SECURE DATA STORAGE
This invention relates to a device for storing encrypted data and a reader for decrypting stored encrypted data. As an example, it relates to secure storage for copyright protection of data or information stored on any media.
The commercial impact of digital copyright theft of audio, video, computer software and other digitally recorded materials is well documented. Current copyright protection methods have failed in their attempts to secure protected materials from mass copyright theft. Existing technologies and techniques have so far proved to be inadequate and easily bypassed by the technically minded. Once a protection method has been broken; the once protected materials are then open to unauthorised duplication by virtually anyone with the right equipment.
Existing forms of data storage media for example Compact Disc (CD, CD-DA, CD- ROM, Video CD), Digital Versatile Disc (DVD), Mini Disc (MD), Hard Disc Drive (HDD), Digital Audio Tape (DAT) have basically three layers of operation. 1) A physical media interface which reads or writes information to and from the physical media by use of optical, magnetic or other pickups. 2) A decoder and servo controller. 3) An input/output device such as an analogue to digital converter (A/D) and digital to analogue converter (D/A), this may be supplemented by other digital interfaces or post processing devices such as a MPEG encoder and decoders, fibre optic links or other digital electronic connection such as SATA, ATAPI, IDE, I2S, Fire Wire (IEEE1394), Ethernet or other proprietary encoder/decoder and transport layer hardware.
Throughout the entire storage media system the content of the physical media is currently open to duplication by a number of different methods. Typically mass copyright theft takes place at the digital level where the output from the decoder/servo controller is interfaced directly to a computer system allowing an exact duplicate of the content on the storage media to be taken with little or no protection.
In data storage systems the information is written to or retrieved from a physical medium by the use of a pickup, read/write head, or optical or electrical contacted interface. The signal or information from the physical pickup is taken after preprocessing into a decoder that will typically condition and separate timing information and the original content data stored on the physical medium, the original data can then be further processed or passed onto an output device such as a D/A converter connected to a Hi-Fi system, television or video recorder.
It would be desirable to provide content protection for the information stored on the physical medium such that direct digital duplication cannot be achieved; thus allowing the original copyright owner of the content to realise the full commercial potential of their copyright protected data. It is therefore desirable to provide an improved data storage device and an improved data reader for reading data from a device.
According to the present invention there is provided a data storage device having stored thereon: a first set of data representing content data encrypted by means of a first encryption key and decryptable by means of a first decryption key; and a second set of data identifying the first decryption key; wherein the first decryption key is substantially non-derivable from the first or second sets of data.
Data can thus be stored in a secure manner on a storage device, reducing the risk of unauthorised reproduction. If the data stored on the content data storage area of the device were to be reproduced directly, all that would result is a device having encrypted data which is unreadable without access to the appropriate decryption key.
The second set of data could suitably represent the first encryption key. This can enable a relatively efficient determination by an authorised media reader of the appropriate decryption key for decrypting the content data.
The first decryption key is preferably identifiable from the second set of data by means of a look-up table.
The first set of data could be stored in a primary data storage area and the second set of data in a secondary storage area, wherein the primary and secondary data storage areas are discrete. This can enable the second set of data to be stored in such a way that it is not readable by standard hardware such as CD players. This can further improve the security of the arrangement.
The primary data storage area could suitably be an annular storage area, such as the data storage portion of a standard CD. The data storage device could be a magnetically or optically readable disc.
The secondary data storage area could suitably be an integrated circuit, which could be operable to encrypt the second set of data by means of a second encryption key transmitted to the secondary data storage area. This can allow a media reader or a further device to transmit a randomly generated encryption key to the integrated circuit such that the second set of data is encrypted before being read by a media reader. This can provide a further level of security.
The data storage device could also have an interface whereby the first and second sets of data can be transferred to a data reader. The interface could be a wireless interface, and it could be a radio interface or an optical interface. The interface could comprise an antenna and/or an electrical contact.
The second set of data preferably represents an authorisation code, whereby a data reader can read the first set of data in decrypted form only if the authorisation code matches one of one or more authorisation codes stored in the data reader. This can ensure that only authorised data readers can decrypt the content data.
The second set of data could represent a pointer to an externally stored authorisation code, whereby a data reader can read the first set of data in decrypted form only if the authorisation code is successfully retrieved and matches one or more authorisation codes stored in the data reader.
The first set of data could be readable in decrypted form by a data reader only if the first encryption key matches one of one or more encryption keys stored in the data reader.
The first encryption key and the first decryption key are preferably a public key and a private key of a public key encryption pair.
According to a second aspect of the present invention there is provided a data reader for reading encrypted content data from a data storage device, the data reader comprising a memory for storing a series of decryption keys, the data reader being operable to: read an authorisation code stored on the data storage device; check whether the read authorisation code corresponds to one of the stored decryption keys; and if so, retrieve the decryption key corresponding to the authorisation code, and thereby decrypt the encrypted content data.
The authorisation code is preferably a first encryption key by means of which the content data is encrypted.
The data reader could also be operable to: generate a second encryption key for transmission to the data storage device and a second decryption key, whereby the authorisation code stored on the data storage device is readable by the data reader following encryption by means of the second encryption key; and decrypt the encrypted authorisation code by means of the second decryption key.
A preferred embodiment of the invention will now be described with reference to the accompanying drawings in which:
FIGURE 1 shows a typical compact disc (CD) or digital versatile disc (DVD);
FIGURE 2 shows a close up of the inner area of a typical compact disc or DVD disc, showing an example of a microprocessor, memory device or active component buried in the disc and an electromagnetic or wireless connection to the microprocessor, memory device or active component;
FIGURE 3 shows a close up of the inner area of a typical compact disc or DVD disc, showing an example of the microprocessor, memory device or active component buried in the disc and a physical contact based electronic connection to the microprocessor, memory device or active component; and
FIGURE 4 shows a simplified block diagram of a typical CD/DVD system with the additional hardware for the content protection system of embodiments of the present invention.
Figure 1 shows a typical prior art data storage device in the form of a disc such as a compact disc. On the outermost portion of the disc is a finger guard area 3 enabling the disc to be picked up by users without contaminating the content area of the disc 1. In the centre of the disc there is a centre hole 2 surrounded by an open unused portion of the disc or spindle area 4.
A preferred embodiment of the invention requires that the raw digital content data stored on a storage medium or device is encrypted using a public key encryption method. In such a method, a key pair is generated, including a public key and a private key. Generally, the public key is used to encrypt data, and data which has been so encrypted can only be decrypted by means of the private key. The private key cannot readily be determined from the public key, so a first user can be free to distribute the public key to other users, thereby allowing them to encrypt data using the public key and send that encrypted data back to the first user. Data encrypted by means of the public key can only be decrypted by the users in
possession of the private key, which is generally distributed on a very restricted basis, if at all, by the first user.
In embodiments of the present invention, encryption of the original content would typically take place at the mastering or recording stage. In the preferred embodiment the public content encryption key for the encrypted data would then be stored on the storage device, for example on an embedded microprocessor, memory device or active component which is buried in the physical storage medium, thus allowing the corresponding private decryption key to be determined by a media reader, as described below.
Figure 2 shows a data storage device suitable for use in accordance with the present invention. Figure 2 illustrates a disc generally of the form described in relation to Figure 1 above, but having a further data storage element 6. The data storage element could be a microprocessor, memory device or active component, and is buried in or mounted on the disc in the spindle area 4 of the disc.
In the preferred embodiment, the data storage element 6 is used for storing data allowing a data reader to identify the private key by means of which the encrypted content data can be decrypted. However, it is not necessary that the data stored on the integrated circuit or other storage element is the public key. Instead, the storage element could store any other data allowing a private key corresponding to the public key to be identified. The data stored in the storage element 6 could be read by a data reader attempting to read the content data of the disc. Preferably the data from the storage element 6 is only readable in encrypted form, and it may then be decrypted by authorised readers or users, as described below. Once the data reader has obtained the data from the storage element 6 it can then check a table or list, or other compilation of data, stored in the data reader or elsewhere, preferably in a secure manner. The table or list could provide a private key corresponding to the data stored in the storage element 6, and the data reader could then decrypt the encrypted content data from the content area of the disc. In the preferred embodiment, if the table or list does not contain the data
stored on the storage element 6, such that the data reader does not recognise that data, then the data reader will not be able to identify a private key for decrypting the encrypted content, and the disc will therefore be unreadable by the reader. The data stored in the storage element 6 can therefore act as an authorisation code. In a particularly preferred embodiment, the data stored on the storage element could be, or could represent, the public key used for encrypting the content data. A data reader could then contain a table of public keys and their associated private keys. Alternatively, the data reader could use an external means for determining the private key from the data stored on the storage element 6. For example, it could be connected via a URL to a table stored securely at an external data store (such as a server on the internet), and could send a message incorporating or identifying the data read by the data reader from the storage element 6, and request the corresponding private key.
Secure systems according to embodiments of the invention could be arranged such that each private key is associated with only one public key, or alternatively a private key could be associated with a plurality of public keys. This could vary according to the particular encryption system in use. It is envisaged that a licensing body, organisation or company could issue private keys to companies wishing to manufacture media reading devices (such as CD or DVD players). The private keys would be released under strict control and licence to maintain the security of the overall system. Once issued to manufacturers, the private keys could then be securely stored in data readers sold by the manufacturers.
In one embodiment of the invention, the licensing body could also issue under licence to content manufacturers a set of public keys for items of media to which a user is to be provided with access. For example, a public key could relate to a content provider such as a record label, movie producer or software house. Preferably, one public key relates to many items of media. In this embodiment, the public keys would be stored in a look-up table within a media reader together with the corresponding private keys. In use, a public key would be read from the storage element, and that public key would then be checked against the look-up
table so that the correct private key could be identified, and that private key would then be used for decrypting the content data on the item of media.
In an alternative embodiment, a look-up table within the media reader could store private keys and identifiers of each stored private key. In accordance with this embodiment a storage element on an item of media need not store a public key; it could instead store an identifier of a private key, so that the identifier could be read from the storage element, compared with the look-up table, and used to identify the appropriate private key for decrypting the content data stored on the item of media. In accordance with this embodiment it is not necessary for public keys to be stored on media readers.
An authorised media reader, previously provided with a set of private and public keys which are stored securely within the media reader, can gain access to a public key associated with a disc by means of the storage element 6 shown in Figure 1. In the preferred embodiment this public key would then be compared with the table stored in the media reader. If the media reader is authorised to read the content data on the disc, then the table will contain an entry for that public key, and the corresponding private key can thus be obtained, thereby enabling decryption of the content data.
If the data reader fails to recognise the data read from the storage element 6 in a first attempt, and thus cannot identify a private key with which to decrypt the encrypted content data, it could optionally operate a re-try procedure whereby a new public-private key pair could be generated by the data reader. The new public key could then be sent to the storage element 6 and the data stored on the storage element could be encrypted with that new key and transmitted to the data reader, allowing the data reader a further attempt at recognising the data from the storage element. There is preferably a limit to the number of attempts that can be made for a given medium. For example, ten re-tries may be permitted.
The process of comparing the public key with the stored table preferably involves encrypting a piece of trial data (for example 1024 bits) using the previously determined public key, and attempting a decryption using each one of the private keys stored in the media reader until the unencrypted trial data is recovered. The private key which successfully performs the decryption will then be known to be the correct private key for decrypting the content data stored on the disc.
The element 6 shown in Figure 2 could suitably have a wireless or contactless connection enabling the element to interface with a reader for reading data from the element. Alternatively, a wired connection could be used. An example of an antenna or transceiver pickup 5a is shown in the spindle area 4. The pickup 5a shown in Figure 2 is connected to the storage element 6 by means of an electrical connection buried in the disc and the storage element 6. It will be understood that the form and function of the antenna or other pickup can vary depending on the type of storage element used and the type of storage medium.
Use of the inner spindle area 4 to embed the microprocessor, memory device or active component 6 allows for the format of the storage medium to be kept almost identical to its current form. The spindle area is used to host both the embedded active device and an antenna to allow communications to occur between the media reader and the embedded active device. The antenna could conveniently also be used to provide power to the embedded active device. Alternatively the antenna transceiver pickup could be formed from an embedded photocell also embedded in the spindle area.
Figure 3 shows an alternative implementation to the embodiment shown in Figure 2. In Figure 3 an electrical contact system 5b is provided in the inner area 4 of a typical compact disc or digital versatile disc, to supply electrical communications and power to the embedded microprocessor, memory or active component. The contacts 5b form rings around the centre of the spindle area 2 allowing electrical contacts placed on the disc drive spindle to make electrical connection to the
microprocessor, memory or active component 6 buried in the spindle area of the disc.
Preferably the storage element 6 buried in the physical medium will have a physical, electronic, optical or electromagnetic interface to the media reading device allowing the public decryption key to be retrieved from the physical storage medium by the media reader and decoder (media reading device).
The interface to the storage element 6 would ideally itself have a secure communications method, whereby the storage element receives a randomly generated public key (a second public key) from the media reading device which is used by the storage medium's storage element to further encode the public content encryption key (or other data stored on the storage element) prior to sending it to the media reading device. This preserves the public key or other data from external duplication as the second publicly available key is essentially randomised every time a physical medium is accessed.
The media reading device will have a decryption processor capable of using the public key provided by the storage element buried in the physical storage medium to identify the corresponding private key and then decode the previously encrypted content data stored on the medium into a form that can then be used. The storage element buried in the physical storage medium can also be used to store a media description table containing copyright notices and other proprietary data such as number of licences, time and date information, life time of the medium (where medium has been used for hire) and information such that the media reader knows which data is allowed to be passed on to the end user in an open unencrypted form which data is to remain encoded throughout the media delivery system; thus copy protected since a copy can only be read by a user or device that has the appropriate key.
The data storage medium could additionally comprise a non-volatile memory, which could suitably be embodied in the same physical element as the storage
element 6. For example, the non-volatile memory and the storage element 6 could reside within a single chip. This could allow the medium to record which information has been checked out to another storage device, and it can optionally render the original content inaccessible until the storage device has the information checked back into it. This is especially useful where music or other audio is checked out onto a portable player.
Figure 4 shows a block diagram of hardware suitable for implementing an embodiment of the present invention. In this example, a typical CD/DVD player system is used. Also shown in Figure 4 are additional blocks for the interface to the embedded microprocessor, memory device or active component, where 41 is a CD or DVD with an embedded microprocessor, memory device or active component; 42 is the standard optical transceiver used in a CD/DVD reader. 43 is media access controller circuitry used to access the embedded microprocessor on the storage media CD or DVD, and 44 is the servo controller and decoder circuitry used in the CD/DVD player, with additional decoder and secure key store hardware circuitry. 46 is a servo drive spindle and 45 is a D/A converter for connection to a Hi-Fi or Television receiver. The block diagram also shows standard servo and decoder circuitry 47 and a decryption processor and private key store 48 for implementing aspects of the invention.
Where a CD/DVD player is equipped with the additional hardware shown in Figure 4 and a disc is produced to contain the embedded active component, the content can be considered secure such that only a player that has the embedded decoder equipment will be able to successfully read the data from the storage element and thus be able to decrypt the stored content data. Any attempt to copy the content data directly from the disc and store it on a further disc will result in a disc that has no knowledge of the data from the storage element. The disc will be unreadable in any conventional player because the content data is encrypted by means of a public key, and will be unreadable in any data reader manufactured in accordance with the principles of the present invention because such a data reader would not be able to identify a private key for decrypting the content data.
The applicant hereby discloses in isolation each individual feature described herein and any combination of two or more such features, to the extent that such features or combinations are capable of being carried out based on the present specification as a whole in the light of the common general knowledge of a person skilled in the art, irrespective of whether such features or combinations of features solve any problems disclosed herein, and without limitation to the scope of the claims. The applicant indicates that aspects of the present invention may consist of any such individual feature or combination of features. In view of the foregoing description it will be evident to a person skilled in the art that various modifications may be made within the scope of the invention.