EP1966795A2 - Method for writing data having a distinctive feature - Google Patents
Method for writing data having a distinctive featureInfo
- Publication number
- EP1966795A2 EP1966795A2 EP06842519A EP06842519A EP1966795A2 EP 1966795 A2 EP1966795 A2 EP 1966795A2 EP 06842519 A EP06842519 A EP 06842519A EP 06842519 A EP06842519 A EP 06842519A EP 1966795 A2 EP1966795 A2 EP 1966795A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- fingerprint data
- written pattern
- record carrier
- recording track
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 88
- 230000008569 process Effects 0.000 abstract description 13
- 238000007796 conventional method Methods 0.000 abstract 1
- 238000000605 extraction Methods 0.000 description 9
- 230000003287 optical effect Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000006073 displacement reaction Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 238000013075 data extraction Methods 0.000 description 3
- 238000009795 derivation Methods 0.000 description 3
- 238000005070 sampling Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000001228 spectrum Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000005415 magnetization Effects 0.000 description 1
- 238000002310 reflectometry Methods 0.000 description 1
- 238000007493 shaping process Methods 0.000 description 1
- 230000003595 spectral effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/10—Digital recording or reproducing
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B19/00—Driving, starting, stopping record carriers not specifically of filamentary or web form, or of supports therefor; Control thereof; Control of operating function ; Driving both disc and head
- G11B19/02—Control of operating function, e.g. switching from recording to reproducing
- G11B19/12—Control of operating function, e.g. switching from recording to reproducing by sensing distinguishing features of or on records, e.g. diameter end mark
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00217—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
- G11B20/00253—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier
- G11B20/00369—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier wherein a first key, which is usually stored on a hidden channel, e.g. in the lead-in of a BD-R, unlocks a key locker containing a second
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00572—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which change the format of the recording medium
- G11B20/00586—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which change the format of the recording medium said format change concerning the physical format of the recording medium
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00572—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which change the format of the recording medium
- G11B20/00586—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which change the format of the recording medium said format change concerning the physical format of the recording medium
- G11B20/00594—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which change the format of the recording medium said format change concerning the physical format of the recording medium wherein the shape of recording marks is altered, e.g. the depth, width, or length of pits
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00572—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which change the format of the recording medium
- G11B20/00586—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which change the format of the recording medium said format change concerning the physical format of the recording medium
- G11B20/00601—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which change the format of the recording medium said format change concerning the physical format of the recording medium wherein properties of tracks are altered, e.g., by changing the wobble pattern or the track pitch, or by adding interruptions or eccentricity
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00731—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
- G11B20/00746—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00731—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
- G11B20/00746—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
- G11B20/00797—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number wherein the usage restriction limits the number of times a content can be reproduced, e.g. using playback counters
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B23/00—Record carriers not specific to the method of recording or reproducing; Accessories, e.g. containers, specially adapted for co-operation with the recording or reproducing apparatus ; Intermediate mediums; Apparatus or processes specially adapted for their manufacture
- G11B23/28—Indicating or preventing prior or unauthorised use, e.g. cassettes with sealing or locking means, write-protect devices for discs
Abstract
In the field of content distribution a typical problem is the protection of Digital Rights information (DRM), which is appended to the content and written on a record carrier in the form of a corresponding written pattern, from tampering by malicious users. According to some known schemes, the protection is implemented by linking the DRM to some physical distinctive feature of the corresponding written pattern. From this distinctive feature fingerprint data can be extracted with some conventional method, and used for the authentication of the DRM. The invention proposes a method of writing data wherein the formed written pattern has a radial offset, which is formed during writing as result of a non- controllable substantially random process. A corresponding apparatus for writing data, a method and an apparatus for extracting fingerprint data and a record carrier are also described.
Description
Method for writing data having a distinctive feature
The invention relates to a method of writing data on a record carrier and to a corresponding method of extracting fingerprint data.
The invention further relates to an apparatus for writing data on a record carrier and to a corresponding apparatus for extracting fingerprint data. The invention further relates to a record carrier having data recorded thereon from which data fingerprint data can be extracted.
With the advent of new on-line content distribution channels like iTunes, MusicMatch, PressPlay, Windows-Media Digital Rights Management (DRM) has started to play an increasingly important role. Currently three categories of DRM are employed. They can be distinguished by the way they store and protect the usage rights (such as "copy one time", "view until Wednesday", etc.):
1. Network-centric: the rights are stored securely on a dedicated server in a network. Devices wanting to access content consult the server to obtain (and if necessary update) the rights. The server might reside somewhere on the Internet (e.g. at the content owner's), or in a home network. This DRM category requires devices to be (almost) always on-line when accessing content.
2. (Personal) Card-centric: the rights are stored securely on a removable card or token, e.g. a smart-card, SD card, MemoryStick etc. Devices wanting to access content contact the removable security card to obtain (and if necessary update) the rights. This DRM category requires devices to have a slot for a plug-in card.
3. Device-centric: the rights are stored securely inside a fixed playback or storage device (e.g. a PC on which the content resides). A device wanting to access content administers the rights itself. The consequence of this DRM category is that content is always locked to a single device. The MusicMatch- and the original Windows DRM service are examples of such systems.
In the last few years a fourth variant has been developed which aims essentially at marrying the current optical media content distribution business-model to
DRM, giving an optical disc almost the same functionality as flash memory cards such as SD-card or MemoryStick:
4. Media-centric: the rights are stored securely on the recordable media itself.
Devices wanting to access content have special circuitry to retrieve (and if necessary update) the rights on the media. The consequence of this DRM category is that content can be consumed in any (media-centric DRM compatible) device (rights travel together with the content).
Although the last category looks very appealing from a consumer point of view, technically it is the most complicated one, because the layout of optical media has been standardized giving attackers direct access to all bits and bytes without further need for authentication and knowledge of system secrets etc. Of course, it is well known, e.g. from disc-based copy protection systems (DVD, CD, etc.), how to prevent such bits from being copied, using tools from cryptography (ciphers, key-distribution schemes, broadcast- encryption etc.) and disc-marks/ROM side-channels (wobbles, BCA with unique media ID, ...). However none of these systems had to contend with the particularly vicious save-and- restore attack, unique to DRM systems with consumable rights.
Contrary to static rights (copy never, copy free, EPN (encryption plus non- assertion state)), consumable rights are rights which typically get more restrictive every time the content is consumed, e.g. play 4x, or record 3x. The save-and-restore attack goes as follows: content with corresponding digital rights is purchased and legitimately downloaded onto the storage medium; the attacker makes a temporary bit-copy of the storage medium ("image") onto some other storage medium, such as a hard-disc drive (HDD); - the original storage medium is "consumed", i.e. used normally, which means that the rights decrement in some sense; at any given moment the attacker can restore the original rights by copying back the image from the alternate storage (HDD). In this process the original rights are restored as well, even if the attacker doesn't know what the (encrypted) bits which have been copied back mean: the medium has simply been returned to its virgin state. This is independent of the use of any ROM side-channels such as the "Disc Mark" (e.g. a unique, but fixed media identifier in the BCA).
A method to resolve this hack is disclosed in WO02/015184 Al. According to this method a hidden channel (HC) as a side-channel is introduced. A side-channel is a
method to store additional information on a recording medium by exploiting the fact that multiple read-out signals represent the same user-data pattern (data available to the user). E.g. an additional message may be coded in the error-correction parities. The error-correction mechanism will remove these parities, so the user does not see any difference, but dedicated circuitry preceding the error-correction mechanism does. Of course in this example the information capacity of the medium has been increased at the expense of decreasing the system's error-correcting capacity.
According to WO02/015184 Al the HC is a side-channel on the storage medium containing information which observes the constraint that it cannot be written by the user but only by some compliant DRM application, and is therefore lost in bit-copies. Simple examples are data stored in sector headers and certain parts of the lead-in area. More sophisticated examples are redundancies in the standard for the storage medium, in which information is stored by making a particular choice for such a redundancy, e.g. selecting certain merging bit patterns on CD, or specific trends in the DSV (digital sum value, the running sum of channel-bits) on a DVD as, for instance, described in US 5,828,754, or intentional errors in sector data (which can be corrected by the redundant ECC-symbols). Yet another example is information stored in slow variations of the channel-bit clock as, for instance, described in US 5,737,286.
During the update of rights, the HC is used as follows: 1. when the digital rights are updated (created or overwritten), a new random data-string is chosen and recorded into the HC;
2. the new values of the digital rights are cryptographically bound to (amongst other things) the data- string written into the HC. An example would be constructing a key which depends on the HC-payload, and applying a digital signature to the digital rights with this key; or alternatively to encrypt the digital rights with this key. The signature could be either based on symmetric key cryptography (a so-called Message Authentication Code, or MAC), or public key cryptography (e.g. DSA-, or RSA-based signatures). During read-out of the rights the following check is performed using the HC: (i) when the digital rights are read, the data-string is retrieved from the HC; (ii) the key from step 2 above which depends on the HC data- string is re-created and used to verify the cryptographic relationship between the digital rights and the HC (either check the signature on the digital-rights, or decrypt the digital rights).
Step (ii) prevents the save-and-restore attack: the image, including the original digital rights may be restored by the attacker, but the HC cannot, therefore the check in step
(ii) fails. Rights and content keys can be protected in a Key Locker which in turn is protected by a Key Locker Key, which depends (partially) on the payload of a HC. Further, it is not necessary for the data in the HC to be confidential; however, it should be very difficult for the attacker to modify these bits. However, the system known from WO 02/015184 suffers from a disadvantage: because this known system relies on a universal secret present in every consumer device, viz. the algorithm by which bits are stored in the hidden channel. An attacker could therefore build a non-compliant device which would enable him to get access to the hidden information so that he could manipulate the hidden information, and thus could provide him with illegal access to encrypted content by manipulating any digital rights. It is therefore desired to provide measures which make it very difficult, expensive or even impossible to construct such a device for reasons which do not depend on the presence of a universal secret.
This disadvantage is overcome according to non-prepublished EP application 04106504.6 (filed on 13 Dec 2004 by the same applicant), which describes a method for controlling distribution and use of a Digital Work (DW), wherein the DW, along with appended Usage Right Information (URI), specifying the conditions under which the DW can be accessed, is recorded on a record carrier. The described method foresees that: the URI is recorded on the record carrier, fingerprint data are extracted from the recorded URI, and - authentication data, derived from the fingerprint data, are also recorded on the record carrier for subsequent authentication of the URI, so as to prevent that a user can replace the URI with another URI which is less restrictive, without this being detected.
This method relies on extracting the fingerprint data from a pattern recorded on the record carrier. In particular, a distinctive feature of a written pattern, known in the art as "fingerprint", can be represented by channel-bit errors of predetermined data recorded on said record carrier, or from the positions of the zero-crossings of a read-out signal with respect to channel bit boundaries of predetermined data recorded on said record carrier, or from the highest or lowest values, respectively, at a predetermined position of predetermined data recorded on said record carrier. In other words the "fingerprint" of a written pattern is a feature by which the written pattern can be distinguished from any other written pattern, even when representing the same data. Moreover, the fingerprint is obtained as result of some non- controlled process, in this case is inherent to the writing process, so that it is either impossible or unfeasible to record a pattern having a desired fingerprint.
It is a first object of the present invention to provide a method of writing data on a record carrier, by which fingerprint data can be extracted in an alternative manner, and a corresponding method of extracting fingerprint data.
It is a second object of the present invention to provide an apparatus for writing data on a record carrier, by which fingerprint data can be extracted in an alternative manner, and a corresponding apparatus for extracting fingerprint data.
It is a third object of the present invention to provide a record carrier having recorded data, by which fingerprint data can be extracted in an alternative manner.
According to the invention, the first object is achieved by a method of writing data as claimed in claim 1 , and by a corresponding method for extracting fingerprint data as claimed in claim 7.
Therefore, according to the invention the distinctive feature of the written pattern from which the fingerprint data is extracted is its radial offset from the recording track. While according to the prior art the distinctive feature is found in unavoidable differences between written patterns, resulting as a side effect of the writing process, in the method according to the invention instead, the distinctive feature is purposely created. This has the advantage of making more robust and reliable the extraction of the fingerprint data, since the writing process can be adapted to creating a written pattern where the distinctive feature is sufficiently easy to detect, i.e. a radial offset having a sufficiently high amplitude, or in other words where the distinctive feature can be detected with a sufficiently high signal- to-noise ratio. Yet the distinctive feature is created with an uncontrollable and substantially random process, so that it will be generally not possible to record a pattern with a predetermined fingerprint. The fingerprint data can then be extracted from this irreproducible feature, for example by measuring the radial displacement at a plurality of fixed sampling positions.
Various advantageous embodiments of the method of writing data and of the method of extracting fingerprint data according to the invention are claimed in the dependent claims.
As it will be clear from the foregoing discussion, the second object is achieved, according to the invention, by an apparatus for writing data as claimed in claim 13, and by a corresponding apparatus for extracting fingerprint data as claimed in claim 14. Similarly, the third object is achieved by a record carrier as claimed in claim 15.
These and other aspects of the methods and devices according to the invention will be further elucidated and described with reference to the drawings. In the drawings: Fig. 1 shows a schematic diagram of a known method of writing data, a corresponding written pattern, and a known method of extracting fingerprint data,
Fig. 2 shows a schematic diagram of a method of writing data, a corresponding written pattern, and method of extracting fingerprint data according to the invention,
Fig. 3 shows an embodiment of the method of extracting fingerprint according the invention,
Fig. 4 shows an embodiment of the method of writing data according to the invention,
Fig. 5 shows a schematic diagram of a method of authentication making use of the invention, Fig. 6 shows a method of accessing a record carrier where DRM data are protected using the invention,
Fig. 7 shows an alternative method of protecting data recorded on a record carrier making use of the invention,
Fig. 8 shows a schematic diagram of a tracking control loop in a known apparatus,
Fig. 9 shows an embodiment of a tracking control loop in an apparatus according to the invention,
Fig. 10 shows a further embodiment of a tracking control loop in an apparatus according to the invention.
Fig. 1 shows a schematic diagram of a known method of writing data, a corresponding written pattern, and a known method of extracting fingerprint data. Data 10 are the input of a writing process 11, by which a written pattern 12 is formed on a record carrier. The written pattern 12 consists of a sequence of first areas 13 , interleaved by second areas 14, distinguishable from the first areas 13 on the basis of a physical parameter like for example reflectivity, state of magnetization, or electrical charge. The first areas 13 and the second areas 14 are present along a recording track 15, and correspond respectively to the logical values 1 and 0, or vice- versa, according to which of the two conventions is adopted.
Generally, the written pattern 12 has to respect some standard specifications given for the relevant type of record carrier, like for instance affecting the width or length of the areas, the steepness of the transition from a first area to a second area and vice- versa, etc.. In spite of these standard specifications to which any written pattern has to adhere, it is possible to define some properties according to which a written pattern is highly likely to be different from any other written pattern, similarly to a person's fingerprint. These properties, can for example refer to: one or more parameters for which there is no standard specification, or one or more parameters for which there is a standard specification, but observed at a level of resolution higher than the one used in the standard specification. These properties can be used as distinctive feature or "fingerprint" of the written pattern 12 in a fingerprint extraction process 16 to extract fingerprint data 17, as known from the prior art.
Fig. 2 shows a schematic diagram of a method of writing data, a corresponding written pattern, and method of extracting fingerprint data according to the invention. The writing process 21 is different from the known writing process 11 in that it comprises a perturbation step 23 for imposing an uncontrollable perturbation so as to cause the written pattern 22 which is formed on the record carrier, to have a radial offset 25 from the recording track 15. The dimensions shown in the Fig. are chosen merely for comprehension purposes and do not realistically reflect e.g. the proportions involved between the size of first areas 13 and second areas 14, and the entity of the radial offset 25 and its rate of variation. This radial offset 25 shall still remain within the boundary of a maximum radial offset, if any such specification is given. The overall trend of the radial offset 25 can thus be used as "fingerprint" of the written pattern 22 in a complementary fingerprint extraction process 26, different from the known fingerprint extraction process 16 in that the fingerprint data 17 are derived in a step of determining the fingerprint data from the radial offset 24 from the recording track 15 of the written pattern 22. The fingerprint data 17 may consist for example of a collection of samples of the amplitude of the radial offset 25, measured at predetermined sampling points. These predetermined sampling points may be determined upon a timing and/or synchronization information present in the recording track 15, like in the case of recordable optical discs, where timing and/or synchronization information are present in the recording track 15 in the form of wobble frequency of the track and/or information encoded therein.
Fig. 3 shows an embodiment of the method of extracting fingerprint data according the invention. In this embodiment the method of extracting fingerprint data 17,
shown in Fig. 2, is enhanced by a subsequent authentication data derivation step 30 in which authentication data 31 are generated upon the fingerprint data 17; in particular, the authentication data 31 are generated in dependence of the data 10 as well. A one-way function like for example a hash function or a cryptographic summary is suitable for use in this authentication data derivation step 30.
Fig. 4 shows an embodiment of the method of writing data according to the invention. The written pattern 22 created with the writing process 21 is used in a subsequent fingerprint extraction process 26 to extract fingerprint data 17. These fingerprint data 17 are then stored in a storing step 40 as reference fingerprint data 41, for subsequent use for authentication of the data 10. In particular the reference fingerprint data 41 may be recorded as well on the record carrier.
The reference fingerprint data 41 can be subsequently used in a method of authentication, like schematically shown in Fig. 5, which aim is to establish if data 10 recorded on the record carrier in the form of the written pattern 22 have been manipulated, possibly against the intention of a party involved, for example an owner of the data 10, or an authority which controls the content of the data 10.
In this method fingerprint data 17, extracted from the written pattern 22 in the fingerprint extraction process 26, are checked for consistency with the reference fingerprint data 41 in a consistency checking step 50. The method continues for example with allowing use or full access to the data 10 if these are confirmed to be authentic. This method relies on the fact that data 10 recorded on the record carrier may easily be overwritten, but there is at least a technical barrier to overcome in updating the reference fingerprint data 41. Therefore, while the data 10 can easily have been manipulated, the reference fingerprint data 41, which derive from the original data 10, cannot. Therefore, by checking the consistency of the reference fingerprint data 41 and the fingerprint data 17 extracted from the written pattern 22 it can be established if the data 10 are original or not.
The method can be enhanced by use of a helper data, by use of which the comparison is done on those parts of the fingerprint data 17 that are more reliably consistent at each instance of the fingerprint extraction step 26. Clearly, if the method of extracting fingerprint data comprises an authentication data derivation step 30 as shown in Fig. 3, the consistency checking step 50 must be intended as involving the authentication data 31 and reference authentication data.
Fig. 6 shows a method of accessing a record carrier where DRM data are protected using the invention. In this embodiment a record carrier is accessed wherein are
recorded a Digital Work (DW), like for example a film which is subject to copyright, and Digital Rights Management (DRM) information, specifying the extent and the conditions under which the DW can be exploited. The DRM information may comprise a condition like for example view max. 3 times, view for one month, copy once, etc.. In order to prevent that the original DRM information is replaced by a malicious user by other DRM information specifying conditions which are less restrictive than those specified in the original DRM information, the original DRM information is protected by writing the DRM information as the data 10 with the method according to the invention, and by having stored reference fingerprint data 41, extracted according to the invention from the written pattern 22 corresponding to the DRM information, for subsequent authentication.
Therefore the method starts with a DRM accessing step 60, for accessing the written pattern 22 corresponding to the DRM information. Subsequently, the DRM information is authenticated in authentication step 61, with the method described in Fig. 5; if the authentication step 61 is not successful the method is terminated, otherwise the method continues with a DRM checking step 62, in which it is verified if the DRM information, which at this point is considered to be authentic, allows access to the DW. If the access to the DW is not allowed the method is terminated, otherwise the method continues with a DW accessing step 63. Since the DRM information may require some updating, like in the case in which a number of accesses available is specified and therefore such number has to be decremented, the method may continue with a DRM updating step 64, in which the DRM information is updated, and the DRM information originally written on the record carrier is overwritten with the updated DRM information with the method of writing according to the invention, thereby creating a new written pattern 22'. Subsequently, a new fingerprint data 17' is extracted from the new written pattern 22' in the fingerprint data extraction step 26, and the new fingerprint data 17' is stored in the storing step 40 as new reference fingerprint data 41' for authentication during a subsequent instance of this method of accessing the record carrier. The DRM updating step 64, the fingerprint data extraction step 26 and the storing step 40, should take place indissolubly together with the DW accessing step 63.
The invention can also be exploited in an alternative method of protecting data recorded on a record carrier as shown in Fig. 7. According to this method the fingerprint data 17 are used in a key extraction step 70 to derive an encryption key 71, which is then used in an encryption step 72 to encrypt the DW 73, thereby obtaining and encrypted DW 74. The data 10 may be random data having the sole purpose of being used for generating the written pattern 22, however any auxiliary data, for example the DRM information, could be used as
the data 10. In the key extraction step 70 preferably a one-way function is used to obtain the encryption key 71 from the fingerprint data 17. However, since the fingerprint data extraction step 26 has inherently the nature of a one-way function, the fingerprint data 17 can be used directly as encryption key 71, clearly subject to considerations on the size of the fingerprint data 17.
Fig. 8 shows a schematic diagram of a tracking control loop in a known apparatus for writing data on a record carrier. A tracking signal 86 reflecting the displacement of writing means from the recording track 15 is compared with a setpoint 80; the resulting tracking error 81 is fed into a controller 82, operating according to some control parameters 83, which generates a control signal 84. The control signal 84 is fed into an actuator 85, which physically positions the writing means. With reference to an optical disc system, the tracking signal 86 may be for example the Push-Pull signal.
Fig. 9 shows how the control loop shown in Fig. 8 is modified in an embodiment of an apparatus according to the invention. In order to generate a variable displacement of the writing means a disturbance 90 is added to the control signal. This disturbance can be generated by use of a noise generator 91, particularly a white noise generator. A Band Pass filter 92 may also be present, although in general this Band Pass filter 92 is not necessary because the actuator 85 already effects a spectral shaping of the noise. Clearly, the disturbance 90 will preferably comprise frequency components outside the bandwidth of the control loop.
Moreover, if the recording track 15 has a wobble, as it is generally the case for recordable optical discs, then the disturbance 90 is preferably designed so that the radial offset 25 has a spectrum distinguished from the spectrum of the wobble.
An alternative embodiment of the apparatus according to the invention is shown in Fig. 10. In this case the displacement of the writing means is caused by manipulating the control parameters 83 of the controller 82 with a control parameters variation unit 100. This manipulation effected may comprise any combination of the following: deliberately using non optimal values for the control parameters 83, - temporarily changing the value of the control parameters 83, and adding to the value of the control parameters 83 a variable component pseudo- randomly generated.
In both the embodiments shown in Fig 9 and Fig. 10 what is achieved is that the writing means will not be able to remain consistently on track, but will have at some
points a radial displacement. The exact value of the radial displacement at a given point however is not subject to control. Consequently the overall trend of the radial displacement can be seen as the result of an uncontrolled and irreproducible process. Although the invention has been elucidated with reference to an optical record carrier, it will be evident that other applications are possible, for example to a rotatable non optical record carrier. The scope of the invention is therefore not limited to the embodiments described above.
It must further be noted that the term "comprises/comprising" when used in this specification, including the claims, is taken to specify the presence of stated features, integers, steps or components, but does not exclude the presence or addition of one or more other features, integers, steps, components or groups thereof. It must also be noted that the word "a" or "an" preceding an element in a claim does not exclude the presence of a plurality of such elements. Moreover, any reference signs do not limit the scope of the claims; the invention can be implemented by means of both hardware and software, and several "means" may be represented by the same item of hardware. Furthermore, the invention resides in each and every novel feature or combination of features.
The invention can be summarized as follows. In the field of content distribution a typical problem is the protection of Digital Rights information (DRM), which is appended to the content and written on a record carrier in the form of a corresponding written pattern, from tampering by malicious users. According to some known schemes, the protection is implemented by linking the DRM to some physical distinctive feature of the corresponding written pattern. From this distinctive feature fingerprint data can be extracted with some agreed method, and used for the authentication of the DRM. The invention proposes a method of writing data wherein the formed written pattern has a radial offset, which is formed during writing as result of a non-controllable substantially random process. A corresponding apparatus for writing data, a method and an apparatus for extracting fingerprint data and a record carrier are also described.
Claims
1. Method of writing data (10) on a record carrier along a recording track (15), thereby creating a written pattern (22), from which written pattern fingerprint data (17) can be extracted, the method comprising: using writing means for writing the data, and - using tracking means for maintaining the writing means along the recording track, while writing the data, wherein an uncontrollable perturbation is imposed to the tracking means, so as to cause the written pattern to have a radial offset (25) from the recording track.
2. Method as claimed in claim 1, wherein tracking means are used which comprise an actuator (85) and a controller (82), operating according to some control parameters (83), for providing a control signal (84) to the actuator.
3. Method as claimed in claim 2, wherein the uncontrollable perturbation is imposed by adding a noise (90) to the control signal (84).
4. Method as claimed in claim 3, wherein the noise (90) is generated by a noise generator (91).
5. Method as claimed in claim 2, wherein the uncontrollable perturbation is imposed by deliberately setting non-optimal values for the control parameters (83) in the controller (82).
6. Method as claimed in claim 2, wherein the uncontrollable perturbation is imposed by temporarily altering the values of the control parameters (83) in the controller
(82).
7. Method of extracting fingerprint data from data (10) recorded on a record carrier along a recording track (15) in the form of a written pattern (22) wherein the fingerprint data (17) are determined upon a radial offset (25) of the written pattern (22) from the recording track (15), which radial offset is a distinctive feature of the written pattern.
8. Method of extracting fingerprint data as claimed in claim 7, further comprising generating authentication data (31) upon the fingerprint data (17).
9. Method of extracting fingerprint data as claimed in claim 8, wherein the authentication data (31) are generated upon the fingerprint data (17) in dependence of the data (10).
10. Method as claimed in claim 1, further comprising: applying the method of claim 7 for extracting fingerprint data (17) from the data (10) recorded on the record carrier, - storing the fingerprint data (17) as reference fingerprint data (41) for subsequent authentication of the data (10).
11. Method as claimed in claim 10, wherein the reference fingerprint data (41) are stored in the record carrier.
12. Method of authenticating data (10) written on a record carrier along a recording track (15) in the form of a written pattern (22), from which written pattern fingerprint data (17) can be extracted, reference fingerprint data (41) being available for authentication purposes, the method comprising: - extracting the fingerprint data (17), acquiring the reference fingerprint data (41), checking if the fingerprint data are consistent with the reference fingerprint data, wherein the written pattern (22) has a radial offset (25) from the recording track (15), which radial offset is a distinctive feature of the written pattern, and in extracting the fingerprint data the method of claim 7 is used.
13. Apparatus for writing data (10) on a record carrier along a recording track (15), thereby creating a written pattern (22), from which written pattern fingerprint data (17) can be extracted, the apparatus comprising: writing means for writing the data, and tracking means for maintaining the writing means along the recording track, while writing the data, wherein means are present for imposing an uncontrollable perturbation to the tracking means, so as to cause the written pattern to have a radial offset (25) from the recording track.
14. Apparatus for extracting fingerprint data (17) from data (10) recorded on a record carrier along a recording track (15) in the form of a written pattern (22), configured for determining the fingerprint data (17) upon a radial offset (25) from the recording track (15) of the written pattern (22), which radial offset is a distinctive feature of the written pattern.
15. Record carrier having recorded data (10) along a recording track (15), in the form of a written pattern (22), from which written pattern fingerprint data (17) can be extracted, wherein the written pattern (22) has a radial offset (25) from the recording track (15), which radial offset is a distinctive feature of the written pattern.
16. Record carrier as claimed in claim 15, having stored reference fingerprint data
(41), obtained as fingerprint data (17) extracted from the data (10) with the method of claim
7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| EP06842519A EP1966795A2 (en) | 2005-12-19 | 2006-12-14 | Method for writing data having a distinctive feature |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| EP05111999 | 2005-12-19 | ||
| EP06842519A EP1966795A2 (en) | 2005-12-19 | 2006-12-14 | Method for writing data having a distinctive feature |
| PCT/IB2006/054848 WO2007072351A2 (en) | 2005-12-19 | 2006-12-14 | Method for writing data having a distinctive feature |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| EP1966795A2 true EP1966795A2 (en) | 2008-09-10 |
Family
ID=38189051
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP06842519A Withdrawn EP1966795A2 (en) | 2005-12-19 | 2006-12-14 | Method for writing data having a distinctive feature |
Country Status (6)
| Country | Link |
|---|---|
| EP (1) | EP1966795A2 (en) |
| JP (1) | JP2009520309A (en) |
| KR (1) | KR20080078726A (en) |
| CN (1) | CN101341538A (en) |
| TW (1) | TW200802313A (en) |
| WO (1) | WO2007072351A2 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8467278B2 (en) | 2008-10-06 | 2013-06-18 | Microsoft Corporation | Protecting optical media using random, moving radio frequency scatterers |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE69233335T2 (en) * | 1991-12-02 | 2005-02-10 | Koninklijke Philips Electronics N.V. | Closed information system with copy protection |
| JPH08147704A (en) * | 1994-11-18 | 1996-06-07 | Sony Corp | Disk-shaped recording medium, and disk reproduction method and device |
| US5699434A (en) * | 1995-12-12 | 1997-12-16 | Hewlett-Packard Company | Method of inhibiting copying of digital data |
| US6029259A (en) * | 1998-06-15 | 2000-02-22 | T.T.R. Technologies Ltd. | Method and system for authenticating digital optical media |
| ES2393616T3 (en) * | 2000-08-16 | 2012-12-26 | Koninklijke Philips Electronics N.V. | Method and device to control the distribution and use of digital works |
| CA2318310A1 (en) * | 2000-09-01 | 2002-03-01 | Oleg Saliahov | Cd-disk identification through a pattern analysis |
| WO2003015088A1 (en) * | 2001-08-10 | 2003-02-20 | Durand Technology Limited | Method of authenticating cds |
| JP2003228284A (en) * | 2002-01-31 | 2003-08-15 | Fujitsu Ltd | Data retention device, data retention method, data verification device, data access permission device, program, recording medium |
| US7649824B2 (en) * | 2002-07-01 | 2010-01-19 | Panasonic Corporation | Optical storage medium control data region |
-
2006
- 2006-12-14 JP JP2008545233A patent/JP2009520309A/en not_active Withdrawn
- 2006-12-14 EP EP06842519A patent/EP1966795A2/en not_active Withdrawn
- 2006-12-14 KR KR1020087017509A patent/KR20080078726A/en not_active Application Discontinuation
- 2006-12-14 WO PCT/IB2006/054848 patent/WO2007072351A2/en active Application Filing
- 2006-12-14 CN CNA2006800481081A patent/CN101341538A/en active Pending
- 2006-12-15 TW TW095147377A patent/TW200802313A/en unknown
Non-Patent Citations (1)
| Title |
|---|
| See references of WO2007072351A2 * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2007072351A3 (en) | 2007-10-25 |
| WO2007072351A2 (en) | 2007-06-28 |
| TW200802313A (en) | 2008-01-01 |
| CN101341538A (en) | 2009-01-07 |
| KR20080078726A (en) | 2008-08-27 |
| JP2009520309A (en) | 2009-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6957343B2 (en) | Validating keying material by using a validation area of read-only media to prevent playback of unauthorized copies of content stored on the media | |
| US7057993B2 (en) | Copy protection using multiple security levels on a programmable CD-ROM | |
| US20090276635A1 (en) | Controlling distribution and use of digital works | |
| KR101305639B1 (en) | Non volatile storage device for copy protection and authentication method thereof | |
| EA004199B1 (en) | Recordable storage medium with protected data area | |
| EP1590804B1 (en) | Reliable storage medium access control method and device | |
| KR20060056852A (en) | Copyright management method, information recording/reproducing method and device, and information recording medium and method of manufacturing the medium | |
| US20050076225A1 (en) | Method and apparatus for verifying the intergrity of system data | |
| US20060123483A1 (en) | Method and system for protecting against illegal copy and/or use of digital contents stored on optical or other media | |
| US20020141583A1 (en) | Copy protection using a preformed ID and a unique ID on a programmable CD-ROM | |
| US20080304389A1 (en) | Method for Recording Data Having a Distinctive Feature | |
| JP2008527892A (en) | Secure host interface | |
| US20120066513A1 (en) | Method and apparatus for authenticating a non-volatile memory device | |
| EP1966795A2 (en) | Method for writing data having a distinctive feature | |
| US20060253722A1 (en) | Uncopyable optical media through sector errors |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| 17P | Request for examination filed |
Effective date: 20080721 |
|
| AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN |
|
| 18W | Application withdrawn |
Effective date: 20081204 |