EP1836707A2 - Verfahren und vorrichtung zum schutz gemeinsam benutzter daten und verfahren und vorrichtung zur wiedergabe der daten vom aufnahmemedium mithilfe lokaler speicherung - Google Patents
Verfahren und vorrichtung zum schutz gemeinsam benutzter daten und verfahren und vorrichtung zur wiedergabe der daten vom aufnahmemedium mithilfe lokaler speicherungInfo
- Publication number
- EP1836707A2 EP1836707A2 EP06700327A EP06700327A EP1836707A2 EP 1836707 A2 EP1836707 A2 EP 1836707A2 EP 06700327 A EP06700327 A EP 06700327A EP 06700327 A EP06700327 A EP 06700327A EP 1836707 A2 EP1836707 A2 EP 1836707A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- shared data
- data
- shared
- file
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B27/00—Editing; Indexing; Addressing; Timing or synchronising; Monitoring; Measuring tape travel
- G11B27/02—Editing, e.g. varying the order of information signals recorded on, or reproduced from, record carriers
- G11B27/031—Electronic editing of digitised analogue information signals, e.g. audio or video signals
- G11B27/034—Electronic editing of digitised analogue information signals, e.g. audio or video signals on discs
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00681—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which prevent a specific kind of data access
- G11B20/00695—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which prevent a specific kind of data access said measures preventing that data are read from the recording medium
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B27/00—Editing; Indexing; Addressing; Timing or synchronising; Monitoring; Measuring tape travel
- G11B27/10—Indexing; Addressing; Timing or synchronising; Measuring tape travel
- G11B27/102—Programmed access in sequence to addressed parts of tracks of operating record carriers
- G11B27/105—Programmed access in sequence to addressed parts of tracks of operating record carriers of operating discs
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B27/00—Editing; Indexing; Addressing; Timing or synchronising; Monitoring; Measuring tape travel
- G11B27/10—Indexing; Addressing; Timing or synchronising; Measuring tape travel
- G11B27/11—Indexing; Addressing; Timing or synchronising; Measuring tape travel by using information not detectable on the record carrier
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B2220/00—Record carriers by type
- G11B2220/20—Disc-shaped record carriers
- G11B2220/25—Disc-shaped record carriers characterised in that the disc is based on a specific recording technology
- G11B2220/2537—Optical discs
- G11B2220/2541—Blu-ray discs; Blue laser DVR discs
Definitions
- the present invention relates to a playback of a recording medium, and more particularly, to a method and apparatus for protecting shared data and method and apparatus for reproducing data from a recording medium using a local storage .
- optical discs capable of recording large-scale data as recording media are widely used.
- a new high-density recording medium e . g . , Blu-ray disc
- BD has been developed to store video data of high image quality and audio data of high sound quality for long duration .
- the BD as a next generation recording medium technology is a next generation optical record solution provided with data remarkably surpassing that of a conventional DVD .
- An optical recording/reproducing device with the application of the Blu-ray Disc specifications starts to be developed.
- the complete development of the optical recording/reproducing device has many difficulties .
- the optical recording/reproducing device should be provided with a basic function of recording and reproducing a Blu-ray disc (BD) and additional functions considering convergence with peripheral digital devices .
- the optical recording/reproducing device should be provided with a general function of receiving to display an external input signal and a function of reproducing a BD together with the external input signal .
- reproducing the external input signal and the BD since a preferable method of protecting shared data provided by a content provider has not been proposed or developed, many limitations are put on the development of a full-scale BD based optical recording/reproducing device .
- the present invention is directed to a method and apparatus for protecting shared data and method and apparatus for reproducing data from a recording medium using a local storage that substantially obviate one or more problems due to limitations and disadvantages of the related art .
- An obj ect of the present invention is to provide a method and apparatus for protecting shared data and method and apparatus for reproducing data from a recording medium using a local storage, by which the shared data provided by an authentic content provider is protected and by which the shared data is prevented from being used by an unauthorized application .
- Another obj ect of the present invention is to provide a method and apparatus for protecting shared data and method and apparatus for reproducing data from a recording medium using a local storage, by which the shared data is protected.
- a method of protecting shared data includes the steps of downloading the shared data associated with a recording medium to a local storage and permitting an application having valid access information for the shared data to access the shared data .
- the access information is credential of the application .
- the credential is included in a permission request file .
- the permission request file exists within a JAR file configuring the application .
- the credential includes Grantoridentifier, Expirationdate, Filename, Signature and Certchainfileid.
- the method further includes the step of authenticating the shared data before the application accesses the shared data .
- the shared data is shared between recording media provided by a content provider
- the shared data is authenticated using a certificate of the content provider .
- the certificate includes a signature of the content provider .
- the shared data is shared between a plurality of content providers
- the shared data is authenticated using a certificate of a plurality of the content providers .
- the certificate includes a common signature of a plurality of the content providers .
- a method of reproducing a recording medium using a local storage includes the step of downloading encrypted shared data associated with the recording medium to the local storage, constructing a virtual package including the shared data by binding data within the local storage to data within the recording medium, decrypting the shared data using the virtual package, and reproducing the decrypted shared data .
- the shared data is reproduced by an execution of application accessing the shared data .
- the application includes credential of the application as access information to the shared data .
- the shared data is decrypted using a key included in the application .
- the shared data is decrypted using a key stored in the recording medium.
- the shared data is decrypted using a key stored in an optical player .
- the shared data is authenticated to construct the virtual package .
- the shared data is shared between recording media provided by a content provider
- the shared data is authenticated using a signature within a certificate of the content provider .
- the shared data is shared between a plurality of content providers
- the shared data is authenticated using a common signature within a certificate of a plurality of the content providers .
- an apparatus for protecting shared data includes a local storage storing downloaded shared data associated with a recording medium and a controller controlling an application having valid access information for the shared data to access the shared data .
- the access information is credential of the application .
- the credential is included in a permission request file .
- the permission request file exists within a JAR file configuring the application , preferably, the controller authenticates the shared data before the application accesses the shared data .
- the shared data is authenticated using a certificate of the content provider
- the shared data is authenticated using a certificate of a plurality of the content providers .
- an apparatus for reproducing a recording medium using a local storage includes a local storage storing a downloaded encrypted shared data associated with the recording medium, and a controller constructing a virtual package including the shared data by binding data within the local storage to data within the recording medium, the controller decrypting to reproduce the shared data using the virtual package .
- the controller controls application having valid access information for the shared data to access the shared data .
- the access information is credential of the application accessing the shared data .
- the controller authenticated the shared data to construct the virtual package .
- the controller authenticates the shared data using a certificate of the content provider .
- the controller authenticates the shared data using a common signature within a certificate of a plurality of the content providers .
- the shared data is shared between recording media provided by a content provider, the shared data is encrypted using a key for the content provider .
- the shared data is encrypted using a key in accordance with a plurality of the content providers .
- the controller decrypts the shared data using a key included in an application to access the shared data .
- the controller decrypts the shared data using a key stored in the recording medium.
- the controller decrypts the shared data using a key stored in an optical recording/reproducing device .
- FIG . 1 is an exemplary diagram for explaining a unified use between an optical recording/reproducing device and peripheral devices to facilitate conceptional understanding of the present invention
- FIG. 2 is a diagram of a file structure recorded within a recording medium according to the present invention such as a BD-ROM;
- FIG. 3 is a diagram of a data record structure recorded in a recording medium according to the present invention;
- FIG . 4 is a block diagram of an optical recording/reproducing device according to one embodiment of the present invention;
- FIG . 5 is an exemplary diagram of a file architecture within a local storage according to the present invention;
- FIG. 6 is a diagram for explaining shared data authenticating process according to one embodiment of the present invention
- FIG. 7 is a diagram of a certificate chain used for data authentication according to the present invention
- FlG. 8 is a diagram of a JAR file configuring a signed application according to one embodiment of the present invention
- FIG . 9 is a flowchart of an authentication process of a file within a JAR file configuring a signed application according to one embodiment of the present invention.
- FIG . 10 is a diagram of a JAR file configuring a signed application according to one embodiment of the present invention.
- FIG . 11 is a flowchart of shared data reproducing method according to one embodiment of the present invention.
- FIG. 12 is a block diagram of a recording medium playback apparatus utilizing a playback system according to one embodiment of the present invention.
- FIG . 13 is an exemplary diagram for explaining shared data protection according to the present invention, in which a virtual package is shown in detail .
- the present invention takes an optical disc, and more particularly, ⁇ Blu- ray disc (BD) " as an example of a recording medium. Yet, it is apparent that the technical idea of the present invention is identically applicable to other recording media .
- "local storage” is a sort of a storage means provided within an optical recording/reproducing device shown in FIG . 1 and means an element in which a user can randomly store necessary information and data to utilize .
- the local storage which is currently used in general , includes “hard disc”, “system memory” , “flash memory” or the like, which does not put limitation on the scope of the present invention .
- the "local storage” is utilized as a means for storing data associated with a recording medium (e . g . , BIu- ray disc) .
- the data associated with the recording medium to be stored within the local storage generally includes data downloaded from outside .
- a permitted data directly read out of a recording medium in part or a generated system data (e . g . , metadata, etc . ) associated with recording/reproduction operations of the recording medium can be stored within the local storage .
- the data recorded within the recording medium shall be named "original data” and the data associated with the recording medium among the data stored within the local storage shall be named “additional data” .
- title is a reproduction unit configuring an interface with a user .
- Each title is linked to a specific obj ect file .
- a stream associated with the corresponding title recorded within a disc is reproduced according to a command or program within the Obj ect file .
- a title having moving picture, movie and interactive information according to MPEG2 compression among titles recorded within a disc shall be named "HDMV Title” .
- BD-J Title a title having moving picture, movie and interactive information executed by a Java program among titles recorded within a disc.
- the title also means an indexing item existing in an index table .
- FIG . 1 is an exemplary diagram for explaining a unified use between an optical recording/reproducing device 10 and peripheral devices to facilitate conceptional understanding of the present invention .
- optical recording/reproducing device 10 enables a record or playback of an optical disc according to versatile specifications .
- the optical recording/reproducing device 10 can be designed to record/play an optical disc (e . g . , BD) of a specific specification .
- the optical recording/reproducing device 10 can be made to play an optical disc .
- BD Blu-ray disc
- the "optical recording/reproducing device” 10 includes "drive” loadable within a computer or the like .
- the optical recording/reproducing device 10 is equipped with a function of recording/playing an optical disc 30 and a function of receiving an external input signal , performing signal- processing on the received signal , and delivering a corresponding image to a user via another external display 20.
- a DMB digital multimedia broadcast
- an Internet signal or the like can be a representative one of the external input signals .
- a specific data on Internet can be downloaded via the optical recording/reproducing device 10 to be utilized.
- CP content provider
- contents which configure a title, mean data provided by a recording medium author .
- the obj ect of the present invention is to protect the contents provided by the content provider and to protect a user' s playback system.
- the original data and the additional data will be explained in detail as follows .
- a multiplexed AV stream for a specific title is recorded as an original data recorded within an optical disc and if an audio stream (e . g . , English) different from the audio stream (e . g . , Korean) of the original data is provided as an additional data on Internet
- a request for downloading the audio stream (e . g . , English) as the additional data on Internet to reproduce together with the AV stream of the original data or a request for downloading the audio stream (e . g . , English) as the additional data on Internet to reproduce will exist according to a user .
- association between the original data and the additional data needs to be regulated and a systematic method of managing/reproducing the data according to the user' s request is needed.
- additional data which is identified according to a method of acquiring each data but does not put limitation on restricting the original or additional data to a specific data .
- the additional data generally includes audio, presentation graphic (PG) , interactive graphic (IG) , text subtitle or the like, on which limitation is not put .
- the additional data can correspond to a multiplexed AV stream including all of the illustrated data and video . Namely, data having any kind of attribute, which exists outside the optical disc and is associated with the original data, can become the additional data .
- the additional data can be individually downloaded per index file (index) , PlayList file ( * . m2ts ) or clip information file ( * . clpi) .
- the additional data can be downloaded by contents unit or by title unit . To realize the user' s requests, it is essential to provide a file structure between the original data and the additional data .
- FIG . 2 is a diagram of a file structure recorded within a recording medium according to the present invention such as a BD-ROM .
- At least one BDMV directory exists below one root directory.
- An index file (“index . bdmv”) and an obj ect file (“MovieObj ect . bdmv”) as general file (higher file ) to secure interactivity with a user exist within the BDMV directory.
- the BDMV directory which has information of data actually recorded within a disc and information about reproducing the recorded data information, is provided with PLAYLIST directory, CLIPINF directory, STREAM directory, BDJO directory including a BD-J Obj ect file, and JAR directory including a JAR file .
- the BDMV directory is also provided with AUXDATA directory including auxiliary data associated with disc reproduction .
- STREAM directory AV stream files recorded within a disc in a specific format exist and ⁇ ⁇ m2ts" is used as an extension of a stream file ( 01000.m2ts , ...) .
- moving picture data is generally recorded as contents associated with the present invention within the stream file .
- CLIPINF directory includes clip information files ( 01000. dpi, ...) corresponding to the stream files, respectively.
- the clip information file ( * . clpi) includes attribute information and timing information of the corresponding stream file .
- the clip information file ( * . clpi) corresponding to the stream file ( * .m2ts ) by one-to-one are bound together to be named "clip" . Namely, this means that a clip information file ( * . clpi ) must exist for one corresponding stream file
- PLAYLIST directory includes PlayList files ( 00000.mpls , ...) .
- Each of the PlayList files ( 00000.mpls, ...) includes at least one Playltem designating a playing time of a specific clip .
- the Playltem has information about reproduction start time
- the PlayList file ( * .mpls ) becomes a basic reproduction management file unit within an entire reproduction management file structure, which performs a reproduction of a specific clip by a combination of at least one or more Playltems .
- the PlayList file ( * .mpls ) can be operated by a command given by a specific obj ect file within the obj ect file .
- the obj ect file performs or manages a dynamic scenario
- the PlayList file ( * .mpls ) performs or manages a static scenario .
- BDJO directory includes a BD-J Obj ect file for reproducing a BD-J Title .
- JAR directory contains all "xxxxx. jar" files for BD-J.
- Java archive is a compressed file used in distributing a plurality of file collections .
- the JAR file is generally configured with a J ava classes file associated with a specific J ava program, auxiliary resources , metadata and the like .
- Various applications can be constructed by the JAR file .
- AUXDATA directory includes files containing auxiliary information associated with disc playback. For instance,
- AUXDATA directory can include a sound file ( "Sound . bdmv”) providing click sound and menu sound information and the like in playback and font files ( "1111. otf”) providing font information in reproducing a text subtitle .
- the META directory is provided with metadata .
- the metadata is the data about a data .
- the metadata includes a search file, a file for Disc Library and the like for example .
- Positions of the above explained files and directories are exemplary. And, it is apparent that the positions can be varied if necessary.
- BDJO directory and JAR directory as subdirectories can be separately configured below the root directory.
- JAR directory can be configured as a higher directory below the root directory.
- the root directory can include a directory containing information about protection of data recorded within the recording medium or data downloaded to the local storage .
- This is represented as CERTIFICATE directory of the embodiment shown in FIG. 2.
- the root certificate file used for application authentication and binding unit authentication is placed in the CERTIFICATE directory.
- FIG . 3 is a diagram of a data record structure recorded in a recording medium according to the present invention, in which a format of recording information associated with the aforesaid file structure within a disc is shown . Referring to FIG .
- file system information area as system information for managing an entire file
- database area in which index file, obj ect file, PlayList file, clip information file and metadata file are written to reproduce a recorded stream ( * .m2ts ) are recorded
- stream or data area in which a stream configured with audio/video/graphic and the like or a JAR file is recorded.
- FIG. 4 is a block diagram of an optical recording/reproducing device according to one embodiment of the present invention. Referring to FIG.
- an optical recording/reproducing device basically includes a pickup 11 for reproducing management information including original data and reproduction management file information recorded in an optical disc, a servo 14 controlling an action of the pickup 11, a signal processor 13 restoring a reproduction signal received from the pickup 11 to a specific signal value, modulating a signal to be recorded into a signal recordable on the optical disc, and delivering the modulated signal, and a microprocessor 16 controlling the overall operations .
- Additional data existing on a place except an optical disc is downloaded to local storage 15 by a controller 12.
- the controller 12 generates a binding unit using information recorded in a binding unit manifest file within the local storage 15.
- the controller 12 generates a virtual package to reproduce recording medium data and data within the local storage 15 using name mapping information recorded in the binding unit manifest file within the local storage 15.
- the controller 12 reproduces original data and/or additional data according to a user' s request by utilizing the generated virtual package .
- the virtual package is generated via a binding operation performed by a virtual file system and becomes a file structure for reproducing and managing an original clip configured with original data stored in a different area within a disc and an additional clip configured with additional data within the local storage 15.
- the binding unit manifest file includes information used for a binding operation for generating the virtual package . Without the binding unit manifest file, the virtual package cannot be generated from binding the data within the local storage 15 with the file structure (disc package) within the recording medium.
- the name mapping information which is recorded in the binding unit manifest file , indicates where the data recorded within the recording medium is located in the virtual package .
- the newly generated virtual package is stored in the local storage 15 for later reuse or can be temporarily stored in a separate dynamic memory to be utilized.
- the controller 12 authenticates whether an application and contents are provided by an authentic content provider (CP) and then controls an access of the application to the contents .
- CP authentic content provider
- a playback system 17 finally decodes output data to provide to a user under the control of the controller 12.
- the playback system 17 includes ⁇ a decoder decoding an AV signal and a player model deciding a reproduction direction by analyzing an obj ect file command or application associated with the aforesaid reproduction of a specific title and a user command inputted via the controller 12. And, the playback system 17 will be explained in detail in the description of FIG . 12.
- an AV encoder 18 converts an input signal to a signal of a specific format, e . g . , an MPEG2 transport stream according to a control of the controller 12 and then provides the converted signal to the signal processor 13.
- FIG. 5 is an exemplary diagram of file architecture within a local storage 15 according to the present invention .
- data which is read out of a recording medium or is downloaded from a recording medium external source, can be stored in a local storage .
- a space storing the data can be divided into "Application Data Area ( 620 ) " used in storing application data and "binding Unit Area ( 610 ) " used for construction of a virtual package .
- three organization-dependent directories orgl_ID, org2_ID and org3_ID exist in the binding unit data area 610 within the local storage 15.
- An organization means each content provider (CP) .
- CP content provider
- a film company or a film distributing company corresponds to the organization in case of a movie .
- an organization-dependent shared directory can exist .
- data shared between content providers exists in the shared directory 610a .
- the organization-dependent directory orgl_ID includes disc-dependent directories discl_ID and disc2_ID and a discdependent shared directory 610b as lower directories .
- the disc-dependent shared directory 610b data shared between recording mediums discl_ID and disc2_ID provided by "orgl_ID” .
- a binding unit to be bound with "disci” provided by "orgl” exists .
- a PlayList file "Apr2005.mpls ( 611 ) ", a clip information file “Apr2005. clpi ( 612 ) " and a stream file “Apr2005.m2ts ( 613 ) " exist in the binding unit.
- a method of constructing a virtual package by binding the files with data within a recording medium will be explained later with reference to FIG . 13.
- orgl_ID In the application data area 620 , three organization- dependent directories orgl_ID, org2_ID and org3_ID exist . As lower directories of the "orgl_ID", directories discl_ID and disc2_ID exist .
- the directory discl_ID includes JAR files "APPO . j ar ( 621 ) " and "Appl . j ar ( 622 ) " constructing specific applications, respectively.
- the disc-dependent directory disc2_ID includes a j ar file "APPO . j ar ( 623 ) " .
- an application means a program for performing a specific function .
- the application should be capable of accessing all data, files , and hardware and software configurations of a playback system 17 to perform the function .
- AppO an application constructed by "AppO . j ar ( 621 ) " of the directory discl_ID performs a specific function
- data "j apanese . otf ( 614 ) " shared between recording mediums provided by the content provider orgl_ID is needed to perform the function
- the "AppO” accesses the "J apanese . otf” .
- the present invention intends to provide a security scheme to protect data shared between recording mediums provided by a same content provider (CP) (e . g . , data existing in the discdependent shared directory 610b : "J apanese . otf ( 614 ) " in FIG . 5 ) or data shared between content providers (CPs ) (e . g . , data existing in the disc-dependent shared directory 610a) .
- CPs content providers
- three security scheme levels for protecting the shared data can be taken into consideration .
- a first level is to authorize all applications to access all shared data .
- the security scheme levels the present invention intends to provide are second and third levels .
- authentication for the shared data is enough to protect the shared data .
- operations of the application is reliable .
- the third level is to protect the shared data by encrypting the shared data to provide to a user on the assumption that it is unable to exclude a malicious function of an application authorized to access the shared data . Besides , the application accessing the shared data needs to decrypt the shared data .
- the second security level provided by the present invention is explained with reference to FIGs . 6 to 10. And, the third security level and a reproduction of the shared data having the third security level applied thereto will be explained with reference to FIG . 11.
- FIGs . 6 to 9 show authentication of shared data and application for the protection of the shared data according to the present invention .
- FIG . 10 shows a method of protecting the shared data by providing access information for the application that accesses the shared data .
- FIG . 6 is a diagram of shared data authentication according to one embodiment of the present invention .
- a content provider CP
- the certificate can be provided to a user by being recorded within a recording medium or by being downloaded to the user from outside of the recording medium.
- the certificate can include a version, a serial number, a signature algorithm, an issuer, an expiry date, an authentication subj ect, a public key, etc .
- a public key means a key, which is opened to the public, of an asymmetric key pair, which is used for a public key cryptosystern, of one entity. And, the public key is used in deciding authenticity of a signature in a signature system to be called a verification key as well .
- a private key is a key, which is not opened to the public, of an asymmetric key pair, which is used for a public key cryptosystem, of one entity. In some cases , the private key may mean a key used in a symmetric key cryptosystem.
- a certificate is used in certifying that data provided to a user is provided by a legitimate content provider .
- the certificate includes a digital signature of a certificate authority (CA) having issued the certificate .
- CA certificate authority
- a content provider certifies himself for example .
- CA certificate authority
- CP content provider himself .
- Certification of certificate will be explained in detail with reference to FIG . 7.
- a content provider (CP) generates a contents digest 6011 to provide to a user using digest algorithm 6010 such as SHA-I
- a contents digest means a simple character sequence rendered to be uniquely computed for each content .
- the contents digest is represented as a uniform-length bit sequence abbreviated by repeatedly applying a unidirectional hash function to contents having a random length .
- One contents digest is computed for each contents (message, sentence, file ...) . And, the same contents cannot be computed from different documents .
- the contents digest is usable as a means for checking a forgery of an original text .
- the generated contents digest 6011 becomes a digital signature via a signature algorithm 6012 using a CP' s private key 6013.
- the content provider provides a certificate including the digital signature to a user together with contents .
- a signature algorithm is a sort of an encryption algorithm such as RSA (Rivest-Shamir-Adelman) , DSA (digital signature algorithm) and the like .
- a digital signature can be restored to contents digest 6018 through a signature algorithm 6016 using a public key 6017 corresponding to a private key 6013 used for the digital signature .
- the pubic key 6017 is provided to a user by being included in the certificate .
- the digital signature cannot be restored to the contents digest 6018. In this case, it cannot be authenticated that a provided application is provided by a legitimate content provider .
- the authentication fails .
- the content provided by the content provider is computed into a contents digest 6015 through a digest algorithm 6014.
- the computed contents digest 6015 is then compared 1 to the contents digest 6018 restored using the digital signature ( 6019) . If the contents are transmuted, the restored digest 6018 differs from the contents digest 6015 computed from the provided contents .
- the authentication of the contents comes into failure .
- the shared data can be downloaded to a local storage from outside of a reproduced recording medium. If a recording medium is loaded and if the shared data is associated with the loaded recording medium, the shared data is bound to a disc package within the recording medium. The binding operation is performed by a virtual file system of the aforesaid playback system 17. If the authentication of the shared data fails , the virtual file system may not bind the shared data to the disc package . Through this , the shared data, which is damaged in the course of download or is transmuted by hacking and the like, is prevented from being reproduced together with the recording medium. And, the shared data provided by an unauthorized content provider can be prevented from being reproduced.
- FIG . 7 is a diagram of a certificate chain used for data authentication according to the present invention .
- Multiple certificates can be enclosed with content, forming a hierarchical chain, wherein one certificate testifies to the authenticity of the previous certificate .
- a root CA which is trusted without a certificate from any other CA. Certificates are stored in a key database, which is placed in a recording medium or BD terminal .
- a trusted root certificate authority can certify certificate authorities ( 702 , 703 , 704 ) .
- the certificate authority to be authenticated can be an AACS (advanced access content system) or a CPS (content protection system) . In some cases, the AACS or CPS can become a root certificate authority by itself .
- the AACS, CPS or other certificate authority can certify lower structures such as an optical recording/reproducing device, a content provider and the like independently (702a, 702b, 702c, 702d) .
- Such a structure is called a certificate chain.
- a higher certificate authority which can certify the trusted certificate root authority (CA) does not exist .
- the trusted certificate authority certifies itself (701) , which corresponds to a root certification .
- Each of the certificate authorities provides a certificate including a digital signature of each of the certificate authorities for a result of certification of itself or its lower structures .
- a certificate provided by a lowest certificate authority of the certificate chain can be called a leaf certificate, and a certificate provided by a highest certificate authority of the certificate chain can be called a root certificate .
- the certificates can secure the integrity of the public key that restores the digital signature in the verification process of the digital signature .
- a trusted root certificate provided by a trusted certificate authority is stored in a specific area of a recording medium in a file format or the like to be provided to a user or can be downloaded from outside of a recording medium to be stored in a key store of an optical recording/reproducing device .
- the present invention intends to protect shared data through authentication of the shared data .
- shared data is shared between recording media provided by a same content provider, e . g . , a content provider 1 (CPl )
- CPl content provider 1
- a certificate 702b of the content provider 1 is used for authentication of the shared data .
- a certificate 702d of both of the content providers 1 and 2 is used for authentication of the shared data .
- a certificate generated through the certificate chain is stored in a specific area of a recording medium in a format of a file or the like to be used for authentication or can be used for authentication on a network.
- each of the certificate authorities can make a certificate revocation list (CRL) .
- CTL certificate revocation list
- a content provider and user receives a downloaded the certificate revocation list, and then checks whether a certificate to be used for authentication is revoked before performing the authentication via the certificate . If the certificate to be authenticated is revoked, the authentication is not achieved. If the certificate is not revoked, the authentication is achieved on condition that other authentication requirements are met .
- FIG . 8 and FIG . 9 show authentication of an application according to the present invention .
- FIG . 10 shows a JAR file configuring an application having access information to shared data according to the present invention .
- a signed application is taken as an example for FIG . 8 and FIG . 9.
- FIG . 8 is a diagram of a JAR file configuring a signed application according to one embodiment of the present invention.
- a JAR file as a sort of a compressed file is used in collecting a plurality of files into one . If the JAR file is signed, the JAR file is called a signed JAR file . And, an application configured with the signed JAR file is called a signed application .
- the signed JAR file is equivalent to an original JAR file except that a manifest file is updated and that a signature file and a signature block file are added to METAINFO directory.
- An application of FIG . 8 is a signed application .
- a JAR file configuring the application includes "APPO” file and METAINFO directory 81.
- "APPO" file includes “classes” file and a data directory.
- "APPO . dat” exists in the data directory.
- the "classes” file includes "APPO . class” file and "subclasses” directory.
- "subl . class” and “sub2. class” exist in the "subclasses” directory .
- all class files (Appl . class , subl . class , sub2. class ) are signed for example .
- the METINFO directory 81 includes a manifest file (MANIFEST . MF) 811 and a signature book (XXX . RSA) 813. By the files, authentication of the application is achieved.
- the manifest file 811 contains a listing of the files in a JAR file along with a message digest for each file signed. Besides , not all files in the JAR file need to be listed in the manifest file 811 as entries, but all files that are to be signed should be listed. Hence, entries for "APPO . class” file, "subl . class” file and ⁇ sub2. class” file should be listed in the manifest file 811.
- the signature file 812 contains the digest of the manifest file .
- the signature file will be the data signed by an authorizing organization .
- a digital signature is generated by encrypting the computed result via signature algorithm using a private key .
- the digital signature can be a signed version of a signature file .
- the generated digital signature is placed within the signature block file 813.
- J _ ⁇ _ _u _ J i_ _ -l signatures should be generated by the same legal entity.
- the private key is a private key corresponding to a public key existing in the signature block file 813.
- the public key is placed in one of leaf certificates of certificates within the signature block file 813.
- certificates authenticating the public key are included in the signature block file as well .
- the signature block file 813 can be called a digital signature file .
- the digital signature file has the same file name of the signature file 812 but differs in extension .
- the extension is determined by signature algorithm. For instance, the extension corresponds to " . RSA" , " . DSA” or the like .
- FIG . 9 is a flowchart of an authentication process of a file within a JAR file configuring a signed application according to one embodiment of the present invention, in which authentication of an application is carried out in a manner similar to that of the authentication of contents shown in
- a signature over a signature file is firstly verified when a manifest is firstly parsed ( SlO ) .
- a digital signature exists in a signature block file .
- the signature block file corresponding to the signature file is located and certificates are read out of the signature block file .
- a public key corresponding to a private key used for the generation of the signature file exists within a leaf certificate among the certificates .
- An encrypted digital signature existing within the signature block file is restored to digest using the public key.
- the restored digest is then compared to digest of the signature file . If the compared digests are identical to each other, a verification of the digital signature is executed . If the verification of the digital signature fails , an authentication of the file fails (S70 ) .
- digest for a manifest file is computed ( S20 ) .
- the computed digest value is then compared to a value of the digest existing within the signature file ( S30 ) . If the two compared digest values are different from each other, the authentication of the file fails (S70 ) . If the two compared digest values are equal to each other, integrity for the manifest file is confirmed.
- digest value for actual data of the file to be authenticated is computed ( S40 ) .
- the computed digest value is compared to the digest value within the manifest file ( S50 ) . If the compared digest values are equal to each other, the validity of the file is confirmed so that the file ' succeeds in the authentication ( S60 ) . Yet, if the compared digest values are different from each other, the file fails in the authentication (S70 ) .
- the present invention is characterized in that integrity of a manifest file is checked using a signature file and in that a digital signature is verified using a signature block file . And, the present invention is characterized in that integrity for actual data of a JAR file is checked using the manifest file .
- the integrity check for the actual data of the JAR file ( S40 , S50 ) can be individually implemented. Namely, the above- explained sequence of authentication flow of the embodiment shown in FIG. 9 is not mandatory but can be changed according to a playback system. Besides, in authenticating the application, it is able to confirm whether the file to be authenticated is listed on the manifest file before the digest for the actual data of the file to be authenticated is computed (S40 ) .
- the verification result ( SlO ) of the digital signature and the result (S30 ) of the integrity check for the manifest file can be stored for a later use .
- the steps SlO to S30 will be executed once in an authentication process of one JAR file .
- an access to the shared data can be approved according to an implementation of a player . Yet , it is preferable that the access should be restricted for the protection of the shared data .
- the extent of the access restriction can be set in a manner that an authenticated application is restricted to access all shared data according to the implementation of the player . Alternatively, a player can be controlled to access a limited range of the shared.
- FIG . 10 is a diagram of a JAR file configuring an application according to one embodiment of the present invention .
- the present invention employs access information about the shared data for an application using the shared data as a resource .
- the access information may be credentials for the application .
- the credentials can be included in a permission request file .
- the permission request file can exist within a JAR file configuring the application .
- a JAR file APPO . j ar shown in FIG . 10 is a file configuring an application .
- a permission request file AppO . perm including credentials exists .
- the "grantor identifier” is the information about a subj ect that provides an application .
- a grantor identifier there is “orgl__ID” or the like for example .
- the "expiration date” means an expiry period of the credential . For instance, if the expiration date is given as "23/02/2035", an application containing the credential is unable to access shared data after February 23, 2035.
- the "filename” is information about a location of shared data and a read/write right granted for the shared data .
- "filename read” information is given as “true”
- "filename” can be given as "BUDA/orgl__ID/Shared/Japanese , otf” to represent a location of a file .
- FIG . 6 It means that an application having the credential can read the "J apanese . otf ( 614 ) " file by accessing the "J apanese . otf ( 614 ) " file existing within the "shared” directory of the binding unit data area within the local storage .
- the "signature” contains a signature from the grantor .
- the "certchainfileid” is used for locating a specific certificate within the Signature Block file .
- the "certchainfileid” should specify serialNumber that matches the serial number of the leaf certificate used for authentication and issuer that matches the subj ect of the leaf certificate used for authentication .
- the certificate that leads to the public key of the signature should be placed in the "certificates" field of the Signature Block file .
- Each certificate should be checked until one is found with the serial number and the organisation ID of the issuer field matching the content of the certchainfileid field of the credential . If a matching certificate could be found within the Signature Block file, the file access shall not be granted.
- FIG. 11 is a flowchart of shared data reproducing method according to one embodiment of the present invention .
- the present invention is characterized in that shared data is encrypted to be provided to a user for the protection of the shared data .
- Applications to access the shared data should be capable of decrypting the shared data .
- shared data which is associated with a recording medium and is encrypted, is downloaded to a local storage from outside of the recording medium (SlIlO ) .
- an application having the shared data downloaded needs to be an application that can access the shared data via network.
- the virtual package in case that a virtual package already exists prior to downloading the shared data, the virtual package shall be updated as well as the downloaded shared data .
- the shared data is authenticated prior to the construction of the virtual package .
- a virtual file system will construct a virtual package using a disc package within the loaded recording medium.
- an application to perform the • reproduction accesses the shared data bound to the data within the recording medium ( S1130 ) .
- the shared data is encrypted, since the shared data needs to be restored to a form that is reproducible by a decoder, the encrypted shared data has to be decrypted .
- an application accessing the encrypted shared data includes information enabling decryption of the shared data .
- the information may enable an application accessing the shared data to decrypt the shared data in direct .
- the information may execute an application enabling decryption of the shared data .
- the shared data is decrypted using the information (S1140 ) .
- the decrypted shared data is provided to a decoder to be reproduced together with other files within the virtual package ( S1150 ) .
- other data existing within the local storage together with the shared data can be reproduced by being bound to the data within the recording medium. If other data reproduced together with the shared data are encrypted, they can be reproduced after completion of decryption .
- the shared data is encrypted according to the present invention, even if an erroneous application accesses the shared data, it is unable to perform a specific function using the shared data .
- a unique key of a content provider can be used for the data shared between recording media provided by the same content provider .
- encryption/decryption key pairs or secret information to generate keys need to be distributed to a user to enable the shared data to be decrypted.
- the key pairs or secret information to generate keys can be stored in a recording medium to be provided to a user . This works on the assumption that data in a local storage should be accesses when a disc with key is in BD terminal .
- the key pairs or the secret information to generate keys can be enclosed in an application, which uses the shared data, to be provided to a user .
- the key pairs or the secret information to generate keys can be stored at keystore of an optical recording/reproducing device . If a player has to perform a specific function using an encrypted shared data, the player reads a key enabling decryption of the encrypted shared data from a recording medium, application, keystore or the like (in case of secret information to generate keys, a key is generated by reading out the secret information to generate keys) and then decrypts the shared data .
- AES advanced encryption standard
- DES data encryption standard
- IDEA international data encryption algorithm
- RSA Raster-Shamir-Adelman
- DSA digital signature algorithm
- the application accessing the encrypted shared data may be an application including access information about the shared data .
- the access information may be credential of the application .
- an application without credential may be permitted to access the encrypted shared data . It may happen that a player fails in authenticating an application accessing the encrypted shared data . In this case, whether to permit the shared data access of the application depends on an implementation of the player . Namely, even if the authentication fails , the application can be made to access the shared data .
- the present invention if shared data is encrypted to be provided, the shared data can be protected despite that an authenticated application attempts to access the shared data .
- FIG. 12 is a block diagram of a recording medium playback apparatus utilizing playback system according to one embodiment of the present invention .
- “playback system” includes a collective reproduction processing means constructed with a program ( software) and/or hardware provided within the optical recording/reproducing device .
- the playback system plays a recording medium loaded in the optical recording/reproducing device and simultaneously reproduces and manages the data that is associated with the recording medium and is stored in the local storage (e . g . , data downloaded from outside) .
- playback system 17 includes "Key Event Handler ( 171 ) “ , “Module Manager ( 172 ) “ , “HDMV Module ( 174 ) “ , “BD-J Module ( 175 ) “ , “Playback control engine ( 176) “ , “Presentation engine ( 177 ) “ and “Virtual File System ( 40 ) “ , which are explained in detail as follows .
- “HDMV Module ( 174 )” for HDMV Title and "BD-J Module ( 175) " for BD-J Title are independently configured.
- Each of the “HDMV Module ( 174 ) “ and the “BD-J Module ( 175)” has a control function of receiving to process a command or program within the aforesaid obj ect file (Movie Obj ect or BD-J Obj ect) .
- Each of the “HDMV Module ( 174 ) “ and the ⁇ BD-J Module ( 175 ) " separates a command or application from the hardware configuration of the playback system to enable a portability of the command or application .
- "Command processor ( 174a) is provided within the
- Java VM ( 175a) is "Virtual Machine” that executes an application .
- Application manager ( 175b) includes a application management function of managing a life cycle of an application .
- Application manager (175b) can load applications from Application Cache ( 173c) .
- the purpose of the Application Cache ( 173c) is to guarantee seamless playback of AV data from the disc during application loading and to reduce latency in loading data .
- the Application Cache ( 173c) is the preload buffer for BD-J.
- a player can use additional data, including class files , which is not preloaded .
- One example of this is the loading of data from JAR files in a local storage .
- Module Manager ( 172 ) is provided to deliver a user command to the "HDMV Module ( 174 ) “ or the “BD-J Module ( 175 ) “ and to control an operation of the ⁇ HDMV Module ( 174 ) “ or the “BD-J Module ( 175 ) “ .
- Player control Engine ( 176) which interprets PlayList file information recorded within a disc according to a reproduction command of the "HDMV Module ( 174 ) “ or the "BD-J Module ( 175 ) " and performs a corresponding reproduction function, is provided.
- Presentation Engine (177 ) for decoding a specific stream reproduced and managed by the "Playback Control Engine (176) " and displaying the decoded stream on a screen is provided.
- the "Playback Control Engine (176) " includes "Playback Control functions ( 176a) " actually managing all reproductions and "Player Registers ( 176b) " storing player status registers ( PSR) and general purpose register (GPR) .
- “Playback Control functions ( 176a) " may mean “Playback Control Engine ( 176) " .
- the "Module Manager ( 172 ) “ , “HDMV Module ( 174 ) “, “BD-J Module ( 175) “ and “Playback Control Engine ( 176)” enable software processings , respectively. Substantially, software processing is more advantageous than a hardware configuration in design . Yet, the “Presentation Engine ( 177 ) “, decoder and plane are normally designed by hardware . In particular, the elements (e . g . , reference numbers 172 , 174 , 175 , 176) processed by software can be configured with a portion of the controller 12. Hence, the configuration of the present invention should be understood by its meaning but is not limited to a hardware configuration or a software configuration .
- the playback system 17 has the following features .
- “HDMV Module ( 174 ) " for HDMV Title and "BD-J Module (175 ) " for BD-J Title are independently configured. And, both of the modules 174 and 175 are not simultaneously executed. Namely, BD-J Title cannot be played back while HDMV Title is being played back, and vice versa .
- applications which are programs of managing a network function within an optical recording/reproducing device like the operation of downloading additional data from outside and a local storage 15 like an operation of constructing a virtual package by editing files stored in the local storage 15 or by binding the files to a disc package, are provided within the playback system 17. Namely, the applications configure a virtual file system 40 managing a file system within a disc and a local storage file system as one system and construct and manage a virtual package for reproducing original data and additional data via the configured virtual file system 40.
- HDMV Title and BD-J Title receive user commands of separate types , respectively and execute user commands independent from each other, respectively.
- “Key Event Handler ( 171 )” receives a user command to deliver to one of "HDMV
- a management which can be called “master” , of the aforesaid “Playback control Engine (176) " is taken charge of by one of the currently operating modules 174 and 175.
- “HDMV Module ( 174 )” becomes a master while HDMV title is being reproduced .
- BD-J Module ( 175) becomes a master while BD-J title is being reproduced .
- “Navigator ( 173)” is made to perform a title selection under the control of a user at anytime and can provide a recording medium and title metadata to a user .
- FIG . 13 is an exemplary diagram for explaining shared data protection according to the present invention, in which a virtual package is shown in detail .
- a specific file structure (e . g . , the structure shown in FIG. 2 ) is recorded within a loaded disc, which is called a disc package in particular .
- a local storage system exists within a local storage .
- a binding unit and binding unit manifest file bound to the loaded disc (e . g . , discl_ID) are included in the corresponding file system.
- the binding unit manifest file contains name mapping information .
- the name mapping information is the information about the binding unit .
- the name mapping information includes information about locations , file names and the like within a virtual package in case of binding a list of files generating the binding unit to a disc .
- the virtual file system 40 constructs a new virtual package through a binding operation of binding the binding unit to the disc package within the loaded disc by utilizing the name mapping information. And, the virtual file system 40 plays a role in controlling an access mechanism to a file belonging to the virtual package .
- the virtual package constructed by the virtual file system can be used for both BD-J and HDMV modes . In the BD-J mode, applications located on a recording medium or a local storage can access the virtual package via the virtual file system. In the HDMV mode, MovieObj ect can access the virtual package . Referring to FIG .
- a BD directory as a lower directory of a root directory (root) includes an index file ( Index . bdmv) , an obj ect file (MovieObj ect . bdmv) , a PlayList file ( 00000.mpls) , a clip information file ( 01000. clpi) , a stream file ( 01000.m2ts ) and an auxiliary data file ( sound. bdmv) .
- a binding unit 61 associated with a loaded disc includes a specific PlayList file (Apr2005.mpls) 611 , a clip information file (Apr2005. clpi) 612 , i . e . , a clip managed by the PlayList file, and a stream file (Apr2005.m2ts) 613.
- a auxiliary data file (J apanese , otf) 614 as shared data provided by a content provider exists in a discdependent shared directory (Shared)
- a method of constructing a virtual package 51 is explained as follows .
- the PlayList file (Apr2005.mpls ) 611 , clip information file (Apr2005. clpi) 612 , stream file (Apr2005.m2ts) 613 and auxiliary data file (J apanese . otf) 614 within the binding unit are changed in file name into a PlayList file ( 00000.mpls ) 511 of a PlayList directory, a clip information file ( 02000. clpi) 512 of a CLIPINF directory, a stream file ( 02000. m2ts ) 513 of a STREAM directory, and an auxiliary data file ( 11111.
- the virtual package 51 includes an index file ( Index) according to the virtual package and a MovieObj ect file in BDMV directory as a lower directory of a root directory.
- PlayList file ( 00000.mpls ) 511 replaced by the PlayList file of the binding unit is placed in PLAYLIST directory.
- CLIPINF directory the clip information file ( 02000. clpi ) 512 of the binding unit is appended to the clip information file
- the stream file ( 02000.m2ts) 513 of the binding unit is appended to a stream file ( 01000.m2ts) of a recording medium.
- the auxiliary data file ( 11111. otf) 514 of the binding unit is appended to an auxiliary data file (sound. bdmv) of a recording medium.
- the index file ( Index) and the MovieObj ect file as upper files within the virtual package can be updated via an index table and a MovieObject file within a previous disc based on a newly generated PlayList file ( 00000. mpls) 511.
- the index file and the MovieObj ect file are updated in case that a title is changed by the PlayList file
- the title change means a new title addition, a previous title deletion, scenario change of title playback or the like .
- the virtual file system if the authentication of the shared data fails, the virtual file system preferably does not construct the virtual package 51 including the shared data . . Yet, a virtual package is constructed using a disc package within a recording medium. In this case, a player is unable to reproduce "11111. otf" that is shared data stored within a local storage . Hence, by preventing shared data of an unauthorized provider from being reproduced together with a recording medium, an authentic content provider can be protected.
- the application would not have information of enabling the decryption of the shared data .
- the shared data cannot be decrypted.
- the shared data can be protected .
- a recording medium according to the present invention is explained with reference to FIG. 4 as follows .
- An apparatus for reproducing a recording medium using a local storage includes a local storage 15 storing downloaded shared data associated with the recording medium and a controller 12 controlling an application having valid access information for the shared data to access the shared data .
- the access information can include credential of the application .
- the credential can be included in a permission request file .
- the permission request file can exist within a JAR file configuring the application . In this case, the permission request file is preferably authenticated.
- the controller 12 can protect the shared data by authenticating the shared data before the application accesses the shared data .
- the shared data is the data shared between recording media provided by a content provider
- the shared data can be authenticated using a certificate of the content provider . If the shared data is shared between a plurality of content providers , the shared data can be authenticated using certificates of the content providers .
- An apparatus for reproducing a recording medium using a local storage includes a local storage 15 storing an downloaded encrypted shared data associated with the recording medium, and a controller 12 constructing a virtual package including the shared data by binding data within the local storage to data within the recording medium.
- the controller 12 reproduces the shared data together with other data within the local storage 15 and/or the data within the recording medium using the virtual package . In doing so, as the shared data is encrypted to be provided, the controller 12 reproduces the shared data after decryption .
- the controller 12 enables an application having valid access information to the shared data to access the shared data .
- the access information is credential of an application to access the shared data .
- the access information can exist in a permission request file . And, the permission request file can be included in a JAR file configuring the application .
- the controller 12 authenticates the shared data and then constructs the virtual package .
- the shared data is the data shared between recording media provided by a content provider
- the shared data can be authenticated using a signature within a certificate of the content provider .
- the shared data is the data shared between a plurality of content providers
- the shared data can be authenticated using a common signature within each certificate of the content providers .
- the shared data is the data shared between recording media provided by a content provider
- the shared data is encrypted using a key for the content provider and is then provided to a user .
- the shared data is the data shared between a plurality of content providers
- the shared data is encrypted using a key in accordance with the content providers and is then provided to a user .
- the encrypted shared data can be reproduced after having been decrypted.
- a key included in an application to access the shared data can be used.
- a key stored in a recording medium is usable as well .
- a key stored in an optical recording/reproducing device is usable for the decryption .
- the present invention provides the following effects and/or advantages .
- authenticating the shared data the contents provided by an authentic content provider and the non-transmuted contents can be reproduced, whereby the shared data can be protected .
- the shared data can be protected .
- the shared data access information to an application
- the shared data can be protected against a malicious function caused by an unauthorized application .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Storage Device Security (AREA)
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US64177905P | 2005-01-07 | 2005-01-07 | |
US65590805P | 2005-02-25 | 2005-02-25 | |
KR1020050118681A KR20060081338A (ko) | 2005-01-07 | 2005-12-07 | 공유 콘텐츠 보호방법, 로컬 스토리지를 이용한 기록매체재생방법 및 재생장치 |
PCT/KR2006/000002 WO2006073251A2 (en) | 2005-01-07 | 2006-01-02 | Method and apparatus for protecting shared data and method and apparatus for reproducing data from recording medium using local storage |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1836707A2 true EP1836707A2 (de) | 2007-09-26 |
Family
ID=36647879
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP06700327A Withdrawn EP1836707A2 (de) | 2005-01-07 | 2006-01-02 | Verfahren und vorrichtung zum schutz gemeinsam benutzter daten und verfahren und vorrichtung zur wiedergabe der daten vom aufnahmemedium mithilfe lokaler speicherung |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP1836707A2 (de) |
WO (1) | WO2006073251A2 (de) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101887736B (zh) * | 2005-11-15 | 2012-11-21 | 松下电器产业株式会社 | 再现装置及其控制方法 |
KR100879808B1 (ko) * | 2006-12-11 | 2009-01-22 | 소프트캠프(주) | 파일서버로의 접근 통제시스템 |
US9263085B2 (en) | 2009-05-20 | 2016-02-16 | Sony Dadc Austria Ag | Method for copy protection |
CN105103232B (zh) | 2013-03-28 | 2017-09-22 | 三菱电机株式会社 | 再现装置、控制方法以及程序 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3888348B2 (ja) * | 2003-11-25 | 2007-02-28 | ソニー株式会社 | 情報提供システム、再生装置および方法、情報提供装置および方法、記録媒体、並びにプログラム |
-
2006
- 2006-01-02 WO PCT/KR2006/000002 patent/WO2006073251A2/en active Application Filing
- 2006-01-02 EP EP06700327A patent/EP1836707A2/de not_active Withdrawn
Non-Patent Citations (1)
Title |
---|
See references of WO2006073251A3 * |
Also Published As
Publication number | Publication date |
---|---|
WO2006073251A2 (en) | 2006-07-13 |
WO2006073251A3 (en) | 2006-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7668439B2 (en) | Apparatus for reproducing data, method thereof and recording medium | |
US20060153017A1 (en) | Method and apparatus for protecting shared data and method and apparatus for reproducing data from recording medium using local storage | |
US20060274612A1 (en) | Recording medium, apparatus for reproducing data, method thereof, apparatus for storing data and method thereof | |
TWI511128B (zh) | 光學唯讀儲存媒體 | |
KR101313825B1 (ko) | 정보 처리 장치, 정보 기록 매체 제조 장치, 정보 기록매체 | |
US8233777B2 (en) | Data transmitting method, recording medium, apparatus for reproducing data from recording medium using local storage and method thereof | |
JP2008523764A (ja) | 記録媒体のコンデンツを保護する方法及びその保護方法により保護されたコンデンツを収録している記録媒体 | |
EP1834329A2 (de) | Vorrichtung zum wiedergeben von daten, verfahren dafür und aufzeichnungsmedium | |
TWI360810B (en) | Information processing apparatus, information reco | |
US8285117B2 (en) | Information processing apparatus, disk, information processing method, and program | |
US8438651B2 (en) | Data reproducing method, data recording/ reproducing apparatus and data transmitting method | |
WO2006073251A2 (en) | Method and apparatus for protecting shared data and method and apparatus for reproducing data from recording medium using local storage | |
US20060262710A1 (en) | Recording medium, and method and apparatus for reproducing data from the recording medium | |
KR20080014881A (ko) | 기록 매체, 데이터 재생 장치, 데이터 재생 방법, 데이터저장 장치, 그리고 데이터저장 방법 | |
WO2006078099A2 (en) | Data transmitting method, recording medium, apparatus for reproducing data from recording medium using local storage and method thereof | |
KR20080012724A (ko) | 기록매체, 데이터 기록방법 및 기록장치와 데이터 재생방법및 재생장치 | |
KR20070011101A (ko) | 데이터 재생방법 및 데이터 재생장치, 기록매체와 데이터재생방법 및 데이터 기록장치 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20070801 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: KIM, KUN SUK LG ELECTRONICS INC. IP GROUP 16 |
|
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN |
|
18W | Application withdrawn |
Effective date: 20110131 |