Making the Internet Safe for the Music Industry

Because they now realize that downloading music from the Internet is here to stay, it would seem the major record companies would love to see a world in which Web consumers no longer own a copy of a song or album, but simply pay each time they listen to it.

Last week, Cirrus Logic and InterTrust Technologies, two companies funding efforts to facilitate online music commerce, announced what they claim is the first "general-purpose, content-secure system-on-chips" for Internet audio players that support MP3 and Windows Media Audio. The companies say that by using InterTrust's Rights/PD digital rights management software, the new Maverick chips exceed all current Secure Digital Music Initiative (SDMI) specifications.

The companies explain that they are "addressing industry concerns" to protect audio copyrights on the Internet, and hope the new chips will play a key role in enabling what is described as a "billion-dollar global music market" to securely distribute music products via the World Wide Web.

Diamond Multimedia's Mike Reed states that "as a device manufacturer, we are encouraged by this announcement because it will result in more content for consumers. Getting a processor that embeds the InterTrust technology is an important milestone in the evolution of digital audio." Cirrus Logic's Matthew Perry adds that "the recording industry will be able to safely deliver copyrighted music via the Web, consumers will be able to purchase audio content without fearing their private transactions will become public, and manufacturers can readily generate substantial revenue streams from sales of 'trusted' players."

InterTrust says that, once installed on a PC or other system, their software converts music providers' encrypted content and cryptographic keys into DigiFiles, which are transferred to the portable music player. Each DigiFile is flagged only to work with the unique SDMI ID number of a given player (or players), and once a DigiFile is loaded into a player, Rights/PD software manages the user's rights to play the music for either an unlimited or a limited number of replays, based on content-owner or distributor-specified rules.

To make this work, the companies explain that a public, unique, SDMI ID is burned into each chip to which content for the player is tied, ensuring that the content can be played only on the specific player. Also, a hidden, unique, private key number is linked to an additional private key; the two keys are used together to enable upgrade of the security firmware and to determine that the chip is booting a secure environment. Measures are also included to block hackers from accessing the internal portions of the chip, where the private ID number and other secure information is stored.

To future-proof the players, the companies say that upgradeability is also provided for the security system through the addition of a unique mechanism for securely upgrading the InterTrust security software within each device. "Not only is the security firmware upgradeable, but the firmware is also unique to each chip. Hence, if a hacker compromises the security on a single Maverick Lock-based music player, this breach cannot be used on other similar music players."

The question remains, however: Will consumers find these secure systems a benefit for listening to music and form a line at the virtual counter, or will they continue to rebel and support "unofficial" approaches and technologies to music distribution, such as the recently popular Napster? Only time will tell.