Certainly it's possible to generate a unique and valid key for one person only.

Yes, but it's only fully secure if the distribution medium is user-unique. If the distribution medium is mass-produced, then one person's key will work for every one of those mass-produced discs. Sure, you can put a lot of software layers (such as internet validation) between the user and the unencrypted music, but in the end, such a scheme is always crackable because the full data set (including the decryption software) is there for the hacker to reverse-engineer and/or brute-force. It's still the same old thing: If it can be executed with the copy protection in place, it can be executed without the copy protection in place.

Doesn't matter if it's software or music, it's still copy protection and it can still be cracked. Just like when CD-ROM games are copy protected. The difference is, in a scheme such as the one being discussed here, the crack wouldn't decrypt just one game, it would decrypt an entire record company's catalog. Imagine the embarrasment if a record company mails out a million a holographic ROM discs with their entire catalog on it, and then two weeks later a 10k .exe file is distributed on the internet, DeCSS-style, that unlocked the whole disc. OOPS.

Personally, I see a much more rosy future for online song-by-song distribution than I do for a massive code-locked CD.

___________
Tony Fabris