New Lock Aims To End Chip Piracy

Stony Stevenson writes "Pirated microchips based on stolen blueprints could soon be a thing of the past thanks to computer engineers at Rice University and the University of Michigan. The engineers have devised a way to head off this costly infringement by giving each chip its own unique lock and key. The patent holder would hold the keys, and the chip would securely communicate with the patent holder to unlock itself. The chip could operate only after being unlocked. The Ending Piracy of Integrated Circuits (Epic) technique relies on established cryptography methods, and introduces subtle changes into the chip design process without affecting performance or power consumption. With Epic protection enabled, each integrated circuit would be manufactured with a few extra switches that behave like a combination lock."

Physical DRM

[QMalcolm (1094433)]

Great.

When it detects that it's a pirate copy, it says:

[spun (1352)]

EPIC FAIL!

Re:When it detects that it's a pirate copy, it say

[pitchpipe (708843)]

Not only EPIC FAIL, maybe we could have this chip report you to a patent offenders registry where all of the other chips that are using EPIC could deny your using them to prevent further patent abuse.

Hurries and puts bleeding child in car. Turns key...
"I'm sorry sir, your patent offenders registry status prevents you from starting this car."
But car, I need to get to the emerg... "I'm sorry sir, your patent offenders registry status prevents you from starting this car."
Oh fuck it!
Dials phone
"I'm sorry sir, your patent offenders registry status prevents you from dialing this phone. Please seek the assistance of a non-offender in...

Re:When it detects that it's a pirate copy, it say

[andy_t_roo (912592)]

atleast until the people with the hundred million$ plans, and the billion $ chip plant spend a few hundred thousand on analyzing the plans to find the few transistors that do this and take them out, making pre-unlocked chips. - if a bunch of random hackers can do over current DRM, there's not much chance that this would last.

Re:Physical DRM

[burni (930725)]

Yep, "great"!

.. soon to be cracked, by a great army of brilliant chinese/taiwanese/etc.. engineers,
specialized in getting to know how everything works.

Just to remember, how long did it took to crack HD-DVD encryption ?
Not long enough to survive it's own extinction.

We all know the story's ending, it just happens too often.

Re:Physical DRM

[Lumpy (12016)]

Problem is it wont fly. Chips are made to be as cheap as possible. Paying a licensing fee and then requiring the damn thing to be on the internet to be activated is not only stupid but completely unmarketable.

There is a reason that Grey market chips get made of popular chips. Because the manufacturers are price whores and get them made at the cheapest plant in China. how about not paying the executive staff obscene salaries for their useless butts and have the items made in a location that is reputable and trustworthy?

finally, I found a way around the china syndrome of copying. Send them a Test firmware so they can test the product but not operate it, then you simply re-flash with a jtag jig when the good boards arrive. The china operation never get's their hands on the firmware so they cant copy the product.

The whole article is nothing more than an advertisement for a useless technology that only a uneducated CEO or CTO would read about in a trade magazine and make the rash decision to implement it without talking to his engineering staff.

Re:

[C0vardeAn0nim0 (232451)]

then they buy a unit at any wall-mart, take it back to china, read the production firmware using a jtag cable, and they're back in the business

Chip piracy != music piracy

[FuzzyDaddy (584528)]

Chip piracy is a big problem.

My company got burned by it a few years ago. We had an 8 channel DAC (the MAX5308) in our design which didn't have a drop in replacement from another vendor. We needed some parts, and the lead times from Maxim were too long, so we contacted some distributors and found someone who had these parts.

We had a bunch of boards built, and we started getting a high failure rate, which we traced back to the DAC. A closer inspection of the part revealed it had a date code that was before the actual release date of the chip! We contacted Maxim and stopped payment on the parts. Maxim took some parts for evidence (and I believe sent us a few samples to tide us over).

We were building $14000 units that were being deployed in military communications systems.

It turns out the counterfeits were coming from Asia. The distributor in question probably knew that the chips were counterfeit and looked the other way.

Semiconductor companies put a lot of effort in making sure there products are reliable. (If a PC board has 100 parts, what failure rate is acceptable in your chips before you start to have very bad yield issues? What if it's 1000 parts?). We, as a society, have come to count on things being reliable, and real danger can result when their not. It's not as bad as counterfeit pharmaceuticals, but it's not so far off either.

I don't know if this scheme will work or not. But it's a real problem, with real consequences.

Sure, great idea

[KublaiKhan (522918)]

Presuming that there's a constant internet connection, that the manufacturer's server is incapable of being cracked and maintains at least 5-9's uptime, and that anyone's stupid enough to buy a crippled chip with this on it.

Re:Sure, great idea

[bkaul01 (619795)]

It doesn't sound like this is a consumer-level activation, but a one-time, manufacturer-side process:

To activate a chip, the manufacturer would plug it in and let it contact the patent owner over an ordinary phone line or internet connection.

It's intended to protect against overseas subcontractors who have access to the blueprints making extras and then going and selling them on the black market, behind the patent-holder's back. So, the overseas company would make it, ship it back to the company who owns the rights to it, where it would be activated before being distributed. The outsourced manufacturing company wouldn't have the ability to activate them, so couldn't sell extras to the black market.

Re:Sure, great idea

[poetmatt (793785)]

That's how it starts, but that's not how it would end. Think of how much the government or any power abusing company seeking more of that would be on this like FOS. Especially if it becomes commonly manufactured. Not that this is 100%, but I wouldn't see a situation like this technology being force trickled on consumers to be completely unlikely either.

We've had it before, I believe it was called trusted computing [wikipedia.org]. Boy do people love how that has turned out [gnu.org], if I recall correctly.

I understand that a processor blueprint is not something that people want compromised. Throwing a technical attempt to solve the problem rather than dealing with human error is just putting the blame in the wrong places and throwing stuff at the wall hoping things will stick.

Re:

[DaveV1.0 (203135)]

Wow. You didn't even bother to RTFA. That or you are a dumbass. To be honest, I think it is be both.

The chip is activated after manufacture but before shipping to the consumer. After it is activated, it never has to contact the patent holder again.

This is a technology to stop industrial espionage and has nothing to do with DRM or trusted computing.

Now, please, stop being a reactionary dumbass and STFU.

Re:Sure, great idea

[x_MeRLiN_x (935994)]

You seem to be missing the fact that the patent owner (who this is designed to protect) is a completely separate entity from the manufacturer. The manufacturer is nothing more than a subcontractor. The manufacturer obviously requires the blueprints to produce the chip. It is the manufacturer who is selling the patent owner's chips on the black market. Nothing is being "leaked". You can bet your life that the "signed agreements" you mention are without exception already in place. They're just being flouted.

Others who responded to my post have argued that you therefore shouldn't hire Chinese or other cheap chip production plants, because they are well known for failing to respect intellectual property and you have no possible recourse against them.

The thing is, businesses are always going to opt for the cheapest option. If this technological measure is cheaper than opting for a more expensive, "trustworthy" producer, then I don't think you have a case against it. This doesn't harm consumers in any way shape or form, simply because it doesn't involve them. The restrictions will have already been removed long before it reaches their hands.

Re:

[poetmatt (793785)]

I do understand what you're saying, but no, this is still on the patent owner. From the last sentence you said sums up the answer: The thing is, businesses are always going to opt for the cheapest option.

Whose fault is that? Why should anyone other than the business that makes that decision (aka patent owner) bear the brunt of that responsibility? Why should a manufacturer add a cost to their process and what incentive do they have to do so? Answer: none whatsoever.

It is the patent owner's responsibility to

Re:Sure, great idea

[insertwackynamehere (891357)]

Maybe the answer is to stop outsourcing.

Outsourcing is simply trade

[Colin Smith (2679)]

You do it every day. Do you manufacture your own bread? Butter? Do you manufacture your own hardware components? No, because someone else can do it better and cheaper.

 

Re:

[rtb61 (674572)]

Reason the technology was given away was stupidity driven by greed. When you put a bunch of sociopaths in control of government and corporations it is all about how well their immediate lusts can be satisfied, their greed and desire for more money, power and self gratification.

They do not care about anything at all except themselves, even the families are nothing more than accoutrements and decorations, pets to fulfil their own egos.

Just the same in this case, the people who cam up with this technology

Re:Sure, great idea

[Grishnakh (216268)]

When you put a bunch of sociopaths in control of government and corporations it is all about how well their immediate lusts can be satisfied, their greed and desire for more money, power and self gratification.

Unfortunately, the capitalistic and democratic system we live under is inherently set up to reward sociopathic behavior, so those are the people who rise to the top in it.

Not that this means capitalism and democracy should be abolished; Stalinist-style communism as practiced in North Korea, for instance, seems to reward absolute lunacy, and I guess I'd rather have sociopathic leaders than insane lunatic ones.

Re:Sure, great idea

[poot_rootbeer (188613)]

The outsourced manufacturing company wouldn't have the ability to activate them, so couldn't sell extras to the black market.

However, since they have the blueprints to the chips, they can find the sections of the schematic that implement this activation system, create a slightly modified die where they're masked out to always return an "authorized" status, and sell THOSE pirate chips on the black market.

Re:Sure, great idea

[asuffield (111848)]

For which you need people capable of doing that, who have to be paid. That might not cost as much as developing a new circuit from scratch altogether, but it _might_ be enough to make the pirating just not worth it.

Unlikely. The need to employ actual mechanics has never been a problem for people running chop shops.

Removing a generic feature from a chip design just isn't that hard. If you make it hard to remove, it won't be generic any more, and it will significantly add to the cost of developing each chip (already huge) - so nobody is going to do that.

And when would this separate run be made?

[Animaether (411575)]

Unless the fab has unused capacity / lines to produce these chips based on other dies/masks separately, they're going to have to swap dies / masks out when they want to produce their 'pirate' copies. This swap-out takes time. Calibration takes time. It also increases the likelihood of errors; not just in the 'pirate' copies but also in the originals when they switch back. A fab is going to explain this odd higher failure rate to their customer, how?

At best somebody within the company could take the desi

Watermarks DRM

[IdeaMan (216340)]

*Add* something instead. Add in a fusible link that would disable the protection scheme.
It would have to be subtle enough to pass inspection by the original mask creators.

Instead of creating a bogus, complicated and expensive DRM scheme, just introduce a watermark onto the mask. Use the watermark to identify which manufacturer is selling the extra chips.

The counter of course is the good ole compare blueprints trick. However then we're back to what you mentioned before, the calibration expense issue.

Re:Sure, great idea

[kesuki (321456)]

this involves cryptography. let's say that you use 128-bit encryption that's 128 gates per bit of the key/unlock mechanism. 128 gates is nothing on a large, say graphic processor, even 20,000 gates is nothing on a large graphic or general purpose cpu. so how are you going to crack this when each chip has it's own key/lock pair? and the 'key' pair, only goes across a trusted network in another country?

yeah, this isn't dvd movie crypto where the 'client' has to have access to a way to decrypt the movie.

this is the kind of crypto that can't be broken without a backdoor. of course since epic is built into the original chip blue print, just 'masking off that part' renders in a cpu that only spits out 'error, epic not found, halt now' that locks the chip from running. depending on how the chip maker designs this into chips, it's not like they can just engineer a 'mod chip' that tells the cpu everything is okay and to run code... the cost of trying to circumvent 'epic' instantly becomes more than you'd get for say, a pirate dvd player chip.

this is a big deal, really big, because right now sub standard dvd players around the globe are using 'pirate' chips, and usually 'pirate' code to run those chips. Prior to epic they were resorting to programming the firmware of retail dvd players to try and thwart piracy, but then the pirates just waited for a system to come out with the 'real' chip, and steal the firmware so they could program the pirate players themselves. or even worse just program them with 'firmware' downloaded off the net from god only knows the source..

epic will be used by countless dvd and blu-ray chip fabs, so they can benefit from low cost Chinese fabrication, and never have to worry about the design being stolen again.

i've tried to think of ways to break epic, but if it's on chip, tearing apart the chip to see what gets written on chip (especially if it's Different For Every chip) isn't going to work, a mod chip solution could work, but then you need to design a special chip, that only works with revision x. of the 'real' chip, and the cost of doing this is going to be somewhere in the $50 per modchip if you only sell a few hundred thousand of the pirate chip... the cost goes down if you sell millions of units, but most pirate chip stuff is so substandard that it only gets bought when it's 'carrying' a name brand that it isn't, and they do try their best to catch that kind of fraud.... and a big old mod-chip that isn't in the 'real' system makes it a really easy spot for guys with x-ray viewers to screen the stuff. so then you have to hide the 'mod-chip' as say a flash reader

so yeah, epic will very likely reduce the amount of counterfeit dvd players etc. of course, they can always just counterfeit the pre-epic designs, but better blu-ray designs are going to come along, and those will all (i'm guessing) feature epic.

Re:Sure, great idea

[droopycom (470921)]

Read the paper. http://www.cse.umich.edu/~imarkov/pubs/conf/date08-epic.pdf [umich.edu].

The chip generate a unique Private Key when first powering up. The matching Public Key is sent to the IP holder for activation. Supposedly there is no way to force a chip to generate a known private key without modifying the masks.

Modifying the mask (blueprint) using a "microscope" (or other techniques), is much more difficult that just putting the original mask in the machine and churning out a few thousands of chips.

Re:Sure, great idea

[Chris Burke (6130)]

It doesn't sound like this is a consumer-level activation, but a one-time, manufacturer-side process:

Yeah, though it's still pretty silly.

The outsourced manufacturing company wouldn't have the ability to activate them, so couldn't sell extras to the black market.

Since the whole problem is that the outsourced manufacturing company has the layout (blueprint), then they certainly would be able to activate the chip by removing the "lock" circuitry from the layout and manufacturing chips which require no activation! It may be a non-trivial task to reverse-engineer which parts of the chip are responsible, but if the money is there it is certainly possible and would be worth it.

In other words this lock would only exist on the legitimate parts, and wouldn't exist on the bootleg ones, and the bootleg chips would operate exactly like an "activated" legitimate part.

I think it's kind of ironic that the acronym EPIC was also the acronym used to describe the Itanium's IA-64 instruction set (Explicitly Parallel Instruction Computing). Though I doubt this one will even make it out of academia.

Re:Sure, great idea

[Chris Burke (6130)]

in other words, like every existing anti piracy mechanism to date.

Yes, but it's actually even worse. Because with normal DRM, you're trying to keep the guy who is watching the DVD from being able to copy the DVD.

But in this case, it's actually like you're trying to keep the guy who is making the DVD from being able to copy it. They don't even have to break your DRM or work around it, they just have to decide not to build it in.

Chip Piracy, Eh?

[PC and Sony Fanboy (1248258)]

Wow, I havn't heard of chip piracy in a long time. Maybe it is because, like other forms of piracy, it isn't a big problem. I have problems with piracy when it involves safety equipment, and large purchases from reputable dealers ... but most of the time, you get what you pay for, and you're not being deceived, you're willingly purchasing counterfeit 'stuff'.

Isn't it sad when people think of piracy in terms of music, when the REAL piracy problems (counterfeiting) are those which involve fake electrical/safety/baby equipment (or food)?

Re:

[Smidge204 (605297)]

Even better, given the sophistication of some of these bootleggers - couldn't they just reverse engineer the blueprints and modify them to bypass the feature?

The chips need to be activated at the manufacturer's level, not the consumer level. It does this by an internal random number generator. So... Take one genuine chip, find out what it's random number/activation key is, then modify your blueprints to produce the SAME ID number (bypass the RNG) and then activate all of them with the same key.

This sounds n

Re:Chip Piracy, Eh?

[mabhatter654 (561290)]

It's bad in China. They like to pass the prints from the "premium" contractor in Taiwan, to somebody cheap on-shore that will knock them off to Southeast Asia markets. Probably half the stuff on the streets of Hong Kong or Seoul is counterfeit made from the actual prints, but at unauthorized manufactures. It's a problem when that gets back to the USA and the equipment builder is held up for liability for a product they didn't make because the parts get into their installed systems as "spares" for cheap.

Re:

[asuffield (111848)]

It's bad in China. They like to pass the prints from the "premium" contractor in Taiwan, to somebody cheap on-shore that will knock them off to Southeast Asia markets. Probably half the stuff on the streets of Hong Kong or Seoul is counterfeit made from the actual prints, but at unauthorized manufactures.

And the vast majority of it is every bit as good as the original, because it's made in the same plants by the same people who do all the other outsourced manufacturing. There is never any particular evidenc

Re:Chip Piracy, Eh?

[Mr 44 (180750)]

This is about whether or not some large US corporation gets their cut of the profits. Nothing more. It should be no surprise that they behave the same way as the mafia.


You misspelled "makes back their R&D investment".

Not a good idea

[mlts (1038732)]

In a number of countries that this chip is aimed for, what will happen is that some knockoff fab will disassemble the chip, figure out the masks, and just make and sell the same IC minus the locking circuitry.

This type of locking mechanism also brings up other points. Once the IC is "unlocked", is it unlocked for good, or just for a time period? Could some criminal organization figure out the method of re-locking it, then lock the machines who belong to the patent holder's customers? This would result in some decent havoc especially in embedded circuitry (HVAC systems, railroad switches.)

The article seems to be lacking substance as well.

Re:

[Frosty Piss (770223)]

Could some criminal organization figure out the method of re-locking it?

Which government agency are you thinking of specifically?

Well, if they have the blueprint...

[FlyByPC (841016)]

...wouldn't it be pretty straightforward to replace the hardware circuit that does

if(bignastyDRM(uniqueDRMkey)==TRUE){}

with

if(TRUE){}

...?

Yes, I know circuits are usually either designed with a capture program or modeled in VRML/Verilog -- but the logic still holds. Find out what part of the circuit locks the functionality -- and replace it with a wire to Vcc.

(Unless, of course, they will require the chip to communicate with the mothership every time it has to blow its little digital nose etc...)

Re:

[Sta7ic (819090)]

Sure thing. Just gotta jimmy a paperclip in there at the 45nm level.

Intul Inside! Powered by AMB!

[themushroom (197365)]

But my pirated copy of Windows only works on my pirated CPU chip!

Okay, show of hands, who has a pirated processor? Anyone? Anyone? Buehler? Is this really a huge problem? Doesn't it cost more to produce a pirate CPU than the potential profits from selling it? Methinks the issue is overstated, either that or the chip industry should contact the RIAA & MPAA's media moguls about an advertising deal (which is the same thing, overstatement but loud).

This targets gray market, not black

[smellsofbikes (890263)]

If I read the original article correctly:
If someone gets the chip design and is copying it to be built in another fab, it'd be possible (difficult, but much less difficult than a complete chip redesign or re-engineering) to remove this part of the chip (and increase the profit margin, since A: no investment on research and B: more die per unit silicon.)

What this is going to affect is people who run a fab making legitimate parts, but also run the same parts from the same masks but keep them off the books and sell them independently of the company that owns the design -- OEM ripoffs.

Oblig.

[Bobb Sledd (307434)]

Dark Helmet: "So the combination is one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!"
...
President Skroob: "1 2 3 4 5? That's amazing! I've got the same combination on my luggage!"

Hmm, this reminds me of something

[fallen1 (230220)]

very, very foul [cdt.org] and disturbing. Oh, yeah, P3 chips with unique Processor Serial Numbers. I realize that the goal of this project is not the same as the Intel PSNs, but it still strikes me as a way to get unique IDs into each CPU and end anonymity on the net -- what there is that remains of anonymity. Not to mention the complete foul-ups when some enterprising "hacker" figures out how to remotely lock CPUs or other chips that have been unlocked.

While it sounds promising, it still raises the little hairs on the back of my neck. Danger Will Robinson, danger!

Holy crap

[Bobfrankly1 (1043848)]

I guess this means I'll have to buy genuine Ruffles and Doritos from now on!
--
How many mod points will this bad pun cost me?

I don't get it

[Deathlizard (115856)]

If fabless companies are so worried about overseas manufacturing, then why not use a fab that is inside the country your company resides in? That way, you can sue the living hell out of them when they do sell / steal your plans.

I would think that building the Chips in the US or Europe where the fabs are more reputable would be a better cost effective solution than sending it to an orient fab and watch it pump out pirate chips left and right, or relying on some sort of activation scheme that these pirate hardware companies would most likely reverse engineer out of them anyway.

Overriding factor for implementation

[The Ancients (626689)]

...will be cost. A 'few extra circuits' may not sound like much, but with chip manufacturers engaged in a protracted price war, every cent counts - especially when multiplied by the chip numbers we are talking here.

Error Message?

[CompMD (522020)]

Wrong crypto key?

EPIC FAIL.

Same Non-Problem, Same *WRONG* Solution

[ewhac (5844)]

Although the article doesn't expressly say so, I'm guessing chip "activation" occurs at the factory long before it's put in a tube and shipped to an OEM. So end-users will (probably) never see this.

As I see it, this has two major problems with it. The first, of course, is that copy protection in any form is childish, stupid, and ultimately ineffective.

The second is a bit more down to earth -- this will become the bottleneck on the manufacturing line. Chips are manufactured in the millions, with hundreds of thousands falling off the line each day. These nimrods propose to authenticate every last one of them, using computationally non-trivial crypto, uniquely before they roll off the line.

Let's generously assume it takes one second to authenticate and activate a chip (not, that's not a ridiculously long time -- between crypto compute time and network latency to the Pacific Rim, this is entirely realistic). This means you can activate a maximum of 86400 chips per day. Maybe you can parallelize the process, and maybe you can't (depends on whether the people who wrote the authentication server were idiots or not). And if your OC-3 to the Internet gets a backhoe through it, "accidentally" or otherwise, all production in your facility stops dead. Wonderful idea.

This stunning idea also seems to assume only one patent holder will be interested in a given chip. The most cursory inspection of even a "simple" memory chip will reveal several patent holders, all of whom will doubtless insist on "activation" which, again, may or may not be parallelizeable.

Like all copy protection "solutions" presented throughout history, this is a really, really stupid idea. I can't think of any fab that would willingly sign on to this.

Schwab

Think PHYs, not Pentiums

[Skirwan (244615)]

There was a time when half the USB flash media readers on the market were based on the same pirated designs -- at least according to hardware folks I used to work with who'd be in a better position to know than I am (or, most likely, you are). I'm fairly sure this is a bigger problem than many people realize.

So what prevents the IC "pirate" from stealing?

[Fallen Kell (165468)]

I mean, these guys are good enough to steal the design and have the knowledge to manufacture the device. What prevents them from modifying the IC to remove the lock? I mean, they are the ones actually making it. I am sure they have someone smart enough to be able to find the "added" authentication portion in the design docs, since the design docs probably have it named exactly what it is (i.e. the Epic lock circuit)....

Re:This is dumb. I can crack it in two seconds.

[DCBoland (700327)]

I know this is /. but I took the time to find the actual paper [umich.edu], they cover the typical attacks on the security mechanism quite thoroughly. Apparently its very difficult to scan a mask, especially at the small scales the industry deals in today - they suggest it would be cheaper to simply design the chip yourself.

(Off-topic: the anti-spam mechanism atm gives an interesting result for my email address..."'poo' in gap" oO)

Actual paper does NOT cover this attack well.

[yakovlev (210738)]

I read the paper (thanks for the link.) I wouldn't say they cover this thoroughly. In fact, I'd argue that they handwaved this, even though it is the most likely and most important attack vector.

They argue that modifying masks is a problem, which may be true. However, there are several stages of design data before the masks, and I would expect that a corporate-level pirate could have access to something early enough in the process that it could be modified by someone skilled in the art. Design data is probably transfered to the FAB as a flattened layout, with no circuit/design hierarchy. However, it should be possible for someone who knows the chip interfaces related to this unlocking mechanism to work backwards from them and find where to tie things off to make the chip work. The labor cost would probably be pretty low compared to the cost of prepping a second mask to manufacture the modified chips.

Re:Actual paper does NOT cover this attack well.

[LarsG (31008)]

However, it should be possible for someone who knows the chip interfaces related to this unlocking mechanism to work backwards from them and find where to tie things off to make the chip work.

From my quick glance a the paper it looks like they scatter a bunch of XOR gates around the chip in non-fastpath areas. Chip won't work correctly unless those gates are set correctly. Those settings are transmitted to the chip using some sort of pki.

Even if you identify all the XOR gates, you'd have to brute-force test all combinations. 2^64 can get expensive really fast, especially if you only have access to the masks and have to manufacture test-chips instead of running the brute-force in a software simulation.

Re:The research paper

[owlstead (636356)]

Interesting paper:
- relies on the fact that *any* changes in the blueprint would be prohibitively expensive, could be, but just replacing components by pathways does not *sound* very expensive to me
- RSA key pair generation on chip: bad idea, RSA key pair generation can take a lot of time (ECC key pair generation could be used as a replacement), needs PRNG
- PRNG on chip might prove expensive (where does it get its entropy???)
- no mention of X509 or any other PKI scheme, lets hope they are smart enough to see that they need some form of key management scheme
- cost of maintaining a PKI (public key infrastructure) might be rather expensive, especially if both parties are new to the game

Overall, interesting idea, but I'm not so sure anyone would want this. Lots of hassle for the buyer without any benefits to him, this makes it 1) expensive, thus a less favourable solution to others without this scheme 2) more likely that they will screw up the PKI system that is needed for this to work.

Well, they called it EPIC, and we all know that it may take some time before EPIC products come out (e.g. this one [3drealms.com] :)