JP2002074833A - Method and device for checking alteration of data and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To efficiently check alteration of the data which are recorded on a recording medium. SOLUTION: A recording film is broken as prescribed by a laser, etc., of large output, for example, and a media ID specific to a disk 230 is recorded in a lead-in area 230B of the disk 230. When file #1 is recorded on the disk 230, MAC value #1 is generated from the attribute information such as the copyright information on the file #1 and the media specific ID of the disk 230. The MAC value #1 is recorded as the header information on the file #1 and also recorded on a sequence block 232 of the area 230B. In a reproduction mode, new MAC value #1' that is generated from the attribute information on the file #1 and the media specific ID is compared with the MAC value #1 stored in the file #1 for checking alteration of the file #1. As the MAC value #1 of the file #1 to be stored in this file is generated by means of the information specific to the disk 230, the file #1 can be bound to the disk 230.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data falsification checking method and apparatus for checking the falsification of a content file recorded on a recording medium protected by copyright, and a recording medium.

[0002]

2. Description of the Related Art In recent years, DVD (Digital Versatile Disk)
As a result, the development of high-density optical discs has progressed, and with this, standardization of standards has been promoted. With this standardization,
UDF (Universal Disk Format) was formulated. DVD
DVD-RAM (DVD-Random Ac
cess Memory) uses a logical format according to the UDF. Also, CD-ROM (Compact Disc-Read
This UDF is applicable to a CD-R in which Only Memory (Writable Memory) is writable and a CD-RW in which rewritable data is rewritable.

[0003] In UDF, a hierarchical file system is used, and a subdirectory is referred to from information stored in a root directory. File is referenced.

The above will be described more specifically. The recording area on the disk is accessed with a sector as a minimum unit. For example, in a DVD-RAM, access is made from the inside to the outside of the disk. From the innermost side, an area (here, a system area) in which volume information is written is arranged following the lead-in area.
A position where a file entry (File Entry: hereinafter abbreviated as FE) of the root directory is written is shown.
The FE includes an Allocation Descriptor (hereinafter, abbreviated as AD), which is information on the address and length of a root directory, a subdirectory, and a file.

In the root directory FE, AD
Indicates the logical address and length of the root directory as an entity. The root directory contains one or more File Identifier Descrip
tor: hereinafter abbreviated as FID).
E and FE of the file are referred to. These FEs refer to the corresponding subdirectories and file entities. The substance of the subdirectory further includes one or more FIDs. That is, in UDF, except for the root directory, FID and FE
Are used as pointers to access in the order of FID, FE, and entity.

Incidentally, there is a tampering check as one of the technical elements relating to copyright protection of information data recorded on a recording medium. This is a technique for detecting the presence or absence of unauthorized tampering with recorded information data and detecting the presence or absence of unauthorized duplication of information data between recording media. In particular, in a broadcast-type encryption transmission system, information that is unique to each device or each category, such as a unique key given to the device, is used to transfer information data to each device. Can be tied to

Further, it is necessary to simultaneously introduce a method of binding information data as being closed by a recording medium. Since the above-mentioned tampering check method is an effective means for closing this information data on a recording medium, it can be said that it is a very important technical element in copyright protection.

[0008] Regarding the conventional data tampering check method,
A brief description will be given. For each file (content), which is a unit of information data, it is uniquely generated from attribute information such as important management information, copyright information and status information of the file, and it is difficult to identify source information by inverse operation. Such a falsification check value is obtained. The obtained tampering check value is written in a tampering check management value space provided on the recording medium, which is an area or a file that the user cannot easily access. When the recording medium is reproduced, a tampering check value is obtained based on the reproduced data, and the obtained tampering check value is compared with the tampering check value written in the tampering check value management space, so that an illegal file Check if the move or copy has taken place.

[0009] Similarly, a method of checking whether or not an unauthorized file has been moved or copied by obtaining a tampering check value for all the files existing on the same recording medium has been implemented. .

[0010] As a method of obtaining the tampering check value, for example, a MAC (M) defined in ISO / IEC9797 is used.
An operation method called essage Authentication Code) is known. Here, the falsification check value itself for each file may be referred to as MAC, and at this time, in particular,
A falsification check that targets all files on the same recording medium is called an ICV (Integrity Check Value), and the two may be differentiated. Hereinafter, the tampering check value for each file is referred to as MAC, and the tampering check value for all files on the same recording medium is referred to as IC.
V.

[0011]

Conventionally, as a method of binding an information data file existing on a recording medium to the recording medium, an ID unique to the recording medium is entered, and a content key reflecting the ID is used. It has been practiced to encrypt an information data file recorded on the recording medium. Similarly, there is also used a method in which a certain key is recorded on a recording medium while being protected by, for example, encryption, and the key is used for encrypting information data. In both cases, for example, even if a file recorded on a recording medium is illegally copied to another recording medium, an ID different from that of the copy source recording medium is inserted into the other recording medium. The encryption applied to the information data at the time of reproduction of another recording medium cannot be decrypted, and a state substantially closed by the recording medium can be realized.

However, according to this method, when copying or moving a file by a regular procedure, the information data to be copied or moved is decrypted, and the unique ID or key of the recording medium to be copied or moved is used. It is necessary to perform re-encryption using a password, which is very troublesome for the user.

By the way, in order to realize a similar mechanism, the use of the above-mentioned tampering check is also practiced. If the ICV can be reliably held on the recording medium, it is possible to detect inconsistency even when a file is illegally moved or copied on the recording medium. At the time when the inconsistency is detected, MACs are obtained for all the files presently present on the recording medium, and the obtained MACs are compared with the already recorded MACs, so that unauthorized movement and The copied file can be specified.

However, the procedure of calculating and checking the ICV takes a long time because the procedure of calculating the MAC for all the files existing on the recording medium is performed. On the other hand, the MAC alone does not necessarily bind the file on the recording medium. Therefore, the method using MAC includes at least the ICV described above.
It is absolutely necessary to use a combination of methods such as At that time,
In particular, a disk-shaped recording medium has a problem in that a drive system exists due to its structure, and it takes a long time to perform access to obtain information for obtaining MAC and ICV. In addition, there is a problem that this is also stressful for the user.

SUMMARY OF THE INVENTION It is therefore an object of the present invention to provide a data tampering check method and apparatus and a recording medium that can efficiently check data tampering.

[0016]

SUMMARY OF THE INVENTION In order to solve the above-mentioned problems, the present invention provides a data tampering check device for checking whether data recorded on a recording medium has been tampered with. A predetermined operation in which the identification information is fixedly recorded, and for each of one or a plurality of files recorded on the recording medium, based on the attribute information of the file and the identification information, the operation is unique and has no reversibility due to inverse operation. Reproducing means for reproducing a recording medium storing a first calculated value calculated by the method, a first calculated value stored in a file reproduced by the reproducing means, and an attribute of the file reproduced by the reproducing means Comparing means for comparing a second calculation value calculated by a predetermined calculation method based on the information and the identification information, and performing a first calculation based on a comparison result of the comparison means. If when the second calculation value do not match, the file is a data integrity check apparatus and determines that an illegal.

According to the present invention, in a data tampering check method for checking whether data recorded on a recording medium has been tampered with, unique identification information is fixedly recorded for each recording medium, A first calculation value calculated by a predetermined calculation method that is unique and has no reversibility by inverse calculation is stored for each of one or a plurality of files recorded on the basis of the attribute information and the identification information of the file. A predetermined operation based on a reproduction step of reproducing the reproduced recording medium, a first operation value stored in the file reproduced in the reproduction step, and attribute information and identification information of the file reproduced in the reproduction step. And comparing the second calculated value calculated by the method with the second calculated value.
A data tampering check method characterized by determining that a file is invalid when the first operation value and the second operation value do not match.

Further, according to the present invention, data is recorded and / or recorded.
Alternatively, in a reproducible recording medium, unique identification information for each individual is fixedly recorded, and based on a file's attribute information and identification information, a predetermined calculation method that is unique and has no reversibility due to inverse calculation. A recording medium on which one or a plurality of files storing a calculated first calculated value are recorded.

As described above, according to the present invention, the unique identification information is fixedly recorded for each recording medium, and the file attribute information and the file attribute information are recorded for each of one or a plurality of files recorded on the recording medium. A recording medium storing a first operation value calculated by a predetermined operation method that is unique and has no reversibility by inverse operation based on the identification information is reproduced, and the first medium stored in the reproduced file is reproduced. Calculated value,
A second operation value calculated by a predetermined operation method based on the attribute information and the identification information of the file reproduced by the reproduction means is compared, and based on the comparison result, the first operation value and the second operation value are compared. Since the file is determined to be invalid when does not match, the file can be bound to the recording medium.

[0020]

Embodiments of the present invention will be described below with reference to the drawings. First, for easy understanding, a basic data tampering check method when a disk is used as a recording medium will be described with reference to FIGS. The basic tampering check method described here is based on the MAC (Messa) of ISO / IEC9797.
ge Authentication Code). In the following, the tampering check value itself obtained for each file is referred to as a MAC value, and the tampering check value obtained for all files on the same recording medium is referred to as an ICV (Integrity Check Value).

FIG. 1 is a functional block diagram of an example schematically showing a falsification checking method when files # 1 and # 2 are newly added to a disk recording medium. For each of the files recorded in the user data area 110A of the disk recording medium (hereinafter, abbreviated as a disk) 110, a MAC value is obtained based on a MAC calculation method. For example, as shown in a file # 1 shown in FIG. 1, attribute information of a file such as copyright information and important information of the file and information serving as a key unique to the file, for example, an actual data portion of the file are encrypted. A predetermined operation is performed by the MAC operation unit 112A using the content key used in the operation and the MAC value # 1 is obtained.

The same applies to the other files.
A value is required. For example, in the file # 2, as described above, the MAC operation unit 1 uses the content key and the file attribute information such as the important information of the file and the copyright protection conditions.
The MAC value # 2 is obtained by 12B.

The MAC value is not limited to the above-mentioned copyright information, important information of the file, the content key, etc., but may be obtained by further using the number of times of reproduction or the number of times of copying of the file. For example, the copy generation of a file can be restricted by obtaining the MAC value by further using the number of times of copying of the file.

Note that the MAC value is a value generated by using a hash function which is a one-way function based on a given value, and the original value cannot be obtained by performing an inverse operation from the MAC value. .

Thus, files # 1 and # 2
MAC values # 1 and # 2 generated for
Are stored in the corresponding file as header information of the corresponding file. At the same time, the MAC value #
1 and # 2 are areas in the recording area of the disk 110 that the user cannot easily access, for example, the disk 1
10 are collectively stored in the lead-in area 110 </ b> B prepared in FIG. The lead-in area 110B is located on the disk 1
In the system in which 10 is handled, the area is not accessed by the file system, that is, the area that does not exist on the logical address in the file system.

Further, the MAC values # 1 and # 2 generated for each file are input to the MAC operation unit 113.
The MAC calculation unit 113 is further input with an ICV calculation key, and the ICV calculation key and the input MAC value # 1 are input.
And # 2 to generate an ICV. The ICV is a value reflecting information of all target files on the disk 110. The generated ICV is
Similarly to the MAC values # 1 and # 2 described above, the disk 1
Recorded in ten lead-in areas 110B.

As described above, when files # 1 and # 2 are newly added to the disk 110, the lead-in area 110B stores the MAC values # 1 and # 2, which are the tampering check values for each file. And an ICV which is a falsification check value reflecting information of all target files on the disk 110. Here, an area such as the lead-in area 110B in which information related to the tampering check is stored, and a data structure in the area are referred to as a sequence block. In FIG. 1, MAC values # 1 and # 2 for each file and an ICV are stored in a sequence block 114. Sequence block 114 is as described above. Of the recording area of the disk 110, the information is recorded in, for example, a lead-in area 110B that the user cannot easily access.

FIG. 2 is a functional block diagram showing an example of a procedure for reproducing / moving a specific file on the disk 110 or a timing at which a tampering check is requested in the system. The falsification check for a specific file is performed using the MAC value. For example, when the file # 1 is reproduced or moved, first, a MAC value is generated for the file by the method described above with reference to FIG. File#
1 for this MAC value # 1 ′
And

On the other hand, file # 1 is
The MAC value # 1 generated at the time of recording in the file # 1 and stored in the header part of the file # 1 and the MAC # 1 stored in the sequence block 114 of the lead-in area 110B together with the storage of the MAC # 1 in the header part Are taken out. The extracted MAC value # 1 and the above-described MAC value #
1 ′ is compared in the comparing section 115A. As a result of this comparison, the MAC value # 1 '
If they do not match the AC value # 1 and the MAC value # 1 extracted from the sequence block 114, the file #
It is determined that there is a possibility that tampering has been performed illegally with respect to No. 1 and error processing is performed in the system.

The tampering check for all files on the disk 110 is performed by the sequence block 11
4 is performed using the ICV stored in the storage unit 4. For example, when a certain file on the disk 110 (file # 1) is reproduced or moved, first, as described above,
M for all files existing on the disk 110
The AC value is generated, and the MAC value is calculated in the MAC operation unit 113 for all the generated files.
ICV 'is generated using the ICV calculation key.

On the other hand, the lead-in area 1 of the disk 110
ICV stored in 10B sequence block 114
Is taken out. The comparison unit 16 compares the ICV extracted from the sequence block 114 with the ICV ′ generated from the MAC values of all the files on the disk 110. As a result of the comparison, if the two do not match, the file is illegally moved or copied on the disk 110,
It is determined that erasure or the like has been performed, and error processing is performed in the system.

Based on the above basic tampering check method, a tampering check method according to the first embodiment of the present invention will be described. FIG. 3 schematically shows the data structure of the tampering check value according to the embodiment. The first embodiment focuses on the structure of the sequence block 114 in the basic configuration shown in FIGS. 1 and 2 described above. It is assumed that the recording medium to be applied is the disk 110 which is a disk-shaped recording medium as described above. In the first embodiment, applicable recording media are not limited to disc-shaped recording media.

The sequence block 114 includes one or a plurality of sequence pages 121A, 121B,... And a falsification check value ICV for all files on the disk 110. Sequence page 121A, 1
Each of 21B,... Has a data structure in which a plurality of falsification check values, for example, MAC values, for each file on the disk 110 are stored as a list structure. The association between each file and the MAC value is performed, for example, by arranging the entries of the MAC value in the sequence page in the order corresponding to the search order of the tree structure of the file constructed by the file system.

The files on the disk 110 are 1
Alternatively, a plurality of files are put together as a directory that is a superordinate concept. Sequence pages # 1, # 2, ...
Is associated with a directory in which files corresponding to the stored MAC values are collected. For example, fields storing IDs that allow the directories 122A, 122B,... And the sequence pages 121A, 121B,... To correspond to each other are defined in the sequence pages 121A, 121B,. By doing so, each directory 122A, 122B,.
.. and each sequence page 121A, 121B,...
Can be taken.

For example, sequence pages 121A and 121
Are associated with the directories 122A, 122B,... Formed on the disk 110, respectively. Sequence pages 121A, 121B, ...
Indicates that the MAC value generated from each file included in the corresponding directory and the ICV generated by inputting the MAC values of all the files included in the directory are stored.

As an example, the sequence page 121A associated with the directory 122A includes files # 1 [0] and # 1 stored in the directory 122A.
MAC values # 1 [0], # 1 [1] generated from each of [1],..., # 1 [n-1] (not shown),
..., # 1 [n-1], file # 1 [0], # 1
[1],..., And ICVs generated from all the MAC values of # 1 [n-1].

In the following, an IC generated by using the MAC values of all the files included in the directory as an input will be described.
V is called D-ICV. In FIG. 3, "#
“1” and “# 2” are written to distinguish the corresponding directory, and the contents of the brackets [] are written to distinguish the files stored in the directory.

Further, the above-described sequence block 11
4 are stored in each sequence page 121.
A, 121B,... All D-ICV # stored
1, # 2,... Are generated as inputs. Therefore, the ICV stored in the sequence block 114 is
As a result, MA
The value reflects the C value.

As described above, each sequence page 12
The number of MAC values stored in 1A, 121B,.
It changes according to the number of files stored in the corresponding directories 122A, 122B,. Similarly, the sequence page 121 stored in the sequence block 114
The number of A, 121B,... Changes according to the number of directories 122A, 122B,. Therefore, the sequence block 114
Are constructed as variable length areas, and each sequence page 121A, 121
B are also constructed as variable length areas.

FIG. 4 partially shows a physical format of an example of the disk 110. When the disk 110 records data from the disk inner peripheral side to the outer peripheral side, the upper side in FIG. 4 corresponds to the disk inner peripheral side, and the lower side corresponds to the outer peripheral side. A lead-in area 110B is arranged from the inner circumference side of the disk. The user data area starts from outside the lead-in area 110B. The user data area is an area to which a logical address is given and which can be accessed by a file system that handles the disk 110.
On the other hand, the lead-in area 110B is an area that does not exist on the logical address and is not accessed by the file system, as described above.

At the head of the lead-in area 110B, an area 130 for recording a media ID is provided with a size of, for example, 132 bytes. An emboss area 131 is arranged after the area of the media ID, and the area from the next of the emboss area 131 to the end of the lead-in area 110B is a rewritable area 132. The sequence block 114
Double writing is performed at a predetermined position in the rewritable area 132. A sequence block 114A and a sequence block 114B, each of which the sequence block 114 is double-written, are used.

The sequence block 114A is written in a fixed area 133 having a size of, for example, 128 Kbytes, starting from a predetermined position in the rewritable area 132. Then, a sequence block 114B composed of the same data as the sequence block 114A is written in the fixed region 133 'having a size of, for example, 128 Kbytes, which is arranged following the fixed region 133.

For example, in the fixed area 133, the sequence block 114A is written, for example, in a left-justified manner, and the remaining area 134 in the fixed area 133 is filled with stuffing bytes. The fixed area 133 ′ is also fixed area 13
3 has the same configuration as that of FIG.

FIG. 5 shows an example logical format of the sequence blocks 114A and 114B. In the figure,
A numerical value starting with “0x” indicates that the value is represented in hexadecimal. Here, the sequence block 114A will be described as an example. The bytes are shown horizontally. The first two-byte field “SPE Num” stores the total number of entries of the sequence page entered in the sequence block 114A. The next 4-byte field “Block Size” stores the size of the sequence block 114A itself. The number of bytes from the first byte of the sequence block 114A to the last byte of the last entry is stored.

A field "Revision" is arranged in four bytes following the field "Block Size". The field “Revision” stores the number of rewrites of the sequence block 114A and a value Revision indicating whether the sequence block 114A is in a valid or invalid state. Value Re
The vision is initially set to “0”, and the value is increased by “1” each time the sequence block 114A is rewritten. If the sequence block 114A is invalid or is being rewritten, the value Revision = Invalid Nu
m, and that is indicated. Value Invalid Nu
m is indicated, for example, by a value “0xFFFFFFFF”.

The 6 bytes following "Revision" and the next 16 bytes are system reserved. The ICV can be stored in this system reserved byte. From the 133rd byte, sequence pages 121A, 1
21B,... Are entered. When the information of the sequence page corresponding to all the directories existing on the disk 110 is entered, for example, the stuffing byte consisting of all “0” is used for the sequence block 1.
The fixed area 133 where 14A is stored is filled up to the last byte. The field “Block Si
Since the size information of the sequence block 114A itself is described in “ze”, the stuffing byte is not necessarily required.

As described above, in this embodiment, the sequence block is constituted by a set of sequence pages having a data structure corresponding one-to-one to each directory existing on the disk 110.

FIG. 6 shows sequence pages 121A and 12A.
1B,... Show an example of a logical format. In the figure,
A numerical value starting with “0x” indicates that the value is represented in hexadecimal. Here, the sequence page 121A will be described as an example. The first two-byte field "Page
The “ID” stores a Page ID for associating the sequence page 121A with a directory in the file system on the disk 110. Next 2
The byte field “Entry Num” stores the total number of MAC values entered in the sequence page 121A. The next 4-byte field "Pa
“ge Size” stores the size of the sequence page 121A itself. The number of bytes from the first byte of the sequence page 121A to the last byte of the last entry is stored. The next 8 bytes are reserved for the system.

Field "D-ICV" at the 17th byte
Stores D-ICV. Then, the MAC value is stored from the following 25th byte. The MAC value is, for example, 64
It has a fixed length of bits, that is, 8 bytes. MAC
The value is 8 from the 17th byte of the sequence page 121A.
Packed byte by byte.

As described above, in this embodiment, the field "Page ID" in which the sequence page stores a value that can correspond one-to-one with the directory on the disk 110 is defined. Therefore, in the falsification check procedure, the sequence block 114
The processing can be performed only for a specific sequence page in A. That is, according to the first embodiment, data tampering check can be performed only for a specific directory on the disk 110.

In this embodiment, the above-described sequence blocks 114A and 114B function as backup for each other. That is, when a file on the disk is played, changed, copied, etc., one is updated when the process is started, the other is prohibited from being updated during the process, and updated when the process is completed. So that As a result, even if the system is shut down during the processing, for example, the power is turned off, one of the sequence blocks 114A and 114B remains normal, and it is easy to return the state of the disk 110 later. is there.

FIG. 7 shows a procedure for updating the sequence blocks 114A and 114B according to this embodiment. 7A and 7B show the sequence block 114
A and the field "Revisio" in 114B.
n ”are shown. In FIG. 7, it is assumed that time progresses from the upper side to the lower side of the figure. At time A, file processing such as updating or copying a file recorded on the disk 110 or new recording of a file is started, and the processing ends at time B. FIG. 7C shows the value of the field “Revision” at each time. The field “Revisio” of the sequence blocks 114A and 114B
It is assumed that the values of “n” are both initially Revision = n−1.

When the file processing for the file on the disk 110 is started at time A, the sequence block 114B is temporarily deleted. At this time, only the value of the field “Revision” of the sequence block 114B is changed to Revision = Invalid Num and left. Alternatively, with the start of the file processing at time A, the existing sequence block 114B sets the field “Revision” (and the field “SPEN”) with the value Revision = Invalid
um ”and a field“ block size ”).

On the other hand, even if the file processing on the disk 110 is started at time A, nothing is changed in the sequence block 114A, and the field “Revision” is set.
Is also kept at Revision = n-1.

When the file processing is completed at time B, the result of the file processing is reflected and the field “Re
A sequence block 114B in which the value of “vision” is Revision = n is written. That is,
The value of the field “Revision” is increased by 1 from the value before the file processing. Of course, the disk 110
MAC for all files and directories above
The value and D-ICV are also recalculated and the sequence page is reconstructed and stored in sequence block 114B.

When the writing of the sequence block 114B is completed, the writing of the sequence block 114A is started. First, the value of the field "Revision" of the sequence block 114A is set to Revision.
n = Invalid Num, and the sequence block 114A is invalidated (time C). Then, the result of the file processing is reflected, and the field “Revisi
The sequence block 114A in which the value of “on” is Revision = n is written. Thereafter, the sequence blocks 114A and 114B are made of the same data, and have the same Revision = n in the field “Revision”.

Thus, the sequence block 11
By updating 4A and 114B, one of the sequence blocks 114A and 114B is always valid at any time shown in FIG.
Therefore, even if the system goes down for some reason during file processing such as data recording or copying, rescue processing can be performed.

That is, when the system returns, the MAC value, ICV, and D-ICV are generated from the files and directories on the disk 110 at the present time, and these generated values and the system return among the sequence blocks 114A and 114B are returned. Immediately after, the contents of the sequence block that is valid are compared. By finding the difference between the two, some kind of remedy can be taken.

FIG. 8 is a flowchart showing an example of a procedure for updating the sequence block including the rescue procedure. The process according to this flowchart is executed when data recorded in the sequence blocks 114A and 114B is updated.

First, in the first step S10, the fields "Re" of the sequence blocks 114A and 114B are set.
vision "(Revision # 1, Revision # 1, respectively)
Revision # 2) are compared. If the result of the comparison is that Revision # 1 and Revision # 2 do not match, the processing moves to step S11.

In step S11, the field “Revi” in the sequence blocks 114A and 114B
"sion" is Revision @ Invalid
The data of the sequence block of Num is read. The data to be read is the data of each sequence page stored in the sequence block. This data is referred to as data A.

In the next step S12, a MAC operation is performed based on the current data on the disk 110, and data of a new sequence block is generated. At this time, as in step S11 described above, the data to be generated is a sequence page based on the files and directories on the disk 110. This data is referred to as data B.

In step S13, data A and data B described above are compared. As a result of the comparison, if it is determined that the data A and the data B match, it is determined that there is no problem, and a series of processes in this flowchart ends, and the process shifts to a normal process. On the other hand, step S1
If it is determined in step 3 that data A and data B do not match, the process proceeds to step S14.

In step S14, data A and data B
Is extracted, and based on the difference, the disk 110
Remedies for the above files will be taken. For example, data A
By calculating the difference between the data and the data B, it is possible to find a file or directory that should exist but does not actually exist according to the sequence block on the disk 110. Similarly, by comparing data A and data B, since the copyright information of a predetermined file has been rewritten, the MAC value is different from the MAC value recorded in the sequence block. Find files and more.

A remedy is applied to such a file if possible. For example, the EOF
(End OF File) can be added to compose the file forcibly. Further, for a file in which copying or rewriting of copyright information may have been illegally performed, the file may be given a non-reproducible attribute or the file may be deleted.

After the difference between the data A and the data B is extracted and a file rescue procedure is performed, the sequence block 114A is executed as described above with reference to FIG.
And 114B are updated.

On the other hand, in the above-described step S10, the fields "R" of the sequence blocks 114A and 114B are set.
Revision # 1 and Revision # 2, which are the values of "evision", are compared, and if it is determined that they match, the process proceeds to step S15.
In step S15, the sequence block 11
For 4A and 114B, it is determined whether the data in the other fields match each other. If it is determined that they are the same, it is determined that there is no problem, and a series of processes in this flowchart ends, and the process shifts to a normal process.

On the other hand, if it is determined in step S15 that the data of the other fields do not match each other, the process proceeds to step S16, where the error correction processing of the sequence block 114A or 20 'is performed. When the error correction processing of the sequence block is performed, a series of processing according to this flowchart is terminated,
Move to normal processing.

The error correction processing in step S16 is as follows.
For example, it can be performed as follows. Disk 11
Get file and directory information that exists on
Based on the obtained information, the MAC value for each file, the D-ICV for each directory, and the disk 11
Then, an ICV of the entirety is generated, and a current sequence block on the disk 110 is created. The created sequence block is compared with the sequence blocks 114A and 114B read from the disk 110, respectively. Then, the sequence block updating procedure described above with reference to FIG. 7 is performed based on the sequence block 114A and 114B that matches the newly generated sequence block.

Next, a first application example of the data tampering check method according to the present invention will be described. The first application example is a preferred example used when files of the same type are collectively stored for each directory on the disk 110. More specifically, a plurality of directories A, B, C,.
Each directory A, B, C,... Is composed of different types of files. For example, directory A is composed of still image files, directory B is composed of moving image files, and directory C is composed of audio files. In this way, when a versatile recording medium is considered,
Various types of data exist on the same recording medium.

In general, the falsification check is performed relatively frequently, for example, when a recording medium is set in an application or when the power of the apparatus is turned on with the disk 110 loaded in the disk drive. It is expected to be done. Similarly, when a new recording is performed on a recording medium, or when a file is copied or moved with another recording medium, an ICV
And the sequence blocks 114A and 114B
Will be updated.

Here, the application is a program that is recorded / recorded on this recording medium, such as application software installed in a computer device, or a dedicated device in which hardware and software are integrally configured.
Refers to a configuration that can perform playback and the like.

On the other hand, depending on the application, all data existing on the recording medium cannot always be handled. For example, in the case of a music playback device, if only a directory composed of music files is targeted, and the directory is closed to perform the falsification check procedure, the time efficiency can be improved. In particular, when the recording medium is disk-shaped, as in the above-described disk 110, the time required to access a predetermined address is relatively long due to its structure. Time efficiency is not negligible.

According to the first embodiment, the sequence page includes the MAC value of each file constituting one directory and the ICV generated by inputting all the MAC values of the directory. The sequence page associated with each of all the directories on the medium is stored in the sequence block by giving each field. Therefore, it is possible to perform a closed tampering check on each sequence page. Therefore, when files of the same type are collectively stored for each directory as described above, the tampering check can be efficiently performed in time by applying the tampering check method according to the present invention.

Next, a second application example of the data tampering check method according to the first embodiment will be described. In a second application example, a directory is recorded separately for copyright-protected data and non-copyright-protected data, for example, personally photographed or recorded data or copyright-free data. This is a preferred example used in such a case.

Originally, data that is not copyright protected as described above can be copied, moved, updated, etc. without going through a security system such as tampering check. However, if such non-copyrighted data is subjected to the above-mentioned tampering check, the data cannot be reproduced or deleted in some cases, and usability is impaired.

On the other hand, a method is conceivable in which whether or not the file is to be subjected to tampering check is specified in file units. However, even with this method, if the tampering check procedure is closed for the entire recording medium, after all, all files on the recording medium must be scanned to determine whether to perform tampering check on each file. However, a time loss occurs in the same manner as described in the first application example.

According to the present invention, as described above, it is possible to determine on a directory basis whether or not a data tampering check is to be performed. Therefore, by storing data that requires copyright protection and data that does not require copyright protection in different directories, it is possible to perform a data tampering check with less time loss.

Next, a second embodiment of the present invention will be described. In the second embodiment, the MAC value is generated using physically unique and unique information of the disk-shaped recording medium itself. Thereby, the file can be bound to the disc-shaped recording medium,
It is possible to prevent illegal copying of a file to another recording medium.

FIG. 9 is a functional block diagram showing an example of a basic process for performing a data tampering check according to the second embodiment. The disc 230 has a user data area 230A in which user data is recorded and a lead-in area 230B having no logical address according to the file system, as in the first embodiment. Further, in the second embodiment, the disk 23
The medium unique ID is recorded in a predetermined area of the disk 230 by a method that is unique to 0 and cannot be tampered with, or is very difficult to tampering.

The media unique ID is preferably recorded in an area that cannot be easily accessed by the user, such as the lead-in area 230B. further,
The media unique ID is such that the recording film itself of the disk 230 is destroyed by a high-output laser or the recording surface of the disk 230 is physically damaged so that the user cannot or cannot easily tamper with the medium. such as,
More preferably, recording is performed by a destructive recording method. However, the present invention is not limited to this. For example, when the disc 230 is shipped, the ID unique to the surface or the recording
Can be engraved, and this can be used as the media unique ID.

User data area 230 of disk 230
For each of the files recorded in A, the MAC value is calculated based on the MAC calculation method. At this time,
The above-described media unique ID is also read and used as an input for the MAC operation. In FIG. 9, disk 2
From file # 1 recorded in file 30, file attribute information such as copyright information and important information of the file, and information serving as a key unique to the file, for example, used when encrypting the actual data portion of the file. The read content key is read and supplied to the MAC operation unit 231. On the other hand, the media unique ID recorded in, for example, the lead-in area 230B of the disk 230 is read and supplied to the MAC operation unit 231.

The MAC operation unit 231 generates a MAC value # 1 using the important information and the content key of the file obtained from each file and the media unique ID recorded on the disk 230. Generated MAC
The value # 1 is the file # 1 as the header information of the file # 1.
1 and stored in the sequence block 232. The sequence block 232 is recorded in the lead-in area 230B. Sequence block 232
Corresponds to the above-described sequence block 14 and indicates an area in which information related to tampering check is stored and its data structure.

FIG. 10 is an example functional block diagram showing a data tampering check method according to the second embodiment. First, as shown in FIG. 10A, a MAC value # 1 is generated from the information on the file # 1 and the media unique ID in the same manner as that shown in FIG. 9 described above, and the generated MAC value # 1 is stored in the file # 1 as header information of the file # 1. The MAC value # 1 is stored in the sequence block 232 together with the MAC values of other files on the disk 230. Where this file #
Consider a case where 1 is copied or moved to a disk 230 ′ different from the disk 230 without going through the normal procedure.

In the same manner as described above, the disc 230 'has a media unique ID in the lead-in area 230B, for example.
Is recorded. The disks 230 and 23
The media unique IDs recorded in 0 'are referred to as media unique ID-1 and media unique ID-2, respectively.
The media unique ID is unique to the recording medium, and the media unique ID-1 of the disc 230 and the media unique ID-2 of the disc 230 'have different values.

When the file is copied or moved, as shown in FIG. 10B, a data tampering check is performed on the destination disk 230 '. First, the important information of the file and the content key are extracted from the header information of the file # 1 on the disk 230 'and supplied to the MAC operation unit 231. At the same time, the disk 230 '
Is read out and the MAC operation unit 2
31. The MAC operation unit 231 performs a MAC operation using the supplied important information of these files, the content key, and the media unique ID-2, and
A value # 1 ″ is generated. The generated MAC value # 1 ″ is supplied to the comparing unit 233.

On the other hand, the header information of the file # 1 stores the MAC value # 1 generated based on the medium unique ID-1 in the copy source disk 230. This MAC value # 1 is read from the header of file # 1,
The signal is supplied to the comparison unit 233.

In the comparing section, these supplied MAC values #
1 and the MAC value # 1 ″. As described above, the media unique ID-1 of the disk 230 and the disk 23
This is different from the media unique ID-2 of 0 ′. Therefore, even if the file # 1 on the copy source disk 230 and the file # 1 on the copy destination disk 230 'have exactly the same contents, the MAC generated using the media unique ID-1 is used.
MA generated using value # 1 and media unique ID-2
The value differs from the C value # 1 ", and the MAC value does not match.

Further, the disk 230 'of the file # 1
Since the copying to the file does not follow a regular procedure, the MAC value corresponding to the copied file # 1 is not stored in the sequence block 232 ′ on the disk 230 ′. Therefore, as shown in FIG. 2 described above, the MAC value stored in the sequence block 232 ′ and the disk 23
When comparing with the MAC value of all files on 0 ',
Fraud will be detected.

As described above, according to the second embodiment, it is possible to copy or move a file between different disks, but a file copied or moved is detected at a copy or movement destination. can do. Therefore, for example, reproduction of the file from the copy or movement destination disk can be prohibited, or the file can be deleted from the copy or movement destination disk. This effectively allows a certain file to be tied to a certain disk.

Further, according to the second embodiment, it can be understood that the ICV is not always necessary for the data tampering check. The ICV is for maintaining the consistency of the files existing on the same recording medium. However, since the MAC operation is performed on all the files existing on the recording medium, the time efficiency is low. However, by using the second embodiment, since the correspondence between the recording medium and the file is substantially one-to-one, it is possible to maintain the consistency of the entire recording medium even without the ICV.

In particular, when the recording medium has a disk shape,
Due to its structure, the time required to access a predetermined address is relatively long, and as the recording capacity increases, its time efficiency cannot be ignored. This problem can be reduced by using the second embodiment.

Next, a modification of the second embodiment will be described. In the second embodiment described above, the MAC
As an input at the time of calculation, a media unique ID that is unique to the recording medium and that cannot be falsified or is difficult to falsify
Was used. On the other hand, in this modified example, the defect information recorded on the recording medium, which is defect information of the recording medium, is used as an input at the time of the MAC calculation. Since the defect information takes different values for each recording medium with a sufficiently large probability, it can be information unique to the recording medium. Therefore, the same tampering check as in the second embodiment described above can be performed using the defect information.

[0094] The disk-shaped recording medium always contains
A physical defect in the recording area occurs. The physical defect of the recording area generated at the time of manufacturing is called a defect.
This defect occurs randomly in the manufacturing process of the disc-shaped recording medium, and the probability that another disc-shaped recording medium having the same defect state as a certain disc-shaped recording medium exists in a manufacturing lot is sufficiently small. . Therefore, the defect information can be said to be unique physical information in the disk-shaped recording medium.

As a premise of this modification, when the disc-shaped recording medium is shipped, this defect state is verified and a PDL (Primary) in which the defect state for each minimum unit of recording is reflected.
Defect information called “Defect List” is recorded on each disc. FIG. 11 shows a data structure of an example of the PDL. The PDL is composed of a bit string, and the first 16 bits are a fixed value indicating that this data is a PDL. Each bit from the next represents each of the minimum recording units of the disk-shaped recording medium in accordance with, for example, the ascending order of the addresses, and stands up, that is, has a defect in the minimum recording unit corresponding to the bit whose bit value is “1”. Indicates that the minimum recording unit cannot be used. This bit string is recorded over the entire minimum recording unit number of the disc-shaped recording medium. The PDL has a capacity of 2 to 16 KBytes, for example, if the total recording capacity of the disc-shaped recording medium is 2 GBytes.

It is necessary that the PDL is recorded in an area which cannot be easily accessed by a user, such as a lead-in area, on a disk-shaped recording medium so that the PDL itself is not falsified.

In a modification of the second embodiment, this PDL is used for MAC operation. As a result, the file recorded on the disc-shaped recording medium is closed on the disc-shaped recording medium.

FIG. 12 is a functional block diagram showing an example of a basic process for performing a data tampering check according to a modification of the second embodiment. Disk 240
As in the first and second embodiments described above, it has a user data area 240A in which user data is recorded and a lead-in area 240B having no logical address by the file system. PDL is in the lead-in area 24
0B is recorded.

User data area 240 of disk 240
For each of the files recorded in A, the MAC value is calculated based on the MAC calculation method. At this time,
The above-described PDL is also read and used as an input for the MAC operation. Referring to FIG. 12, from file # 1 recorded on disk 240, important information such as copyright information and key information unique to the file, for example, used when encrypting the actual data portion of the file. The read content key is read and supplied to the MAC operation unit 241. On the other hand, the PDL recorded in, for example, the lead-in area 240B of the disk 240 is read and supplied to the MAC operation unit 241.

The MAC operation unit 241 uses the important information and the content key of the file obtained from each file and the PDL recorded on the disk 240 to
Generate a MAC value # 1. The generated MAC value # 1 is
It is stored in the file # 1 as header information of the file # 1 and also stored in the sequence block 242.
The sequence block 242 includes the lead-in area 240B
Will be recorded.

FIG. 13 is a functional block diagram showing an example of a data tampering check method according to a modification of the second embodiment. First, as shown in FIG. 13A, the MAC value # 1 is generated from the information on the file # 1 and the PDL by the same method as that shown in FIG.
AC value # 1 is stored in file # 1 as header information of file # 1. Also, the MAC value # 1 is
It is stored in the sequence block 242 along with the MAC values of other files on 40. Here, this file # 1
Is copied or moved to a disk 240 ′ different from the disk 240 without performing a regular procedure.

[0102] On the disc 240 ', PDL is recorded in the lead-in area 240B in the same manner as described above. The PDLs recorded on the disks 240 and 240 'are called PDL-1 and PDL-2, respectively. The probability that these PDL-1 and PDL-2 have the same value is extremely small as described above.

When the file is copied or moved, as shown in FIG. 13B, a data falsification check is performed on the destination disk 240 '. First, the important information of the file and the content key are extracted from the header information of the file # 1 on the disk 240 ′ and supplied to the MAC operation unit 241. At the same time, the disk 240 '
Is read out and supplied to the MAC operation unit 241. The MAC operation unit 241 uses the important information of the file, the content key, and the PDL-2 to perform MAC
The calculation is performed to generate the MAC value # 1 ″.
The AC value # 1 ″ is supplied to the comparison unit 243.

On the other hand, in the header information of file # 1, MAC value # 1 generated based on PDL-1 in copy source disk 240 is stored. This MAC value #
1 is read from the header of file # 1, and the
3 is supplied.

In the comparing section, these supplied MAC values #
1 and the MAC value # 1 ″. As described above, the PDL-1 of the disk 240 and the PDL of the disk 240 ′ are compared.
Since the probability that -2 matches is extremely small, file # 1 on copy source disk 240 and copy destination disk 2
Even if the file # 1 of 40 'has exactly the same contents,
MAC value # 1 generated using PDL-1 and PDL
The value differs from the MAC value # 1 ″ generated using −2 with an extremely high probability, and the MAC value does not match.

Further, the disk 240 'of the file # 1
Since the copying to is not performed according to a regular procedure, the sequence block 242 ′ on the disk 240 ′ does not store the MAC value corresponding to the copied file # 1. Therefore, when the MAC value stored in the sequence block 242 'is compared with the MAC values of all the files on the disk 240', a fraud is detected.

As described above, in the modified example of the second embodiment, the file can be copied or moved between different disks as in the second embodiment, but the copying or moving can be performed. Previously, a file that has been illegally copied or moved can be detected. Therefore, for example, reproduction of the file from the copy or movement destination disk can be prohibited, or the file can be deleted from the copy or movement destination disk. This effectively allows a certain file to be tied to a certain disk.

Further, a modification of the second embodiment is as follows.
As in the second embodiment described above, the ICV is not always necessary for checking data tampering.
The ICV is for maintaining the consistency of the files existing on the same recording medium. However, since the MAC operation is performed on all the files existing on the recording medium, the time efficiency is low. However, by using this modified example, the correspondence between the recording medium and the file is substantially one-to-one, so that the consistency of the entire recording medium can be maintained even without the ICV.

In particular, when the recording medium has a disk shape,
Due to its structure, the time required to access a predetermined address is relatively long, and as the recording capacity increases, its time efficiency cannot be ignored. This problem can be reduced by using the modification of the second embodiment.

The first and second embodiments and the modifications of the second embodiment can be implemented in combination with each other.

FIG. 14 shows the logical format of the disk-shaped recording medium 1 applicable to the present invention in association with the disk shape. The logical format of the disk-shaped recording medium 1 is UDF (Universal Disk
Format). Disc-shaped recording medium 1
(Hereinafter, referred to as a disk 1), a lead-in area 10 is arranged on the innermost circumference. A logical sector number (LSN: Logical Sector Number) from outside the lead-in area 10
r) is assigned, and the volume information area 11,
Area DAN (Data Area Number) -1, DAN-2, DA
N-3 and a volume information area 12 are arranged, and a lead-out area 13 is arranged at the outermost periphery. Area DAN-1
A logical block number is assigned to DAN-3.

FIG. 15 shows the contents of an example of the volume information areas 11 and 12. In the volume information area 11, VRS (Volume Recognitio
n Sequence), MVDS (Main Volume Descriptor) and LVIS (Logical Volume Integrity Sequence) are written. At the end of the volume information area 11, an anchor point is set. Also, the volume information area 1
1 is stored in the volume information area 12 inside the lead-out area 13 in RVDS (Reserve Volume Descriptor S).
equence) twice. Volume information area 1
At the beginning and end of 2, an anchor point is placed. The anchor point at the end of the volume information area 12 corresponds to the last logical sector number.

While the logical sector number is between 272 and (final logical sector number-272), LVS (Logical Volume Sp
ace), and a partition area is provided. This L
The above-mentioned areas DAN-1 to DAN-3 are arranged in the VS. The area DAN-1 provided on the innermost side of the LVS is
It consists of FSD (File Set Descriptor) and SBD (Space Bitmap Descriptor) based on the UDF regulations. SB
D represents the entire free area information of the disk 1 by setting a flag for each sector. In addition, the area DAN-
1 shows the address of the FE of the root directory of the hierarchical structure of the file system.

An area DAN-2 is a directory FE (F
ile (Entry) and the entity's FID (File ID). That is, the FE of these directories and the FID of the entity are collectively recorded in the area DAN-2. In the area DAN-2, a predetermined capacity is continuously secured in advance at the time of formatting to be described later. Although details will be described later, the unused area of the area DAN-2 is secured as a file to which a specific attribute is added. Hereinafter, a file consisting of an unused area of this area DAN-2 is referred to as E
Called IF (Entry Information File). By handling the unused area as a file as an EIF,
In this case, the unused area can be prevented from being recognized as a free area.

As already described in the conventional example, FE indicates the actual location (address) and size of a file or directory. AD (Allocation Descriptor) during FE
Indicates this information. Also, FID is
The name of the file or directory, and the location (address) and size of the FE are shown. ICB in FID (Informati
on Control Block) describes this information.

The area DAN-3 is an area where the FE of the file and its substance are placed. In the area DAN-3, the FE of the file and the file corresponding to the FE are:
They are arranged consecutively in address. When a file is added, the FE of the file to be added is continuously arranged in address with respect to the existing file, and the substance of the file is continuously arranged in address. In this way, by arranging the FEs and entities of the file consecutively in terms of address, the file can be accessed at high speed.

Referring to FIGS. 16 and 17, a method of managing directories, files and free areas in the disk-shaped recording medium 1 will be described. FIG. 16 is a diagram in which regions DAN-1 to DAN-3 are extracted from FIG. Here, it is assumed that the data recording direction is counterclockwise as shown in an example in FIG. FIG. 17 shows a hierarchical structure of an example of each FE, FID, and entity.

For example, if the FE of the root directory is LS
It is assumed that the processing starts from N = a. F of root directory
The address and size of the entity of the root directory are indicated by AD in E. The address of the root directory can be arranged continuously with the FE of the root directory. For example, LSN = a + 1. The root directory entity includes one or more FIDs. The name, address, and size of the FE of a subdirectory of the root directory (hereinafter, abbreviated as a subdirectory) are described in the FID. F in subdirectory
E is arranged so as to be continuous with the entity of the root directory, for example, LSN = a + 2. The address and size of the entity of the subdirectory are described by the AD in the FE of the subdirectory. The address of the entity of this subdirectory is arranged so as to be continuous with the FE of the subdirectory.
N = a + 3. The entity in the subdirectory includes one or more FIDs, and describes the name, address, and size of the FE of the file or another subdirectory.

By referring to the FEs, FIDs, and entities in this manner, as shown in an example in FIG. 17, the FE of the root directory located at a predetermined position on the innermost periphery of the area DAN-2 is determined. In succession, the entity of the root directory and subdirectory information of the root directory are arranged.

On the other hand, referring to FIG. 17, the name, address and size of the FE of the EIF are described by the FID in the substance of the root directory. And FE of EIF
The address and size of the entity of the EIF are described by the AD in the middle. As described above, since the EIF is treated as a file, its address and size are indicated by the FE as in the case of other files.

As shown in an example of FIG. 16, the FE of the EIF is arranged, for example, after the entity of the EIF.
The start and / or end address and size of the entity of the EIF vary depending on the amount of each information written in the area DAN-2, as described later.

As described above, the FE of the root directory, the entity of the root directory, the FE of the subdirectory of the root directory, the entity of the subdirectory of the root directory, the FE of the EIF, and the entity of the EIF are stored in the area DA.
N-2.

In the area DAN-3, the FE of the file and the substance of the file are arranged. The substance of the file is an area where user data and the like are actually written. FIG.
As shown in an example in FIG. 7, the FE of the file in which the name, the address, and the size are described by the FID in the substance of the root directory is arranged in the area DAN-3.
At this time, the start address of the FE of the file is LSN =
d. The address and size of the entity of the file are indicated by the AD in the FE of the file. The substance of the file is arranged so as to be continuous with the FE of the file. For example, the start address is LSN = d + 1.

As described above, the area DAN-2 is reserved in advance when the disk 1 is formatted. Next, an example of a format method of the disc 1 will be schematically described. It is assumed that the lead-in area 10 and the lead-out area 13 already exist before the format process, for example, they are created in advance during a press process for manufacturing the disc 1. The formatting process proceeds from the inner circumference to the outer circumference of the disk 1.

When the format processing is started, first, the above-mentioned VRS, MVDS and LVIS are written from outside the lead-in area 10. Next, an LVS is created. In the LVS, first, an area DAN-1 is created. The FSD is written and the location of the root directory is determined. Then, an SBD is created. At this time, the EIF area is secured by setting the EIF area as a used area in the SBD.

When the SBD is created and the area DAN-1 is created, next, the area DAN-
2 is created. In the creation of the area DAN-2, first, the root directory FE and the substance of the root directory are continuously written at predetermined addresses based on the FSD written in the area DAN-1. Next, the FID of the EIF is added to the entity of the created root directory. In this FID, the address of the FE of the EIF is specified.

At this time, the attribute of the EIF is specified in the FID. The designated attribute of the EIF is for preventing the EIF from being deleted, rewritten, or moved by another device or an OS (Operating System). For example, "hidden file attribute", "system file attribute", and "read-only file attribute" are all specified as attributes of the EIF.

The “hidden file attribute” is an attribute that makes it impossible to browse a file for which this attribute is set by a normal method. The “system file attribute” is an attribute indicating that the file to which this attribute is set is a file necessary for the system. The “read-only file attribute” is an attribute indicating that the file to which this attribute is set is read-only, and that alteration or deletion is prohibited by the system. By designating these three attributes together in a file, it becomes impossible to perform processes such as erasing, rewriting, and moving the file except for intentional operations. Note that these attributes can be canceled by a predetermined method.

Next, the FE of the EIF is created. As described above, the FE specifies the address and size of the file. Therefore, the file exists only by designating the FE, and can be used as a dummy file. “Read-only file attribute” and “system file attribute” are specified in the FE of the EIF.

As described above, by making the EIF exist in the area DAN-2, the free area of the area DAN-2 is
F. As mentioned above, D
After the format process, the FE and the entity of the subdirectory are written in AN-2. At this time, E
By removing the IF area, the FE and entity of these subdirectories are created in the area DAN-2.

Although details will be described later, the area DAN-2
Are not limited to the order described above, and may be performed in another order. At this time, naturally, the arrangement order of each information in the area DAN-2 also changes.

Thus, the area DAN-2 is created. Outside the area DAN-2 is the area DAN-3,
No processing is particularly performed in the area DAN-3. For example, the following processing is performed while skipping the area specified as the area DAN-3. After the area DAN-3, RVDS
Is created. As described above, the information of the previously created VRS, MVDS, and LVIS is written twice. The RVDS is created, and the formatting process of the disc 1 is completed.

FIG. 18 shows an example of the configuration of a drive device applicable to the present invention. Here, it is assumed that the above-described disc 1 uses a phase-change metal material for the recording layer, and the drive device controls the temperature applied to the recording layer by adjusting the laser output to change the state between crystalline and non-crystalline. It is assumed that data is recorded on the disk 1 by the phase change technique to be performed.

The disc 1 is driven to rotate by a spindle motor 22. Record data on disk 1,
An optical pickup 23 is provided for reproducing data from the disk 1. The optical pickup 23 is fed by a feed motor 24 in the radial direction of the disk.

The data from the external host computer 30 is transmitted to the interface 29 (for example, SCMS (Serial Co.
py Management System)). An encoder / decoder block 25 is connected to the interface 29, and a buffer memory 26 is connected to the encoder / decoder block 25. The buffer memory 26 holds write data or read data.

The write data is supplied to the encoder / decoder block 25 via the interface 29.
In the encoder / decoder block 25, at the time of recording,
The data in the format described above is generated, and then the data is encoded according to the format. At the time of reproduction, decoding processing is performed, and digital data is output to the host computer 30 via the interface 29. The address is added as a subcode in, for example, the encoder / decoder block 25, and is also added to a header in the data.

The recording data from the encoder / decoder block 25 is supplied to the laser driver 28 via the recording equalizer 27. In the laser driver 28, a drive waveform having a predetermined level for recording recording data on the disk 1 is generated. Laser driver 2
8 is supplied to the optical pickup 23 to record data. As described above, the laser power of the laser driver 28 is controlled to be appropriate by the APC (Automatic Power Control) in the RF signal processing block 31. Further, a signal generated by the return light from the disk 1 is supplied to the RF signal processing block 31. The address extraction circuit 32 extracts address information based on the signal supplied from the RF signal processing block. The extracted address information is stored in a control microcomputer 33 described later.
Supplied to

Further, in the RF signal processing block 31, the tracking error signal TERR,
A focus error signal FERR is generated. The tracking error signal and the focus error signal are supplied to the servo block 34.

The control microcomputer 33 controls the seek operation using the address and controls the laser power using the control signal. The control microcomputer 33 is a CPU
(Central Processing Unit), RAM (Random Access Me
mory) and ROM (Read Only Memory)
Interface 29, encoder / decoder block 25, RF signal processing block 31, servo block 34
Control the entire drive, etc. A memory 36 is connected to the control microcomputer 33.

Further, access to the lead-in area 10 of the disk 1 is controlled by the control microcomputer 33. The above-described sequence block recorded in the lead-in area is read by the control microcomputer 33. The read sequence block is stored in the memory 36, for example. The header information of the file recorded in the user data area (area DAN-3) of the disk 1 is read by the control microcomputer 33 and stored in, for example, the memory 36. Also, as shown in the second embodiment and its modifications, a media unique ID and PDL physically written on the disk 1 are also read by the control microcomputer 33, and the read information is stored in a memory. 36.

The above-described MAC operation section and comparison section are implemented by software in the control microcomputer 33, for example. Of course, the MAC operation unit and the comparison unit may be separately provided in terms of hardware. As described above, the MAC operation unit performs the MAC operation based on these pieces of information stored in the memory 36.
A value is generated, and processing such as data tampering check is performed.

The RF obtained by reproducing the disc 1
The signal is provided to an encoder / decoder block 25,
The encoder / decoder block 25 performs decoding according to a predetermined format, such as demodulation of modulation processing performed at the time of recording and decoding of an error correction code (that is, error correction). In the encoder / decoder block 25,
The reproduced data is stored in the buffer memory 26. When a read command from the host computer 30 is received, the read data is transferred to the host computer 30 via the interface 29.

The frame synchronizing signal, tracking error signal and focus error signal from the RF signal processing block 31 and address information from the address extracting circuit are supplied to the servo block. Servo block 34
Performs tracking servo and focus servo for the optical pickup 23, spindle servo for the spindle motor 22, and thread servo for the feed motor 24.

In the above description, the host computer 30 is connected to the drive device. However, the present invention is not limited to this example. The device connected to the drive device may be another device as long as the device inputs and outputs digital signals and has an appropriate interface. For example, the drive device may be built in a portable digital video recorder with a camera that records a captured image on a disk-shaped recording medium, for example.

In the above description, the format data for the disc 1 is generated by the encoder / decoder block 25. However, the present invention is not limited to this example. The format data can be generated by the control microcomputer 33. The format data may be supplied from the host computer 30.

[0146]

As described above, according to the second embodiment of the present invention and the modification of the second embodiment,
Since the MAC operation is performed using information unique to the recording medium and which cannot be easily falsified by the user, together with the attribute information of the file, the MAC operation can be performed without introducing other new operations or mechanisms. In addition, there is an effect that a file recorded on the recording medium can be bound to the disc.

According to the second embodiment of the present invention and the modification of the second embodiment, the above-mentioned effects can be realized separately from the encryption of data recorded in a file. Therefore, in duplicating or moving a file by a formal procedure, there is no need to modify the data itself, and the processing can be minimized. Therefore, there is an effect that a situation that limits usability can be avoided while preventing data tampering.

Further, according to the second embodiment and the modification of the second embodiment of the present invention, the I-mode used for performing the tampering check on the entire recording medium is conventionally used.
Since the CV is not always necessary, there is an effect that the processing time generated in the falsification check procedure can be reduced.

[Brief description of the drawings]

FIG. 1 is a functional block diagram of an example schematically showing a falsification checking method when a new file is added to a disk recording medium.

FIG. 2 is a functional block diagram showing an example of a procedure for reproducing / moving a specific file on a disk or at a timing when a tampering check is requested in the system.

FIG. 3 is a schematic diagram schematically illustrating a data structure of a tampering check value according to the embodiment;

FIG. 4 is a schematic diagram partially showing a physical format of an example of a disk;

FIG. 5 is a schematic diagram illustrating a logical format of an example of a sequence block.

FIG. 6 is a schematic diagram illustrating a logical format of an example of a sequence page.

FIG. 7 is a schematic diagram illustrating a sequence block update procedure according to the embodiment;

FIG. 8 is a flowchart showing an example of a process of updating a sequence block including a rescue procedure.

FIG. 9 is a functional block diagram illustrating an example of a basic process for performing a data tampering check according to the second embodiment;

FIG. 10 is a functional block diagram illustrating an example of a data tampering check method according to a second embodiment;

FIG. 11 is a schematic diagram illustrating a data structure of an example of a PDL.

FIG. 12 is a functional block diagram illustrating an example of a basic process for performing a data tampering check according to a modification of the second embodiment;

FIG. 13 is a functional block diagram illustrating an example of a data tampering check method according to a modification of the second embodiment;

FIG. 14 is a schematic diagram showing a logical format of a disk-shaped recording medium applicable to the present invention in association with a disk shape.

FIG. 15 is a schematic diagram illustrating the contents of an example of a volume information area.

FIG. 16 is a schematic diagram for explaining a method of managing directories, files, and free areas in a disk-shaped recording medium.

FIG. 17 is a schematic diagram illustrating a method of managing directories, files, and free areas in a disk-shaped recording medium.

FIG. 18 is a block diagram showing a configuration of an example of a drive device that can be applied to the present invention.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Disc-shaped recording medium, 10 ... Lead-in area, 33 ... Control microcomputer, 36 ... Memory, 1
14, 232, 242 ... sequence block

Claims (15)

[Claims] 1. A data tampering check device for checking whether data recorded on a recording medium has been tampered with, wherein unique identification information is fixedly recorded for each recording medium and recorded on the recording medium. For each of the one or more files, a first operation value calculated by a predetermined operation method that is unique and has no reversibility by inverse operation based on the attribute information of the file and the identification information is stored. A reproducing unit for reproducing the recording medium; a first operation value stored in the file reproduced by the reproducing unit; and attribute information and the identification information of the file reproduced by the reproducing unit. Comparing means for comparing the second calculated value calculated by the predetermined calculating method with the first calculated value based on a comparison result of the comparing means. A data tampering check device, which determines that the file is invalid when the second operation value does not match. 2. The data falsification checking device according to claim 1, wherein the recording medium further includes one or more data recorded on the recording medium.
Alternatively, a list-type data structure storing the first operation value for each of the plurality of files is recorded in an area of the recording medium that is not accessed by a file system, and the file recorded on the recording medium by the reproducing unit is When reproducing, the first calculated value stored in the list type data structure, the attribute information of the file reproduced by the reproducing means, and the identification information calculated by the predetermined calculation method based on the identification information. A data tampering check device which compares a second operation value with the first operation value and judges that the file is invalid when the first operation value does not match the second operation value. 3. The data falsification checking device according to claim 1, wherein the identification information is ID information uniquely determined for each recording medium. 4. The data tampering checking device according to claim 1, wherein the identification information is information representing physical defect information of the recording medium. 5. The data tampering checking device according to claim 1, wherein the identification information is a combination of ID information uniquely determined for each recording medium and physical defect information of the recording medium. A data tampering check device characterized in that: 6. The data tampering check device according to claim 1, wherein the attribute information is copyright information of the file. 7. The data tampering checking device according to claim 1, wherein the attribute information is current status value information of the file. 8. A data tampering check method for checking whether data recorded on a recording medium has been tampered with, wherein unique identification information is fixedly recorded for each recording medium and recorded on the recording medium. For each of the one or more files, a first operation value calculated by a predetermined operation method that is unique and has no reversibility by inverse operation based on the attribute information of the file and the identification information is stored. A reproducing step of reproducing the recording medium, the first operation value stored in the file reproduced in the reproducing step, attribute information of the file reproduced in the reproducing step, and the identification information And a comparing step of comparing the second calculated value calculated by the predetermined calculating method on the basis of the above. Based on the result, the first
A data tampering check method characterized in that when the calculated value does not match the second calculated value, the file is determined to be invalid. 9. A recording medium on which data can be recorded and / or reproduced, wherein unique identification information for each individual is fixedly recorded, and a unique and inverse operation is performed based on the attribute information of the file and the identification information. A recording medium, wherein one or a plurality of the above-mentioned files storing a first operation value calculated by a predetermined calculation method having no reversibility are recorded. 10. The recording medium according to claim 9, further comprising: a list-type data structure storing the first operation value of each of the recorded one or a plurality of files, in an area not accessed by a file system. A recording medium recorded on a recording medium. , 11. The recording medium according to claim 9, wherein the identification information is an ID uniquely determined for each individual.
A recording medium characterized by being D information. 12. The recording medium according to claim 9, wherein the identification information is information representing physical defect information of the individual. 13. The recording medium according to claim 9, wherein the identification information is an ID uniquely determined for each individual.
A recording medium comprising D information and physical defect information of the individual. 14. The recording medium according to claim 9, wherein the attribute information is copyright information of the file. 15. The recording medium according to claim 9, wherein the attribute information is current state value information of the file.