[Help] Last update at http://inet.nttam.com : Mon Aug 7 21:39:39 1995

Abstract -- Using the Internet to Reduce Software Piracy Commercial and Business Aspects Track
C2: Electronic Money

[Previous] [Table [Next]
[Paper [Paper


Using the Internet to Reduce Software Piracy

Hauser, Ralf C. ( hauser@acm.org)

Abstract

Copyright piracy occurs both on the producer side of copyrighted information and the consumer side. The producer side experiences two forms of pirating: i) Entirely illegal reproduction and distribution of pirated software and the more subtle problem of ii) basically authorized vendors defrauding their software publishers by for example interspersing bootlegged copies on their shelves which are not distinguishable from authentic packages by a buyer. This paper discusses how the latter problem could be alleviated by a different software vending method supported by Internet technologies.

The primary assumption of the proposal is that honest users do not want to risk being prosecuted, without being guilty, because of software sold or installed on their hardware by infringing vendors against the terms of licensing contracts.

BACKGROUND

All involved parties (the honest users, vendors, software publisher) are assumed to have Internet mail, PGP/PEM, MD5, and a certified public key. For the protection of privacy, anonymous re-mailers and Chaum's mixes are assumed to exist to provide sender anonymity.

BASIC APPROACH WITH CONVENTIONAL MEANS

When buying a software package in a store for $300, for example, the buyers only pay $30 for the material reproduction cost immediately, obtain a transaction number, and have to leave their addresses plus further assurances (e.g. ID card).

At home, the buyers verify the license terms by reading a LICENSE file. This file is signed by the software publisher and contains the publisher's bank account number for the payment. The necessary public key certificate is retrieved over the Internet.

The buyers then pay the remaining $270 directly to the publisher, communicate the transaction number and obtain a receipt. The publisher then transfers a remaining amount of, for example, $40 to the vendor summing up to an adequate sales- and profit-margin. By bookkeeping the outstanding transaction numbers, the vendor knows which buyers need payment reminders.

This approach fulfills two goals: Honest users must no longer be afraid to unknowingly become accomplices or victims of pirates and vendors have much less incentives to become pirates. As a standard of good practice, when purchasing, for example, a permanent storage device, the license terms of the software delivered with it will be verified by the buyer. The mentioned misuse therefore can no longer occur unless a pirate vendor cooperates with a pirate consumer. This combination of criminal intents is contended to occur much more rarely than just an individual pirating.

INTERNET SUPPORT

With little extra effort, the relation between the software publisher and the buyers can be conditionally anonymized with "Anonymous Receipts" obtained via electronic mail. The buyer sends with the payment also a number Y that is obtained by digesting: The user ID/address, the transaction number, a user chosen random number and further information (e.g. software serial number). The software publisher receiving the payment not knowing the payer signs a message containing: Y, date, product, and amount and returns it through anonymous mail.

If a buyer obtains a reminder from the vendor even though having paid, she or he will show this receipt. Only the buyer can authenticate the receipt by providing all components leading to Y. The random value is present to prevent the publisher from trying to rebuild Y over a potentially small buyer community in a brute force attack.

Anonymous ID Card

The next step is to add conditional anonymity to the the vendor-buyer relation. An anonymous ID card created in collaboration with a trusted notary will only reveal the buyer's real ID in the case of unsuccessful payment reminders. The software distribution method can be further extended in a share-ware-like way. The honest buyers then obtain physical manuals and original disks by presenting "Anonymous Vouchers" which they obtained over the Internet from the software publisher during the payment. Last, it is shown how also the purchase and delivery of software can be performed over the Internet securely employing the mentioned tools without the detour of physically going to potentially dishonest off-line vendors.