[go: up one dir, main page]

HK1097947B - A method for storing a digital work and usage right information in a record carrier that includes a re-writable section and a key - Google Patents

A method for storing a digital work and usage right information in a record carrier that includes a re-writable section and a key Download PDF

Info

Publication number
HK1097947B
HK1097947B HK06112297.9A HK06112297A HK1097947B HK 1097947 B HK1097947 B HK 1097947B HK 06112297 A HK06112297 A HK 06112297A HK 1097947 B HK1097947 B HK 1097947B
Authority
HK
Hong Kong
Prior art keywords
key
information
digital work
usage right
storing
Prior art date
Application number
HK06112297.9A
Other languages
Chinese (zh)
Other versions
HK1097947A1 (en
Inventor
A. Treffers Menno
A. M. Staring Antonius
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of HK1097947A1 publication Critical patent/HK1097947A1/en
Publication of HK1097947B publication Critical patent/HK1097947B/en

Links

Description

Method for storing a digital work in a record carrier comprising a rewritable part and a key
Technical Field
The present invention relates to methods and apparatus for controlling the distribution and use of digital works. Furthermore, the invention also relates to a record carrier for storing a digital work.
Background
One fundamental problem facing the publishing industry and the information industry when considering electronic publishing is how to prevent unauthorized and unexplained distribution and use of electronic publications. Electronic publications are generally distributed in digital form and created on computer-based systems that have the capability to reproduce the electronic publication. Audio and video recordings, software, books and multimedia works are published electronically. The royalty is paid for each transfer specified, and any undescribed issuance results in no royalty being paid.
The transfer of digital works over networks such as the widely used internet is now common practice. The internet is a widely distributed network used by many users of universities, corporations, and government departments to communicate and exchange ideas and information. Therefore, there is a need to distribute digital works using such networks without fear of extensive unauthorized copying.
The combination of significant translation between consumer and computer, increased network and modem speeds, reduced cost of computer functionality and bandwidth, and increased functionality of optical media creates a tremendous hybrid business model in which all kinds of digital content can be distributed on optical media played on at least occasionally connected consumer and/or computer, with the addition of other models besides the one-time-purchase models common in music CD and initial DVD movie offerings, such as renting, pay-per-view, rental (read-over). Consumers may receive offers to select among these and other modes from the same and/or different distributors and/or suppliers. The royalty may be paid to a fee settlement service over a network and/or through other communication channels. Consumer usage and subscription information may flow back to the producer, distributor, and/or other participants. The basic copy protection techniques for recordable optical discs being introduced today are not able to support these and other complex modes.
Document US-a5629980 discloses a method and a device for controlling the distribution and use of digital works, as described below. The method comprises the following steps:
a) attaching a usage right information to the digital work, the usage right information defining one or more conditions that must be satisfied in order to exercise the usage right;
b) storing the digital work and its additional usage rights information on a record carrier;
c) updating the additional usage rights information with each use of the digital work;
d) denying use of the digital work if the usage rights information indicates that the usage rights have been exercised.
The device comprises:
a) writing means for writing said digital work and additional usage right information defining one or more conditions that must be met in order to exercise the usage right on a record carrier;
b) updating means for updating the additional usage rights information with each use of the digital work; and
c) control means for denying use of the digital work if the usage right information indicates that the usage right has been exercised. Where the numbers or usage rights are obtained with the purchase. This usage right limits how scrambled forms of music tracks (music tracks) on internet-purchased, downloaded or recordable optical discs can be used. These digital rights are also called usage rules or usage rights. For example, a purchaser may be allowed to make three copies for personal use and not a fourth copy. Alternatively, the purchaser may be allowed to play a particular track four times, while the optical drive will not play the 5 th time.
The usage rights are preferably stored on the optical disc. In this case, the usage rights are transferred along with the music and the compact disc will be played on all players that support this function.
An Electronic Music Download (EMD) application for downloading music tracks from the internet must store several pieces of information on the disc, such as the scrambled channel (audio track), the keys required to descramble the channel, and the usage rights specifications. Some usage rights may be reduced (i.e., consumed) during use. The rule "three copies for personal use" becomes "two copies for personal use" after one copy has been copied, for example. The usage right therefore contains a counter that can be updated when the usage right has been exercised.
Any device arranged to access the downloaded track should comply with the basic rules of the purchased usage rights. That is, only authorized, trusted playback devices can read the key and set the usage rights or counters. Thus, non-compliant applications should be prevented from copying music tracks without updating the counter, incrementing the counter without paying a premium, or copying duplicate discs that are identical with the same usage rights.
For a bitwise copy operation with a standard disc drive, there has been a proposal for a Unit disc Identifier (UDI-Unit disc Identifier) which can be written on the disc by the manufacturer in a manner readable by a playback device. If a recordable disc has a UDI, this identifier can be combined with the scrambling key of the music track. After bitwise copying of the disc concerned to another record carrier it can no longer be descrambled, since the other record carrier will have a different UDI, so that the scrambling key can no longer be recovered.
However, "copy and restore attacks" (copy and restore attacks) or "replay attacks" (replay attacks) may be used to overcome the UDI solutions described above. In this case, a standard disc is used to determine the bits on the disc that have been changed when the usage rights are consumed. These bits are typically associated with a counter of usage rights and are therefore copied to another storage medium. The usage rights are then consumed, for example by making a copy, until the copy counter reaches zero, no further copying is allowed. The determined and stored bits are restored from the storage medium to disk. Now the disc is in a state in which the user can continue copying, assuming that the usage rights have not been consumed or exercised. In this case, the UDI dependent scrambling key has no effect on the copy operation, since the disc is not changed.
Furthermore, document WO-A-97/43761 discloses A rights management arrangement for storage mediA such as optical digital video discs, in which A digital work and corresponding usage rights information are protectively packaged with A secure "software container". In addition, an encrypted key block is stored on the disc, which provides one or more keys for decrypting the digital work. The decryption keys for decrypting the key block are also stored in a covert form on the record carrier at locations that can be physically enabled by corresponding firmware or jumpers (jumpers) of the disc drive. Thus, any attempt by a personal computer to physically copy the disc will not result in copying the covert key.
However, even this encryption protection method may not prevent "copy and restore attacks" because potential hackers restore the detected and copied usage rights data back to their original location on the same disk. The hacker can then play back the track that the usage rights have been exercised without having to pay again. Note that a hacker can crack the protection mechanism without having to read or write the covert key. Thus, "copy and restore attack" applies to rights that are consumed, such as the right to play once, the right to make a limited number of copies (a counter on the disc is incremented after each copy), or the right to transfer tracks from one disc to another (tracks on the original disc are deleted).
Disclosure of Invention
It is therefore an object of the present invention to provide a method and apparatus, and corresponding record carrier, for controlling the distribution and use of a digital work based on accompanying usage rights information, whereby usage rights can be prevented from being hacked by "copy and recovery attacks".
The present invention provides methods and apparatus wherein:
a method for controlling distribution and use of a digital work, comprising the steps of:
a) attaching a usage right information to the digital work, the usage right information defining one or more conditions that must be satisfied in order to exercise the usage right;
b) storing the digital work and its additional usage rights information on a record carrier (10);
c) updating the additional usage rights information with each use of the digital work;
d) denying use of the digital work if the usage rights information indicates that the usage rights have been exercised;
is characterized in that:
e) when the usage right information has been changed, hidden information for encrypting or verifying the usage right information stored in a hidden channel is changed.
An apparatus for controlling distribution and use of a digital work, comprising:
a) -writing means (20) for writing said digital work and additional usage right information defining one or more conditions that have to be fulfilled in order to exercise the usage right on a record carrier (10);
b) updating means (22) for updating the additional usage rights information with each use of the digital work; and
c) control means (21) for denying use of the digital work if the usage right information indicates that the usage right has been exercised,
is characterized in that:
d) said updating means (22) being arranged to change covert information stored in a covert channel for encrypting or verifying said usage right information when said usage right information has changed.
Accordingly, when the usage right information has been changed, the usage right information is rewritten and new hidden information for encrypting and verifying the usage right information is stored. Thus, a simple restore operation to the usage right information during a "copy and restore attack" procedure can only restore the previous usage right information, but not the previous hidden information. However, due to the fact that the altered hidden information no longer fits or corresponds to the previous or original usage right information, decryption or verification of the usage right information is no longer possible, so that the protection system of the disc player will recognize the attempt of fraud. A "copy-and-restore attack" on a covert channel will no longer be effective because a non-compliant device is unable to read and write on the covert channel.
According to an advantageous development, the hidden information can be a checksum over the data block containing the usage right information. In this case the usage right information does not have to be encrypted on the record carrier. By calculating the checksum and storing this checksum in the covert channel, any manipulation of the content of the usage rights information can be prevented. The "copy and restore" attack does not work because the covert checksum, which has changed with the update of the usage rights information, is no longer valid for the original usage rights information after restoration.
Alternatively, according to another advantageous development, the hidden information may be a key for decrypting the usage right information, wherein the key is randomly changed, and the usage right information is re-encrypted with the changed key when the usage right information has changed. Restoring the old version of the usage rights information would no longer be useful because the changed key could not be used to decrypt the original usage rights information.
It is preferable to destroy the previous key after the change of the key. Thus, the key used to encrypt the original usage rights information can no longer be extracted and a would be hacker can not decrypt the original usage rights information.
The hidden channel can preferably be generated as follows:
storing the hidden information in a deliberate error that can be corrected again;
storing concealment information in merge bits of a run-length-limited code;
controlling the polarity (polarity) of a predetermined run of a predetermined word of a run length limited code in accordance with the hidden information;
storing covert information in an intentional error in a time base (time-base); or
The hidden information is stored in a memory built in a disk controller. Thereby, a hidden channel can be provided which cannot be read or written by existing or conventional disk drives. They cannot read or write hidden channels even with firmware updates. In particular, to copy or read the covert channel, the corresponding integrated circuit is modified. However, this is expensive and requires corresponding expertise. The lead-in areas (lead-in areas) of the known record carrier are not sufficient to provide such a hidden channel, since conventional disc drives allow access to these areas by a simple firmware tampering (hacking) operation.
According to another advantageous modification, the accompanying usage rights information may be stored in a table together with key information for decrypting the digital work. In this way, the key information required to decrypt the digital work can no longer be decrypted after "copy and recovery attack". The digital work may be a soundtrack downloaded from the internet to a recordable optical disc.
The usage right information preferably contains a counter information that can be updated when the usage right has been exercised. Thus, the change of counter information results in an overwrite and re-encryption operation with a new covert key, making the detection and recovery of updated counter values useless due to the changed covert decryption key.
According to another advantageous modification, each track (track) of the recording medium may contain its usage right information and hidden information. In this case a concealment key is provided for each track of the record carrier, as long as the concealment channel has sufficient capacity.
Drawings
The present invention will be described in more detail below with reference to preferred embodiments in conjunction with the accompanying drawings.
FIG. 1 illustrates modification of a key-lock table and a covert key after a copy operation in accordance with a preferred embodiment of the present invention;
figure 2 shows a basic block diagram of a drive apparatus for driving a record carrier according to a preferred embodiment of the invention;
fig. 3 shows a basic flow diagram of the secure updating of usage right information according to a preferred embodiment of the present invention.
Detailed Description
The preferred embodiment will now be described in terms of an EMD from the internet to a record carrier such as a recordable optical disc, where music tracks are purchased, downloaded or stored on the record carrier.
However, in this application, the term "digital work" refers to any work that has been reduced to a digital representation. This includes any audio, video, textual or multimedia work and any accompanying interpreter (e.g., software) needed to render the work. The term "usage rights" refers to any rights granted to a recipient of a digital work. Generally, these rights define how a digital work is used and whether the digital work can be further disseminated. Each usage right may have one or more certain conditions that must be met to exercise the right. Usage rights are permanently "attached" to the digital work. Copies made from digital works are also subject to usage rights. In this way, usage rights and any associated fees assigned by the creator and subsequent issuers will always remain with the digital work.
According to a preferred embodiment all secrets, such as usage rights, keys, counters, self-identification of the disc or any information to be stored in a tamper-proof manner, are stored together in a table called key-lock table KLT. The key-lock table KLT is encrypted, for example with the DES algorithm, and stored at any convenient location on the disc. The key used for encrypting the key-lock table KLT is called the key-lock key KLK. The key KLK is stored on the disc in a special hidden channel or secure side channel which cannot be read or written by existing or conventional disc drives. In particular, the hidden channel must be arranged such that the firmware updates of existing disc drives are not sufficient to enable read and write operations to the hidden channel.
The hidden channel must be hidden very deeply in the physical characteristics of the recorded data stream, the record carrier or the disc drive, so that the integrated circuit is modified to read or write the hidden channel with the existing disc drive. Some possibilities to implement such a hidden channel are:
(i) storing the hidden information (key) in a deliberate error of the data stream that can be corrected again;
(ii) storing hidden information in merging bits of a run-length restricted code sequence;
(iii) storing the hidden information by controlling the polarity of predetermined runs of predetermined data or control symbols of a run-length limited code sequence according to the hidden information;
(iv) the concealment information is stored in intentional errors of the time base of the data stream.
However, any other covert channel suitable for preventing reading or writing of covert information with existing disk drives may be implemented.
The key-lock table KLT is to be rewritten each time its content is changed, for example when the right of use is consumed. Then, each time the key-lock table KLT is rewritten, a new random key-lock key KLK is used.
Fig. 1 shows a purchased version of a key-lock table KLT written on a recordable optical disc, encrypted by a first key-lock key KLK-1 stored in a hidden channel of the optical disc, for example as indicated above. In the example shown in fig. 1, the user has purchased the right to copy three track 2. In the key-lock table KLT shown in fig. 1, only the content relating to track 2 is shown, wherein the table comprises an identifier part and a data part, wherein the identifier part comprises information for identifying the respective data in the data part. In particular, the key (represented by a hexadecimal notation) is followed by a lane 2 usage right of lane 2 (represented by a binary notation) and by a counter value of lane 2, which is set to "3" according to the purchased usage right.
After the copy operation of track 2 a new key-lock-key KLK-2 is randomly selected by the disc drive, which is used to re-encrypt the updated key-lock table KLT, stored in the hidden channel. So, as shown in the lower part of fig. 1, after the first copying of the second track, the key-lock table KLT has been re-encrypted by the new key-lock-key KLK-2 and updated by reducing the counter value of the key-lock table KLT to "2".
Thus, if the original or purchased key-lock table KLT is extracted and stored immediately after the first copying and then re-stored, it is useless, since the hidden channel now stores the new key-lock-key KLK-2, which now no longer can be decrypted by the disc drive. Thus, a "copy-and-restore attack" is easily detected by the disk drive, or at least causes an error.
Fig. 2 shows a basic block diagram of a disc drive according to a preferred embodiment of the invention, the disc 1 drive being arranged to generate and write a key-lock table KLT on a recordable disc 10 together with a digital work DW, i.e. a music track or the like, on the basis of usage rights obtained together with a purchase from the internet. In particular, an EMD application program, which is executable on a computer system to provide corresponding download functionality, stores the purchased scrambled digital work in the memory 23 of the disc drive along with a key required to descramble the digital work and a description of the usage rights. Alternatively, the purchased pieces of information may be stored in a memory of the computer system, from which the drive controller 21 of the disc drive may read the information.
The drive controller 21 reads the purchased piece of information from the memory 23 and supplies the keys and the usage rights to a key-lock updating and encryption unit 22 arranged to generate a corresponding key-lock table KLT and randomly select the key-lock key KLK for encrypting the key-lock table KLT. The drive controller 21 receives the generated key-lock table KLT and key-lock key KLK and controls the read-write (RW) unit 20 to write the purchased digital work DW (i.e. music tracks) and key-lock table KLT at predetermined locations on the recordable disc 10. Furthermore, the drive controller 21 controls the RW unit 20 to store the key-lock key KLK in a hidden channel of the recordable disc 10, which is not accessible by a conventional disc drive or disc player. With each change of the purchased usage rights due to consumption (e.g. copy or play operations), the drive controller 21 supplies a corresponding control signal to the key-lock updating and encrypting unit 22, which updates the key-lock table KLT accordingly, generates a new randomly selected key-lock key KLK, and encrypts the key-lock table KLT with the new key-lock key KLK. The drive controller 21 receives the updated and scrambled key-lock table KLT and the new key-lock key KLK, controls the RW unit 20 to write the re-scrambled key-lock table KLT onto the recordable disc 10, and writes the new key-lock key KLK into the hidden channel. This way a new key-lock key KLK is updated and re-encrypted after each change in the key-lock table KLT.
If the updated key-lock table KLT indicates that the usage rights have been exercised or consumed, the disk controller 21 denies the use of the corresponding digital work, for example by transmitting a corresponding error message or control signal to the EMD application.
It should be noted that the key-lock updating and encrypting unit 22 may be implemented in the form of a software routine of the drive controller 21.
Fig. 3 is a basic flowchart of the procedure for secure update of the usage right. According to fig. 3, a new random key-lock key KLK-2 is generated in step S100 after the recordable disc has been loaded into the disc drive and the usage operation of the corresponding digital work has started. The content of key-lock table KLT is then updated and encrypted by key-lock update and encryption unit 22 with this new key-lock key KLK-2 (step S101). The new key-lock key KLK-2 is then written by RW unit 20 to hidden channel HC of recordable disc 10 (step S102). This step may be followed by an optional step of verifying that the new key-lock key KLK-2 and the re-encrypted key-lock table KLT have been correctly written on the recordable disc 10. Finally, the previous key-lock key KLK-1 may be destroyed by the RW unit (step S103).
According to an alternative modification of the preferred embodiment, the key-lock updating and ciphering unit 22 may be replaced by a key-lock updating and verifying unit arranged to calculate a checksum over the contents of the key-lock table KLT and to store the checksum in the hidden channel HC (instead of the key-lock key KLK). In this case, there is no need to encrypt even the key-lock table KLT. Any operation on the content of the key-lock table KLT can be verified by the key-lock update and verification unit by performing a verification operation using the hidden checksum. Any change of the key-lock table KLT due to consumption or exercise of the purchased usage rights results in a changed checksum, which is written to the hidden channel HC. Thus, a "copy-and-restore attack" will result in a mismatch between the actual checksum of the restored key-lock table KLT and the hidden checksum. This mismatch will be detected by the key-lock update and verification unit so that an error handling or protection mechanism can be initiated.
The invention therefore has the advantage that the "copy-and-restore attack" causes a mismatch between the hidden key-lock key KLK or an alternative hidden checksum and the restored key-lock table KLT. This mismatch either prevents descrambling of the key-lock table KLT or causes errors in the authentication process. This enables fraudulent attacks to be detected in the disc drive.
In another embodiment the hidden channel contains random data that is used to calculate a checksum over the contents of the key-lock table KLT, which checksum is stored in the user data and is thus freely accessible to both compliant and non-compliant devices. The content of the covert channel is freely accessible if it is determined that the content cannot be deterministically changed by the non-compliant device. The compliant device may calculate a checksum by reading the random data in the covert channel and check whether the calculated checksum corresponds to the checksum present in the user data. The calculated checksum differs from the checksum present in the user data, indicating that the contents of the covert channel may be tampered with.
It is noted that the present invention is not limited to the above-described embodiments, but any recording or writing application that should be protected against "copy and restore attacks" may be applied. EMD may be performed by scrambling a free release of a digital work DW on a subject platen or through a broadcast channel. However, the keys are not distributed with the content of the digital work. The key may be purchased over the internet. In such a case, the compressed digital work need not be downloaded, but only the key. This reduces the network load and transmission costs.
In addition, the key-lock table KLT may be arranged as one key-lock table per track. In this case, it is necessary that the hidden channel has enough space to store a random key-lock key KLK for each key-lock table KLT. If the key-lock table KLT becomes so large that one overwrite operation cannot be performed per transaction, it can be decomposed into a plurality of key-lock tables. Each key-lock table KLT will then have its own random key-lock key KLK stored in the hidden channel.
The invention can also be applied to protect hard disks from "copy and restore attacks". In this case, the hidden channel may be arranged as a memory built into the HDD controller. Similar applications to flash memory cards are possible. In summary, the present invention can be applied to protect any other recording medium such as a magneto-optical recording medium (mini disc) or a magnetic tape.

Claims (9)

1. A method for storing a digital work in a record carrier comprising a rewritable portion and a key, comprising:
storing a digital work and usage right information defining one or more conditions that must be satisfied in order to exercise a usage right on the rewritable portion, the rewritable portion being readable by a commercial reproduction apparatus for reproducing and playing back the digital work;
storing the key in a covert channel separate from the rewritable portion, the covert channel not being accessible by the commercial reproduction apparatus, wherein the key is changed when the usage rights information is changed; and is
Encrypting, decrypting or verifying the usage right information with the key.
2. Method according to claim 1, characterized in that said record carrier is a recordable optical disc.
3. Method according to claim 1, characterized in that the record carrier is a CD or DVD.
4. A method according to claim 1, characterized by storing the hidden information in a memory built into the disk controller.
5. The method according to claim 1, wherein the hidden channel includes deliberate errors that can be corrected again.
6. The method according to claim 1, wherein the buried channel comprises information stored as a run-length limited code and stored as merging bits of the run-length limited code.
7. A method according to claim 1, wherein the buried channel comprises information stored as a run-length limited code and the polarity of predetermined runs of predetermined words of the run-length limited code is controlled in accordance with said information.
8. The method according to claim 1, wherein the buried channel comprises intentional errors in the time base of the information data stream.
9. The method of claim 1, wherein the covert channel is a secure side channel.
HK06112297.9A 2000-08-16 2006-11-08 A method for storing a digital work and usage right information in a record carrier that includes a re-writable section and a key HK1097947B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP00202888 2000-08-16
EP00202888.4 2000-08-16

Publications (2)

Publication Number Publication Date
HK1097947A1 HK1097947A1 (en) 2007-07-06
HK1097947B true HK1097947B (en) 2013-09-19

Family

ID=

Similar Documents

Publication Publication Date Title
EP1843343B1 (en) Method and device for controlling distribution and use of digital works
JP5739925B2 (en) Record carrier
JP5362675B2 (en) Key distribution by memory device
RU2361293C2 (en) Method of managing information for record medium copyprotection
US20050273862A1 (en) Methods and systems of protecting digital content
KR20030085585A (en) Validating keying material by using a validation area of read-only media to prevent playback of unauthorized copies of content stored on the media
KR100994772B1 (en) How to copy and play data on a storage medium
JP2004531957A (en) Method and apparatus for decrypting encrypted data stored on a record carrier
JPH1196674A (en) Data recording device data reproducing device, and data recording medium
JP2006011682A (en) Information recording medium verification apparatus, information recording medium verification method, and computer program
HK1097947B (en) A method for storing a digital work and usage right information in a record carrier that includes a re-writable section and a key
KR101270712B1 (en) A method for protecting digital content by encrypting and decrypting a memory card