and security often affect each another and in certain cases it is difficult to ethically resolve and define the rightful balance (e.g., accurate crime reporting versus protection of privacy). The exemplary off-line economy 300 adopts a common but controversial standard applied in banking and other services where the service provider as a trusted authority keeps record of all transactions in a manner that protects user privacy. With all the ambiguities of such a protection standard, the frontier for privacy protection can be defined from the perspective of the buyer and seller. Ultimately, it is undesirable for the buyer or seller to be able to show a transaction receipt to a third party in order to compromise the privacy of the seller or buyer on the other side of the transaction, and further, to reveal the purchased media content associated with the compromised identity.

The buyer and the seller exchange identifying information when the authenticator 622 establishes a secure connection. As the public key of either of the users is sufficient to pinpoint its owner, it is important to anonymize user public keys while retaining their full functionality and system security. This can be achieved by distributing single-usage public-private key-pairs to users. A participant in a transaction can optionally use such a key-pair in case the participant wants to stay anonymous.

Such key-pairs are supported with certificates issued by the service provider, which can set correct expiration dates and reputation scores. Single-use key-pairs are not included in revocation lists checked by the account verifier 634.

Fraud Prevention Strategies

As mentioned above, a seller could take an arbitrary existing clip associated with a certain copyright holder h1, re-edit its DRM information, create a new entry, h2, in the list of copyright holders, and assign the proceeds of sales of this new clip to h2. To prevent this copyright redirection, h1, or its service provider 304 may continuously scan existing content on the market for similar songs either based upon title or content similarity. In the first case, text-only similarity is searched by a forensic robot; in the latter, content may be analyzed for similarity to other content using multimedia fingerprinting. This is similar to forensic activities media studios already currently perform on file-sharing systems. Due to the distributed nature of the proposed offline economic platform 300, the copyright holders 108 can offer rewards to entities that discover fraudulent copyright misdirection.

Each device using an exemplary off-line media distribution engine 308 can be protected by using tamper-resistant hardware in order to satisfy in order to thwart some of the threats listed further above. Fraudulent activities can be collectively assigned a one-time non-trivial cost a for “breaking” a media player device. Approximately, α≈β, where device cost is denoted as β.

The difficulty of breaking tamper-resistant hardware can be enforced using two different approaches: active zeroisation and passive techniques. Active zeroisation aims to destroy core information (in this case, user certificates) within a certain amount of time from detecting the tampering. Zeroisation is typically used in the absence of a power supply. Standards for such devices are outlined in standards ANSI X9.17 and FIPS 140-2. Commonly, such techniques are particularly applied in hardware security modules. Passive techniques rely on a chemical coating, which is difficult to tamper with. A media device, including the off-l