A record carrier, recording device, read-out device and method is provided which provides a flexible security level to protect user data during transmission over a communication bus, also when the data is recorded on a record carrier such as a recordable optical disc. In accordance with the method, management information comprising encryption indication information indicating that user data stored in an associated sector of a record carrier, such as a recordable optical disk, is to be encrypted by a read-out device before being transmitted over a communication bus.
|
1. record carrier (10) for storing user data in sectors (S) and management information (M) associated with said sectors (S), and stored in a sector header of each sector,
wherein said management information (M) comprises an encryption indication information (M1) comprising a single bit associated with each of said sectors (S), each bit indicating to a read-out device whether at least a part of the user data stored in the associated sector (S) are to be encrypted by the read-out device (2) before being transmitted over a communication bus (6), and
wherein said management information (M) further comprises an encryption amount information (M3) indicating which parts of each of said sectors (S) are to be encrypted while other parts of each of said sectors (S) remain unencrypted.
9. Read-out method for reading data from a record carrier (10) storing user data in sectors (S) and management information (M) associated with said sectors (S), wherein said management information (M) comprises an encryption indication information (Ml) comprising a single bit associated with each of said sectors (S), each bit (M1) indicating whether the user data stored in the associated sector are to be encrypted by a read-out (2) device before being transmitted over a communication bus (6), comprising the steps of: reading said user data and said management information (M) from said record carrier (10), interpreting said management information (M), encrypting user data of sectors (S) for which the associated encryption indication information (M1) indicates that said user data are to be encrypted and outputting said user data.
0. 15. A personal computer for use with a drive comprising a data interpreter (23) for interpreting management information (M) comprising encryption indication information (M1) comprising a single bit associated with each of said sectors (S), each bit indicating that at least a part of user data of sectors (S) are to be encrypted, an encryption unit (24) for encrypting user data of sectors (S) for which the associated encryption indication information (M1) indicates that at least a part of said user data are to be encrypted, and an output unit (25) for outputting said user data onto a communication bus, the personal computer comprising:
a host system comprising a cpu and memory;
a communications bus connected to the host system;
wherein the host system is adapted for receiving said user data from the communication bus and decrypting the user data of the sectors which have been encrypted based on the associated encryption indication information (M1) when the drive is connected to the communication bus.
11. Recording method for recording data on a record carrier (10) comprising the steps of: receiving user data and a command (C) to record said user data in sectors (S) on a record carrier (10) from a communication bus (6), interpreting said command (C) so as to identify a decryption indication information (C2) included therein indicating which parts of the received user data are encrypted and are to be decrypted before recording on said record carrier (10), decrypting the parts of said user data for which the associated decryption indication information (C2) indicates that they are encrypted and are to be decrypted before recording on said record carrier (10), and recording said user data in sectors (S) on said record carrier (10) and a management information (M) associated with said sectors (S) comprising an encryption indication information (M1) comprising a single bit associated with each of said sectors (S), (M1) indicating that at least a part of the user data stored in sectors (S) associated with said management information (M) are to be encrypted by a read-out (2) device before transmission over a communication bus (6).
8. Read-out device for reading data from a record carrier (10) storing user data in sectors (S) and management information (M) associated with said sectors (S), wherein said management information (M) comprises an encryption indication information (M1) comprising a single bit associated with each of said sectors (S), each bit (M1) indicating whether at least a part of the user data stored in the associated sector (S) are to be encrypted by a read-out device (2) before being transmitted over a communication bus (6), comprising:
a reading unit (21) for reading said user data and said management information (M) from said record carrier (10),
a data interpreter (23) for interpreting said management information (M),
an encryption unit (24) for encrypting user data of sectors (S) for which the associated encryption indication flag information bit (M1) indicates that at least a part of said user data are to be encrypted and an output unit (25) for outputting said user data and encryption amount information (M3) indicating which parts of each of said sectors (S) are to be encrypted while other parts of each of said sectors (S) remain unencrypted.
13. A computer program embodied on a non-transitory computer-readable medium for reading data from a record carrier (10) storing user data in sectors (S) and management information (M) associated with said sectors (S), wherein said management information (M) comprises an encryption indication information (M1) comprising a single bit associated with each of said sectors (S), each bit (M1) indicating that at least a part of the user data stored in the associated sector are to be encrypted by a read-out (2) device before being transmitted over a communication bus (6), comprising:
a code segment for reading said user data and said management information (M) from said record carrier (10), and
a code segment for interpreting said management information (M), encrypting user data of sectors (S) for which the associated encryption indication information (M1) indicates that at least a portion of said user data are to be encrypted and outputting said user data, and
a code segment for interpreting said management information (M3) indicating which portions of said totality of user data stored in the associated sector (S) are to be encrypted while other parts of the associated sector (S) remain unencrypted.
10. Recording device for recording data on a record carrier (10) comprising:
an input unit (27) for receiving user data and a command (C) to record said user data in sectors (S) on a record carrier (10) from a communication bus (6),
a command interpreter (26) for interpreting said command (C) so as to identify a decryption indication information (C2) included therein indicating which parts of the received user data are encrypted and are to be decrypted before recording on said record carrier (10),
a decryption unit (24) for decrypting the parts of said user data for which the associated decryption indication information (M2) indicates that they are encrypted and are to be decrypted before recording on said record carrier (10), and
a write unit (22) for recording said user data in sectors (S) on said record carrier (10) and
a management information (M) associated with said sectors (S) comprising an encryption indication information (M1) comprising a single bit associated with each of said sectors (S), each bit (M1) indicating whether at least a part of the user data stored in sectors (S) associated with said management information (M) are to be encrypted by a read-out (2) device before transmission over a communication bus (6),
wherein said management information (M) further comprises an encryption amount information (M3) indicating which part or parts of the data stored in the associated sector (S) are to be encrypted while other parts of the associated sector (S) remain unencrypted.
0. 14. A personal computer for use with a record carrier comprising user data arranged in sectors (S), and management information (M) associated with said sectors (S), said management information (M) comprising an encryption indication information (M1) comprising a single bit associated with each of said sectors (S), each bit indicating that at least a part of the user data stored in the associated sectors (S) are to be encrypted by a drive (2) before being transmitted over a communication bus (6), the personal computer comprising:
a drive for reading user data stored on a record carrier;
a host system, comprising a cpu and memory;
a communication bus connecting the drive to the cpu and memory,
wherein the drive comprises a data interpreter (23) for interpreting said management information (M), and encryption unit (24) for encrypting user data of sectors (S) for which the associated encryption indication information (M1) indicates that at least a part of a totality of said user data are to be encrypted and an output unit (25) for outputting said user data onto the communication bus, and
wherein the host system is adapted for receiving said user data from the communication bus and decrypting the user data of the sectors which have been encrypted based on the associated encryption indication information (M1), and
wherein said management information (M) further comprises an encryption amount information (M3) indicating which part or parts of the user data of the sectors are to be encrypted while other parts of the sector remain unencrypted.
2. record carrier as claimed in
0. 3. record carrier as claimed in
4. record carrier as claimed in
5. record carrier as claimed in
6. record carrier as claimed in
7. record carrier as claimed in
12. Recording method as claimed in
|
This is a reissue of U.S. Pat. No. 7,607,024 issued on Oct. 20, 2009 and is incorporated by reference herein.
The present invention relates to a record carrier for storing user data in sectors and management information associated with said sectors. The present invention relates further to a read-out device for reading data from a record carrier and a corresponding read-out method. Still further, the present invention relates to a recording device and a corresponding recording method for recording data on a record carrier. Finally, the present invention relates to a computer program for implementing said methods.
Optical disc drives connect with other components in a personal computer (PC) via a communication bus, in particular a so-called PCI-bus. It is easy for hackers to listen to the communication over this bus and to get access to transmitted user data. A so-called bus encryption, according to which user data are encrypted before transmission over the communication bus and decrypted by the receiving component after transmission, is generally used to protect data transmission against eavesdropping. However, bus encryption requires significant computational effort which degrades the performance of application or increases the costs of such systems. The computational efforts could be reduced by not encrypting all user data in all sectors, but only encrypting a few sectors or part of the user data in a sector, or by choosing an encryption algorithm that requires less computational effort. Such measures would, however, weaken the protection.
Since different applications have different security requirements, and a single optical drive has to read and to protect data for many different applications, it is thus a problem to make an optical disc drive or, more generally, to provide a read-out device for reading data from a record carrier, that satisfies all needs with a single bus encryption method. In particular, this flexible security level shall be provided to protect user data during transmission over the communication bus when the user data is recorded on a record carrier, such as a recordable optical disc.
Many copy protection methods have been created to prevent copying of user data. One of these methods is based on so-called re-encryption according to which some sectors of the disc are encrypted and which will be decrypted by the drive before transmitting it via a secure communication channel to another component in a PC. The advantage of re-encryption is that the key used by the drive to decrypt the sector does not leave the drive and is therefore not easily discovered by hackers. However, the decryption of the encrypted sector requires significant computational effort which degrades the performance of the drive or increases the costs thereof. Although the computational effort can be reduced by the same measures as mentioned above, the strength of the protection will be weakened.
Since different applications have different security requirements it is therefore desired to provide a low-cost read-out device that is optimized for the security level of a single application and a general purpose read-out device that provides the right security level for all applications and can read record carriers for all applications. A method is therefore needed by which a general-purpose read-out device can determine if and, preferably, what type of encryption is to be used. Preferably, an additional information indicating if and which kind of decryption is required before encryption, should be provided.
It is thus an object of the present invention to provide a record carrier, a recording device and method as well as a read-out device and method which provide a flexible security level to protect user data during transmission over the communication bus, also when the data is recorded on a record carrier such as a recordable optical disc.
This object is achieved according to the present invention by a record carrier as claimed in claim 1 according to which the management information comprises an encryption indication information indicating that the user data stored in the associated sector are to be encrypted by a read-out device before being transmitted over a communication bus.
A read-out device for reading data from such a record data is defined in claim 7 and comprises a data interpreter for interpreting said management information, an encryption unit for encrypting user data of sectors for which the associated encryption indication information indicates that said user data are to be encrypted and an output unit for outputting said user data.
A recording device for recording data on such a record carrier is defined in claim 10 and comprises:
an input unit for receiving user data and a command to record said user data in sectors on a record carrier from a communication bus,
a command interpreter for interpreting said command so as to identify a decryption indication information included therein indicating which parts of the received user data are encrypted and are to be decrypted before recording on said record carrier,
a decryption unit for decrypting the parts of said user data for which the associated decryption indication information indicates that they are encrypted and are to be decrypted before recording on said record carrier, and
a write unit for recording said user data in sectors on said record carrier and a management information associated with said sectors comprising an encryption indication information indicating that user data stored in sectors associated with said management information are to be encrypted by a read-out device before transmission over a communication bus.
Corresponding methods are defined in claims 9 and 11. A computer program for implementing said methods is defined in claim 13.
The present invention is based on the idea to signal to the read-out device that particular user data shall be encrypted by the read-out device before they can be transmitted over the communication bus, in particular a PCI-bus of PC. An encryption indication information is thus provided in the management information and associated with all sectors in which user data are stored which shall be encrypted before transmission over the communication bus. This encryption indication information will be read and evaluated by the read-out device which then encrypts the associated user data before they are outputted to the communication bus. The recording device according to the present invention is adapted such that during recording of user data such encryption indication information is assigned to the user data and also recorded on the record carrier for later read-out by the read-out device. Such encryption indication information is written based on a corresponding decryption indication information included in a command received by the recording device along with the instruction to record particular user data on a record carrier. The invention thus provides a simple, flexible and low-cost solution providing copy protection during transmission of user data over a communication bus which are read from a record carrier.
It should be noted that user data shall be understood as including any kind of data that are stored on a record carrier and can be transmitted over a communication bus, i.e. not only include data that are particularly meant for a user, such as audio, video or software data, but also include any other kind of data such as management data or control data.
Preferred embodiments of the invention are defined in the dependent claims. According to a simple embodiment the management information is stored in the sector header of each sector and the encryption indication information is a single bit which is used to trigger encryption of user data stored in the associated sector. However, the management information can be also stored in a separate (additional) sub-code channel besides the normal data channel.
According to further embodiments the management information comprises additional information indicating which part or parts of the user data are to be encrypted, which encryption algorithm is to be used for encryption, which key-hierarchy is to be used for determination of an encryption key to be used for encryption and/or indicating that the user data stored in the associated sectors are to be decrypted by the read-out device before being encrypted again for transmission. Again, these indicators could be single bits stored in the sector header. Preferably, the indication information that triggers bus-encryption is made independent from the indication information that triggers sector decryption because the security requirements for both methods may be different. If the triggers for bus encryption and sector decryption are independent, preferably the integrity of at least the bus encryption trigger is protected. This can be achieved by, e.g., making the sector decryption key dependent on at least the bus encryption trigger (for example XOR or hash the trigger into the key).
The invention will now be explained in more detail with reference to the drawings in which
In the embodiment shown in
In the embodiment shown in
The management information may further include additional information, such as an information indicating the amount of user data that needs to be decrypted before encryption, which algorithm to use for decryption and/or which key hierarchy to use for decryption.
According to still another embodiment as shown in
Further information can be included in the management information, such as for instance an encryption algorithm information M4 indicating which encryption algorithm is to be used for encryption and/or a key hierarchy information M5 indicating which key-hierarchy is to be used for determination of an encryption key to be used for encryption.
The embodiment of the drive 2 shown in
These steps of encryption and decryption will be done by the encryption/decryption unit 24 before the partly encrypted user data are written to the record carrier 10 by the write unit 22. At the same time an appropriate management information M including indicators M1 and M2 is recorded in the sector header H. Of course, additional further information, similar to the additional further information illustrated above for the management information, can also be included in the command C.
According to the invention a simple, low-cost, flexible and secure solution for protection of user data stored on a record carrier before transmission over a communication bus of a PC is provided.
Staring, Antonius Adriaan Maria, Treffers, Menno Anne, Skoric, Boris, Maes, Maurice Jerome Justin Jean-Baptiste
Patent | Priority | Assignee | Title |
Patent | Priority | Assignee | Title |
5930358, | Nov 22 1995 | MITSUBISHI KAGAKU MEDIA CO , LTD | Storage device having a nonvolatile memory for storing user changeable operating parameters |
6289102, | Oct 09 1995 | Matsushita Electric Industrial Co., Ltd. | Apparatus and method for preventing unauthorized use of information recorded on an information recording medium |
6301663, | Nov 20 1997 | Kabushiki Kaisha Toshiba | Copy protection apparatus and information recording medium used in this copy protection apparatus |
6378072, | Feb 03 1998 | ENTIT SOFTWARE LLC | Cryptographic system |
6438692, | Nov 20 1997 | Kabushiki Kaisha Toshiba | Copy protection apparatus and information recording medium used in this copy protection apparatus |
6578149, | Apr 14 1998 | HITACHI CONSUMER ELECTRONICS CO , LTD | METHOD FOR REPRODUCING DATA, APPARATUS FOR REPRODUCING DATA, METHOD FOR CODING DATA, METHOD FOR RECORDING DATA, APPARATUS FOR RECORDING AND REPRODUCING DATA, METHOD FOR AUTHENTICATION, SEMICONDUCTOR CHIP, REPRODUCING APPARATUS, RECORDING APPARATUS AND DATA PROCESSING APPARATUS |
6778757, | Oct 23 1998 | Hitachi, Ltd. | Data recording/reproduction apparatus and method |
7111169, | Mar 29 2001 | Intel Corporation | Method and apparatus for content protection across a source-to-destination interface |
7116893, | Oct 23 1998 | HITACHI CONSUMER ELECTRONICS CO , LTD | Data recording/reproduction apparatus and method |
7565691, | Mar 05 2004 | Sony Corporation | Information processing apparatus, authentication processing method, and computer program |
7607024, | Aug 01 2003 | KONINKLIJKE PHILIPS ELECTRONCS, N V | Record carrier comprising encryption indication information |
7657032, | Sep 21 2001 | Sony Corporation | Data outputting method, recording method and apparatus, reproducing method and apparatus, and data transmitting method and receiving method |
7984499, | May 10 2004 | Sony Corporation | Processing device and associated methodology for authorized device certificate updating |
20020003880, | |||
20020015494, | |||
20020141577, | |||
20020141578, | |||
20030091186, | |||
20030091187, | |||
20030159037, | |||
20040190424, | |||
20050198529, | |||
20060239462, | |||
20070209077, | |||
WO2005013272, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Jul 28 2004 | Koninklijke Philips Electronics N.V. | (assignment on the face of the patent) | / |
Date | Maintenance Fee Events |
Apr 15 2013 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Apr 18 2017 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Jun 07 2021 | REM: Maintenance Fee Reminder Mailed. |
Nov 22 2021 | EXP: Patent Expired for Failure to Pay Maintenance Fees. |
Date | Maintenance Schedule |
Mar 26 2016 | 4 years fee payment window open |
Sep 26 2016 | 6 months grace period start (w surcharge) |
Mar 26 2017 | patent expiry (for year 4) |
Mar 26 2019 | 2 years to revive unintentionally abandoned end. (for year 4) |
Mar 26 2020 | 8 years fee payment window open |
Sep 26 2020 | 6 months grace period start (w surcharge) |
Mar 26 2021 | patent expiry (for year 8) |
Mar 26 2023 | 2 years to revive unintentionally abandoned end. (for year 8) |
Mar 26 2024 | 12 years fee payment window open |
Sep 26 2024 | 6 months grace period start (w surcharge) |
Mar 26 2025 | patent expiry (for year 12) |
Mar 26 2027 | 2 years to revive unintentionally abandoned end. (for year 12) |