(12) Patent Application Publication (10) Pub. No.: US 2006/0173783 A1 Marples Et Al

US 2006O173783A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2006/0173783 A1 Marples et al. (43) Pub. Date: Aug. 3, 2006

(54) SYSTEM AND METHOD FOR AUTHORIZED (57) ABSTRACT DIGITAL CONTENT DISTRIBUTION A digital content distribution system uses a Digital Rights Management Controller that performs a set of arbitrary tests against the transfer request from one user to another such as (76) Inventors: David J. Marples, Mansfield (GB); user A to user B. Assuming these tests are successful, the John R. Wullert II, Martinsville, NJ DRM sends an encryption key to transferring user A. This (US) encryption key E is taken from a table of encryption key/ hash pairs which have been provided to the DRM Controller Correspondence Address: by an external authority Such as the content rights holder. TELCORDIATECHNOLOGIES, INC. User A encrypts the content using they key provided by the ONE TELCORDLA DRIVE SG116 DRM controller and then optionally calculates a hash over PISCATAWAY, NJ 08854-4157 (US) the encrypted form of the content ECX) and returns this value to the DRM Controller. On checking the returned hash against the hash from the table the DRM controller knows (21) Appl. No.: 11/341,172 that user A does indeed have the digital content X in good condition. The DRM Controller then instructs both users A (22) Filed: Jan. 26, 2006 and B that the transfer may proceed. The encrypted form of Related U.S. Application Data the content ECX) is transferred from A to B. Once the content transfer has completed B ensures that the received content (60) Provisional application No. 60/647,044, filed on Jan. has been physically written to non-volatile storage (to 26, 2005. account for crashes etc. during the next step). B then calculates a hash over the received content and returns this Publication Classification value to the DRM Controller. If this value matches the value previously given then the transfer has been Successful and (51) Int. Cl. the DRM Controller updates whatever central records are G06O 99/00 (2006.01) appropriate, while also returning a decrypt key to B to allow (52) U.S. Cl. ------705/51 it to decrypt the content.

(Incubator)

r SCP al/ Pre-pay C OO web Service -

Accounting 160 DRM and Content records Seif-Service Web Services Web-site. DRS C

180 DRM. 120 Controller

so cote NX: 130b transfer 130 user B user C Patent Application Publication Aug. 3, 2006 Sheet 1 of 10 US 2006/0173783 A1

(Incubator)

ry Pre-payscP C OO fa Web service

/N Accounting 160 OR and Content records Self-Service Web Services Web-site.

18O

DRM. G Y. 12 Controller. / vŠ 30a user A

/ & conte 13O transfer 130c user E. user C

FIG. 1 Patent Application Publication Aug. 3, 2006 Sheet 2 of 10 US 2006/0173783 A1

tSO

Yeh servi

tics (incuba tor)

Cotent SCP Registry Pre-pay

Web Service deb Service

Content records Accounting p Web Service (or MP) | 180

N S N 3. % 130 130c user 3 user C

FIG. 2 Patent Application Publication Aug. 3, 2006 Sheet 3 of 10 US 2006/0173783 A1

R 32O

File Sharer is

password it 21-ytton)

(3)-> (ton) Cert l st

event ERXEDCATA caused transition 5 xULLSTATE -> 3TART Fremerict null:

(03-X) i. sids. Y.mp3 (i-x(HELO) : 2-X dick) (3-3 (duck C it wart concert st event ERXFICATA caused transitions UL STATE - 5 START

FIG. 3 Patent Application Publication Aug. 3, 2006 Sheet 4 of 10 US 2006/0173783 A1

Receiving Sending DRM File Sharer (C) 400 File Sharer (B) Controller Request for Arbitrary Content Discovery Process Content X Request for Content X 405 410 N ACK -A Reques. COO. O. ls. Request for Content X from A 425 430 /

Check Content is OK to distribute

435 ACK ACK+Encrypt Key Encrypted Content Transfer445

Content Received+MD5 Checksum 455

Check Received 470 Content is OK ACK.-decrypt Key Content X Available

To Billing

FIG. 4 Patent Application Publication Aug. 3, 2006 Sheet 5 of 10 US 2006/0173783 A1

Echobelly - car fiction. mp3 Echobelly - car fiction. mp3 Echobelly - car fiction. mp3 Echobelly - car fiction. mp3 Echobelly - car fiction. mp3 Elastica - Waking Up.mp3 Elastica - Waking Up.mp3 Elastica - Waking Up.mp3 Elastica - Waking Up.mp3 Elastica - Waking Up.mp3

520

530

F.G. 5 Patent Application Publication Aug. 3, 2006 Sheet 6 of 10 US 2006/0173783 A1

610

Rights kanagement Site - Mozilla Firefox Edit view go. Bookmarks. Ioals help

Digital Rights Management Y ass

sy.

New user? Register here

FIG. 6A Patent Application Publication Aug. 3, 2006 Sheet 7 of 10 US 2006/0173783 A1

620

. Ed yew. Favorter. Iods.Heb. . . . .

gear: gig.

Welcome back, 8456997.374 (tom) $YiYes My Account Balance ve its My Billing Activity

Še

Click here to Logout. Or you may update your account. o952004 10484s ests -100

here)

'air tigercease area rear accessage-eastcareer -assissi Arassisterstratite-site sista R. A. assers---areascale-ax gie Done ...... - . . . . sw- . f frare a

F.G. 6B Patent Application Publication Aug. 3, 2006 Sheet 8 of 10 US 2006/0173783 A1

630

Telcordia.feeges s

Welcome back, 8456997.374 (tom) &SVy My Account Balance ACCount Balance: $283.0 My Billing Activity You may want to top-up or disable your account (use utilities on side-bar).

Click here to Logout. Or you may update your account.

is feetitiesis gig i : S.S.S. estic East: ii. esseesis six:

F.G. 6C Patent Application Publication Aug. 3, 2006 Sheet 9 of 10 US 2006/0173783 A1

640

Welcome back, 8456997.374 (tom) (e. My Account Balance

Media origin cost Date Echobelly - car fiction.mp3 84569973OO 01101/04 Elastica - Waking Up.mp3 84569973OO S2O Of O3,O R.E.M - Pop Song 89.mp3 m 8456997300 $2.10 01/03/01 Rush. The big noney.mp3 84559973OO S2O OliO3,O Click here to Logout. Or you The Divine Comedy may update your account. Songs Of Love.mp3 845699.7300 S2.0 Ofo3O1

The Smiths - This Charming Man.mp3 84569973OO S2.0 OJO301

F.G. 6D Patent Application Publication Aug. 3, 2006 Sheet 10 of 10 US 2006/0173783 A1

650

Telcordia. n Technologies

Welcome back, 8456997374 (ton) (& My Account Balance

(dollar increments only e.g. 6)

Credit card Number 312244233219876 . . A it."See (e.g. 10/05) Click here to Logout. Or you may update your account.

t is is

F.G. 6E US 2006/0173783 A1 Aug. 3, 2006

SYSTEMAND METHOD FOR AUTHORIZED 0008. It would be desirable to have a P2P digital content DIGITAL CONTENT DISTRIBUTION distribution system and method that enable charging back to a prepaid account Such as a prepaid mobile phone account. CROSS REFERENCE TO RELATED APPLICATION 0009. Additionally, it would be desirable to have a P2P digital content distribution system that provides for certifi 0001. This application claims the benefit of priority of cation of quality of content thereby ensuring that the down U.S. Provisional Patent Application No. 60/647,044 filed on loaded digital files are not corrupted or contain viruses or Jan. 26, 2005, entitled “System and Method for Digital other problems that would prohibit their legitimate use. Content Distribution.” This application is related to U.S. patent application Ser. No. (APP1592) entitled 0010) Furthermore, it would be desirable to have a P2P “Payment System For The Distribution of Digital Content digital content distribution system that provides credits to a Using An Intelligent Services Control Point filed concur customer for the onward distribution of digital content to rently herewith. additional users/customers. FIELD OF THE INVENTION SUMMARY 0002 The present invention relates generally to the field 0011. The present invention enables the legitimate P2P of digital content distribution in a telecommunications net distribution of digital content within a legal framework in work and, more specifically, to payment mechanisms for the which operators do not need to have first hand knowledge or authorized legal distribution of digital content within a possession of the content thereby enabling operators to peer-to-peer (P2P) environment. claim the equivalent of common carrier status in a content BACKGROUND environment. Two sharing users, A and B, previously reg istered with a DRM controller, find by some arbitrary 0003) Peer-to-peer P2P networks are networks that method that they wish to exchange a piece of digital content, enable a computer user in possession of digital content to X. B requests a copy of digital content X from A, which A share the digital content with other users without having to is willing to provide and so A sends an acknowledgement transfer to or download the content from a central server. back to B. Both A and B register their interest in the content P2P networks have generally been very successful but have element X with the DRM Controller. Note that in the general existed outside of most legal frameworks. This has lead to case there may be more than one sender (i.e. equivalent to considerable controversy including the shutdown of many A) for a given request. peer-to-peer networks due to court injunctions and other legal problems. This problem appears to have been solved in 0012. The DRM Controller performs a set of arbitrary conjunction with the Digital Rights Management (DRM) tests against the transfer request (e.g. does B have Sufficient issue but separating DRM and Digital Content Distribution funds, does A officially and legally have possession of X, is (DCD) has lead to innovative differentiation. Even then this it within a window of time in which A is allowed to distribute has not really been solved in a generic P2P infrastructure, content etc. etc.) and, assuming these tests are successful, it but has resulted in much more centralized environments. sends an encryption key E to A. This encryption key E is taken from a table of encryption key?hash pairs which have 0004 Current P2P solutions have been created outside of been provided to the DRM Controller by an external author a legal framework and are Subject to repeated attack from ity Such as the copyright owner of digital content X or the copyright holders. Their growth is limited by ongoing legal party that controls digital distribution of digital content X. ity concerns in the minds of potential users which are fostered by the RIAA and like organizations. 0013 User A encrypts the content using the key provided by the DRM controller and then calculates a hash over the 0005 Current DRM solutions tend to have originated encrypted form of the content ECX) returning this value to with rights holders and thus tend to enforce additional the DRM Controller. Because the encryption key, E, is not restrictions on the use of purchased materials above and known ahead of time, user A cannot know the value of the beyond those which consumers have come to expect with hash a priori and can only calculate it by performing the videocassette recorders (VCRs) and the Compact Cassette. Encryption/Hash Calculation steps. On checking the This has lead to consumer resentment. DRM solutions also returned hash against the hash from the table, the DRM tend to be somewhat centralized in nature leading to limited, controller knows that User A does indeed have the content or very expensive systems. element X and it is in good condition (i.e. it has not been 0006 P2P operators have not, historially, been too con altered from the form used to create the key/has pair). The cerned with content tracking and tracability, nor with the DRM Controller then instructs both A and B that the transfer implementation of a legal overlay on a P2P infrastructure. may proceed. Traditional DRM providers view their value as being in the 0014. The encrypted form of the content ECX) is trans DRM solution, not in the content distribution component, ferred from user A to user B by arbitrary means that are well for which they would typically expect to use commercially known in the art. Once the content transfer has completed, available solutions. B ensures that the received content has been physically 0007 Thus, there is a need for a peer-to-peer (P2P) written to non-volatile storage (to account for crashes etc. distribution scheme that can incorporate the concepts from during the next step). B then calculates a hash over the digital rights management thereby enabling the distribution received content and returns this value to the DRM Con of digital content Such as music, movies and books while troller. If this value matches the value previously given then providing just compensation to the owners of Such copy the transfer has been successful and the DRM Controller righted works. updates whatever central records are appropriate, while also US 2006/0173783 A1 Aug. 3, 2006

returning a decrypt key to B to allow it to decrypt the send and receive data from the DRM Self-Service Web-Site content. A record of the transfer is kept for a period of time 100. This type of software is well-known in the art. such that if B crashed in the period from obtaining the complete content to receiving the decrypt key and decrypt 0024. User A communicates using device 130a with ing the content then B could request said key again without DRM Self-Service Web-Site 100 in order to specify various incurring additional charges. parameters with respect to the transfer of content between one or more other users such as User B and User C. FIG. 1 0015. It will be noted that the DRM Controller never shows the arrangement of components within a typical needed to see the content. It only requires a set of encrypt operational digital content distribution system. In this key/hash pairs. If these pairs are generated by an external example, transfer of digital content owned or controlled by responsible authority then the organization running the User A is transferred between User B and User C using the DRM Controller need never see or have knowledge of what associated DRM Controller 120. The other components are the content element is. Note that in an extension to the important for the construction of a physical system but are invention if the key?hash pairs are consumed this would not as important to the present invention as DRM Controller serve as a form of audit and tracking for the content rights 120. holder and would also prevent possible attacks based in the re-use of key?hash pairs 0.025 DRM Controller 120 communicated with DRM Self-Service Web-Site 100 in order to receive information 0016. In this manner the DRM Controller can certify regarding how to handle a transfer of digital content from transfers without ever needing to have access to the content one user to another, Such as the transfer of digital content concerned. The content owner can provide keys and signa from User B to User C. User B and User C communicate tures. Because back end systems decide if a transfer should, with DRM Controller 120 and with each other by using or should not progress, neither sender or receiver can devices 130b and 130c which devices are similarly enabled individually circumvent the system to device 130a described above, although devices 130b and 130c should contain an interface for use by an actual person. BRIEF DESCRIPTION OF THE DRAWINGS A typical transaction would begin with some type of dialog between User Band User C that leads the two to decide that 0017 FIG. 1 depicts the architecture of one embodiment one has content that it would like to share with the other. of a digital content distribution system in accordance with the present invention; 0026. Accounting and Content Web (ACW) Server 140 comprises Software implemented on a general purpose com 0018 FIG. 2 depicts the architecture of another embodi puter that is capable of keeping track of transfer of digital ment of a digital content distribution system in accordance content and payment of digital content. ACW Server 140 is with the present invention; in communication with DRM Self-Service Web-Site 100 in 0.019 FIG. 3 depicts the graphical user interface for use order to receive information about the amount of compen of users of the file sharing process of a digital content sation a user Such as User A desires to receive for transfers distribution system in accordance with the present invention; of digital content between other user such as User B and User C. ACW Server 140 is also in communication with SCP 0020 FIG. 4 depicts the process flow of the file sharing Pre-Pay Web Service Server 160 that is an intelligent service process in a digital content distribution system in accordance control point capable of decrementing an account of the user with the present invention; paying for a transfer of content and incrementing one or 0021 FIG. 5 depicts an example of the content shared in more of the accounts of the user transferring content and/or a digital content distribution system in accordance with the the owner of the content being transferred. In this way, P2P present invention; and, transfers of digital content can be accomplished with the knowledge and approval of the owner of the content who is 0022 FIGS. 6A-E depict the graphical user interface properly compensated for the transfer. SCP Pre-Pay Web screens forming the interface to the DRM self-service web Service Server 160 is in communication with the Digital site in a digital content distribution system in accordance Rights Server (DRS) which is a repository of records with the present invention. associated with the transfer of digital content and payment for such transfers. SCP Pre-Pay Web Service Sever 160 can DETAILED DESCRIPTION OF THE DRAWINGS be any of several known intelligent service control points such as the Telcordia Converged Application Server and/or 0023. In FIG. 1 the architecture of a digital content Real-Time Charging System. distribution system in accordance with the present invention is shown. User A communicates with a DRM Self-Service 0027 FIG. 2 depicts a more detailed embodiment of a Web-Site 100 using a device 130a for the purpose of digital content distribution system, in accordance with the inputting various information regarding the distribution of present invention. Again User A communicates using a content owned or controlled by User A. Device 130a may be device (not shown) through the Internet 220 with one or any type of general purpose personal computer (PC), per more DRM Self Service servers/servlets 230 in order to sonal digital assistant (PDA), mobile handset, cellular tele input various information about the distribution of digital phone or other handheld device capable of communicating content owned or controlled by User A. ACW Server 140 is in a wired or wireless manner with the Internet so as to broken into two components: Content Registry Web Server display one or more user input Screen Such as those discusses 140a and Content Account Web Server (Digital Rights below in relation to FIG. 6. Device 130a would need Management Platform) (“DRMP) 140b. Content Registry software such as an Internet browser, Wireless Access Pro Web Server 140a manages the information that plays a role tocol (WAP) browser or other similar software in order to in allowing content to be forwarded between users. That is, US 2006/0173783 A1 Aug. 3, 2006 it contains user or content-owner "preferences' pertaining to key?hash pairs which have been provided to the DRM allowing content exchange such as exchange rights spelled Controller by an external authority. For example, the encryp out in traditional DRM systems. Content Accounting Web tion key/hash pairs may be provided by User A, the owner Service 140b keeps track of the amount a user desires for or licened distributor of digital content X. transfer of specific digital content and communicated 0032 User B encrypts the content using they key pro through the Internet 220 using a Simple Object Access vided by the DRM Controller 120. User B also peforms a Protocol (SOAP) 260 with ISCP pre-pay web-services 160 hash function (preferably MD5) over the encrypted digital to enable the account of the users and owners of content to content and returns this hash to the DRM Contoller 120 at properly decremented and incremented in accordance with an optional step not shown in FIG. 4. If the hash matches the payment scheme. Content Accounting Web-Service that in the database of the DRM Controller then the DRM 140b can also communicate using Java Data Base Connec Controller instructs User A and User B that the transfer may tivity (JDBC) with DRS 180 in order to directly access proceed at an additional optional step not depicted in FIG. records of users of the digital content distribution system. 4. User B then transfers the encrypted content to User C by 0028. As with FIG. 1, User B and User C get permission aribtrary meand that are well known in the art at step 445. for a transfer of digital content by communicating with 0033) Once the content transfer has completed User C DRM Controller 120. DRM Controller 120 communicated ensures that the received content has been physically written with Content Accounting Web Service 140b and Content to non-volatile storage (to account for crashes) in a step not Registry Web Server 140a. In the case of the former, DRM shown in FIG. 4. User C then calculates a hash over the Controller 120 sends information about the transfer so as to encrypted form of the content ECX) and returns this hash enable proper incrementing and decrementing of user value to the DRM Controller 120 at step 450. Because the accounts. For example, a transfer of digital content from encryption key E is not known ahead of time. User C cannot User B to User C could result in a decrementing of the know the value of the hash a priori and can only calculate it account of User C as well as an incrementing of the accounts by performing the Encryption/Hash Calculation steps. On of User A and User B. User A, as the owner of the digital checking the returned hash value against the hash from the content, is likely to receive the majority of the payment table the DRM Controller 120 knows that User C does made by User C but User B might also receive a small indeed have the digital content X and that the digital content payment as a reward for being the one distributing content is in good condition. If this value matches the value provided on behalf of User/Owner A. by the content owner User A and stored by the DRM Controller then a transfer of valid content has been success 0029 FIG.3 depicts a few of the graphical user interface ful and the DRM Controller updates whatever central (GUI) screens shown by the DRM Controller 120 to users of records are appropriate at Step 455, while also returning an the system. Interface Screen 310 is the P2P transfer control acknowledge (ACK) message with a decrypt key to User C screen. Interface screen 320 is the interface seen by the to allow User C to decrypt the digital content X. A record of receiving peer or user Such as User C in the example the transfer is kept for a period of time such that if User C transaction in FIGS. 1 and 2. Interface Screen 330 is the crashed in the period from obtaining the complete content to interface seen by the sending peer/user Such as User B. receiving the decrypt key and decrypting the content then 0030 The flow of content transfer process between User they could request said key again without incurring addi B and User C is shown in FIG. 4. User B and User C have tional charges. previously registered with DRM controller 120 and have by 0034). It will be noted that the DRM Controller 120 never Some arbitary method decided that they wish to exchange a needed to see or possess an actual copy of the digital piece of digital content, X at step 400 of FIG. 4. User C content. DRM Controller 120 only requires a set of encrypt requests a copy of digital content X from User B at Step key?hash pairs. If these pairs are generated by an external 405/410. User B is willing to accept the request and so sends responsible authority then the organization running the an acknowledgement back to User C at step 415. Both User DRM Controller need never see or have knowledge of what B and User C register their interest in the digital content X the digital content X is. with the DRM Controller 120 at steps 420 and 425 respec 0035) In an extension to the invention if the key?hash tively. Note that in the general case there may be more than pairs are consumed this would serve as a form of audit and one sender (i.e. equivalent to A) for a given reception. tracking for the content rights holder and would also prevent Digital content X may be any type of digital information possible attacks based in the re-use of key?hash pairs. By including but not limited to digial music, movies, books, “consumed it is meant that the DRM server would use a magazines, computer Software, audiobooks, etc. key?hash pair for one and only one transaction and would 0031. At step 430 the DRM Controller 120 performs a set never re-use the transactions for Subsequent transactions. of arbitary tests against the transfer request. For example the Furthermore, the external respository could supply the key// DRM Controller 120 may bedsigned to query whether User has pairs to the DRM server on demand, when users have C has sufficient funds. Alternatively, DRM Controller may comitted to a content transfer. query whether User B legitimately has a copy of digital 0036 FIG. 5 depicts an example of digital content that is content X, or whether it is a time period in which User A is being transferred from one user to another. Field 510 con allowed to distribute content. Any number of arbitrary tests tains the filenames of the digital content to be transferred. In can be generated. Assuming these tests are successful, DRM this example the digital content is MP3 encoded music files. Controller 120 sends an acknowledge (ACK) message back Field 520 contains the encrypt and/or decrypt keys and field to User C at step 435 and/or an acknowledge (ACK) 530 contains the related MD5 checksum hash. One line from message with an encryption key E to User B at step 440. the file set forth in FIG. 5 is all that is needed for the DRM This encryption key E is taken from a table of encrpytion Controller 120 to be able to validate a specific transfer. US 2006/0173783 A1 Aug. 3, 2006

0037 FIGS. 6A-E depict a set of graphical user interface permitting the transfer is the result of the hash function (GUI) screens used by the DRM Self-Service Web Server sent by the first user at the DRM Controller and the 100 in order to gather information from the owner of digital key/has pair provided by the owner of the digital content. Screen 610 of FIG. 6A is a user login screen for content are the same. such a server. Screen 620 of FIG. 6B provides the owner/ 3. The method of claim 1 further comprising the steps of: user with the ability to select the viewing of account balances, billing activity, media, and to “top-up' a pre-pay determining at the DRM controller whether the transfer of account balance. Screen 630 of FIG. 6C provides informa digital content is authorized by performing one or more tion on the account balance. Screen 640 of FIG. 6D enables arbitrary tests. the user to view the digital content that he or she has 4. The method of claim 3 wherein the arbitrary test transferred from another source. Screen 650 of FIG. 6E determines whether the first user possesses a legitimate copy provides an interface for adding money to a pre-pay wallet of the digital content. for the future purchase of digital content. 5. The method of claim 3 wherein the arbitrary test determines whether the second user has an account with 0038. The above description has been presented only to Sufficient funds to compensate an owner of the digital illustrate and describe the invention. It is not intended to be COntent. exhaustive or to limit the invention to any precise form 6. The method of claim 1 wherein the key/has pair is used disclosed. Many modifications and variations are possible in only for the transfer of the digital content from the first user light of the above teaching. The applications described were to the second user and is not used for any other transfer. chosen and described in order to best explain the principles 7. The method of claim 1 further comprising the step of of the invention and its practical application to enable others determining that the first user possesses digital content that skilled in the art to best utilize the invention on various the second user desires to have without using the DRM applications and with various modifications as are Suited to controller to make Such a determination. the particular use contemplated. 8. The method of claim 1 further comprising the step of sending a request from the first user and/or the second user What is claimed is: to the DRM controller for a transfer of the digital content 1. A method for authorized distribution of digital content form the first user to the second user. from a first user to a second user in communication with a 9. The method of claim 3 further comprising the step of digital rights management (DRM) controller wherein the sending an acknowledgement from the DRM controller to DRM controller does not possess a copy of the digital the first user and/or the second user that the transfer is content and does possess a key/hash pair provided by an authorized. owner of the digital content comprising the steps of 10. The method of claim 1 further comprising the step of storing a record of the transfer of the digital content from the receiving at the DRM controller a request from the first first user to the second user without storing a copy of the user to transfer the digital content to the second user; digital content. sending an encryption key from the DRM controller to the 11. The method of claim 10 wherein the step of storing a first user; record is accomplished using an accounting and content web SeVe. encrypting the digital content at the first user; 12. The method of claim 11 wherein an account of the transferring the digital content from the first user to the owner of the digital content is incremented upon transfer of second user; the digital content from the first user to the second user. 13. The method of claim 11 wherein an account of the first performing a hash function over the encrypted digital user is incremented upon transfer of the digital content from content at the second user; the first user to the second user. sending the result of the hash function to the DRM 14. The method of claim 11 wherein an account of the second user is decremented upon transfer of the digital controller; content from the first user to the second user. determining at the DRM controller if the hash function is 15. A system for the authorized distribution of digital correct for the digital content by comparing the key/ content between a first user and a second user wherein the hash pair provided by the owner of the digital content digital content is owned by a third party comprising: to the result of the hash function sent by the second user, a digital rights management (DRM) controller; if the hash function is correct, sending a decryption key to a DRM self-service web server; the second user from the DRM controller; an accounting and content web server, and decrypting the digital content at the second user. an intelligent service control point pre-paid platform. 2. The method of claim 1 further comprising the steps of: 16. The system of claim 15 wherein the DRM controller stores encryption keys and hash function results associated performing the hash function at the first user after the step with the digital content but does not store a copy of the of encrypting and sending the result of the hash func digital content. tion to the DRM controller; 17. The system of claim 15 wherein the DRM controller comparing the result of the hash function sent by the first is capable of receiving requests from the first user and/or the user at the DRM Controller with the key/has pair second user to authorize a transfer of the digital content from provided by the owner of the digital content; and, the first user to the second user. US 2006/0173783 A1 Aug. 3, 2006

18. The system of claim 17 wherein the DRM controller 22. The system of claim 16 wherein the DRM controller is capable of determining whether the transfer is authorized is capable of sending an encryption key to the first user to based on one or more arbitrary tests. enable to encryption of the digital content prior to transfer to 19. The system of claim 18 wherein the arbitrary test used the second user. by the DRM controller is whether the first user possesses a 23. The system of claim 16 wherein the DRM controller legitimate copy of the digital content. is capable of sending a decryption key to the second user 20. The system of claim 19 wherein a comparison by the upon determining that the digital content has been trans DRM controller of a result of a hash function performed by ferred from the first user to the second user. the first user on the digital content and the key and has 24. The system of the claim 16 wherein the DRM con function results associated with the digital content stored at troller determines if the digital content has been transferred the DRM controller is used to determine whether the first from a first user to a second user by comparing the hash user possesses a legitimate copy of the digital content. function result sent to the DRM controller by the second user 21. The system of claim 18 wherein the arbitrary test used after the transfer from the first user. by the DRM controller is whether the second user possesses 25. The system of claim 24 wherein the encryption key an account with Sufficient funds to compensate the owner of and hash are used only for one transfer. the digital content and/or the first user. k k k k k