Reselling Digital Content Laila El Aimani, Yona Raekow {elaimani,raekow}@bit.uni-bonn.de b-it, Dahlmannstr. 2, Universit¨ at Bonn, 53113 Bonn, Germany Abstract—Digital content, protected by specific terms of use, is currently delivered to customers via a few selected content providers. Allowing arbitrary entities, not just trusted content providers, to resell legitimately purchased, protected digital content to another entity, adds additional challenges to a DRM environment. In this paper, we formally model the problem of reselling digital content, and we provide a secure construction based on one-time (proxy) signatures. Our construction allows an arbitrary seller to resell its digital content to any buyer. We ensure that the identity of the buyer is only known to the seller. The buyer can verify that the purchased content is genuine. After the transaction is completed only the legitimate current owner can use the digital content. Any illegal use can be identified by a trusted authority. Keywords-Digital rights management, One-time (proxy) sig- natures, Anonymous communications, Secret sharing I. I NTRODUCTION Typically, digital content is made available to customers together with a license through content providers, e.g. Apple iTunes. Most of the times, a customer has the right to use this digital content based on certain rules specified by the license. In general, the user is not allowed to transfer or resell the digital content, even in case he has no use for it anymore or does not want it anymore. The scenario we consider in this work is that of digital artwork that shall not be made available to an unlimited amount of users (i.e. we do not consider the mass market of tunes and clips available in e.g. iTunes), but rather a small selected group. This can be compared to paintings, that have their value also due to the fact that usually only one of a kind exists. One could think of digital art pieces, like photographs, compositions of music or digital imagery that shall only become available in some private collections, showrooms or museums or in case of movies to a limited number of movie theaters. Museums and the like purchase the artwork that they would like to show usually for some period of time and then resell or transfer it to another museum. While there are well established procedures for “analog” art, like auctions for paintings, this process is somewhat more difficult when dealing with digital assets. Another application of our scheme is the following: Typi- cally one purchases a software for executing certain tasks. It is not uncommon that the software is only useful for some period of time, e.g. a computer game loses its value to his owner once he completed all levels. Currently there exist no legitimate way to resell the software to a third party. A third party could be interested in purchasing such a “used” software for the following reasons: The company that sold the original software does not sell the software anymore, went bankrupt or simply does not deliver the software to certain countries. Allowing reselling adds additional challenges to the en- forcement of digital rights: After the content is transferred to a new owner, the previous owner should not have the possibility to use the content any longer. In fact, nobody should be able to use the content, except the current, legitimate owner. The new owner wants to be sure that the content he bought is genuine and indeed from the artist it was claimed to be from. In this work we present a model that addresses these requirements and present a solution to the reselling digital content problem. Additionally our system keeps the new owner of the content anonymous. Only the previous owner knows the identity of the new owner. In the following chapters we consider the following players: an artist Art (e.g. a photographer), who sells some images to Sally. After a while Sally no longer needs the artwork of Art, and wants to sell the images to Bob who is interested in having a genuine piece of art from the artist Art. Common practice in art sales is that the buyer Bob stays anonymous. Transferring digital content is prone to abuse from both Sally and Bob. Sally might be tempted to make copies and keep one to herself or even worse sell the same piece of art several times. This is due to the fact that copying digital assets is easy. Bob might want to share his newly acquired piece of art with all his friends and is tempted to provide them with the necessary access information. In this paper we introduce a framework that allows reselling digital content such that Bob is only known to Sally. Only Bob can “use” the artwork and if the artwork is shared a trusted instance, e.g. a court can identify the illegitimate user. Furthermore when Bob buys the digital artwork from Sally he can verify that this piece of art indeed was produced by Art and not by somebody else. The scheme we propose relies on one-time proxy signatures [1], [2]. To the best of our knowledge one-time proxy signatures are used for the first time in order to develop a scheme for reselling digital content. The problem of reselling digital content has not been studied extensively. Previous work, e.g. [3], [4] developed schemes for “content redistribution”, i.e. a user can distribute digital content in such a way that the DRM policies are preserved. We propose a scheme that allows LAILA EL AIMANI &YONA RAEKOW (2010). Reselling Digital Content. In FARES 2010,LISA O’CONNER, editor, IEEE Computer Society, 391–396. IEEE Computer Society, 10662 Los Vaqueros Circle Los Alamitos, California 90720-1314. ISSN 0302-9743 (Print) 1611-3349 (Online). URL https://dx.doi.org/10.1109/ARES.2010.18. This document is provided as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that these works are posted here electronically. It is understood that all persons copy- ing any of these documents will adhere to the terms and constraints invoked by each copyright holder, and in particular use them only for noncommercial pur- poses. These works may not be posted elsewhere without the explicit written per- mission of the copyright holder. (Last update 2017/11/29-18 :15.)