WO2007054915A2 - Support de stockage de donnees comprenant un module de gestion d'acces - Google Patents

Support de stockage de donnees comprenant un module de gestion d'acces Download PDF

Info

Publication number
WO2007054915A2
WO2007054915A2 PCT/IB2006/054215 IB2006054215W WO2007054915A2 WO 2007054915 A2 WO2007054915 A2 WO 2007054915A2 IB 2006054215 W IB2006054215 W IB 2006054215W WO 2007054915 A2 WO2007054915 A2 WO 2007054915A2
Authority
WO
WIPO (PCT)
Prior art keywords
access
data
key
management module
storage medium
Prior art date
Application number
PCT/IB2006/054215
Other languages
English (en)
Other versions
WO2007054915A3 (fr
Inventor
Krzysztof Godzwon
Jerzy Husakowski
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2007054915A2 publication Critical patent/WO2007054915A2/fr
Publication of WO2007054915A3 publication Critical patent/WO2007054915A3/fr

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy

Definitions

  • Data storage medium comprising an access management module.
  • An aspect of the invention relates to a data storage medium that comprises an access management module.
  • the data storage medium may be in form of, for example, an optical disk, such as a digital versatile disk (DVD), or a so-called memory stick.
  • the access management module may be in the form of, for example, a radio frequency transponder that comprises an antenna and a chip coupled thereto.
  • Other aspects of the invention relate to a method of managing access to a data storage medium, a computer program product for an access management module that forms part of a data storage medium, and a data processing system.
  • United States patent number 6,005,940 describes a self contained data medium that is provided with an apparatus for generating a decrypting key for decrypting stored data.
  • Frames of encrypted data are stored on the data medium such as a video or audio disk.
  • Each frame of data includes a header which has a frame identification number.
  • a reader reads each frame of data including the header with the frame identification number.
  • the reader transmits the frame identification number to a transponder attached to the data medium.
  • the transponder includes a decryption engine which calculates a decryption key from the frame number and a secret deciphering key stored in the transponder.
  • the transponder transmits the decryption key to the reader which uses the decryption key to decrypt the frame of data.
  • a set of data that has been encrypted is stored in a data storage medium. Accordingly, a decryption key is needed to access the set of data.
  • the data storage medium comprises an access management module that grants or refuses a request to access the set of data by releasing or not releasing, respectively, the decryption key for the set of data.
  • a data storage medium generally comprises data for which there is a copyright owner.
  • the copyright owner may wish that this data cannot be freely copied.
  • the data may be stored in the data storage medium in an encrypted form.
  • a secret key which allows decryption of the data, may be stored separately from the data.
  • the secret key may be stored in an integrated circuit device that forms part of the data storage medium.
  • a user who has rightfully purchased the data storage medium can access all data therein thanks to the secret key, which is stored in the integrated circuit device that forms part of the data storage medium. Since the data is stored in an encrypted form, a copy of the data is useless without the secret key, which preferably cannot be retrieved easily from the integrated circuit.
  • the aforementioned prior art is a specific example of such a copyright protection approach.
  • a copyright owner may wish to have some form of control over the access to the data for which he or she holds copyright.
  • the copyright owner may wish that the access to the data is subject to one or more conditions.
  • the copyright owner may wish that a particular set of data, which is stored in a data storage medium, can be accessed a predefined number times only.
  • the data storage medium may comprise other sets of data that belong to the same copyright owner.
  • the copyright owner may wish that the access to a particular set of data is subject to the number of sets of data, which are stored on the same data storage medium, that have already been accessed.
  • the copyright owner may also wish to enforce a specific order of access; a particular set of data can be accessed only if particular sets of data have previously been accessed.
  • a data storage medium stores a set of data that has been encrypted so that a decryption key is needed to access the set of data.
  • the data storage medium comprises an access management module that grants or refuses a request to access the set of data by releasing or not releasing, respectively, the decryption key for the set of data.
  • a copyright owner can effectively manage the access to a set of data for which he or she holds the copyright by means of the access management module that forms part of the data storage medium.
  • the copyright owner can make the grant or refusal of a request to access the set of data subject to one or more conditions.
  • the decryption key is released only if the one or more conditions have been met. For those reasons, the invention allows effective content management.
  • Another advantage of the invention relates to the following aspects.
  • a decision to grant or refuse access to a set of data takes place within the access management module, which forms part of the data storage medium.
  • a reader device which reads the data storage medium, only needs to decrypt the set of data using the decryption key that the access management module has released.
  • the reader device need not carry out any specific access management tasks. Accordingly, the reader device need not comprise any specific hardware or software, or both, for carrying out access management tasks.
  • the reader device can have a generic structure in terms of hardware and software. For those reasons, the invention allows relatively great flexibility at moderate cost.
  • Yet another advantage of the invention relates to the following aspects.
  • a decision whether a particular set of data can be accessed or not is taken within the access management module. Such a decision is generally based on some data. Unauthorized access may be gained by modifying this data. Since the decision is taken within the access management module, the aforementioned data need not leave the access management module. This makes unauthorized access relatively difficult. For those reasons, the invention allows a relatively high degree of security.
  • the data storage medium stores various sets of data that have been encrypted differently so that respective decryption keys are needed to access respective sets of data.
  • the access management module grants or refuses a request to access a particular set of data by releasing or not releasing, respectively, a decryption key for the particular set of data.
  • Modern data storage media are capable of storing relatively large amounts data. For example, numerous music albums can be stored on a single compact disk (CD) in particular when modern audio compression techniques are used, such as, for example audio compression techniques in accordance with MPEG-I Audio Layer 3, which is commonly referred to as "MP3" (MPEG is an acronym for Moving Pictures Expert Group).
  • MP3 MPEG is an acronym for Moving Pictures Expert Group
  • a digital versatile disk (DVD) is capable of storing an even greater amount of music albums. Numerous movies can be stored on a single optical disk using blue laser technology and advanced video compression techniques. Numerous software packages and software modules can be stored on a single DVD.
  • a pop group may have produced the following different music albums: "A", "B” and "C”.
  • the pop group, or his music editor may wish to offer their production in different forms, such as, for example, a disk with music album “A” only, a disk with music album “B” only, a disk with music album “C” only, a disk entitled “the total collection” with all three music albums, and a disk entitled "the greatest hits” with a selection of songs from music albums "A", "B", and “C”.
  • the music editor may further wish to edit compilation disks with songs of the aforementioned pop group and songs of other pop groups, for example, in the same genre.
  • a master disk needs to be produced for each of the aforementioned disks and each of the aforementioned disks needs to be produced separately. This is a relatively expensive solution. Moreover, most of the disks will have a disk storage capacity that is only partially used. There is a similar problem in the case of, for example, editing software. Each different software package needs a different master for the data storage medium that is to contain the software package.
  • the data storage medium stores various sets of data that have been encrypted differently so that respective decryption keys are needed to access respective sets of data.
  • the access management module grants or refuses a request to access a particular set of data by releasing or not releasing, respectively, a decryption key for the particular set of data.
  • the access management module determines which sets of data that are stored on the data storage medium are accessible, and which sets of data are not accessible. Accordingly, numerous different collections of sets of data can be offered using a single master for the data storage medium only.
  • the music editor of the pop group mentioned hereinbefore can make a single master disk that comprises all the music albums of the pop group.
  • the single master disk may further comprise music albums of other pop groups in the same genre.
  • the access management module defines the collection of songs that are accessible.
  • the access management module thus defines a particular music album. It is sufficient to replace the access management module by another access management module in order to obtain another music album.
  • Joining an access management module and a disk, which is a production sample made from the single master disk tailors the disk. Accordingly, numerous different albums can be edited on the basis of the single master disk. For those reasons, the aforementioned preferred embodiment allows flexibility and, as a result thereof, low-cost content editing.
  • FIG. 1 is a block diagram that illustrates an optical disk player, which reads data that is stored on an optical disk.
  • FIG. 2 is a block diagram that illustrates an access management module, which forms part of the optical disk.
  • FIG. 3 is a flow chart diagram that illustrates a first access management method, which the access management module may carry out.
  • FIG. 4 is a flow chart diagram that illustrates a second access management method, which the access management module may carry out.
  • FIG. 5 is a flow chart diagram that illustrates a third access management method, which the access management module may carry out.
  • FIG. 1 illustrates an optical disk player ODP, which can read data from an optical disk DSK that has been inserted into the optical disk player ODP.
  • the optical disk player ODP may be, for example, a compact disk (CD) player or a digital versatile disk (DVD) player, which may also have recording capabilities.
  • the optical disk DSK comprises an access management module AMM in the form of a radio frequency transponder, which typically comprises a flat antenna and a chip coupled thereto.
  • the access management module AMM is preferably embedded in the optical disk DSK.
  • the access management module AMM may also be glued on the optical disk DSK or form part of an adhesive label that has been put on the optical disk DSK.
  • the optical disk player ODP comprises an access management interface AMI, a disk rotation module DRM, an optical reader module ORM, a data signal processor DSP, a controller CTRL, a display device DPL, and a remote control device RCD.
  • the access management interface AMI is in the form of a reader module for a radio frequency transponder. Accordingly, the access management interface AMI emits a radio frequency field so as to establish a wireless link with the access management module AMM.
  • the controller CTRL may be in form of, for example, a suitably programmed processor.
  • the data, which is stored on the optical disk DSK comprises a collection of tracks Tl, T2, T3, ...
  • a track is a self-contained set of data, which can be accessed individually.
  • the data, which is stored on the optical disk DSK comprises a music album.
  • a track may be particular song of the music album.
  • the data, which is stored on the optical disk DSK comprises a software package.
  • a track may be, for example, a single file or a directory that contains various files or even a nested directory structure with various files.
  • a track can represent a particular software module or a data base, such as, for example, a dictionary.
  • the optical disk DSK comprises various tracks Tl, T2, T3, ... that are stored in an encrypted form. Respective tracks have been encrypted differently. That is, track Tl may have been encrypted using a particular encryption key El, whereas track T2 may have been encrypted with another particular encryption key E2. Consequently, accessing a particular track may require a decryption key that is specific to the particular track.
  • An encrypted track preferably comprises an initial random header of configurable length.
  • An initial random header provides additional protection against hackers who seek to reconstitute the decryption key on the basis of the encrypted track.
  • a file may have a standard header that could give hackers a priori knowledge in the form of an exemplary relationship between encrypted data and decrypted data.
  • An initial random header masks the standard header and, therefore, prevents hackers from having such a priori knowledge.
  • the optical disk player ODP basically operates as follows. It is assumed that a user has just inserted the optical disk DSK into the optical disk player ODP.
  • the optical disk player ODP carries out an initial scan of the optical disk DSK.
  • the controller CTRL causes the disk rotation module DRM to bring the optical disk DSK in rotation.
  • the optical reader module ORM reads a section of the optical disk DSK in which general information is stored. The reader module transfers the general information to the controller CTRL.
  • the general information which the optical disk player ODP reads during the initial scan, concerns the data that is stored on the optical disk DSK.
  • the general information may comprise, for example, a main title and a table of contents, which indicates the number of tracks and, optionally, the respective titles of the respective tracks.
  • the table of contents may further indicate whether a particular track has been stored in an encrypted form or not. If not, the track can be freely accessed.
  • the display device DPL may display such type of general information.
  • the general information may further comprise one or more physical addresses for each track, which indicate where the data that belongs to the track is stored on the optical disk DSK.
  • the controller CTRL temporarily stores these addresses.
  • the optical disk player ODP establishes a communication with the access management module AMM that forms part of the optical disk DSK. Such a communication generally involves the following steps.
  • the controller CTRL applies input data ID to the access management interface AMI.
  • the access management interface AMI transfers the input data ID to the access management module AMM by means of a radio frequency field.
  • the access management module AMM provides response data RD via the radio frequency field.
  • the access management interface AMI transfers the response data RD to the controller CTRL.
  • the optical disk player ODP may seek to establish an initial communication with the access management module AMM in conjunction with the initial scan described hereinbefore.
  • the initial communication allows the optical disk player ODP to verify the presence of the access management interface AMI.
  • the optical disk player ODP will typically seek to establish an initial communication when the general information, which has been obtained following the initial scan, indicates that one or more tracks have been stored in an encrypted form. These tracks cannot be accessed without the access management module AMM.
  • the initial communication will fail.
  • the conventional optical disk exclusively comprises freely accessible data, which has not been encrypted.
  • the conventional optical disk may comprise one or more tracks that are stored in an encrypted form. These tracks cannot be accessed without an appropriate access management module.
  • the controller CTRL which has established that the initial communication has failed, will cause the display device DPL to display a message that the relevant tracks cannot be accessed.
  • the optical disk DSK that FIG. 1 illustrates is inserted in a conventional optical disk player that has no access management interface.
  • the conventional optical disk player will be capable of reading the tracks that are stored in an unencrypted form.
  • the conventional optical disk player will provide an output signal that is meaningful when reading these tracks, which are "in the clear". Consequently, the conventional optical disk player can access the tracks that are stored in an unencrypted form.
  • the conventional optical disk player may also be capable of reading the tracks that are stored in an encrypted form.
  • the output signal will be meaningless when reading these tracks. That is, the conventional optical disk player cannot access the tracks that have been protected by means of encryption.
  • the initial communication may involve more than merely checking the presence of the access management module AMM.
  • the initial communication may involve one or more authentication procedures.
  • the optical disk DSK reader may verify whether the access management module AMM is genuine and belongs to the optical disk
  • the access management module AMM may verify whether the optical disk player ODP belongs to an authorized user.
  • the initial communication may further involve establishing a secure communication channel between the access management module AMM and the optical disk player ODP by means of, for example, encryption.
  • a communication between the access management module AMM and the optical disk player ODP can also be physically protected by means of, for example, shielding.
  • the controller CTRL receives a signal from the remote control device RCD that indicates the selected track.
  • the controller CTRL causes the disk rotation module DRM to bring the optical disk DSK in rotation or to maintain the optical disk DSK in rotation, whichever applies.
  • the controller CTRL further causes the optical reader module ORM to read one or more portions of the disk in which the selected track is stored.
  • the optical reader module ORM provides a data signal DS that represents the selected track.
  • the data signal processor DSP processes the data signal DS so as to obtain an output signal OUT, which may be in an analog form or in a digital form, or both.
  • the controller CTRL generates a request for a decryption key that allows decryption of the selected track.
  • the request includes an indication of the selected track in the form of, for example, a track number.
  • the controller CTRL includes the request in the input data ID, which the controller CTRL applies to the access management interface AMI.
  • the access management module AMM processes the request.
  • the access management module AMM establishes whether the user has the right to access the selected track or not. It is assumed that the user has this right. In that case, the access management module AMM responds by providing the decryption key.
  • the decryption key is included in the response data RD, which the access management interface AMI transfers to the controller CTRL.
  • the controller CTRL applies the decryption key to the data signal processor DSP, which allows the data signal processor DSP to decrypt the selected track.
  • the decryption key that the controller CTRL applies to the data signal processor DSP will be referred to hereinafter as released key KR.
  • the released key KR is a decryption key that the access management module AMM has released.
  • the released key KR which originates from the access management module AMM, may be transferred to the data signal processor DSP in an encrypted form. This prevents so-called eavesdropping: a person might copy the released key KR for an unauthorized access to the selected track. For example, an illegal copy of the selected track could be accessible if the released key KR is available. Another technique that prevents unauthorized access and discourages illegal copying is so-called key diversification. This technique allows each different optical disk to have a different released key for the same track.
  • the released key KR for the optical disk DSK which FIG. 1 illustrates, will be of no use for another optical disk DSK having the same content.
  • FIG. 2 illustrates the access management module AMM.
  • the access management module AMM comprises a key storage memory MEMK, an access parameter memory MEMP, a key handling circuit KHC, and a data communication interface DCI.
  • the key storage memory MEMK comprises respective decryption keys Kl, K2, K3, .. that belong to respective tracks Tl, T2, T3, .., which are stored on the optical disk DSK in an encrypted form.
  • the access parameter memory MEMP comprises access restriction data AR that defines restrictions regarding the access of various tracks stored on the optical disk DSK.
  • the access parameter memory MEMP may further comprise access history data AH that provides indications concerning previous accesses to the optical disk DSK.
  • a single nonvolatile memory may form the key storage memory MEMK and the access parameter memory MEMP.
  • a nonvolatile memory that can be written only once (ROM) may form the key storage memory MEMK
  • another nonvolatile memory that can be written several times (EEPROM) may form the access parameter memory MEMP.
  • the key handling circuit KHC may be in the form of, for example, a processor that executes a set of instructions, which constitute a key management program.
  • the key management program may be stored in, for example, the same nonvolatile memory as where the respective decryption keys Kl, K2, K3, .. are stored.
  • the access management module AMM basically operates as follows.
  • the data communication interface DCI picks up the radio frequency field that the access management interface AMI emits.
  • the data communication interface DCI extracts from the radio frequency field input data ID, which the controller CTRL has applied to the access management interface AMI.
  • the key handling circuit KHC receives the input data ID.
  • the data communication interface DCI modulates the radiofrequency field as a function of response data RD, which the key handling circuit KHC applies to the data communication interface DCI.
  • the access management interface AMI will transfer the response data RD to the controller CTRL, which FIG. 1 illustrates.
  • the data communication interface DCI further generates a supply voltage VCC on the basis of the radiofrequency field that the access management interface AMI emits.
  • the other elements of the access management module AMM receive the supply voltage.
  • the key storage memory MEMK comprises a decryption key that belongs to the selected track.
  • track T2 may be the selected track and decryption key K2 may belong to the track.
  • decryption key K2 is the requested decryption key.
  • the key handling circuit KHC decides whether or not to fetch the requested decryption key from the key storage memory MEMK and to include that key into the response data RD. That is, the key handling circuit KHC decides upon request whether to release the requested decryption key or not.
  • the response data RD may comprise a refusal message in case the key handling circuit KHC decides not to release the requested decryption key.
  • the key handling circuit KHC may generate and update the access history data AH, which is stored in the access parameter memory MEMP, following an access request.
  • the access history data AH may comprise, for example, a list in which respective lines represent respective tracks. Each line may comprise an access count, which is a value that indicates the number of times the track concerned has been accessed. In that case, an update corresponds with incrementing the access count for the track to which the access request pertains if the access request has been granted.
  • the access history data AH may comprise a list in which respective lines represent respective access requests. Each line may comprise a track indication and a flag that indicates whether the relevant decryption key was released or not. In that case, an update corresponds with adding a line to the list that represents the access history data AH.
  • the access history data AH may comprise a list of granted access requests only.
  • the key handling circuit KHC preferably updates the list so that the list reflects the order in which access requests were made or access requests were granted, whichever applies. For example, a line is systematically added to the bottom of the list, or systematically added to the top of the list, in the event of an update.
  • the key handling circuit KHC decides whether to release the requested decryption key or not in accordance with an access management policy.
  • the key handling circuit KHC may be in the form of a processor that executes a key management program.
  • the key management program implements the access management policy. That is, the access management policy is software defined.
  • a dedicated circuit may implement the access management policy.
  • the key management program is hardware defined.
  • the access management policy may take into account the access history data AH, which is stored in the access parameter memory MEMP.
  • the access management policy may comprise one or more access management methods.
  • FIG. 3 illustrates a first access management method AMI, which the key handling circuit KHC may carry out.
  • the first access management method AMI comprises various steps Sl 1-S19.
  • step SI l the key handling circuit KHC receives input data ID that constitutes an access request (R[ID]).
  • the input data ID comprises a track indication, which indicates a selected track that a user wishes to access (Tie ID).
  • the track-specific access count C TI is a value that represents the number of times that the key handling circuit KHC has previously released the decryption key that belongs to the selected track. That is, the track-specific access count C TI represents the number of times that the selected track has previously been accessed.
  • the track-specific access limit L TI is a value that represents the maximum number of times that that the key handling circuit KHC may release the decryption key of interest. That is, the track-specific access limit L TI is a value that represents the maximum number of times that the selected track can be accessed.
  • the key handling circuit KHC checks whether the track-specific access count C TI is smaller than the track-specific access limit L TI or not (C TI ⁇ L TI ?). The key handling circuit KHC carries out step S18 if the track-specific access count C TI is not smaller than the track-specific access limit L TI (N). That is, the key handling circuit KHC carries out step S 18 if the selected track has already been accessed the maximum number of times.
  • the key handling circuit KHC includes a refusal message in the response data RD (X ⁇ RD).
  • the key handling circuit KHC may include this access refusal in the access history data AH.
  • the key handling circuit KHC carries out steps S15-S17 if the track-specific access count C TI is smaller than the track-specific access limit L TI (Y).
  • step S 15 the key handling circuit KHC fetches the decryption key that belongs to the selected track from the key storage memory MEMK (F[K TI]).
  • step S 16 the key handling circuit KHC includes the decryption key in the response data RD (K TI ⁇ RD).
  • the key handling circuit KHC may encrypt the decryption key before including the decryption key in the response data RD for reasons of security as explained hereinbefore.
  • step S 17 the key handling circuit KHC updates the access history data AH (U[AH]).
  • the access history data AH comprises a list of tracks with an access count for each track. In that case, the key handling circuit KHC increments the access count of the selected track by one unit.
  • the key handling circuit KHC may optionally carry out the following additional steps after having carried out steps S 15-Sl 7 described hereinbefore.
  • the key handling circuit KHC checks whether the number of times that the selected track has been accessed is equal to the track-specific access limit L TI or not.
  • the access request which has been granted in steps S15-S17 described hereinbefore, counts as one access.
  • the key handling circuit KHC may erase the decryption key when the number of times that the selected track has been accessed is equal to the track-specific access limit L TI.
  • the selected track has been accessed the maximum number of times after the access request that has been granted in steps S15-S17. Erasure of the decryption key is a safety measure that prevents any further access to the selected track.
  • the key handling circuit KHC may store an indication in the access parameter memory MEMP that the decryption key has been erased.
  • step S 19 the key handling circuit KHC applies the response data RD to the data communication interface DCI for transmission to the access management interface AMI (T[RD]). Accordingly, the controller CTRL illustrated in FIG. 1 will receive either the decryption key for the selected track or the refusal message depending on whether the access requests has been granted or not.
  • FIG. 4 illustrates a second access management method AM2, which the key handling circuit KHC may carry out.
  • the second access management method AM2 comprises a series of steps S21-S29.
  • Step S21 is similar to step SI l described hereinbefore with reference to FIG. 3. That is, the key handling circuit KHC receives a track indication, which indicates a selected track that a user wishes to access (R[ID]; Tie ID).
  • the overall track access count CO is a value that represents the number of tracks for which the key handling circuit KHC has previously released a decryption key. That is, the overall track access count CO represents the number of tracks, which are stored in an encrypted form on the optical disk DSK, that have already been accessed.
  • the overall track access limit LO is a value that represents the maximum number of tracks for which the key handling circuit KHC may release the decryption key.
  • the overall track access limit LO is a value that represents the maximum number of tracks that are stored in an encrypted form, which a user may access on the optical disk DSK.
  • the optical disk DSK comprises 10 tracks that are stored in an encrypted form.
  • the overall track access limit LO is 8. In that case, the user may access 8 out of the 10 aforementioned tracks. He or she may thus make a selection.
  • step S24 the key handling circuit KHC checks whether the overall track access count CO is smaller than the overall track access limit LO or not (CO ⁇ LO ?).
  • the key handling circuit KHC carries out step S28 if the overall track access count CO is not smaller than the overall track access limit LO (N). That is, the key handling circuit KHC carries out step S28 if the maximum number of tracks have already been accessed.
  • Step S28 is similar to step S 18, which has been described hereinbefore with reference to FIG. 3.
  • the key handling circuit KHC includes a refusal message in the response data RD (X ⁇ RD).
  • the key handling circuit KHC carries out steps S25-S28 if the overall track access count CO is smaller than the overall track access limit LO (Y). Steps S25-S28 are similar to steps S15-S28, which have been described hereinbefore with reference to FIG. 3.
  • the key handling circuit KHC updates the access history data AH (U[AH]). For example, let it be assumed that the access history data AH comprises a parameter that corresponds with the overall track access count CO.
  • the key handling circuit KHC may increment this parameter by one unit.
  • the access history data AH may comprise a list of tracks with an access count for each track. In that case, the key handling circuit KHC increments the access count of the selected track. The sum of the respective access counts corresponds with the overall track access count CO.
  • the key handling circuit KHC may optionally carry out the following additional steps after having carried out steps S25-S28 described hereinbefore.
  • the key handling circuit KHC checks whether the number of tracks that have been accessed is equal to the overall track access limit LO or not.
  • the access request which has been granted in steps S25-S28 described hereinbefore, count as one accessed track if the selected track has not been accessed before.
  • the key handling circuit KHC may erase the decryption keys of all the tracks that have not been accessed when the number tracks that have been accessed is equal to the overall track access limit LO. In that case, the maximum number of tracks has been reached : the user has consumed his credit as it were, and has no more tracks left to choose.
  • the key handling circuit KHC may store an indication in the access parameter memory MEMP that the aforementioned decryption keys have been erased.
  • Step S29 is similar to step S 19, which has been described hereinbefore with reference to FIG. 3.
  • the key handling circuit KHC applies the response data RD, which may comprise the decryption key or the refusal message depending on whether the access requests has been granted or not, to the data communication interface DCI for transmission to the access management interface AMI (T[RD]).
  • FIG. 5 illustrates a third access management method AM3, which the key handling circuit KHC may carry out.
  • the third access management method AM3 comprises a series of steps S31-S40.
  • Step S31 is similar to step SI l described hereinbefore with reference to FIG. 3. That is, the key handling circuit KHC receives a track indication, which indicates a selected track that a user wishes to access (R[TI]; Tie ID).
  • the ordered list of previous accesses LPA indicates the tracks for which the key handling circuit KHC has most recently released a decryption key and in which order.
  • the allowable access order specification AAO specifies in which order tracks may be accessed.
  • the allowable access order specification AAO may specify various different orders of access, which are allowable.
  • the ordered list of previous accesses LPA may indicate that track 2 has most recently been accessed.
  • the allowable access order specification AAO may specify the following orders of access: track order l-2-3-(..) and track order l-2-4-(..) .
  • the key handling circuit KHC establishes that track 3 or track 4 may be accessed, but not any other track.
  • step S35 the key handling circuit KHC checks whether the selected track belongs to the set of allowable tracks SAT, which the key handling circuit KHC has established in step, or not (Tie SAT ?).
  • the key handling circuit KHC carries out step S39 if the selected track does not belong to the set of allowable tracks SAT.
  • Step S39 is similar to step S 18, which has been described hereinbefore with reference to FIG. 3.
  • the key handling circuit KHC includes a refusal message in the response data RD (X ⁇ RD).
  • the key handling circuit KHC carries out steps S36-S38 if the selected track belongs to the set of allowable tracks SAT. Steps S36-S38 are similar to steps S15-S17, which have been described hereinbefore with reference to FIG. 3.
  • the key handling circuit KHC updates the access history data AH (U[AH]). Accordingly, the key handling circuit KHC will retrieve a different ordered list of previous accesses when processing a new access request. The new ordered list of previous accesses will reflect the access to the selected track, which has just been granted.
  • Step S40 is similar to step S 19, which has been described hereinbefore with reference to FIG. 3.
  • the key handling circuit KHC applies the response data RD, which may comprise the decryption key or the refusal message depending on whether the access requests has been granted or not, to the data communication interface DCI for transmission to the access management interface (T[RD]).
  • RD response data
  • T[RD] access management interface
  • the access management module AMM may carry out any combination of the three access management methods AMI, AM2, AM3 described hereinbefore or any other access management method.
  • a combination of the three aforementioned access management methods AMI, AM2, AM3 for a particular track corresponds with the following access management policy.
  • the relevant track can be accessed if (1) the relevant track has not yet been accessed a number of times that corresponds with a maximum for the relevant track, (2) the total number of tracks that have been accessed thus far is smaller than a maximum total number, and (3) the relevant track constitutes an allowed continuation of a predefined track access order.
  • a set of data (Tl) that has been encrypted is stored in a data storage medium (DSK). Accordingly, a decryption key (Kl) is needed to access the set of data.
  • the data storage medium (DSK) comprises an access management module (AMM) that grants or refuses a request (ID) to access the set of data by releasing or not releasing, respectively, the decryption key (Kl) for the set of data.
  • AMM access management module
  • the data storage medium stores various sets of data (Tl, T2, T3, ..) that have been encrypted differently (El, E2, E3, ..). Accordingly, respective decryption keys (Kl, K2, K3, ..) are needed to access respective sets of data.
  • the data storage medium (DSK) comprises an access management module (AMM) that grants or refuses a request (ID) to access a particular set of data by releasing or not releasing, respectively, the decryption key for the particular set of data.
  • AAM access management module
  • the access management module comprises an access parameter memory (MEMP) in which access restriction data (AR) is stored, and a key handling circuit (KHC) that releases the decryption key or not on the basis of the access restriction data (AR).
  • the key handling circuit (KHC) stores access history data (AH) in the access parameter memory (MEMP).
  • the access history data (AH) indicates respective accesses that have been made to the sets of data.
  • the key handling circuit (KHC) releases the decryption key, or not, on the basis of the access restriction data (AR) and the access history data (AH).
  • the access restriction data (AR) specifies an access limit (L TI), which belongs to the particular set of data to which access is requested.
  • the access limit (L TI) represents a maximum number of times that the particular set of data can be accessed.
  • the key handling circuit (KHC) derives an access count (C TI) from the access history data (AH).
  • the access count (C TI) represents the number of times that the particular set of data has been accessed.
  • the key handling circuit (KHC) releases the decryption key only if the access count (C TI) is smaller than the access limit (L TI).
  • the access restriction data (AR) comprises an overall access limit (LO) that represents a maximum of number of sets of data that can be accessed.
  • the key handling circuit (KHC) derives an overall access count (CO) from the access history data (AH).
  • the overall access count (CO) represents the number of sets of data that have been accessed.
  • the key handling circuit (KHC) releases the decryption key only if the overall access count (CO) is smaller than the overall access limit (LO).
  • the access restriction data (AR) comprises an allowable access order specification (AAO), which specifies in which order sets of data may be accessed.
  • AAO allowable access order specification
  • the key handling circuit (KHC) establishes a set of allowable sets of data (SAT) on the basis of the allowable access order specification (AAO) and the access history data (AH).
  • the key handling circuit (KHC) releases the decryption key only if the particular set of data to which access is requested belongs to the set of allowable sets of data (SAT).
  • the access management module (AMM) is part of a radio frequency transponder.
  • the access management module comprises a key storage memory (MEMK) in which respective decryption keys (Kl, K2, K3, ..) for respective sets of data (Tl, T2, T3, ..) are stored.
  • MEMK key storage memory
  • Kl, K2, K3, .. respective decryption keys
  • Tl, T2, T3, .. sets of data
  • the aforementioned characteristics may be applied to advantage in any type of data storage medium.
  • An optical disk is merely an example.
  • the data storage medium may equally be, for example, a magnetic hard disk, a magnetic tape, a memory stick, or any other form of integrated circuit memory, and so on.
  • the access management module can be implemented in numerous different manners. The detailed description describes an example in which the access management module forms part of radiofrequency transponder. As another example, the access management module may form part of a circuit that communicates by means of optical radiation. This is another form of wireless communication. The access management module may also communicate via electrical connections.
  • the access management module can provide a decryption key that allows access to a particular set of data.
  • the detailed description describes an example in which respective description keys for respective sets of data are stored in a memory.
  • the access management module may derive a decryption key for a particular set of data from a master key.
  • the decryption key may result from a specific value, which is associated with the set of data, and which has been encrypted by means of the master key. Storing a master key from which various decryption keys may be derived, requires less memory capacity than storing various different decryption keys but is more vulnerable to fraud.
  • FIGS. 3, 4, and 5 are merely examples. The following modification can be made to the example that FIG. 3 illustrates.
  • the track-specific access limit can be a binary number, which can either be zero (0) or one (1). A zero (0) means that the track of interest cannot be accessed. A one (1) means that the track of interest can be accessed an unlimited number of times. Referring to FIG. 3, steps S 12 and S 17 can be omitted.
  • step S 14 can be modified so that the key handling circuit checks whether the track-specific access limit is equal to zero (0) or one (1).
  • the key handling circuit which FIG. 2 illustrates, can be implemented in various different manners.
  • the key handling circuit may be, for example, a suitably programmed processor or a programmable logic circuit.
  • access management methods are software defined or defined by programmable data, respectively.
  • the key handling circuit may also be a dedicated circuit with various elements and interconnections between these elements.
  • the elements and their interconnections may define one or more access management methods.
  • access management methods are hardware defined.
  • decryption key should be interpreted broadly. This term includes any form of secret information that allows access to a set of data, which has been encrypted.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un ensemble de données (TI) qui a été crypté (EI) et qui est stocké dans un support de stockage de données (DSK), lequel comprend un module de gestion d'accès (AMM). Dans un mode de réalisation préféré de l'invention, divers ensembles de données (Tl, T2, T3, ..) sont stockés, ces ensembles ayant été cryptés différemment (El, E2, E3, ..), et des clés de décryptage respectives sont ensuite nécessaires pour accéder aux ensembles de données respectifs. Le module de gestion d'accès (AMM) accepte ou refuse une demande (ID) d'accès dans un ensemble de données particulier quelconque en communiquant ou en ne communiquant pas, respectivement, une clé de décryptage nécessaire pour accéder à cet ensemble de données particulier.
PCT/IB2006/054215 2005-11-14 2006-11-13 Support de stockage de donnees comprenant un module de gestion d'acces WO2007054915A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP05300920.5 2005-11-14
EP05300920 2005-11-14

Publications (2)

Publication Number Publication Date
WO2007054915A2 true WO2007054915A2 (fr) 2007-05-18
WO2007054915A3 WO2007054915A3 (fr) 2007-08-09

Family

ID=37907642

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/054215 WO2007054915A2 (fr) 2005-11-14 2006-11-13 Support de stockage de donnees comprenant un module de gestion d'acces

Country Status (1)

Country Link
WO (1) WO2007054915A2 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2790346A1 (fr) * 1999-02-26 2000-09-01 Schlumberger Systems & Service Dispositif et procede de securisation d'un media de stockage de donnees
WO2001043129A1 (fr) * 1999-12-07 2001-06-14 Sun Microsystems Inc. Support de stockage lisible par ordinateur dote d'un microprocesseur destine a commander la lecture, et ordinateur conçu pour communiquer avec un tel support

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2790346A1 (fr) * 1999-02-26 2000-09-01 Schlumberger Systems & Service Dispositif et procede de securisation d'un media de stockage de donnees
WO2001043129A1 (fr) * 1999-12-07 2001-06-14 Sun Microsystems Inc. Support de stockage lisible par ordinateur dote d'un microprocesseur destine a commander la lecture, et ordinateur conçu pour communiquer avec un tel support

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
AKKERMANS T H M ET AL: "Chip in disc for optical storage" OPTICAL MEMORY AND OPTICAL DATA STORAGE TOPICAL MEETING, 2002. INTERNATIONAL SYMPOSIUM ON 7-11 JULY 2002, PISCATAWAY, NJ, USA,IEEE, 7 July 2002 (2002-07-07), pages 3-5, XP010600108 ISBN: 0-7803-7379-0 *

Also Published As

Publication number Publication date
WO2007054915A3 (fr) 2007-08-09

Similar Documents

Publication Publication Date Title
RU2279724C2 (ru) Способ и устройство для управления распространением и использованием цифровых работ
JP4649533B2 (ja) 管理装置、編集装置、記録媒体を含むオーディオデータ管理システム、管理装置、編集装置、記録媒体、方法
KR100580064B1 (ko) 매체 재생 제어 장치 및 방법
US7505584B2 (en) Contents management method, contents management apparatus, and recording medium
RU2290767C2 (ru) Приемное устройство для защищенного сохранения единицы контента и устройство воспроизведения
EP2109949B1 (fr) Procédé, système et article d'autorisation dynamique d'accès à un contenu sous licence
US10089620B2 (en) Recording medium, license management apparatus, and recording and playback apparatus
US7065216B1 (en) Methods and systems of protecting digital content
CN101142563B (zh) 信息设置装置及方法、信息获取装置及方法
US20050154880A1 (en) Revocation information updating method, revocation information updating apparatus and storage medium
US20050021961A1 (en) Content encryption using programmable hardware
US7162452B1 (en) Key distribution via a memory device
US7028340B1 (en) Apparatus, a system and method for controlling access to contents
US20050005142A1 (en) Digital rights management
US20090119514A1 (en) Content data structure and memory card
RU2297677C2 (ru) Носитель записи для хранения цифрового продукта
CZ20022788A3 (cs) Způsob bezpečné superdistribuce uľivatelských dat, systém bezpečné superdistribuce, zařízení pro reprodukci a záznam, a nosič dat
US20110271119A1 (en) Secure Data Storage and Transfer for Portable Data Storage Devices
WO2005010734A1 (fr) Support de donnees appartenant à un domaine autorisé
CN101019083A (zh) 用于保护内容的方法、设备和介质
KR101270712B1 (ko) 메모리 카드 암호화 및 복호화를 사용하여 디지털 컨텐츠를보호하는 방법
WO2007054915A2 (fr) Support de stockage de donnees comprenant un module de gestion d'acces
CN101609704B (zh) 光盘再现装置、车载光盘再现装置、车载光盘再现系统以及光盘再现方法
RU2273101C2 (ru) Система и способ управления воспроизведением аудиоданных с устройством редактирования и носителем записи
JP2005017875A (ja) コンテンツ管理方法、コンテンツ管理装置、およびコンテンツ管理プログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06821409

Country of ref document: EP

Kind code of ref document: A2