ORIGINAL
FULLY-EXECUTED
AMENDMENT
NO. I
TO
AGREEMENT FOR THE INCLUSION OF UNIVERSAL SOUND RECORDINGS AND UNIVERSAL
VIDEOS
IN
ONLINE, ON-DEMAND AD-SUPPORTED SERVICES
This
Amendment No. 1 to the Agreement for the Inclusion of Universal Sound Recordings
and Universal Videos in Online, On-Demand Ad-Supported Services between Mohen,
Inc. d/b/a Spiralfrog ("Musicloads") and UMG Recordings, Inc. ("Universal"),
dated as of May 30, 2006 (the "Agreement), is made and entered into as of this
30`–"day of July, 2007. Musicloads and Universal are sometimes referred to
herein as the "Parties" and individually referred to as 'a "Party." All
capitalized terms not defined herein shall have the meanings ascribed to them
in
the Agreement.
WHEREAS,
Musicloads wishes to launch a new version of the Service and extend the Term
of
the Agreement; and
NOW
THEREFORE, in consideration of the agreements between the Parties set forth
herein, and for such other good and valuable consideration, the receipt and
sufficiency of which is hereby acknowledged by both Parties, the Parties hereto,
intending to be legally bound, agree as follows:
|
1.
|
Section
2(a)(i)(2) of the Agreement is hereby amended to replace "the earlier
of
the
first anniversary of the launch of any version of the Service or
November
15, 2007" with "the earlier of Universal's Notice to Musicloads that
Universal will not exercise its termination right under Section 12(a)(vi)
of Exhibit A attached hereto or August 1, 2008." Notwithstanding
the
foregoing, the Second Advance will not be payable if Universal terminates
the Agreement under Section 12(a)(vi) of Exhibit A to the Agreement,
as
amended herein.
|
2.
|
No
later than August 1, 2007, Musicloads will pay additional cash advances
equal to
One Million Dollars ($1,000,000) to Universal and One Hundred Thousand
Dollars ($100,000) to Universal Music Canada, each by wire transfer
of
immediately available funds to an account designated in writing by
Universal or Universal Music Canada,
respectively.
|
3.
|
Section
3(ii) of the Agreement is hereby deleted and replaced with "August
1,
2009."
|
4.
|
For
the avoidance of doubt, Gross Revenues will include any revenue generated
from user surveys (e.g., sale of survey data to
advertisers).
Spimlfrog
Amendment to Subscription Agreement (7-26-07) (Final).doc
|
5.
|
Section
12(a)(vi) of Exhibit A to the Agreement is hereby deleted and replaced
with "upon ten (10) days Notice given between June 20, 2008 and August
1,
2008."
|
6.
|
Section
12(b) of Exhibit A to the Agreement is hereby deleted and replaced
with
the following:
"Universal
will have the right to terminate this Agreement upon ten (10) days written
Notice solely with respect to Universal Videos on a continuing basis, commencing
on the earlier of (i) six (6) months following the launch of the Service or
(ii)
February 1, 2008. Once Universal gives Notice terminating the Agreement with
respect to Universal Videos, Musicloads can retain rights with respect to
Universal Videos by agreeing within ten (10) days after such Notice to
Universal's standard terms for promotional video streaming."
|
7.
|
Exhibit
B-1 to the Agreement is hereby deleted and replaced with the
Exhibit B-1 attached to this
Amendment.
|
8.
|
Exhibit
B-4 to the Agreement is hereby deleted and replaced with the
Exhibit B-4 attached to this
Amendment.
All
other
terms and conditions of the Agreement shall remain in full force and effect
except as specifically amended herein.
This
Amendment may be modified or amended only by a writing signed by the Parties.
This Amendment may be executed in counterparts, each of which shall be deemed
to
be an original, but which taken together shall constitute one agreement.
Execution and delivery of this Amendment may be evidenced by facsimile
transmission.
IN
WITNESS WHEREOF, the Parties have entered into this Amendment.
|
UMG
Recordings, Inc.
|
Mohen,
Inc.
By:________________
Authorized
Signature
Page
2 of
4
EXHIBIT
B-1
SERVICE
FUNCTIONALITY DESCRIPTION
[See
attached.]
Page
3 of
4
Description
of the SpiralFrog service
SpiralFrog.com
is a conditional download service (content will expire according to DRM
restrictions set on the files) for music and music videos, free to its users.
All content is provided in Windows Media format and protected via Microsoft
DRM
technology. The initial content license is for no more than 60 days followed
by
the renewal for another period of no more than 60 days. The licenses are renewed
on a regular basis through the membership renewal process at least every 60
days. Al.] SpiralFrog users are required to go through a "membership renewal"
process regularly to extend the length of the license. The renewal process
requires the user to complete a survey, which may be sold to advertisers for
premium fees. Once the user has completed the required survey the content is
re-licensed for an additional period.
SpiralFrog
will implement a mechanism intended to prevent multiple users from sharing
a
single user id by monitoring simultaneous usage patterns by the same user ID.
Should we see multiple concurrent hits for a user ID on multiple IP addresses,
the account will be locked out from the service and the user
notified.
SpiralFrog
maintains a key in its metadata database for each licensed song that indicates
the territories where the content is authorized to be distributed. SpiralFrog
uses the incoming IP address to determine the origin country of the logged
on
user and disables the content not approved for that particular territory from
being viewed by the user. Spiralfrog uses an IP-to-country mapping database
licensed from MaxMind.com to determine the country of origin of the
user.
Users
register one time in order to download music by providing their email address,
nickname, password, their age, gender and state/territory or zip code/postal
code.
Once
registered, users can download as many songs as they wish, one song at a time,
by first typing in a provided randomized unique code to prevent unattended
downloading. Each download is guaranteed to take at least 90 seconds regardless
of internet connection speed.
Once
downloaded, songs can be played on the user's computer through Windows Media
Player and may be side-loaded on up to two devices through Windows Media Player
device synchronization (any WMA-DRM or WMV-DRM compatible device). Users must
come back regularly to renew and re-license in order to keep their music library
current otherwise the license will expire causing the tracks to be
unplayable.
A
Windows
.Net application and an ActiveX control (or a Firefox plugin) are installed
on
the user's computer. Combined the components are known as the SpiralFrog
Download Manager. The Download Manager enables the secure downloading of content
from SpiralFrog and is responsible for DRM license management and
reporting.
After
a
successful logon, users can browse for their favorite content by genre or
artist, or search by name of song, artist or other details. Users are also
presented a number of "Top XX" lists, e.g. "most downloaded", "recent releases"
or "SpiralFrog recommends".
Among
the
metadata included are artist name, track name, album name, genre, album art
and
30-second preview clips.
|
·
|
Users
can queue a list of songs that they wish to download. The queue is
processed sequentially on a first-in-first-out
basis.
|
·
|
Before
the first download of each usage session, the user is required to
enter a
visual verification code.
|
·
|
Once
the visual verification has been validated, the first download will
start.
The license to play the track is acquired at the end of each download.
The
user must then choose to download the next track, play the just downloaded
track, or continue browsing the
site.
|
·
|
Users
must renew the license(s) to downloaded content no less often than
every
60 days so the service can collect play-count
information.
|
·
|
During
the license renewal process, users must complete an online survey
while
viewing additional pages of advertising, so that all content is updated
and playable for no more than an additional 60
days.
|
·
|
Once
the survey is complete, the user must perform the Visual Verification
process in order to download more
files.
|
·
|
Advertising
is not specific to each download and there is no set duration of
advertising during the renewal
process.
Audio
tracks take a minimum of 90 seconds to download, videos take a minimum of 120
seconds. During the download process the user is able to continue interacting
with the site, where they are presented with additional advertising. There
will
be no interface or links to illegal or peer to peer sites.
After
downloading the music track or music video, the user can play the content
according to the limits set by the DRM restrictions on the file:
|
·
|
The
license is set to expire no more than 60 days from date of
downloading.
|
·
|
CD
burning is not allowed.
|
·
|
File
can be synchronized with up to 2 portable
devices.
|
·
|
There
is no limit on the number of plays per
file.
|
·
|
Collaborative
play is not allowed.
The
DRM
license download is initiated by the SpiralFrog Download Manager, after the
digital media download completes. The SpiralFrog server process generates a
session ID for each download and the license granting step by the Download
Manager is tied to that session ID, thus it cannot be used by other
users.
Each
SpiralFrog user is required to go through a regular license
renewal
process where they complete surveys, typically branded
and
sold to advertisers. Once the user has completed the membership renewal
survey,
the tracks and/or videos for which the licenses are being
renewed are updated to be playable for an additional period. The sequence of
steps is as follows:
|
·
|
The
client sends a "Generate License" request to SpiralFrog server after
the
download has completed.
|
·
|
The
server responds with a random Visual Verification challenge, the
challenge
text and the challenge request time is stored at the server and tied
to
the end-user's session ID.
|
·
|
The
SpiralFrog client presents the Visual Verification challenge to the
user.
|
·
|
The
user enters the Visual Verification response, and the SpiralFrog
client
calls the Microsoft DRM component (part of Windows Media Player)
to
generate a license request for the previously downloaded
songs.
|
·
|
The
SpiralFrog client sends the Visual Verification response and the
license
request to the SpiralFrog server .
|
·
|
The
SpiralFrog server validates the Visual Verification response and
only if
it matches the Visual Verification request and the request has not
timed
out a license is generated and sent back to the
client.
|
·
|
The
SpiralFrog client saves the license on the client computer/device
through
the Microsoft DRM component.
PC
Identification or License Count
The
SpiralFrog client supports only Microsoft Windows based computers/devices and
relies on Microsoft Windows Media DRM technology to identify a specific computer
or device. Windows Media DRM makes each media player unique by linking the
player to a host computer. SpiralFrog content files will only play on the
single, original computer to which they are directly downloaded by the
SpiralFrog client application, or approved MSDRM compliant ("Plays For Sure")
portable devices.
Portable
Device Count
SpiralFrog
users can synchronize the downloaded music or video files to a portable device
that is compatible with the Microsoft DRM, such as those portable devices that
carry the "Plays For Sure" logo, designed to ensure compatibility and compliance
with the DRM restrictions.
SpiralFrog
supports synchronization with the portable device through the Windows Media
Player, or a compatible program such as Microsoft Active Sync. The DRM copycount
parameter is used to limit the number of devices that a track may be put on.
When a track is put on a portable device the copy count is decremented limiting
the number of devices a track may be placed on. SpiralFrog permits users to
have
a maximum of two portable devices that can be synchronized with the
PC.
Overview
of SpiralFrogTM
Security
1. Introduction
This
white paper describes those technical details of SpiralFrog.com as they
relate to prevent unauthorized access to the music content. This paper is
written according to the outlines provided by major record labels.
2. Overview
of User Experience
SpiralFrog.com
is a conditional download service (content will expire according to DRM
restrictions set on the files) for music and music videos, free to its users,
financially supported by rich media and banner advertising. All content is
provided in Windows Media format and protected via Microsoft DRM
technology.
After
registering for the service at the SpiralFrog.com web site, users are
required to install SpiralFrog Download Manager on their PC running Windows
XP
or Vista (no other operating systems are supported). After installation, users
will then go back to the web site and logon to the service with the
userid/password chosen at registration. After a successful logon, users can
browse for their favorite content by genre or artist, or search by name of
song,
artist or other details. Users are also presented a number of "Top XX" lists,
e.g. "most downloaded", "recent releases" or "SpiralFrog recommends". Among
the
metadata included are artist name, track name, album name, genre, album art
and
30-second preview clips.
SpiralFrog
users can synchronize the downloaded music or video files to a portable device
that is compatible with the Microsoft DRM, such as those portable devices that
carry the "Plays For Sure" logo, designed to ensure compatibility and compliance
with the DRM restrictions.
After
downloading the music track or music video, the user can play the content
according to the limits set by the DRM restrictions on the file:
-File
is
set to expire no more than 60 days from date of downloading
-CD
burning is not allowed
-File
can
be synchronized with up to 2 portable devices
-There
is
no limit on the # of plays per file
-Collaborative
play is not allowed
All
content will be offered in Windows Media Audio (WMA) or Windows Media Video
(WMV) format and the service will use the Microsoft DRM tools to setup, report
and manage such restrictions.
Downloaded
content files are conditional downloads where the license is set to expire
based
on a predetermined term. The initial content license is typically for 60 days
followed by the renewal for another approximately 60 days. The licenses are
renewed on a regular basis through the membership renewal process, generally
every 60 days. All SpiralFrog users are required
to go through a "membership renewal" process regularly to extend the length
of
the license. The renewal process requires the user to complete a survey, which
may be sold to advertisers for premium fees. Once the user has completed the
required survey the content is re-licensed for an additional
period.
3.
Functional Components
3.1
Description
of
Components
SpiralFrog
consists of a web site supported by the SpiralFrog back end web and database
servers for browsing Artists, Tracks, and Albums as well as related music
data.
A SpiralFrog Download Manager is installed by the user on their computer
which
enables the downloading of individual tracks or videos sequentially, i.e.
one at
a time. Spiralfrog does not supply any other application to end
users.
The
Download Manager provides a consistent timing, 90 seconds per download for
the
downloading of audio content (longer for video files), a visual verification
("Human Interactive Proof' dialog) that ensures that a person rather than a
computer has downloaded the file, and once verified correct, a DRM
license
is granted to allow the user to play the file. The download manager also
provides the interface to the SpiralFrog back end systems to update user play
count data.
The
SpiralFrog server system consists of the following components:
-
SpiralFrog server software running on Windows Server that handles the serving
of
web pages and communication with the SpiralFrog Download Manager, including
granting of DRM licenses. As our service grows, our scalability plan calls
for adding more of these servers.
-
A
relational database that contains the metadata, user registration data and
usage
data.
-
File
system storage that contains all content files in DRM-protected format. In
its
early days, SpiralFrog plans to use Limelight, a Content Distribution Network
(CDN), to
provide scalability for file delivery. Protected audio and video files are
stored on the SpiralFrog servers. The first time that audio/video content is
requested for download it is
pulled (by Limelight) down to servers on the Limelight network. All subsequent
downloads of the same content are pulled from the Limelight servers. To pull
content from the
SpiralFrog
servers, Limelight accesses the website download.spiralfrog.com. Access
to this website is granted only to the IP addresses of specific Limelight
servers which
were given to us by Limelight. Limelight is the only entity that has access
to
this web site due to the IP address restriction. No end users are ever directed
to this web site.
When
a user attempts to download content, it is moved to a Limelight server for
downloading to the user's machine. Subsequent downloads of the same file are
pulled from
Limelight servers. All content is stored in protected and unplayable format
at
all times. Deep linking into the Limelight file storage is prevented using
the
Limelight MediaVault
encryption
scheme. A Limelight white paper can be provided to describe how this feature
works.
-Starting
with the US launch in late summer 2007, SpiralFrog plans to serve the media
files directly from its own clustered file server. Deep linking will be
prevented in the same
fashion
as with Limelight, the only difference being that at the start of the download,
SpiralFrog's own servers will check that the hash is valid for the file. All
systems will be
regularly
updated to ensure the most optimal performance and security of the SpiralFrog
service.
3.2.System
Diagram
4.
General System Security
4.1.System
Location
Currently
all SpiralFrog server components are physically located at Adhost.com
facilities in downtown Seattle – at 140 Fourth Avenue North, Suite 360, Seattle,
WA 98109.
Adhost.com
is a professional internet hosting company which rents space at their
earthquake-protected, generator-backed building. Starting with the US launch
in
late summer 2007, we plan to relocate the server farm to another collocation
provider, Equinix in Ashburn, VA. The address and location of the SpiralFrog
data center at Equinix facilities is
44470
Chilum Place
Cage
9000
Rack 301
Ashburn
VA 20147
SpiralFrog
will not change collocation providers without UMG approval.
4.2.Protection
Against Unauthorized Local Access
Any
facilities used for hosting SpiralFrog equipment will be required to be
restricted to authorized personnel only. Full ID checks of each person entering
the co-location facilities are performed on a 24/7 basis – only those on an
"authorized" list will be allowed access. All cabinets holding SpiralFrog
resources are locked within the computer rooms, which protects each company's
servers from unauthorized access. SpiralFrog will allow access to its servers
only by its staff server and database administrators or authorized SpiralFrog
contractors.
4.3.Protection
Against Unauthorized Network Access
The
file
and database servers housing the content and metadata are logically accessible
only by the server which runs the SpiralFrog server software. Each end-user
must
logon (using credentials chosen at registration) before a connection is
activated. Furthermore, all content is stored in Microsoft DRM protected format
without the necessary license – which means that even if hackers would gain
access to the files, they would not be of any use since they miss the required
DRM license. To prevent automated downloads (where a computer program is
simulating a user), SpiralFrog server requires users to key back a series of
slanted characters, known as Human Interactive Proof, after each successful
download.
Each
song
has a unique license key ID which is embedded in the file. After downloading
the
file to the user's computer, SpiralFrog Download Manager presents the visual
verification dialog. After verifying that the characters were correct, the
SpiralFrog download manager requests the SpiralFrog server to grant the license
to the file. The license key is generated by the Microsoft DRM component from
the key ID and a license seed, which is secret. The license seed is stored
in
the machine running SpiralFrog server software which runs on its own protected
account. The license seed is in a file protected by an "ACL" (access control
list) which allows access only after verifying the userid and password of the
requesting process. Only SpiralFrog server and database administrators have
access to the credentials to access this account.
4.4.Security
Breach Plan
SpiralFrog
keeps track of the download activity by registered user. A trigger will be
set
if a user exceeds a set number of downloads per day to further monitor against
automated download fraud. Users found to be violating their license agreement
(which must be accepted at install time) will be revoked of their access
privileges. As part of the revocation the affected user's account will be
deleted and generally the user's IP address is added to the list of revoked
IP
addresses (no new accounts can be created from these addresses for 6 months).
Besides being protected via DRM, the URLs include a hash which can only be
generated by the SpiralFrog servers. The LimeLight or SpiralFrog's own servers
(once Ashburn data center is live) validate the hash and only provide the file
if the hash is correct. In addition, the server administrator will setup
triggers to monitor suspicious activity to guard against Trojan horse – type
virus/worm attacks on the web server itself.
5.
IT & Development Policies
5.1.Operating
System & Software Policies
SpiralFrog
client and server components are developed using Microsoft .NET technologies
and
require Windows XP or Vista operating systems on the client and Windows 2003
Server on the server. SpiralFrog relies on commercial anti-virus and security
products to protect our technological assets. Currently these systems include
hardware and software based on Microsoft and Symantec products to protect
against viruses, worms etc. and to keep the operating systems up to date with
the latest security patches. SpiralFrog will install all security patches within
24 hours of availability after being properly regression tested and deemed
suitable, from operating systems, hardware, software, and other applicable
vendors.
SpiralFrog
is a licensee of the Microsoft Windows Media Rights Manager Software Development
Kit (WMRM SDK). Microsoft WMRM SDK license agreement requires that licensees
must update the `WMRM SDK Configuration' for all Licensed Products once a week
using a Microsoft provided URL. The WMRM SDK license also requires that all
relevant Microsoft security updates are installed promptly.
5.2.System
Logs
SpiralFrog
will keep track of all download data by user in an SQL database. The database
is
organized in such a way that it is easy to generate reports on a daily, weekly
or monthly basis by record label, artist, genre or user demographic group.
SpiralFrog will also record play counts for all content this is reported to
SpiralFrog by Windows Media Player Manager. All play count data is recorded
in
the SQL database. SpiralFrog will keep records of all database information
related to licensed content for as long as it
is
required to do so by terms specified elsewhere in this agreement.
5.3.Employee
Accounts
SpiralFrog
will limit the access to its servers only to the database and server
administrators and the software architect. Access requires Windows XP Server
userid and password passwords will be set to expire every 90 days. Employees
who
leave or are terminated will have their account privileges deleted
immediately.
5.4.Backup
SpiralFrog
plans to use the offsite backup tape and storage service offered a third part
disaster recovery service provider which will permit high-speed dynamic
incremental backups of the SQL database on a nightly basis. At this time a
provider has not been selected and details will be forwarded when available.
Spiralfrog acknowledges that the backup plan must be approved formally by UMG
in
advance of becoming operational, including selection of any third parties.
The
SQL database contains no music content files – only metadata and data collected
during operation of the service. All licensed content will be stored in a
separate file server which will be duplicated on site only for backup purposes.
The backup copy which will contain content on NTFS-encrypted hard drives,
is
stored
at a safe deposit box at a local financial institution behind lock and key
and
accessible only by SpiralFrog server administrator and management. In addition
to the disaster recovery plans in place by our collocation facilities,
SpiralFrog will have its own recovery plan which will allow us to restore
service in two days in case of total loss of our operational servers. The plan
calls for content, metadata and operational data to be restored from the backup
tapes or hard drives described above on an identical server setup.
5.5.Software
Change Management
SpiralFrog
expects to continually enhance its software from the launch onward. We expect
to
make periodic changes to both the client and server software. Client
software
changes
will be accomplished dynamically, without requiring existing users to reinstall.
The client software checks upon startup whether there is an update available
and
will pull it
down
without prompting the user if so configured. All software changes will be tested
first in a lab environment, then on one of our production servers with
controlled access before
rolling
out system wide.
5.6.Other
Policies
Part
of
the role of the server administrator is to monitor, on an ongoing basis all
system logs which include Windows Server security and audit logs. Additionally
any firewall,
intrusion
detection system, intrusion prevention systems, and anti-virus logs will be
regularly monitored. Triggers will be set to alert the administrator of critical
events that relate to
security,
such as repeated failed attempts at logon.
6.
Content Ingest, Storage, and Packaging
6.1.Format
and Codec
SpiralFrog
plans to offer its audio content in WMA format, generally encoded at 128Kbps.
All streaming music videos will be offered in WMV format, 320x240 resolution,
300Kbps bit
rate.
All
downloadable music videos will be offered in WMV format, 416x312 resolution,
1,000Kbps bit rate. All content files are protected by Windows Media DRM.
SpiralFrog uses a
metadata
database from AMG in addition to the metadata provided by our music content
providers. In the case of conflicts between metadata supplied by UMG and that
supplied by
third
parties, Sprialfrog will always use UMG's metadata, even if considered
"incorrect". Any such conflicts will be reported to UMG for resolution and
updates.
6.2.Content
Ingestion
SpiralFrog
has developed software programs to automate the processing of our content
providers data into a format suitable to our database. This includes extracting
the metadata
from
XML
files and entering it into our SQL database. During this process we will also
match the tracks provided by the record label to the metadata database from
AMG.
The same
programs
will be designed to be able to receive and process incremental
updates and metadata corrections from content providers on an as-needed
basis.
6.3.Separation
of Content Types
SpiralFrog
intends to offer all its music file content for download only, video files
can
be either streamed or downloaded. The streamed video file is a lower resolution
(320x240) version of the downloaded and is streamed in unprotected form, as
permitted by our license. All downloaded audio and video content is protected
with Microsoft DRM.
6.4.Protection
of Raw Audio and Metadata
Access
to
the master delivered content files is limited to the software architect only.
This person is responsible for receiving, processing and storing the raw
content. The unprotected content will be received and converted to the DRM
protected form with a computer located at our collocation facility, Adhost,
or
other collocation facility subject to UMG's advance approval. Even when our
Ashburn data center comes live, we will continue to do all content processing
at
the Adhost facility until further notice. Only the software architect will
have
access to this computer. One copy of encrypted files may be stored in the
software architects' personal safe deposit box at KeyBank (at 7th Ave NE)
in
downtown Seattle following the ingestion process. Spiralfrog plans to store
the
backup files on hard drives with NTFS encrypted partitions.
6.5.DRM
Packaging and Key Management
SpiralFrog
is using Windows Media DRM version 10. All content is downloaded without the
license key. Before the first download, the user is presented the Visual
Verification dialog (slanted letters) – upon a successful entry of the
characters, the download manager will contact the SpiralFrog server to obtain
a
license key for the downloaded content. The license key is generated from a
public Key ID and a secret license seed. The key IDs are stored in a central
database (SpiralFrog is using components provided by Microsoft) and the file
header. The license keys are unique because the Key IDs are unique per song.
Windows Media DRM provides for a secure mechanism whereby each downloaded song,
after obtaining a license, is tied to the computer where the downloading took
place.
6.6.QA
& Testing
All
DRM
protection will be done automatically, using a computer program to process
the
non-protected files into protected files. SpiralFrog plans to test each batch
of
DRM protected files by choosing a random sample from the batch (which may
include thousands of files) and test to ensure both that a DRM protected file
without the license key is not usable and that after obtaining a license the
DRM
protection works as specified. All testing will be done at our collocation
facility in a private client-server setting, after which it will be transferred
to our production servers over local private network. Depending on the
complexity and format of the metadata, SpiralFrog intends to make the content
received from content providers available in a production form within 2 weeks
of
receipt.
7.
Sales, Download and Licensing
Users
will first visit our website, http://www.spiralfrog.com. If the
user is interested in signing up for the service, the user will be first
required to register with SpiralFrog and to choose a personal userid and
password. After accepting the SpiralFrog license agreement, the user will
proceed to download the download manager used for downloading and licensing
content.
8.1
User Authentication
Each
user
must logon (using credentials chosen at registration) before the download
manager is permitted to download content. SpiralFrog maintains a unique account
for each user –registering with the service is a prerequisite for getting access
to downloadable content. SpiralFrog will implement a mechanism intended to
prevent multiple users from sharing a single user id by monitoring simultaneous
usage patterns by the same user ID. Should we see multiple concurrent hits
for a
user ID on multiple IP addresses the account will be locked out from the service
and the user notified.
8.2
Territorial Filtering
SpiralFrog
maintains a key in its metadata database for each licensed song that indicates
the territories where the content is authorized to be distributed. SpiralFrog
uses the incoming IP address to determine the origin country of the logged
on
user and disables the content not approved for that particular territory from
being viewed by the user. Spiralfrog uses an IP-tocountry mapping database
licensed from MaxMind.com to determine the country of origin of the
user.
8.3
Transaction Processing
No
money-related transaction takes place since content is free to SpiralFrog users.
The user will obtain the license for the downloaded content upon the successful
confirmation of the download.
8.4
Retail Authentication
SpiralFrog
does not maintain a separate retail and sales system from license serving and
download systems.
8.5
URL Generation & Protection
Each
licensed song has a unique download URL derived from track specific data. This
URL is stored in the database as the way to access the file. When the user
wants
to download a song, a hash is added to this URL and then passed from the server
to the client, which then uses it to start the downloading process.
The
protected file could therefore not be downloaded directly by knowing the URL,
and to obtain its necessary DRM license requires going through the SpiralFrog
client interface.
8.6
PC Identification or License Count
The
SpiralFrog client supports only Microsoft Windows based computers/devices and
relies on Microsoft Windows Media DRM technology to identify a specific computer
or device. Windows Media DRM makes each media player unique by linking the
player to a host computer. SpiralFrog content files will only play on the
single, original computer to which they are directly downloaded by the
SpiralFrog client application, or approved MSDRM compliant ("Plays For Sure")
portable devices.
8.7
Portable Device Count
SpiralFrog
requires that synchronization with the portable device happens through the
windows media player. The DRM copycount parameter is used to limit the number
of
devices that a track may be put on. When a track is put on a portable device
the
copy count is decremented limiting the number of devices a track may be placed
on. Spiralfrog permits users to have 2 portable devices that can be synchronized
with the PC.
8.8
License Generation & Download
The
DRM
license download is initiated by the SpiralFrog client, Known as the Download
Manager, after the digital media download completes. The SpiralFrog server
process generates a session ID for each download and the user's Download Manager
is tied to that session ID, thus it cannot be used by other users.
The
DRM
license used on all SpiralFrog content is a conditional license that expires
after a pre-determined period. These licenses are renewed regularly, typically
every two months. Each SpiralFrog user is required to go through a regular
membership renewal process where they complete surveys, typically branded and
sold to advertisers. Once the user has completed the renewal process the tracks
and/or videos for which the licenses are being renewed are updated to be
playable for an additional period. The sequence of steps is as
follows:
|
1.
|
Before
the first download, the client sends a Visual Verification request
to
SpiralFrog server.
|
2.
|
The
server responds with a random Visual Verification challenge, the
challenge
text and the challenge request time is stored at the server and tied
to
the end-user's session ID.
|
3.
|
The
SpiralFrog client presents the Visual Verification challenge to the
user.
|
4.
|
The
user enters the Visual Verification
response.
|5.
|
The
SpiralFrog client sends the Visual Verification response and the
license
request to the SpiralFrog server .
|6.
|
The
SpiralFrog server validates the Visual Verification response and
the
download will start only if the response matches the Visual Verification
request.
|7.
|
After
each download, the client calls the Microsoft DRM component to generate
a
"License Request" and then sends it to SpiralFrog server. The SpiralFrog
server verifies that the user has just downloaded the song and then
responds with the license that matches the key ID of the downloaded
song.
|8.
| The
SpiralFrog client saves the license on the client computer/device through
the Microsoft DRM component.
8.9
Auditing
SpiralFrog
relies on the Windows Media Rights Manager (WMRM) to keep track of play counts
on the user's computer, and associated portable music players. The SpiralFrog
client background process (which is active at all times) contacts the WMRM
to
obtain play count information at intervals required for reporting licenses.
The
information is then sent by the SpiralFrog client to the SpiralFrog database
servers for storage, auditing and reporting purposes.
8.10
Super-distribution
If
a
downloaded file is emailed to someone else, the DRM restrictions will prevent
it
from being played on another computer.
9.
Launch Preparation and Status
SpiralFrog
is currently operating a password-protected site live on the interne, hosted
at
the Adhost collocation facility in Seattle. All major system components are
in
place for the service. SpiralFrog can demonstrate the present functionality,
including DRM protection to content providers if required.
SpiralFrog
has developed comprehensive 3-tier server architecture to allow the system
to
scale as the user load increases. The key development personnel are former.
Microsoft employees who were responsible for the design and development of
one
of Microsoft's server applications. SpiralFrog is using Microsoft server
technologies and has already consulted key Microsoft development personnel
to
help validate the design and to assist in further planning of the performance
aspects of the system. SpiralFrog intends to deploy new multi-server monitoring
tools, available from 3rd
parties,
to help in monitoring the system performance.
EXHIBIT
B-4
VIDEO
FORMAT
(As
may
be reasonably revised from time to time by Universal with notice to Musicloads,
provided that Musicloads will have a reasonable period to implement any
modifications to its system required by any such change.)
|
1.
|
Video
Encryption – All UMG Video content for streaming or
progressive downloading must be encrypted with a UMG-approved encryption
technology.
|
2.
|
Video
Resolution - Video resolution may not exceed 416 pixels
horizontal x 312 pixels vertical for 4:3 material, or 480 x 270 for
material in native 16x9 format.
|
3.
|
Bit
rate –
The maximum allowable bit rate for promotional video
streaming is 1 mbps (1 megabit per second). Multiple bit rate files
are
acceptable as long as the highest video bit-rate does not exceed
1 mbps.
Audio bit-rate is excluded from this
maximum.
|
4.
|
Audio
–
Mono or stereo audio tracks for video may not exceed
64kbps.
|5.
| Logo
or Bug Placement – UMG requires the placement of your company
logo or "bug" in the lower right portion of each video to identify
the
video as originating from your servers. This is useful because if a
third
party hijacks the streams, they can be easily identified and appropriate
action can be taken against the third party. The bug should be large
enough and opaque enough to be easily
recognizable.
Example
of bug placement:______
|
6.
|
Copyright
Assert/No Copies
— Where permitted by technology streaming
videos must be flagged "no copies allowed" so that they are not able
to be
saved to a hard drive by the end user. UMG copyright information
must be
included with the video file, and must be visible to the user in
the video
player.
|
7.
|
Territorial
Filtering - The
provider must use technology (IP filtering, etc.) to limit access
to the
streams to users within their UMG approved territory of operation.
They
must not link to, or promote the site outside of the approved
territory.
|
8.
|
Deep-1in
king - the stream must be structured such
that
deep links cannot be used to access particular sections (i.e. tracks)
of
the stream, or to access the stream without originating from the
appropriate page. Examples of technology to prevent deep-linking
include
obfuscation/encryption of the URL and dynamic
URLs.
|
9.
|
Vendors
and Encoding Partners - UMG currently prefers to use Bitmax,
LLC (323-957-9797) as
its encoding provider. Bitmax maintains a UMG library
of
high-quality, full resolution, MPEG2 videos at 9-12 mbps. Because
of this
library, the web stream encoding of hundreds of UMG videos can be
accomplished in an automated fashion, and the subsequent video encoded
files can be delivered either electronically or using physical media
(DLT,
DVDR, etc.).
Page
4 of 4 Spiral frog Amendment to
Subscription Agreement (7-26-07) (Final).doc