U.S. patent application number 09/129370 was filed with the patent office on 2002-02-07 for media content protection utilizing public key cryptography.
This patent application is currently assigned to Hewlett-Packard Company. Invention is credited to SIMS, J. ROBERT III.
Application Number | 20020016919 09/129370 |
Document ID | / |
Family ID | 22439636 |
Filed Date | 2002-02-07 |
United States Patent
Application |
20020016919 |
Kind Code |
A1 |
SIMS, J. ROBERT III |
February 7, 2002 |
MEDIA CONTENT PROTECTION UTILIZING PUBLIC KEY CRYPTOGRAPHY
Abstract
A system and method for providing protection of content stored
on a bulk storage media is disclosed. The technique for providing
protection from unauthorized utilization of the content so stored
is provided publicly in order to allow for those utilizing a
conforming media device to master or generate content protected
according to the present invention. Various ways in which to
protect content are disclosed including verification of the
authenticity of a particular media, utilization of an accepted list
of media play-back devices and their corresponding published public
keys in order to securely pass media content keys thereto, and
utilization of an external contact to provide media content keys
and/or updates of accepted media play-back devices.
Inventors: |
SIMS, J. ROBERT III; (FORT
COLLINS, CO) |
Correspondence
Address: |
HEWLETT PACKARD COMPANY
P O BOX 272400, 3404 E. HARMONY ROAD
INTELLECTUAL PROPERTY ADMINISTRATION
FORT COLLINS
CO
80527-2400
US
|
Assignee: |
Hewlett-Packard Company
|
Family ID: |
22439636 |
Appl. No.: |
09/129370 |
Filed: |
August 5, 1998 |
Current U.S.
Class: |
713/193 ;
380/201; 705/51; G9B/20.002 |
Current CPC
Class: |
G11B 20/00086 20130101;
G11B 20/0021 20130101; G06Q 20/10 20130101; G11B 20/00253 20130101;
G06F 2221/2135 20130101; G11B 20/0071 20130101; G06F 21/10
20130101; G06F 2211/008 20130101; G11B 20/00768 20130101; G06F
21/445 20130101; G06F 2221/2121 20130101; G11B 20/00137 20130101;
G06Q 20/367 20130101; G11B 20/00543 20130101; G11B 20/00144
20130101; G11B 20/00746 20130101; G06F 2221/2129 20130101 |
Class at
Publication: |
713/193 ;
380/201; 705/51 |
International
Class: |
G06F 012/14 |
Claims
What is claimed is
1. A method for preventing unauthorized utilization of content
stored on a storage media, said method comprising the steps of:
storing first information on the media, wherein said first
information is stored within a controlled access portion of the
media, and wherein said first information includes information with
respect to at least one authorized media utilization device;
storing second information on the media, wherein said second
information includes a cryptographic key of said at least one
authorized media utilization device; storing user content on the
media, wherein said user content is stored within an open access
portion of the media; determining if a particular media utilization
device is an acceptable media utilization device to provide said
user content to, wherein said determination is at least in part
made through reference to said first information; and enabling said
particular media utilization device to utilize said user content at
least in part by communicating information thereto encrypted with
said cryptographic key of said second information associated
therewith if said particular utilization device is determined to be
acceptable at said determining step.
2. The method of claim 1, further comprising the step of:
determining if said content information is encrypted, wherein if
said content information is encrypted said information communicated
to said particular media utilization device by said enabling step
includes a content cryptographic key.
3. The method of claim 2, wherein said content cryptographic key is
at least a portion of said first information.
4. The method of claim 2, further comprising the steps of:
determining if encryption of said content information utilizes an
external contact for decryption; establishing communication with an
external contact having information useful in enabling said
particular media utilization device to utilize said user content if
said encryption of said content information is determined to
utilize an external contact; and retrieving said information useful
in enabling said particular media utilization device to utilize
said user content, wherein said information communicated to said
particular media utilization device by said enabling step includes
at least a portion of said retrieved information.
5. The method of claim 4, wherein said information useful in
enabling said particular media utilization device to utilize said
user content retrieved from said external contact includes a
content cryptographic key.
6. The method of claim 1, wherein said step of determining if a
particular media utilization device is an acceptable media
utilization device comprises the steps of: reviewing said first
information for an indication that said particular media
utilization device is an acceptable media utilization device;
determining if external contact information associated with the
media is available; establishing communication with said external
contact if said external contact information is determined to be
available; and retrieving information supplemental to said first
information with respect to determining if a particular media
utilization device is an acceptable media utilization device.
7. The method of claim 1, wherein said second information is stored
within an open access portion of the media.
8. The method of claim 7, wherein a summary indication of said at
least one cryptographic key is included in said first
information.
9. The method of claim 1, wherein said step of storing said first
information comprises the steps of: providing parameters with
respect to said first information in a predetermined format; and
deriving at least a portion of said first information from said
parameters, wherein said parameters said portion of said first
information is derived from are discarded derivation of said
portion of said first information.
10. The method of claim 1, wherein said controlled access portion
of the media is a discrete portion of said media.
11. The method of claim 10, wherein said discrete portion of said
media is a selected area physically accessible by a limited subset
of media devices.
12. The method of claim 1, wherein said controlled access portion
of the media is intersperse in a predetermined manner within said
open access portion of said media.
13. The method of claim 1, wherein said controlled access portion
of the media is an active portion of the media.
14. A method for preventing unauthorized utilization of content
stored on a storage device, said method comprising the steps of:
storing first information on the storage device, wherein said first
information is stored within a controlled access portion of the
storage device, and wherein said first information includes a
public cryptographic key; storing user content on the storage
device, wherein said user content is stored within an open access
portion of the storage device; validating a particular device
operable with said method as acceptable for use with said method,
wherein said validating step utilizes at least a portion of said
first information; and enabling utilization of said user content if
said particular device is validated as acceptable at said
validating step.
15. The method of claim 14, wherein said validating step comprises
the steps of: encrypting information with a private cryptographic
key corresponding to said public cryptographic key of said first
information; and decrypting said information encrypted with said
private cryptographic key corresponding to said public
cryptographic key of said first information with said public
cryptographic key of said first information.
16. The method of claim 15, wherein said information encrypted at
said encrypting step includes a random number.
17. The method of claim 15, wherein said particular device
validated is said storage device.
18. The method of claim 14, further comprising the step of: storing
second information on the media, wherein said second information
includes a cryptographic key of said at least one authorized media
utilization device.
19. The method of claim 18, further comprising the step of:
encrypting information with said cryptographic key of said at least
one authorized media utilization device of said second
information.
20. The method of claim 19, wherein said information encrypted at
said encrypting step is a content key associated with said content
stored on the storage device.
21. The method of claim 18, wherein said particular device
validated is said media utilization device.
22. A system for providing protected content on a bulk storage
device, said system comprising: a storage device providing
information storage capacity, wherein at least a portion of said
storage capacity is identified as restricted access storage
capacity and at least a portion of said storage capacity is
identified as open access storage capacity; and a processor
operating under control of an instruction set, wherein said
instruction set defines conditions under which access to said
restricted access storage capacity is authorized, and wherein at
least a storage device public key and information with respect to a
plurality of acceptable play-back devices are stored in said
restricted access storage capacity under control of said processor
in accordance with said instruction set.
23. The system of claim 22, wherein said information with respect
to a plurality of acceptable play-back devices stored in said
restricted access storage capacity includes information with
respect to public keys associated with each of said acceptable
play-back devices.
24. The system of claim 23, wherein said information with respect
to said public keys identifies a location within said open access
storage capacity where said public keys are stored.
25. The system of claim 24, wherein said information with respect
to said public keys also provides information suitable for use in
determining if said stored public keys have been altered.
26. The system of claim 23, wherein said information with respect
to said public keys is said public keys.
27. The system of claim 22, wherein said conditions under which
access to said restricted access storage capacity is authorized for
storage of said device public key include providing factors from
which said device public key is generated to said processor for
generation of said device public key by said processor.
28. The system of claim 22, wherein a cryptographic key associated
with information to be stored in said open access storage capacity
is stored in said restricted access storage capacity under control
of said processor in accordance with said instruction set.
29. The system of claim 22, wherein external contact information
associated with an external contact having a cryptographic key
associated with information to be stored in said open access
storage capacity is stored in said restricted access storage
capacity under control of said processor in accordance with said
instruction set.
30. The system of claim 22, wherein said restricted access storage
capacity is a masked portion of said open access storage
capacity.
31. The system of claim 22, wherein said restricted access storage
capacity is a predefined discrete area of said storage device.
32. The system of claim 22, wherein said restricted access storage
capacity is associated with an active portion of said storage
device, and wherein said processor is included in said active
portion of said storage device.
33. The system of claim 22, wherein said storage device is a DVD
formatted disk.
Description
TECHNICAL FIELD OF THE INVENTION
[0001] The present invention relates to protection of content
stored on a bulk storage media and more particularly to a system
and method for providing controlled utilization of the stored
content through the use of public keys stored upon the media
itself.
BACKGROUND OF THE INVENTION
[0002] Currently there are various schemes in place for providing
controlled or secure access to content recorded on bulk media.
However, these schemes often suffer disadvantages in requiring that
the schemes themselves be kept secret in order to maintain
security. Accordingly, the schemes may be implemented only by
trusted parties in order to maintain the secret. Likewise, these
schemes often rely on the total secrecy of cryptographic keys used
by the scheme, as publication of such a key may result in loss of
security for all or multiple parties using the scheme.
[0003] For example, DVD media, currently only protected for video
content, utilizes a two part scheme: a cryptographic key for
decrypting information recorded on the media is produced according
to a predefined protocol and stored according to that protocol on a
limited access portion of the media; and a cryptographic technique,
also defined by the protocol, is utilized to securely pass that key
to a play-back entity. Accordingly, in order to produce either a
media device, i.e., media player, or media itself, there must be
understanding of the whole scheme, i.e., how it works. Furthermore,
there must be access to the keys, that have been predefined by this
scheme, themselves. There must be a globally held secret among all
of the people who produce players and all the people that produce
media. Here, the security lies in keeping secret how the
cryptographic keys are made and how the messages, i.e., the passing
of the keys, are encrypted. If the protocol itself were revealed
then all content, regardless of the particular entity which
produced/recorded it, becomes compromised because, if the protocol
were common knowledge, rogues could generate and/or intercept keys
capable of decrypting protected content. Any compromise of the
system will compromise all systems and media at the same time.
[0004] Additionally, as the media content key associated with the
protected content is stored on the media itself, the above
described scenario relies on all parts of the system honoring the
security of the key. Therefore, an illegally designed media reader
could pass the content key through to a device or entity which is
not authorized to receive that key. Likewise, an illegally designed
media reader could duplicate the raw data of the media, including
the encrypted content and media content key stored thereon, on a
second media and thus create an unauthorized copy conforming to the
protocol described above. However, a media reader provided
according to this scheme will prevent such unauthorized
access/activity and, therefore, provide security because not all
the raw data will be available. In particular the sectors where
keys are hidden will not available on any consumer product because
all of these products are produced under licenses providing that if
the scheme is used, the device shall not allow particular
operations.
[0005] Accordingly, for the system to provide protection to the
content, the media decryption key stored on the media is read by a
media reader, i.e., DVD disk drive, only in proper circumstances,
i.e., an authorized play-back device requests the media content key
according to a preestablished protocol, and thereafter, provided in
encrypted form for communication to the play-back device. In this
scheme, the media content key is passed after a key exchange is
done such that when the key is handed from the media reader to the
play-back device it is done encrypted. I.e., the play-back device
would send its encryption key to the media reader, the media reader
would read the media content key from the media, encrypt the media
content key with the play-back device's encryption key, and pass
this encrypted version of the media content key to the play-back
device where it may be decrypted with the play-back device's
(secretly held) decryption key for use of the media content key in
accessing media content as provided by the media reader.
[0006] For example, in a host computer (here the play-back device)
coupled to a DVD disk drive (the media device) via the computer's
bus structure, information communicated between the computer and
drive is exposed easily to rogues, or "hackers," and probing.
Therefore, the media content key is passed over this bus only when
it has been obscured by a key established through a key exchange
between the drive and the host computer. However, in a stand alone
player, where the media reading mechanism and the video play-back
device are in one box, and the connection between them is somewhat
secure, then such a key exchange and/or encryption of the media
content key may be omitted in favor of decrypting the data directly
internally.
[0007] The way this scheme is implemented, the media reader itself,
as it may access the media content key, must honor the scheme and
refuse to access the content key for unauthorized purposes.
Likewise, as the play-back device is provided the content key, so
too must the play-back device honor the protection scheme. However,
in addition to relying on the security of the individual keys,
details of the operation of the above described scheme itself, such
as where and in what format content keys are written and the
algorithm for conducting key exchanges, are kept secret in order to
avoid the unauthorized retrieval/interception of keys and,
therefore, compromising the security provided. Additionally, with
the current scheme if an entity is able to generate legitimate
protected media, that entity is also able to make illegal copies of
other media as the secrets of the scheme must necessarily been
revealed to this entity in order to allow the generation of
legitimate protected media.
[0008] Accordingly, the protocol for encryption of the data and the
generation of keys is only revealed by license, i.e., only trusted
manufacturers of content and devices which read, write, or
otherwise utilize this content are provided with the secrets of the
protocol, and then only under the terms of a license agreement
restricting use and dissemination of this secret information. Very
few people or entities are able to obtain such a license, and its
attendant secrets, in order to provide content and/or devices
adapted in the nature of the protocol. As such, general content
providers, such as small entities or entities providing content for
internal or limited use, cannot protect their work as they have no
way of recording such a key to the media in a secure manner that
prevents illegitimate copying/utilization of protected content
while allowing legitimate generation of secure disk. Therefore,
there is no process that one can publicly use to generate such keys
and, therefore, there is no process for those other than the
licensed entities to record protected content compatible with this
scheme.
[0009] A further need exists in the art for providing access to
content with alternative techniques for security such as secure
passing of keys stored on the media, communication with an external
authorization center, and verification of the authenticity of the
media.
[0010] A need therefore exists in the art for a technique providing
secure access to the content of mass media which may be utilized by
a great number of individuals and entities without risk of
compromising security.
SUMMARY OF THE INVENTION
[0011] These and other objects, features and technical advantages
are achieved by a system and method utilizing a technique, which
itself is public, where only the individual keys used thereby need
remain private. In order to be available to all desiring the
protection of such a system, the rules for generating keys suitable
for use according to the present invention are preferably public.
As the technique itself, as well as the rules for generating
cryptographic keys to be utilized therewith, are public, the
present invention allows for its use by all those so desiring.
Moreover, as it is the cryptographic keys themselves, or portions
thereof, which are maintained securely in order to provide security
according to the present invention, rather than relying on the
secrecy of the technique for their use, compromise of the secret
information will result in only a content provider using that
particular key having access to content compromised.
[0012] The present invention operates to provide protection in
addition to the limited access of content through the use of
cryptographic keys. Specifically, the present invention is able to
securely identify a piece of media as being an original. Likewise,
the present invention is able to securely identify a play-back
device as being authorized. Accordingly, devices or users of the
media may be assured that interaction therewith is authorized as
each end can securely identify the other and each end can securely
send data to the other end.
[0013] Operation of the present invention is not to allow or
disallow any particular transmission, but rather to obscure the
content (information or data), using cryptographic methods, such
that only a legitimate recipient can make use of that data, i.e.,
nobody but the content owner, or those authorized by him/her, is
able to copy protected media content. To this end, the present
invention utilizes public key algorithms well known in the art to
provide cryptographic keys useful according to the present
invention. However, the present invention provides a unique system
and method for managing and utilizing these cryptographic keys.
[0014] Preferably, as in the above described prior art system, the
media reader or disk drive (media device) honors the technique of
the present invention. For example, through licensing of media
device manufacturers, it may be ensured that these devices honor
the technique. Therefore, sensitive information, such as the
aforementioned content key, may be stored on the media without
substantial fear that such information will be publically
disseminated. Preferably, media devices unaware of the scheme will
not crack it, i.e., a drive that can read/write raw the standard
areas won't copy the copy protection information provided in a
secured area. Accordingly, any attempt at violating the technique
of the present invention, such as to read sensitive information
stored on the media, is either unable to perform the technique at
all, i.e., is unable to instruct a media reader to access
restricted areas of the media, or if the device allows improper
utilization there is a legal remedy available.
[0015] However, unlike the prior art system, where the scheme
itself is secret, the present invention does allow the public at
large to generate their own protected content without requiring
license to the technology or requiring any secret information that
they do not themselves generate. This is because the only secrets
in the present technique are the keys themselves and, thus,
allowing the rules for generating the keys to be public.
Accordingly, media devices may be adapted to allow for limited
access to secure areas of the media in order to provide for
mastering of content protected by the present invention. This
allows anyone to be able to generate their own protected media.
[0016] According to the present invention, a public/private key
pair is used where the private key is known only by the
manufacturer or content provider for provision only to select, or
authorized, decoders or play-back devices. Therefore, each
individual device, sets of associated devices, or manufacturers
devices may utilize a different private key known only to these
devices. Likewise, in a preferred embodiment, a different content
key would be known by each piece of media, which if compromised
only presents a security risk for that media.
[0017] However, the media, or the media device operating therewith
when the media is strictly a passive device, needs to know the
play-back device's public key. As long as the media is guaranteed
that the public key does in fact belong to a particular owner,
i.e., is authentic and is associated with an approved or authorized
device, the system is secure. Accordingly, the owner or
manufacturer of the play-back device is, in fact, best off not by
keeping that public key a closely held secret but by broadcasting
it to world. This public dissemination of the public key decreases
the chance of a rogue fraudulently distributing a public key as
belonging to an approved or authorized entity. For example, company
X publishes a public key widely identifying itself as the source,
it is much more difficult for company Z to latter fool the public
into believing that a subsequent public key is company X's public
key. Therefore, in the preferred embodiment, the public keys of
approved play-back devices are actually published on the media.
[0018] By publication of the play-back device's public keys, the
present invention not only operates to securely transmit
information, but also provides for securely identifying either or
both ends, i.e., the media and/or the play-back device, as being
legitimate. Accordingly, any information storage scheme providing
an area that is fully readable and an area providing controllable
or restricted access may be utilized according to the present
invention.
[0019] Unlike the aforementioned prior art scheme, there is no
widely held secret, i.e., the play-back providers and the media
generation providers all having to know how the whole scheme works,
including the values for the keys. As the only parts of the present
invention that are secret are the private keys themselves, no
secrets need to be shared among parties. Accordingly, each
manufacturer, whether a manufacturer of media or devices operable
therewith, can keep their own secrets. Moreover, these secrets may
be kept such that the true secrets are known only by very few
people, in such a way that actually nobody knows the true secret
where, for example, the secret is embedded and shipped via random
generation which is then destroyed before it is ever noted, or in a
hidden away where, for example, certain persons are provided
partial information with respect to the keys and some plurality
thereof are needed to reconstruct the key. Moreover, as these
private keys may be embedded within circuitry useful in
encrypting/decrypting information according to the present
invention, the private keys may not even be revealed to any
party.
[0020] In an alternative embodiment, rather than storing the
content key in an area of limited access on the media, for
retrieval by the media device and subsequent transmission to the
play-back device, the key is securely stored by the media which
actively operates to securely transmit this key to the play-back
device without ever disclosing the key to the media device.
Accordingly, the active component utilized for hiding this key not
in the media device or disk drive. Instead, it is a portion of the
media, such as an electronic circuit including a processor and
memory operating under control of an internal algorithm. Therefore,
the content key, which is stored on the media within the
aforementioned memory, may be hidden and, preferably utilizing the
public key of the play-back device passed through the media device
to the play-back device without its ever being revealed to the
media device. Through the above mentioned secure identification of
the play-back device, the active media of this alternative
embodiment may be assured that the media key is not revealed to
unauthorized entities. Alternatively, the fact that the content key
is encrypted using a public key associated with an authorized
play-back device provides confidence that it may only be used by
that play-back device barring a security breach of the private
key.
[0021] Another alternative embodiment of the present invention
utilizes an external source to acquire a content key, such as for
"pay-per-view." Accordingly, rather than a content key stored on
the media, an identifier string, such as may be used to
authenticate the media, may be stored for provision to an external
source, utilizing public key encryption according to the present
invention, in order to acquire a content key useful with the
desired content.
[0022] Additionally, or alternatively, contact with the external
source may provide up-dated information with respect to authorized
decoders or play-back devices suitable for use with the media. For
example, a list of authorized public keys may be up-dated by such
communication in order to allow a media device to securely provide
a content key to a decoder not originally included as an authorized
decoder.
[0023] A technical advantage of the present invention is that a
technique known to the public, and therefore available for use by
the public, may be utilized to prevent useful copying of protected
content.
[0024] A further technical advantage of the present invention is
that playability is allowed in both dedicated players and
computers, as well as providing for the play-back in later
authorized devices.
[0025] A still further technical advantage of the present invention
is provided in its ability to protect both video information and
computer information. Moreover, such protection may include
interaction with an external authorization center, such as
pay-per-view techniques, via such commonly available communication
networks as phone or Internet.
[0026] The foregoing has outlined rather broadly the features and
technical advantages of the present invention in order that the
detailed description of the invention that follows may be better
understood. Additional features and advantages of the invention
will be described hereinafter which form the subject of the claims
of the invention. It should be appreciated by those skilled in the
art that the conception and specific embodiment disclosed may be
readily utilized as a basis for modifying or designing other
structures for carrying out the same purposes of the present
invention. It should also be realized by those skilled in the art
that such equivalent constructions do not depart from the spirit
and scope of the invention as set forth in the appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS
[0027] For a more complete understanding of the present invention,
and the advantages thereof, reference is now made to the following
descriptions taken in conjunction with the accompanying drawings,
in which:
[0028] FIG. 1 illustrates a media system adapted according to a
preferred embodiment of the present invention;
[0029] FIG. 2 illustrates a flow diagram of recording a disk
including content protected according to a preferred embodiment of
the present invention;
[0030] FIGS. 3A through 3C illustrate a flow diagram of the use of
content protected according to a preferred embodiment of the
present invention; and
[0031] FIG. 4 illustrates a flow diagram of the operation of an
external authorization center according to a preferred embodiment
of the present invention.
DESCRIPTION OF THE INVENTION
[0032] In understanding the concepts of the present invention it is
helpful to refer to a specific embodiment wherein the present
invention is utilized. Accordingly, described herein is an
embodiment where the present invention is utilized with bulk media
storing information suitable for use by digital systems, such as
digital video information commonly stored on DVD optical disks.
However, it shall be appreciated that the present invention is not
so limited and may in fact be utilized with any information storage
scheme providing an area of secure or restricted access to the
contents therein.
[0033] Directing attention to FIG. 1, a system adapted according to
the present invention is shown including media 100, media device
110, and play-back device 120. Media 100 includes unprotected
storage area 102, providing general access to information stored
therein, and protected storage area 101, providing secure or
restricted access to information stored therein. In a preferred
embodiment, protected storage area 101 is a predetermined area of
media 100 which media devices honoring the technique of the present
invention will not provide access to the information therein except
according to the present invention. In an alternative embodiment,
protected storage area 101 is an active area, i.e., includes
autonomous control over the data stored therein, such as through
the use of a processor unit and associated control algorithm, which
itself will not provide access to the information therein except
according to the present invention.
[0034] Also shown in FIG. 1 is media device 110, which may be for
example an optical or magnetic disk drive, adapted to accept media
100 and interact therewith, such as to read and/or write
information. Media device 110 includes interface 113, which may be
a magnetic head or laser and photo diode combination for example,
adapted to interface with media 100 to allow interaction between
media device 110 and media 100. Interface 113 is coupled to
processor 111 which, in addition to receiving information as
provided from media 100 through interface 113 and providing
information through interface 113 to media 100, operates to control
the operation of interface 113. For example, where media 100 is a
disk, such as is well known in the art, controller 1 11 may provide
motion control of interface 113 in order that physical blocks and
sectors of media 100 may be accessed as desired.
[0035] Also coupled to processor 111 is memory 112. Memory 112 may
provide any number of functions with respect to the operation of
media device 1 10. For example, memory 112 may store a control
program utilized by processor 111 in operation, such as in
performing the above mentioned motion control of interface 113 as
well as to operate according to the present invention.
Additionally, memory 112 may buffer information passed between
play-back device 120 and media 100 as well as provide an
environment for active functions of media device 110 such as the
handling cryptographic keys and/or their encryption for secure
transmission.
[0036] Play-back device 120 of FIG. 1 is coupled to media device
110 through bus 130 to comprise player 150. Included within
play-back device 120 is processor 121 which, in addition to
receiving information as provided from media 100 through media
device 110 and providing information through media device 110 to
media 100, operates to disseminate and/or accept the information
communicated with media 100. For example, processor 121 may operate
to play information recorded on media 100 to a monitor (not shown)
attached to play-back device 120. Likewise, processor 121 may
operate to accept information to be recorded on media 100 from a
user interface (not shown) attached to play-back device 120.
[0037] Also coupled to processor 121 is memory 122. Memory 122 may
provide any number of functions with respect to the operation of
play-back device 120. For example, memory 122 may store a control
program utilized by processor 121 in operation, such as to operate
according to the present invention. Additionally, memory 122 may
buffer information passed between play-back device 120 and media
100 as well as provide an environment for active functions of
play-back device 120 such as the handling cryptographic keys and/or
decryption of media content provided to play-back device 120.
Accordingly, processor 121 and memory 122 may operate as a decoder
suitable for utilizing the content of media 100.
[0038] Bus 130 coupling media device 110 and play-back device 120
may be an unsecured bus, such as a personal computer (PC)
input/output (I/O) bus where media device 110 is a disk drive and
play-back device 120 is a PC. However, both media device 110 and
play-back device 120 may be disposed within a substantially secure
environment, thus providing some security to bus 130, such as where
player 150 is an integrated unit as is the case for television top
DVD players. In such an embodiment processor 111 of media device
110 and processor 121 of play-back device 120 may be provided as a
single processor. Likewise, memory 112 of media device 110 and
memory 122 of play-back device 120 may be a single memory.
[0039] Optional communication device 140, coupled to clearing house
170 through public switched telephone network (PSTN) 160, is shown
in FIG. 1 coupled to play-back device 120. Communication device 140
may be utilized to update information stored within play-back
device 120 or media device 110, such as lists of authorized
decoders and/or their associated public keys, as well as to
authorize particular transactions between play-back device 120 and
media 100, such as to provide for "pay-per-view" service. Although
shown coupled directly to play-back device 120, communication
device may be coupled elsewhere in the system, such as to media
device 110, if desired. Likewise, although shown as providing
communication with clearing house 170 through PSTN 160, such
communication may be provided through any number of communication
links such as a local area network (LAN), a wide area network
(WAN), the Internet, a cable system, a satellite system, or the
like.
[0040] As described above, preferably protected storage area 101 of
media 100 is an area which provides secure or limited access to
information stored therein. For example, in a preferred embodiment
of the present invention, protected storage area 101 is a
predefined area of the media, such as a first or final sector of
the usable area of the media, to which media device 110 does not
provide general access. This restricted access to protected storage
area 101 may be provided by the agreement of the manufacturer of
media device 110 to honor the technique of the present
invention.
[0041] Alternatively, restricted access to protected storage area
101 may be provided by altering media device 110 to enable access
to a portion of standardized media not physically or generally
possible to be accessed by typical prior generation media devices
and, again, limiting access thereto by media device 110 by
agreement of the manufacturer to honor the technique of the present
invention. The latter mentioned alternative provides additional
security for the information of protected storage area 101 in that
media devices not specifically adapted to operate according to the
present invention are physically prevented from access. However, a
disadvantage to this alternative is that media protected according
to the present invention would not be suitable for use in such
non-conforming media devices.
[0042] In an alternative embodiment of the present invention
protected storage area 101 is an active portion of media 100, such
as may be provided by a processor and associated memory.
Accordingly, information, such as cryptographic keys utilized
according to the present invention may be stored therein and
provided externally only upon select conditions. Accordingly,
reliance upon a media device honoring the present technique may be
avoided and instead replaced with secure active portions of the
media itself As such, the provision of cryptographic keys, or other
sensitive information, may be passed through the media device to an
authorized play-back device without revealing this information to
the media device or its ability to use such secrets. Therefore, it
shall be appreciated that, although discussed below with respect to
a media device preforming these functions, the active portion of
the media itself may in fact perform the functions.
[0043] Such an active portion of media 100 may be provided an
interface to interact with media device 110 and/or play-back device
120 through electrical connections such as may be provided at a
center hub portion of the media (hub 103 of FIG. 1) disposed to
couple with complementary connections disposed within media device
110. Of course, such an embodiment requires not only adaptation of
media 100, but also media device 110 in order to provide operation
according to the present invention. Alternatively, media 100 may be
adapted to include a surface area having active components disposed
thereon adapted to provide interaction with media device 110
according to the media device's unaltered media interface. For
example, where media 100 is a magnetic media, protected area 101
may include circuitry, similar to the coils of a magnetic
read/wright head disposed along a sector or track of media 100,
controllable to provide magnetic patterns readable by media device
110 and to receive magnetic patterns written by media device 110 to
communicate selected information there through according to the
present invention. Likewise, where media 100 is an optical media,
protected area 101 may include circuitry, such as light emitting
diodes and photo diodes disposed along a sector or track of media
100, to provide optical patterns readable by media device 110 and
to receive optical pattern written by media device 110.
[0044] The active portion of media 100 may be provided in
components such as integrated circuits, or "chips," containing the
public key algorithms. Accordingly, these circuits may have
embedded in them the private key, which may never be available
externally because the chip never reveals it. The basis of public
key/private key encryption is that only if the private key is
known, information can be decrypted with the corresponding public
key. Therefore, there is no need to ever know the private key. The
presence of the authentic private key may be verified by generating
a random number, encrypting it with the public key, sending the
encrypted information to the chip, allowing the chip to decrypt the
random number using the private key, and again encrypt the random
number using the private key. If the random number is presented by
decrypting the returned encrypted string with the public key, there
must be a valid private key utilized within the chip.
[0045] It shall be appreciated the above exchange of a random
number may be utilized in validating either end of a communication.
Moreover, only one encryption/decryption cycle need be completed to
prove the recipient has a key corresponding to the issuers key.
However, the reencryption of the decrypted random number provides a
high level of confidence that the recipient did not simply guess
the correct random number.
[0046] It shall also be appreciated that, although the use of
random numbers is described herein, other information may be
utilized in such verification and the below mentioned information
disguising techniques. For example, particular patterns of
information, such as time and/or day information may be used.
Likewise, particular information run through a hash or other
algorithm to uniquely alter the data may be used. Of course, the
more "random" or unpredictable the data so used is, the less likely
that it may be guessed by the recipient.
[0047] In another alternative embodiment, protected area 101 is not
a discrete portion of media 100, but rather is information provided
in a secured fashion within the unprotected area of media 100. For
example, information which is to be protected, or provided limited
access, according to the present invention may be disbursed
throughout unprotected area 102 in a manner such that its recovery
is impossible or unlikely except to devices operating according to
the present invention. Accordingly, in an embodiment of the present
invention, information stored in protected area 101 is encoded as
errors in the information stored in unprotected area 102. These
errors are predetermined to be correctable, such as through CRC
error correction algorithms known in the art, in order to provide
error free utilization of the information stored in unprotected
area 102. However, the placement of such errors and/or particular
patterns of the errors are utilized to encode the information of
protected area 101. Such an embodiment may be utilized to prevent
unauthorized copying as a system providing anything other than a
raw data copy will likely used the CRC algorithms to "correct"
those errors prior to their being written on the copy.
[0048] It shall be appreciated that, although described above in
the alternative, the embodiments of providing protected area 101
may be combined. For example, portions of the information of
protected area 101 may be stored according to different ones of the
above embodiments. Likewise, all the information of protected area
101 may be provided in multiple ones of the embodiments, such as to
provide maximum compatibility with media devices and/or play-back
devices.
[0049] Having described embodiments for the storage of protected
information, reference is now made to the below table for an
understanding of a preferred embodiment of information stored in
protected area 101. Preferably, all values are recorded in Little
Endian format.
1 Offset Size Name 0 128 1024 bit media key (n) 128 128 Reserved
256 128 1024 bit media key (e) 384 128 Reserved 512 4 Decoder Key
File CRC 516 12 Reserved 528 8 Disc Key 536 8 Reserved 544 1 SCMS
count 545 1 Encryption Type 546 1 Public Key flags 547 1 Region
Code 548 2 Number of Key Extents 550 26 Reserved 576 N_K * 8 Key
Extents
[0050] The media key (n), preferably a 1024 bit key, and media key
(e), also preferably a 1024 bit key, are each one half of the media
public key. Generation of this key and its use will be described in
detail below.
[0051] Preferably, the media will have a list of decoders,
identified through the Public Key flags of the preferred
embodiment, that the author has deemed acceptable for use with the
media. Accordingly, the Public Key flags indicate which public
keys, associated with authorized decoders, the drive is allowed to
use to send Disc Keys. If the bit is set, as shown in the table
below, the drive will allow to the Report Key command to return the
Disc Key encrypted with the corresponding public key.
2 Bit Description 0 The public key in the key sector shall be valid
for reporting the Disc Key. 2-6 Reserved 7 Public Keys not listed
elsewhere are acceptable.
[0052] The public keys indicated as allowable by the Public Key
flags are preferably stored on the media itself as indicated by the
Key Extents of the preferred embodiment. Preferably each entry of
the Key Extents is a pair of 32 bit unsigned integers. The first
integer specifies a sector number of an authorized decoder key and
the second integer specifies a byte count of that decoder key. The
Number of Key Extents contains the number of extents that contain
the key file. On read-only media, this number is preferably
one.
[0053] According to the present invention, an author or provider of
content may review the products of companies X, Y and Z to
determine if they have guaranteed that their product does not
compromise the material that is to be protected. If it is
determined that the way in which companies X and Z have protected
their information, the content provider records public keys for X
and Z on the media as authorized decoders and/or play-back devices
and sets the Public Key flags accordingly. This list of public keys
may be the only one utilized in passing a content key from the
media to a play-back device and, thus, only these approved decoders
or play-back devices will be able to utilize the content key.
Although described as the only devices authorized, it shall be
appreciated that below is described a method for updating this list
to allow for inclusion of later approved or developed devices.
[0054] In operation, the play-back device will request the media
key encrypted for use with a particular decoder, i.e. X. The drive
will look for X as an acceptable key, as indicated in the Public
Key flags, and, utilizing the Key Extents to locate and retrieve
the proper public key, encrypt the media key accordingly to send it
along.
[0055] As these keys of the authorized decoders are their public
keys, there is no need to record them secretly on the media.
Accordingly, the preferred embodiment of the present invention
records these keys within unprotected area 102. However, as the
proper presence of such a public key will be utilized to allow
useful play-back of content, it is preferred that these keys are
provided in a read only (or write once only) area of the media in
order that the list is not altered to include a rogue key.
[0056] Additionally, in order to provide protection of the keys,
and therefore the decoders, utilized with a particular media and
its content, Decoder Key File CRC, preferably CRC 32 of all of the
decoder keys, is utilized to detect tampering with these keys.
Accordingly, if one were to edit or alter the decoder key file or
the key extents, the CRC will not be correct for the altered file.
In the preferred embodiment Decoder Key File CRC is 4 bytes but
could be extended, for example to as much 16 to utilize other
message digest algorithms such as MD5.
[0057] The Disk Key as stored in the secure area may be used in an
application specific manner. For example, in some cases it may be
used to encrypt/decrypt content, i.e., content key. Public key
encryption is typically not desirable for a significant quantity of
data because public key encryption is extremely slow and processor
intensive, accordingly, the above mentioned public key algorithms
may be used to transfer a key for a symmetrical encryption system,
such as DES or a IDEA or any number of other algorithms wherein the
key must remain secret at each end. However, in other cases the
Disk Key may be an identification string or information utilized by
an external source in authorizing use of the content of the media.
Use of the Disk Key in such cases is described in detail below.
Regardless of the actual form of the Disk Key, preferably its
contents are never to be made available unencrypted. Preferably,
the Disk Key field is 8 bytes which is sufficient to hold a 56 bit
DES key.
[0058] The SCMS count is preferably used by writeable drives to
determine if copies are allowed. If copies are allowed, the SCMS
also provides information with respect to how many generations of
copies are allowed. Preferably, the SCMS count is decremented upon
the completion of an authorized copy by a media device. For
example, the following sequence could be used to copy a protected
disk:
[0059] (1) Insert the original disk.
[0060] (2) Host instructs the drive to "Read Secure Area." If the
allowed copy count field is zero, the drive generates an error.
[0061] (3) Drive caches information from the secure area (it is
preferably NOT returned to the host).
[0062] (4) Insert a blank disk.
[0063] (5) The host instructs the drive to "Write Cached Secure
Area."
[0064] (6) The drive decrements the allowed count field and writes
the sector to the disk.
[0065] Encryption Type is preferably a flag indicating suggested
usage as shown in the table below. Accordingly, in the preferred
embodiment, commands to implement all cases will work in all cases
as these commands do not change their behavior if different
Encryption Types are selected. For example, a disk originally
designed for Standard Video can use the same sector data with the
Standard ROM identification technique. Another use is to use the
pay per view technique to allow playback on decoders not originally
included on the media.
3 Encryption Type Description 0 Standard Video 1 Pay per use 80h
Standard data
[0066] The Region Code indicates in which regions the disk is to be
allowed to be used. Each bit preferably corresponds to a
region.
[0067] According to a preferred embodiment of the present
invention, all passing of encrypted information fits in the SFF
8090 Send Key/Report Key structure. Accordingly, key type codes as
set forth below are preferably utilized. The Key Type specifies the
type of encryption used on the disk.
4 Key Type Description 0h Disk is encrypted according to CSS. 1h
Disk is protected by the technique of the present invention. 2h
Reserved 3h Reserved
[0068] The below descriptions are for Key Type 1 (key types of the
present invention).
[0069] For operation according to the preferred embodiment of the
present invention, the SFF 8090 Report Key is as follows:
5 1
[0070] where the Key Source and Key Type fields are new, allowing
for multiple schemes to exist in the command space.
[0071] Preferably the Key Source specifies the source of the Disk
Key as set forth below:
6 Key Source Value Key Source Description 00h generated Disk Key is
all zeroes 01h generated Disk Key is the current random number. 02h
Media Disk Key is the temporary Disk Key. Initialized to zero upon
AGID grant. 04h Media Disk Key is recorded in key sector 08h Media
Disk Key is encoded as DSV exceptions 10h Media Disk Key is encoded
as ECC exceptions 20h Media Disk Key is in user data space 40h
Media Disk Key is in the sector header of the key sector 80h Media
Disk Key is in the border zone
[0072] Typically, only one or two bits are expected to be set. If
two bits are set, one will usually be the current random number. In
a preferred embodiment, if more than one bit is set, the Disk Key
is the XOR of all requested keys.
[0073] The Key Format defines the type of key requested. The
preferred definitions for Key Format are as set forth in the table
below.
7 Key Format Description 0 Request AGID. Regenerate the random
number for the AGID. (common to all Key Types) 1 Report Disk Key
encrypted with most recent Public Key sent. 2 Report Media Public
Key 3-3Eh Reserved 3Fh Report the Key Types on the medium (common
to all Key Types) Send Key: 1 Send current public key. 2 Send Disk
Key. The drive shall store this value as the temporary Disk Key for
the current AGID.
[0074] Having described the information provided in a secured area
of the media according to the present invention, a preferred
embodiment of the storage of this information to the media will be
described with reference to FIG. 2. Shown in FIG. 2 is a preferred
embodiment of the mastering or creation of a media recorded and
protected according to the present invention.
[0075] At step 201 prime number p and q are chosen. Preferably p
and q are each 512 bit primes. Of course, larger or smaller primes
may be utilized according to the present invention depending upon
the desired level of difficulty desired in breaking any
cryptographic keys generated therefrom.
[0076] At step 202 one half of the public key (e) is chosen such
that e is relatively prime with respect to (p-1).times.(q-1). As
described below e and n each comprise one half of the public media
key of the preferred embodiment of the present invention. The value
n is derived from the relationship n=p.times.q. Accordingly,
secured content (s), decryptable only through use of a
corresponding private key, may be derived from clear content (c)
through the relationship:
s.sub.pub=c.sup.e mod n
[0077] and clear text contents (c) may be derived from secured
content (s), encrypted through the use of a corresponding private
key, may be derived through the relationship:
c=s.sub.pvt.sup.e mod n
[0078] At step 203 one half of the private key (d) is computed to
satisfy the relationship:
1=d e mod (p-1)(q-1)
[0079] As with the public key above, n is utilized as the remaining
half of the private key. Accordingly the secured content (s)
encrypted utilizing the public key above may be decrypted to
provide clear content (c) according to the relationship:
c=s.sub.pub.sup.d mod n
[0080] and secured content (s) decryptable only through use of the
above described corresponding pubic key may be derived according to
the relationship:
s.sub.pvt=c.sup.d mod n
[0081] At step 204 the Disk Key k is generated. As described above,
this key may be a cryptographic key, such as a symmetric key
conforming to the DES standard, utilized in encrypting and
decrypting the content of media 100 provided in unsecured area 102,
i.e., a content key. Alternatively, Disk Key k may be
identification information utilized in identifying the particular
media or content, such as to an external source of clearing house
for provision of a proper decryption key or other information
useful in utilizing the content of media 100.
[0082] At step 205 a list of "acceptable users," or decoders and/or
play-back devices authorized to utilize the content of the media,
is compiled. This list of acceptable users preferably includes both
the identification of such users as well as their public keys.
[0083] At step 206 the values of p, q, e, and k, as well as the
list of "acceptable users" and other miscellaneous information,
such as content information for an external source, are provided to
a media device operable according to the present invention. It
shall be appreciated, as secure area 101 of the present invention
is preferably only accessible through restricted access, that only
when these parameters are provided in accordance with the proper
operation of the present invention will a conforming media device
accept and record this information on media 100. Therefore, in the
preferred embodiment the prime factors p and q must be provided to
the media device, rather than the value n, in order to establish
that the provider is actually the originator of the keys
utilized.
[0084] Accordingly, at step 207, the media device computes n from
the values of p and q provided thereto. If a rogue has been able to
intercept the values e and n, such as through unauthorized access
to secured area 101 of media 100, a media device operating
according to the present invention will prevent a useful
unauthorized copy being made as either no values for p and q will
be available or the rogue will be unable to select values suitable
for use with the portions of the key previously generated.
[0085] At step 208 the media device records n, e, k, and the list
of acceptable users on to media 100 within secure area 101. It
shall be appreciated that, although discussed with respect to the
media device providing restricted access to the secured area, as
described above the present invention may utilize a portion of
media 100 having intelligence disposed therein, such as a small
chip set interfaced with the media device as described above.
Accordingly, storage of this information may be through interaction
with such an intelligence associated with the media rather than
relying on the media device to restrict access and to perform
operations such as the aforementioned computation of the value
n.
[0086] At step 209 it is determined whether the particular
implementation of the present invention includes the encrypting of
content to be stored in unsecured area 102 of media 100. If no
encryption of this content is desired, i.e. encryption is utilized
for media authentication only, then operation proceeds to step 214
wherein the content is recorded to media 100.
[0087] However, if encryption of this content is desired, then
operation proceeds to step 210 wherein a determination is made as
to whether the implementation is to utilize information provided
from an external source, such as a clearing house utilized in
providing "pay-per-view" services. If information from an external
source is not desired, operation proceeds to step 212 wherein the
content key is set to the disk key.
[0088] If information from an external source is to be required in
order to utilize the content of media 100, operation proceeds to
step 211 wherein the content key is selected at random, or by any
other appropriate method. It shall be appreciated that the content
key of step 211 is provided to the clearing house, or other
external agent, in order to provide for the later use of the
content of media 100. However, this key is not stored on media 100,
thus requiring contact with the clearing house for use of the
content.
[0089] Regardless of whether an external source is to be utilized
or not, the content to be stored within unsecured area 102 may be
encrypted with the content key (step 213) and recorded to media 100
(step 214). Accordingly, both steps 211 and 212 proceed to step 213
for encryption of the content with the content key.
[0090] Having described in detail the mastering of a disk according
to a preferred embodiment of the present invention, reference is
now made to FIG. 3 wherein the utilization of content provided
according to the preferred embodiment of the present invention is
shown.
[0091] At step 301 the play-back device requests the encryption
type of media 100. In response the media device reads the
encryption type from the media (step 302). It shall be appreciated
that, although shown above in the preferred embodiment as being
recorded in the secure area of the media, the encryption type
information may be stored anywhere upon the media, if desired.
[0092] At step 303 a determination is made as to whether encryption
is utilized with respect to the content of the media. If it is
determined that no encryption is utilized then operation proceeds
to step 326 in order to determine if disk authentication is
utilized according to the present invention.
[0093] However, if it is determined that encryption is utilized to
protect the content, then at step 304 a determination is made as to
whether the encryption is "standard." If it is determined that
encryption utilized to protect the content is other than standard,
operation proceeds to step 314 associated with the use of an
external source in the utilization of content as described in
detail below. If the encryption is standard, operation proceeds to
step 305 wherein the list of"acceptable users" is requested.
Thereafter, at step 306 the media device reads the list of
"acceptable users" from the media and provides this information to
the play-back device. The play-back device generates a list of
content targets, i.e., decoders available thereto, at step 307.
[0094] At step 308 a determination is made as to whether any of the
content targets available to the play-back device match those
included in the list of "acceptable users" authorized to operate
with the particular media. If no match is found, operation proceeds
to step 314 associated with the use of an external source in the
utilization of content, in order that an updated list of
"acceptable users" may be utilized, such as by communicating
information when coupled to the clearing house such as a list of
public keys for which it is acceptable to work with. Accordingly,
if a new decoder is built or authorized after a particular media is
published, the new decoder public encryption key scheme may be used
through communication with a third party provider to get the
authorization to use a new decoder.
[0095] For example, the media device may establish communication
with a clearing house and identify itself to the service provider,
such as through the use of one of the acceptable keys on the list
being that of the person who owns the content itself, i.e., the
media public key. Accordingly, the media device honoring the
technique of the present invention is allowed to pass the disk key
to this content provider using this public key provided on the
media possibly accompanied with a request to the host, either
protected or not, identifying a decoder upon which play-back is
desired. In receiving a legitimate disk key encrypted with the
content provider's public key, the content provider may have a high
level of confidence in this being a legitimate disk and, therefore,
may send back an authorized public key for the particular decoder,
or a list of authorized public keys, encrypted with the private key
corresponding to the content provider's public key found on the
media. The media device is then able to decrypt that list with this
key.
[0096] In the preferred embodiment, the retrieval of an authorized
key is automatically performed when a suitable authorized key is
not found on the media, as is provided in the steps outlined above.
However in an alternative embodiment, the up-dating of the
authorized decoders is performed in maintenance cycle, such as may
be performed at predetermined intervals, such as at night or
periods of non-use of the player.
[0097] If a match is found as between the "acceptable user" list
and the list of content targets available at the play-back device,
then at step 309 a request for the content key is sent identifying
the matching "acceptable user." At step 310 the requested
"acceptable user" is validated against the list of "acceptable
users" and, provided it is indeed a match, the disk key, here the
content key, is read from the media (step 311) and encrypted with
the public key of the matching "acceptable user" (step 312).
Thereafter this encrypted disk key is provided to the play-back
device decoder at step 313 to allow meaningful use of the content
recorded thereon and operation according to the present invention
is concluded. It shall be appreciated that, as the disk key is
encrypted utilizing the public key of the particular decoder, that
only this device may actually decrypt the content of media 100 even
if a rogue were to emulate the above preceding steps.
[0098] If it is determined that encryption utilized to protect the
content is other than standard (step 304) or if none of the
decoders available to the play-back device are included in the
"acceptable users" list (step 308), a determination is made as to
whether external contact information is present on the media (step
314). This contact information may be recorded in unsecured area
102, as the particular clearing house contacted may provide a
cryptographic key necessary in utilizing the content of media 100
which may not be defeated by fraudulently directing, i.e.,
surreptitiously recording contact information on media 100, a media
device and/or play-back device operating according to the present
invention to a rogue external contact. Moreover, as information
provided from the clearing house is preferably encrypted utilizing
the private media key, i.e., d and n discussed above, a rogue
clearing house will not be able to provide a proper response unless
this private key is acquired.
[0099] If, at step 314, it is determined that no contact
information is present, i.e., there is no available external source
of information for utilizing the content of media 100, then
operation according to the present invention is concluded. However,
if it is determined that contact information is present, then
operation proceeds to step 315 where a determination is made as to
whether the content key to be retrieved from the external source is
to allow unlimited use of the content or a single use.
[0100] If only a single use is to be allowed of the content, i.e.,
a user must request a content key each time the content is to be
utilized, such as might be desirable where a fee for use is desired
to be extracted for each such use, operation of the present
invention proceeds to step 316. At step 316 a request is made for
an encrypted result of the disk key XORed with a random number.
Accordingly, at step 317, the media device generates a random
number, i.e., a unique value which is chosen at random for use
according to the present invention and which is held only for a
period of time sufficient to complete this one iteration of the
present invention. At step 318 the disk key is XORed with the
random number and, thereafter, at step 319 the XORed disk key is
encrypted with the public media key.
[0101] However, if unlimited use is to be allowed of the content,
i.e., the content is to be unlocked permanently with respect to a
particular play-back device upon the payment of a single fee or a
verification of an authorized copy of the media, or where the
information to be provided by the clearing house is "authorized
user" up-date information, operation of the present invention
proceeds to step 320. At step 320 a request is made for an
encrypted disk key. This request may include transmission of a
private cryptographic key or other means by which the returned data
packet may be further protected in order to present someone with
the public media key for intercepting the returned data packet and
decrypting its contents. Thereafter, as described above, step 319
encrypts the disk key with the public media key.
[0102] It shall be appreciated that, in the alternative to the
play-back device determining whether one time or unlimited use is
to be allowed, the media device of the present invention may make
this determination, such as through reference to information stored
on media 100, for example within a reserved area of secure area
101. Accordingly, rather than the decision presented at step 315,
the play-back device may request a disk key and the media device
XOR that key with a random number if one time use is to be provided
or XOR that key with zero (0) if unlimited use is to be
provided.
[0103] At step 321 a list of the decoders available to the
play-back device, as well as information identifying the media, are
appended to the encrypted disk key. It shall be appreciated that
the information identifying the media may be stored on the media
either within the secured area, such as one of the reserved areas
described above, or within the unsecured area, and may be provided
from the media for inclusion accompanying the encrypted disk key
such as at step 319.
[0104] The information identifying the media, the list of available
decoders and the encrypted disk key are provided to the clearing
house at step 322 and a response therefrom is awaited. It shall be
appreciated that this information packet may be provided to the
clearing house from the player utilizing a communication device
such as the aforementioned modem coupled via a public switched
telephone network or the Internet. Of course other means by which
data communication may be accomplished which are well known in the
art or may later be developed may be utilized according to the
present invention.
[0105] The clearing house receives the data packet from the player
and preferably operates according to the embodiment described with
reference to FIG. 4 described below. Accordingly, a content key
suitable for use with the content of media 100 is returned to the
player, preferably encrypted utilizing the private media key
described above.
[0106] At step 323 the response from the clearing house is provided
to the media device where it is decrypted using the public media
key (step 324). As described above, a random number is utilized in
the one time use embodiment of the present invention. This random
number is utilized by the clearing house to XOR the content key for
provision to the player. As such a rogue may not simply capture the
data packet returned from the clearing house for later
re-submission to the player for repeated use of the content as the
random number, discarded after a single iteration of the present
invention, is required by the media device in extracting the
content key. Moreover, someone in possession of the media public
key will not be able to decrypt the data packet and retrieve the
content key without also knowing the random number. Accordingly, at
step 324, where the single use embodiment is utilized, the
information decrypted is XORed with the random number to reveal the
content key an/or other information provided thereby.
[0107] At step 325 the media device may store the content key for
repeated use, where allowed and/or may store a new or updated
"acceptable user" list for subsequent use. Alternatively, or
additionally, where the content key provided by the clearing house
is useful in unlocking the media for multiple uses, i.e., the key
is not XORed with a random number retained only for a single
iteration of the present invention, the play-back device or other
host may memorize the data packet for subsequent provision to the
media device at the appropriate time.
[0108] Although described with respect to up-dating an "acceptable
user" list, it shall be appreciated that the present invention may
operate to indicate particular ones of the decoders identified as
authorized by the Public Key flags and/or Key Extents which are no
longer acceptable for use according to the present invention. For
example, where a particular private key has been compromised, the
up-date information received from the clearing house may indicate
one of the public keys may no longer be used. Accordingly, a check
against such a "revoked" list may be performed, such as at step
306, to disallow the use of such private keys.
[0109] Operation proceeds to steps 305 through 313 as described
herein above. However, it shall be appreciated that where the
content key is provided in the data packet from the clearing house,
i.e., pay-per-view, step 311 operates to utilize this content key
rather than the disk key stored on the media. Likewise, where
external information is utilized to up-date the "acceptable user"
list, the information at step 306 includes the up-dated information
provided by the clearing house.
[0110] It shall be appreciated that the content key and/or up-dated
"acceptable user" list information acquired from the clearing house
may be stored within media 100 if desired. However, as unauthorized
recording of this information may be utilized in avoiding the
protection offered according to the present invention, recording of
this information on the media is preferably done within the secure
area.
[0111] If it is determined that no encryption is utilized to
protect the content of media 100 (step 303) a determination is made
as to whether disk authentication according to the present
invention is to be utilized (step 326). If no disk authentication
is utilized, then operation according to the present invention is
concluded and the play-back device utilizes the content of media
100 accordingly.
[0112] However, if disk authentication is utilized, at step 327 the
play-back device generates a random number. Thereafter, the
play-back device encrypts this random number with the private media
key (step 328). The encrypted random number is communicated to the
media device at step 329. Thereafter, the media device decrypts the
random number utilizing the public media key stored in the secure
area of media 100.
[0113] The play-back device requests that the random number be
XORed with the disk key stored within the secure area of media 100
(step 331). In response, at step 332, the media device XORs the
random number with the disk key. The media device then encrypts the
result of the XORed random number and disk key with the media
public key and provides this data packet to the play-back device
(step 333). The play-back device decrypts the XORed random number
and disk key utilizing the private media key (step 334) and XORs
this decrypted information with the random number (step 335).
[0114] At step 336 a determination is made as to whether the disk
key obtained from the media according to the above steps matches an
expected or known disk key. If there is a match, the media is
authentic, i.e., a simple copy of the information provided within
unprotected area 102 has not been performed. However, if there is
no match of the disk key, then the media is not authentic.
[0115] Although the above preferred embodiment describes the use of
standard encryption, external authorization, and media
authentication in a single embodiment, it shall be appreciated that
any combination of these techniques may be utilized. For example,
where a pay-per-view only device is utilized, only those steps
associated with external authorization need be provided such a
system. Similarly, where it is not anticipated that media
authentication will be utilized, devices may be adapted to include
only those steps associated with standard encryption and external
authorization.
[0116] Directing attention to FIG. 4 a preferred embodiment of
operation of the clearing house in response to a request by a
player is shown. At step 401 the clearing house receives the data
packet of step 322 from the player. The data packet is decrypted
utilizing the private media key corresponding to the public media
key stored on media 100 (step 402). At step 403 the particular
media is identified using information within the received data
packet. It shall be appreciated that the clearing house may
identify the particular media through available information which
does not expressly identify the media. For example a particular
public key may provide sufficient identification of the media.
Likewise, information gleaned from the communication, such as a
uniform resource locator (URL) or automatic number identification
(ANI) of the requesting player may be utilized according to the
present invention.
[0117] At step 404 the random number generated by the media device
is recovered by the clearing house by XORing the decrypted disk key
and random number XORed by the media device with the disk key as
known by the clearing house. This random number is utilized to XOR
the content key, to be utilized by the play-back device in
meaningful use of the encrypted content of media 100, for provision
to the player. An "acceptable user" list, or up-date thereof, may
be appended to the information to be provided to the player at step
406. Thereafter, the information to be provided to the player is
encrypted using the private media key (step 407) and communicated
to the player (step 408).
[0118] Preferably, file system information of the media is not
encrypted. However, the data within files may be encrypted with the
content key. Accordingly, a control file preferably indicates which
files are encrypted and which are not. This allows protected and
freely distributable information to coexist on the same media, thus
enabling selected content to be protected, such as movies, while
allowing unprotected distribution of other content, such as
promotional trailers.
[0119] In the preferred embodiment, the encryption sequence is
restarted for each sector of the media. This maintains the sector
addressability of the media and allows for random access of the
content provided thereon.
[0120] As described above, a media device operating according to
the present invention allows for the producing of protected content
by providing for the authorized writing of information within the
secure area. However, to prevent such access to the secure area
from enabling rogues to alter legitimately mastered media, writing
to this area is performed by providing the two prime numbers that
are the factor of the media key (n). The disk key is provided
encrypted with the private key corresponding with the public key
sent. The media device multiplies the two primes and record the
product in the media key (n) field. The media device does not need
to verify that the input numbers are prime. A user can generate
insecure keys, but cannot reproduce a secure key. The disk key will
be obtained for recording upon the media by the media device by
decrypting it using the public media key computed from the primes p
and q.
[0121] Accordingly, authoring a protected disk is possible, as the
author has the primes. An illegal copy operation will not succeed
because the key cannot be written without knowing the corresponding
prime factors. Even if a user obtains the keys, he will not be able
to record them.
[0122] Commercial writing may be accomplished as described above.
However, for further protection, the 1024 bit key may either be a
prime itself or the product of two primes in which one of the
primes is larger than 512 bits. This would prevent copying the key
with a consumer level product even if the key could be
factored.
[0123] It shall be appreciated that the present invention may be
implemented upon a dedicated player by the dedicated player reading
the disk key from the secure area. If pay-per-view is supported,
the dedicated players may implement the public key protocols as
described above.
[0124] Additionally, it shall be appreciated that the present
invention may also be implemented upon a computer system. However,
a ROM drive, such as typically found in computer systems, performs
no decryption of data delivered via its host interface. Preferably,
MPEG decoder based decryption is utilized, such that decryption is
performed by the MPEG decoder using the key provided by the drive.
In order to maintain protection of the content, the MPEG decoder
should not deliver the content to any interface that allows
recording.
[0125] It shall be appreciated that, although the above example has
been discussed with respect to a DVD formatted bulk storage device,
the techniques described herein may be utilized with any number of
such bulk storage devices. For example, the techniques of the
present invention may be utilized with CD ROM formatted bulk
storage devices with only simple differences as to where the secure
area is hidden and how it was marked as not readable and how the
disk key is hidden.
[0126] Additionally, it shall be appreciated that according to the
preferred embodiment of the present invention, as shown above, no
unique host or drive identifier is available or required. This is
allow for changing hardware due to upgrades or failure.
[0127] Although the present invention and its advantages have been
described in detail, it should be understood that various changes,
substitutions and alterations can be made herein without departing
from the spirit and scope of the invention as defined by the
appended claims.
* * * * *