TREA

APPARATUS FOR WRITING DATA HAVING A DATA AMOUNT ON A STORAGE MEDIUM

Follow

Information

  • Patent Application
  • 20070291611
  • Publication Number
    20070291611
  • Date Filed
    July 31, 2007
    17 years ago
  • Date Published
    December 20, 2007
    17 years ago
Information
Abstract
An apparatus for writing data having a data amount on a storage medium, the storage medium having a limited data capacity being higher than the data amount, the apparatus having a processor for receiving information on the data amount and the data capacity on the storage medium and for determining a redundancy data amount based on the data amount and the data capacity. The apparatus further has a generator for generating redundancy data based on the data, the redundancy data having the redundancy data amount and, furthermore, the apparatus having a writer for writing the data at the redundancy data to the storage medium.
Description
TECHNICAL FIELD

The present invention is in the field of data protection and security, respectively, in the field of data safety and data verification.


BACKGROUND

Data safety and data security is a known problem, and widely combat through large numbers of data backups. In order to secure data, a common method is to backup data on a regular time basis and to store different backups in different locations. However, when referring to data carriers as, for example, a CD (CD=Compact Disk) or a DVD (DVD=Digital Versatile Disk), they are often only available as a single copy, i.e. a user would usually only buy a single piece. When purchasing a CD having any kind of data, it is very unfortunate when data gets lost, either through time or through physical force as, for example, scratches on the surface of the a CD. With conventional copy protection mechanisms, it is not possible to make private backups as vendors try to prevent product piracy.


Vendors of digital media often copy protect the media, which they offer their products on. This complicates data protection for a user or customer only having a single copy at their disposal, which can be very sensitive to physical impacts. Often data carriers react with data loss or data degradation if for instance scratches occur on a CD or DVD. Vendors of digital media may therefore be in a conflict between preventing product piracy and maintaining user satisfaction.


SUMMARY

According to an embodiment, an apparatus for writing data having a data amount on a storage medium, the storage medium having a limited data capacity being higher than the data amount, may have: a processor for receiving information on the data amount and the data capacity of the storage medium and for determining a redundancy data amount based on the data amount and the data capacity; a generator for generating redundancy data based on the data, the redundancy data having the redundancy data amount; and a writer for writing the data and the redundancy data to the storage medium.


According to another embodiment, a method for writing data having a data amount on a storage medium, the storage medium having a limited data capacity being higher than the data amount, may have the steps of: receiving information on the data amount and the data capacity of the storage medium; determining a redundancy data amount based on the data amount and the data capacity; generating redundancy data based on the data, the redundancy data having the redundancy data amount; and writing the data and the redundancy data to the storage medium.


According to another embodiment, a computer program may have a program code for performing, when the computer program runs on a computer, the method for writing data having a data amount on a storage medium, the storage medium having a limited data capacity being higher than the data amount, wherein the method may have the steps of: receiving information on the data amount and the data capacity of the storage medium; determining a redundancy data amount based on the data amount and the data capacity; generating redundancy data based on the data, the redundancy data having the redundancy data amount; and writing the data and the redundancy data to the storage medium.


According to another embodiment, an apparatus for reading a data set from a storage medium may have: a reader for reading control information from the storage medium, the control information having information on redundancy data on the storage medium; a reader and indicator for reading data from the storage medium and for indicating if a subset of the data was read incorrectly; a reader for reading redundancy data based on the information on the redundancy data in response to the indication of the subset of a data having been read incorrectly; and a combiner for combining the data and the redundancy data to receive the data set.


According to another embodiment, a method for reading a data set from a storage medium may have the steps of: reading control information from the storage medium, the control information having information on redundancy data on the storage medium; reading data from the storage medium; indicating if a subset of data was read incorrectly; reading redundancy data based on an information on redundancy data in response to the step of indicating; and combining the data and the redundancy data to receive the data set.


According to another embodiment, a computer program may have a program code for performing, when the computer program runs on a computer, the method for reading a data set from a storage medium, wherein the method may have the steps of: reading control information from the storage medium, the control information having information on redundancy data on the storage medium; reading data from the storage medium; indicating if a subset of data was read incorrectly; reading redundancy data based on an information on redundancy data in response to the step of indicating; and combining the data and the redundancy data to receive the data set.


Embodiments achieve increased data security by using remaining storage capacity to redundantly store user payload. Therefore, embodiments provide the advantage of more reliable data storage through redundancy. While media capacity has become quite cheap, reliability is still a very important issue with present optical storage media. For example when data is exchanged using optical media, these media are rarely filled up to their capacity limit. In many cases, a considerable amount of space remains unused. Embodiments utilize the remaining space to increase data reliability. This is done by redundantly storing information behind the actual user data area of a certain storage medium. Moreover, embodiments of the present invention utilize optimized algorithms that will give a user the choice over the amount of reliability desired. This allows the creator of a medium to trade in any amount of capacity for data reliability in a way that even takes some of the special properties of, for example, an optical storage medium into account when it comes to how data will be best stored, to be robust against scratches and other damages to a disc.




BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the present invention will be detailed subsequently referring to the appended drawings, in which:



FIG. 1
a is an embodiment of an apparatus for writing data;



FIG. 1
b is another embodiment of an apparatus for writing data;



FIG. 2
a is an embodiment of an apparatus for reading data;



FIG. 2
b is another embodiment of an apparatus for reading data;



FIG. 3 is an embodiment of a storage medium;



FIG. 4 is an embodiment of an anchor structure;



FIG. 5 is an embodiment of a file fragment information table structure;



FIG. 6 is an embodiment of a file fragment information table entry;



FIG. 7 is an embodiment of a definition of a copy protection field;



FIG. 8 is an embodiment of a disc security information structure;



FIG. 9 is an embodiment of a redundancy information field structure; and



FIG. 10 is an embodiment of a redundancy map information structure.




DETAILED DESCRIPTION


FIG. 1
a shows an apparatus 100 for writing data having a data amount on a storage medium 105, the storage medium 105 having a limited data capacity being higher than the data amount. The apparatus 100 comprises a means 110 for obtaining information on the data amount and the data capacity of the storage medium 105 and for determining a redundancy data amount based on the data amount and the data capacity. The apparatus 100 further comprises a means 115 for generating redundancy data based on the data, the redundancy data having the redundancy data amount. Furthermore, the apparatus 100 comprises a means 120 for writing the data and the redundancy data to the storage medium 105.


In one embodiment, the data already comprises other redundancy information and the means for generating is adapted for generating additional redundancy information. This is, for example, the case if data is written to a storage medium, the data having data packets already comprising checksums. If the capacity on the storage medium is large enough, the data may be doubled in an embodiment and a redundant version of the data may be written to the storage medium. Therewith, the redundancy information, which had already been in the data, i.e. checksums for example, is also doubled and redundantly written to the storage medium again.



FIG. 1
b shows another embodiment of an apparatus 100 for writing data to a storage medium 105, comprising the means 110 for obtaining, the means 115 for generating and the means 120 for writing the data. The apparatus 100 for writing shown in FIG. 1b has similar means and functionalities as the one detailed with respect to FIG. 1a. Within the embodiment depicted in FIG. 1b, the means 110 for obtaining may be adapted for further obtaining user information on the redundancy data amount. In one embodiment, for example, in an implementation on a personal computer, a pop-up window could occur asking a user for an amount of redundancy information, which is desired. The means 110 for obtaining could then evaluate the redundancy data amount.


According to another embodiment, the means 115 for generating may comprise an encoder 125 using a code with a code rate to generate the redundancy data. In one embodiment, the respective code rate can be controlled by the redundancy data amount. In yet another embodiment, the redundancy data may be generated by utilizing a Reed Solomon code. Other embodiments may use convolutional or even turbo codes. In yet another embodiment, the means 115 for generating can be adapted for generating the redundancy data based on XOR operations between subsets of the data. In this embodiment, two data packets are combined by an XOR operation in order to obtain a third data packet. Having any two of these three data packets, it is possible to derive the third one. In one embodiment, all three data packets would be written to the storage medium.


In another embodiment, the means 120 for writing is adapted for writing the data in a format of a legacy CD or a DVD, for example, in the UDF (UDF=Universal Data Format) format or in the ISO 9660 format. In another embodiment, the means for writing can be adapted for writing control information on the storage medium 105, as it is indicated by the additional arrow in FIG. 1b. The control information may have information on a location of the redundancy data, an amount of the redundancy data, and so on, in order to enable a reader to retrieve all redundancy data when considered necessary.


In another embodiment, the means 120 for writing may be adapted for writing the data such that a baseline reader and an enhanced reader can read the data and for writing the redundancy data such that the enhanced reader can read and process the redundancy data. However, the baseline reader ignores, skips or not at all read the redundancy data.


In yet another embodiment, the means 120 for writing may be adapted for writing data on a storage medium 105 having a defined geometrical structure and further being adapted for writing data and redundancy data onto the storage medium 105, such that a geometrical difference between the data and the redundancy data is larger than a predefined distance, and for generating and writing redundancy location data identifying a location of the redundancy data on the storage medium 105.



FIG. 2
a shows an embodiment of an apparatus 150 for reading a data set from a storage medium 155. The apparatus 150 comprises a means 160 for reading control information from the storage medium 155, the control information having information on redundancy data on the storage medium 155. Furthermore, the apparatus 150 comprises a means 165 for reading data from the storage medium 155 and for indicating if a subset of the data has been read incorrectly. Furthermore, the apparatus 150 comprises a means 170 for reading redundancy data based on the information on the redundancy data in response to the indication of the subset of data having been read incorrectly and a means 175 for combining the data and the redundancy data to obtain the data sets.


In one embodiment, the means 160 for reading control information is adapted for reading a table from the storage medium 155, the table having information on an amount of redundancy data or a location of redundancy data on the storage medium 155. In another embodiment, the means 160 for reading control information is adapted for reading control information in terms of a logical sector number of redundancy data on the storage medium. In another embodiment, the means 165 for indicating if a subset of data was read incorrectly is adapted for determining a checksum or for performing a CRC (CRC=Cyclic Redundancy Check) on the data read as indicated in FIG. 2b. FIG. 2b shows another embodiment of an apparatus 150 for reading a data set from a storage medium 155, comprising the same components as detailed for the embodiment in FIG. 2a.


In yet another embodiment, the means 170 for reading the redundancy data may be adapted for reading redundancy data for which data subsets have been read incorrectly from a location on which information is comprised in the control information. The means 175 for combining can be adapted for combining the redundancy data and the data according to an XOR or Reed Solomon combiner 180, as shown in FIG. 2b.


According to another embodiment an optical disc drive may comprise an apparatus for writing and an apparatus for reading according to the above embodiments.



FIG. 3 shows a storage medium 300, which is exemplified as an optical disc. The optical disc 300 comprises data 310 and redundancy data 320, 325 and 330. FIG. 3 illustrates that extra redundancy data 320, 325 and 330 can be used to enhance data reliability. If, due to any physical destruction the data section 310 of the disc 300 can no longer be read, there are still the three redundancy data sections 320, 325 and 330, of which a single one would be enough in order to restore the data. In one embodiment the storage medium 300 may further comprise control information 335, which has information on the location or amount of redundancy data on the storage medium 300, e.g. in terms of logical sector numbers (LSN=Logical Sector Number).



FIG. 4 shows a basic SecurDisc technology anchor structure (BTAS=Basic SecurDisc Technology Anchor Structure). The BTAS can e.g. be located in RLSN 15 (RLSN=Relative Logical Sector Number), relative to the beginning of a SecurDisc enabled recording session at offset RBP 64 (RBP=Relative Byte Position). Moreover, one redundant copy of BTAS can be located at either the last LSN of a SecurDisc enabled recording session, or the logical sector immediately preceding the secondary AVDP (AVDP=Anchor Volume Description Pointer). The BTAS references an FFIT (FFIT=File Fragment Information Table) and a redundancy information block, as well as a second redundancy backup copy of each of these structures, and thus serves as an anchor for all SecurDisc structures located in the user data area. FIG. 4 shows an embodiment of an exemplified BTAS.



FIG. 4 shows a field for the structure size which specifies the total size of the structure in bytes as a Big-Endian value, which can for example be 56-bytes. Moreover, FIG. 4 shows a structure identifier “BTAS”, which contains an ASCII (ASCII=American Standard Code for Information Interchange) representation of “BTAS” identifying the structure as a SecurDisc technology anchor structure.


The field DSILSN (DSI=Disc Security Information) specifies the logical sector number of the disc security information structure as a Big-Endian value. If this security information is not present, all bytes of this field are set to zero. Furthermore, FIG. 4 shows the FFITLSN, which specifies the logical sector number of the FFIT as a 64-bit Big-Endian value.


Another field shown in FIG. 4 is the ARBLSN (ARB=Application Revocation Lock) and specifies the logical sector number of ARB as a 64-bit Big-Endian value, or a field filled with zeros, if no ARB is present. The ARB is necessitated in the embodiments for all media that use copy protection or pass phrase protection features of SecurDisc. An ARB is a revocation block, which can be used to revoke compromised applications.



FIG. 4 further shows a “Backup DSILSN”-, a “Backup FFITLSN”- and a “Backup ARBLSN”-field, which specify the logical sector numbers of the respective backup structures.


The FFIT contains information about each contiguous area of the disc that is managed by SecurDisc, such contiguous areas may include files that are copy protected or pass phrase protected, as well as files protected by checksums. The FFIT is stored after all other files on the disc, to allow checksums to be generated on-the-fly during the recording process. The location of the FFIT is flexible, the FFIT is referenced by the BTAS. It begins with a header and an embodiment of a structure is shown in FIG. 5.


Header information is comprised in the FFITH (FFITH=FFIT Header)-field containing version information and a field indicating the different SecurDisc features that are used on any part of the media. A backup of the FFIT is referenced by the BTAS as mentioned above. Its location may be freely selected. However, to achieve maximum reliability, the backup FFIT should be physically distant from the first copy of the FFIT, as a minimum requirement, the backup FFIT can be stored in a packet different to the primary FFIT.


As indicated in FIG. 5, the structure starts with a “FFITH Size”-field (FFITHS=FFITH size), which specifies the total size of the FFITH and bytes as a Big-Endian value. In one embodiment the structure size may be 40 bytes. Moreover, FIG. 5 shows the FFIT identifier, which contains a ASCII representation of the string “BFIT” identifying the structure as a SecurDisc file fragment information table.


Moreover, FIG. 5 shows a SecurDisc FFIT version number, which specifies a version number of the structure. The first byte contains a high version number the second byte contains a low version number. The high version number is 01h in one embodiment. An implementation may only rely on the layout of the remaining information of the FFITH and its FFITE (FFITE=FFIT Entry) if the high version number is 01h. If only the low version number is higher than the version number an implementation supports, the implementation may still rely on the structures that have been defined in a previous version of an embodiment.


Furthermore, FIG. 5 shows a “SecurDisc Copy Protection Recovery”-field, which comprises the 128-bit disc unique ID encrypted with a 128-bit AES key value derived from a special copy protection recovery pass phase calculated as described above. There may be no pass phrase verification checksum for this value in another embodiment. If no copy protection recovery pass phrase has been specified during the authoring process all bytes of this field may be set to zero.


Moreover, FIG. 5 shows a SecurDisc pass phrase verification checksum, which comprises an 128-bit checksum that can be used to verify the correctness of the pass phrase entered by a user. The pass phrase verification checksum has a fixed value PVC, which can be encrypted using the key contribution derived from the user pass phrase, as it was described above.


Furthermore, there is a SecurDisc global feature flag mask in FIG. 5 comprising the result of an XOR operation, combining all feature flag masks of all FFITE of this FFIT. FIG. 5 also shows an FFITE chunk size, which is a 32-bit Big-Endian value in this embodiment, and all FFITE may be stored as a chunked information list with a fixed chunk size. At the bottom of the structure shown in FIG. 5 there is a number of FFITE chunks, which specifies the number of FFITE chunks contained in the file fragment information table as a 64-bit Big-Endian value. The chunk list of FFITE starts immediately after the FFITH, as depicted in FIG. 5.


The FFITH may grow as additional fields are added in further embodiments. The location of the FFITE can be calculated as

FFITEOFFSET[0]=FFITLSN*BPS+FFITHS
FFITELSN[0]=FFITEOFFSET[0] DIV BPS
FFITERBP[0]=FFITEOFFSET[0] MOD BPS

with FFITEOFFSET[0] being the relative bit position (RBP=Relative Bit Position) of the first FFITE relative to the beginning of the user data area of the disc, BPS is the number of bytes per sector and FFITELSN is the LSN of the FFIT.


The result of this operation is FFITELSN[0], the LSN of the first FFITE and FFITERBP[0], the relative byte position of the first FFITE from the beginning of the sector specified by the FFITELSN[0].


FFITE are stored in ascending order of their fragments'LSN. The location of a particular entry x is calculated as

FFITEOFFSET[x]=FFITEOFFSET[0]+x*FFITECS
FFITELSN[x]=FFITEOFFSET[x] DIV BPS
FFITERBP[x]=FFITEOFFSET[x] MOD BPS

where FFITEOFFSET[x] is the RBP of the x-th FFITE relative to the beginning of the user data area of the disc, x is a number between 0 and NUMFFITE-1 and FFITECS is the FFITE content size.


The result of this operation is FFITELSN[x], the LSN of the x-th FFITE and FITERBP[x], the relative byte of the x-th FFITE from the beginning of the sector specified by FFITELSN[x].


An embodiment of an FFITE structure is shown in FIG. 6. FIG. 6 shows an “LSN of File Fragment”-field, which specifies the LSN of the file fragment managed by the FFITE. Moreover, a field is dedicated to the size of the file fragment in logical sectors, specifying the size of the file fragment managed by the FFITE in logical sectors. A logical sector is the smallest logical unit for SecurDisc. If a sector is not used completely, the remaining space can be filled with zeros in this embodiment.


A pass phrase protected field “PP” comprises a flag, also being part of the SecurDisc feature flag mask. If true, the file fragment managed by this FFIT is pass phrase protected. The “CS”-field is also part of the SecurDisc feature flag mask. If true, the content of the file fragment managed by this FFITE can be verified using a “File Fragment Checksum”-field stored in this FFITE.


The “CP”-field is part of the SecurDisc feature flag mask. It can assume four distinct conditions regarding copy protection for the file fragment managed by this FFITE as specified in the Table in FIG. 7. FIG. 7 shows an embodiment of the copy protection values, indicating whether copy protection is used or not for this file fragment, and whether special protected output rules apply.



FIG. 6 further shows the file fragment checksum in case the CS flag is true, this field may contain a AES-128 cryptographic hash of the file fragment managed by this FFITE. If the CS flag is false, this field may contain all zeros. Moreover, FIG. 6 shows in row 6, a space that can be reserved for SecurDisc feature flag mask extensions.



FIG. 8 shows an embodiment of a disc security information structure (DSI=Disc Security Information). The disc security information structure stores global information about disc security. It is stored after all other files on the disc to allow digital signatures to be generated on-the-fly. The location of the DSI may be referenced by the BTAS as mentioned above. The DSI can be stored in a contiguous area of the disc.


Moreover, a backup DSI may be referenced by the BTAS in an embodiment. Its location may be freely selected. However, to achieve maximum reliability, the backup DSI should be physically distant from the first DSI copy. As a minimum requirement, the backup DSI should be stored in a different packet than the primary DSI in an embodiment.


If the backup DSI is located on a disc before the primary DSI, a “RSA Disc Signature”-field of the backup DSI may be assumed to have all its bits set to zero when calculating the digital signature in this embodiment (RSA=Initials of Surnames of Inventors, Rivest, Shamir and Adleman). Moreover, the DSI structure may store up to 65535 redundancy map references in embodiments. This allows for a very fine-grained configuration of redundancy mapping.



FIG. 8 shows an embodiment of a DSI structure. The “DSI Size”-field specifies the size of the structure in bytes, as a Big-Endian value. In this embodiment, the size is 120+(N+1)×1Ch. The DSI identifier can be a 4 byte identifier, identifying the structure as a DSI structure. This identifier may contain the ASCII representation of “BDSI”.


In an embodiment a SecurDisc DSI version number specifies the version number of the structure. The first byte may contain the higher version number and the second byte may contain the lower version number in this embodiment. The higher version number may be 01h for this embodiment, the low version number may be 00h. An implementation may only rely on the layout of the remaining information of DSI if the higher version number is 01h. If only the low version number is higher than the version number the implementation supports, the implementation may still rely on the structures that have been defined in a previous version.


The number of redundancy maps N specifies the number of redundancy maps referenced by the structure as a 16-bit Big-Endian value. The minimum number of redundancy maps may be 1 in an embodiment, so the actual number of redundancy maps can be N+1. As mentioned above, in the “Reserved”-field, all bytes may be set to zero.


A “Disc Signature RSA Public Key Hash”-field may contain a 128-bit AES hash value of the public key that can be used for signature verification. It may be used by an implementation to check whether the correct public key has been supplied by the user to verify the authenticity of the disc. If the disc is not digitally signed, all bits of the field may be set to zero.


A “RSA Disc Signature”-field may contain a 256-bit RSASSA-PSS digital signature (PSS=Probabilistic Signature Scheme). If the disc is not digitally signed, all bytes of this field are set to zero. An SHA-1 (SHA=Secure Hash Algorithm) hash value generated for the digital signature contains all data starting from the beginning of the session until the last byte before the “RSA Disc Signature”-field of the primary DSI. If the area covered by the SHA-1 hash includes the backup DSI structure, the structure can be included in the hash with its “RSA Disc Signature”-field set to all zeros.


The redundancy information contains information about redundancy maps on the SecurDisc media. It is used when data is stored redundantly to allow recovery from fatal read errors, and corresponds to control information, specifying location and presence of redundancy data, according to an embodiment.


A more detailed embodiment of a redundancy information structure is shown in FIG. 9. The structure shown in FIG. 9 may repeat N+1 times, so one entry can be present for each redundancy map defined in the DSI structure explained above. If the “Map Type”-field is set to false, the “Redundancy Level”-field specifies how many packets may form a redundancy group. The value may be in the range from 1 through (232−1) with 1 being the highest security level. If the “Map Type”-field is set to true, the redundancy level may specify how many redundancy packets are written for a single user data packet. The value can be in the range from 1 to (232−1) with 232−1 being the highest security level. In one embodiment setting this field to zero may serve as switching off the enhanced data security feature.


The “Map Type”-field may specify the type of mapping between redundancy packets and user data packets, i.e. between data and redundancy data. If this bit is set to true, the mapping between user data packets and redundancy packets may be 1:N. This means that for a single user data packet, at least one redundancy packet exists. The exact number may be specified by a “Redundancy Level”-field. If the bit is set to false, the mapping between user data packets and redundancy packets may be N:1. This means that at least one user data packet may be mapped to a single redundancy packet. The exact number of user data packets mapped to a single redundancy packet may be specified by the “Redundancy Level”-field. In the “Reserved”-field, all bits are set to zero as mentioned above.


A “Redundancy Function”-field can specify the redundancy function used. In one embodiment, a value of 00h may indicate that enhanced data security is not used. For example, a value of 01h may indicate that an XOR redundancy grouping scheme is used. In this scheme, two data packets are processed using an XOR operation, of which a redundancy packet results. Any two of the then three packets allow to restore the two data packets. The “Redundancy Function”-field may specify other redundancy functions as, for example, the usage of Reed Solomon encoding, a convolutional coding scheme or even enable the usage of turbo codes.


A “Number of Redundancy Map Entries”-field may specify the number of redundancy map entries as a Big-Endian DWORD value. The “Redundancy Map LSN”—field specifies the LSN of the redundancy map as a Big-Endian 64-bit value or zero if the enhanced data security feature is not used. A “Backup Redundancy Map LSN”-field may specify the LSN of the backup redundancy map as a Big-Endian 64-bit value or zero, when the feature is not used.


The redundancy map information structure provides a 1:N or N:1 mapping between user data packets and redundancy packets. Which mapping mode is in use for a particular disc may be determined by the “Map Type”-field specified in the “Redundancy Information”-field of the DSI structure. If the “Map Type”-field is set to false, a unique packet corresponds to a redundancy packet and a mapped packet corresponds to a user data packet according to the structure depicted in FIG. 10. If the “Map Type”-field is set to true, a unique packet corresponds to a user data packet and a mapped packet corresponds to a redundancy packet in FIG. 10. Therewith, different code rates are enabled, which are literally 1:N, respectively N:1. The redundancy map comprises entries according to the structure depicted in FIG. 10. Redundancy map entries are sorted in ascending order of their unique packet number in this embodiment.


A backup of the redundancy map information is referenced by the DSI structure. Its location may be freely selected. However, to achieve maximum reliability, the backup redundancy map should by physically distant from the first copy. As a minimum requirement, the backup redundancy should be stored in a different packet than the primary in an embodiment.


In FIG. 10, a “Unique Packet Number”-field may specify a packet number of the unique packet with the meaning specified above. The packet number of a “Mapped Packet#N”-field may specify a REDLEVEL entry following the unique packet number. They specify the mapped packets with the meaning specified above.


Embodiments of the present invention provide increased data security to a user. In one embodiment, even if a disc is partially destroyed, the user is able to retrieve his data. If the data stored on the disc is defective, a user can also be notified so that no work is carried out with broken data accidentally.


Embodiments take advantage of, for example, optical media not being completely written when used for transferring data from one person to another. Capacity overhead of media is used by embodiments to redundantly store data that has been written to the media. If parts of e.g. a disc are damaged, the data can be reconstructed from the redundant information stored in the otherwise unused areas of the disc. This is also true for backups where the user is able to trade in reliability for capacity.


According to one detailed embodiment of the present invention, data blocks, or data segments are grouped into redundancy groups. The content of all data blocks belonging to the same redundancy group is combined in a manner that allows restoring one or more members of the same redundancy group from the remaining entries. A very simple but effective approach in an embodiment is an XOR redundancy group in which all data blocks belonging to the same redundancy group are combined using a bit-wise XOR and the result is stored into one extra redundancy data block. If no more than one single data block from a given redundancy group fails, it can be reconstructed from the original data of the remaining group members and the redundancy information stored in the otherwise unused area of the disc.


A more sophisticated method of combining the members of the redundancy group is to use Reed Solomon checksums or codes, which allow for more than a single data block within a group to be restored.


Moreover, in embodiments, the number of data blocks belonging to the same redundancy group determines the security level of the content. The more data blocks belong to the same group, the greater the risk of permanent loss of the data through media damage.


If both the “Redundancy Level”- and the “Redundancy Function”-fields of the DSI structure are set to a value different from zero for the first redundancy map entry, some of the media space may be used to provide redundant storage of user payloads.


Using the redundancy maps referenced through the “Redundancy Information”-field of the DSI structure, a host can restore lost information with a redundancy group by extracting it from the information stored in the same group which is still intact.


In some embodiments a redundancy group can be defined as a group of datablocks, for example ECC blocks (ECC=Error Tracking and Correction), that share a common hash ECC block. The hash ECC block content may be calculated from the ECC block belonging to the same redundancy groups through a redundancy function. In some embodiments a redundancy function supported is XOR.


An embodiment of an apparatus for writing may be free to choose the best strategy to combine ECC blocks to redundancy groups, taking into account optical media properties and other criteria to ensure that no more than a single ECC block within a redundancy group is affected if the media gets damaged.


The redundancy level determines separately for each redundancy map, how many ECC blocks are assigned to a single redundancy group, thus determining the level of safety that should be accomplished. The more ECC blocks are assigned to the same ECC group, the more likely a defection of two or more ECC block, which constitutes a situation in which restoring the defective ECC blocks becomes impossible with e.g. the XOR redundancy function.


To restore a defective ECC block, a reader can for example read the information stored in the DSI structure and find the corresponding entry in the redundancy map and read all other packets that belong to the same redundancy group, i.e. read the corresponding redundancy packets, and calculate the restored content of the defective ECC block as follows:

RESTORED_PACKET=PACKET#1 XOR PACKET#2 XOR [ . . . ] XOR PACKET#REDLEVEL−1 XOR RPACK

where RESTORED_PACKET is the content of the restored packet, PACKET#x is the content of packet x, REDLEVEL is the number of packets pre redundancy group and RPACK is the content of the redundancy packet.


If a packet could not be restored using the first redundancy map, the reader implementation may repeat this process with all remaining redundancy maps until the packet could be restored.


Depending on certain implementation requirements of the inventive methods, the inventive methods can be implemented in hardware or in software. The implementation can be performed using a digital storage medium, in particular, a disc, DVD or a CD having an electronically readable control signals stored thereon, which co-operate with a programmable computer system, such that the inventive methods are performed. Generally, the present invention is, therefore, a computer program product with a program code stored on a machine-readable carrier, the program code being operated for performing the inventive methods when the computer program product runs on a computer. In other words, the inventive methods are, therefore, a computer program having a program code for performing at least one of the inventive methods when the computer program runs on a computer.


While this invention has been described in terms of several embodiments, there are alterations, permutations, and equivalents which fall within the scope of this invention. It should also be noted that there are many alternative ways of implementing the methods and compositions of the present invention. It is therefore intended that the following appended claims be interpreted as including all such alterations, permutations, and equivalents as fall within the true spirit and scope of the present invention.

Claims
  • 1. An apparatus for writing data comprising a data amount on a storage medium, the storage medium comprising a limited data capacity being higher than the data amount, comprising: a processor for receiving information on the data amount and the data capacity of the storage medium and for determining a redundancy data amount based on the data amount and the data capacity; a generator for generating redundancy data based on the data, the redundancy data comprising the redundancy data amount; and a writer for writing the data and the redundancy data to the storage medium.
  • 2. The apparatus of claim 1, wherein the data comprises other redundancy information and the generator is adapted for generating additional redundancy information.
  • 3. The apparatus of one the preceding claims, wherein the processor for receiving is adapted for receiving user information on the redundancy data amount.
  • 4. The apparatus of claim 3, wherein the processor for receiving is adapted for triggering a pop-up menu for getting the user information.
  • 5. The apparatus of one of the preceding claims, wherein the generator further comprises an encoder using a code with a code rate to generate the redundancy data.
  • 6. The apparatus of claim 5, wherein the code rate is controlled by the redundancy data amount.
  • 7. The apparatus of claim 5, wherein the redundancy data is generated by a Reed Solomon code.
  • 8. The apparatus of claim 5, wherein the code is a convolutional or turbo code.
  • 9. The apparatus of one of the preceding claims, wherein the generator is adapted for generating the redundancy data based on XOR operations between subsets of the data.
  • 10. The apparatus of one of the preceding claims, wherein the writer is adapted for writing the data in a format of a legacy CD or DVD format.
  • 11. The apparatus of one of the preceding claims, wherein the writer is adapted for writing control information on the storage medium, the control information comprising information on the location of the redundancy data.
  • 12. The apparatus of one of the preceding claims, wherein the writer is adapted for writing the data such that a baseline reader and an enhanced reader can read the data and for writing the redundancy data such that the enhanced reader can read and process the redundancy data and the baseline reader ignores, skips or does not read the redundancy data.
  • 13. The apparatus of one of the preceding claims, wherein the writer is adapted for writing data on the storage medium comprising a defined geometrical structure and, further, being adapted for writing data and redundancy data onto the storage medium such that a geometrical distance between the data and the redundancy data is larger than a predefined distance and for generating and writing redundancy location data identifying a location of the redundancy data on the storage medium.
  • 14. The apparatus of claim 1, which is implemented in an optical disc drive.
  • 15. A method for writing data comprising a data amount on a storage medium, the storage medium comprising a limited data capacity being higher than the data amount, comprising: receiving information on the data amount and the data capacity of the storage medium; determining a redundancy data amount based on the data amount and the data capacity; generating redundancy data based on the data, the redundancy data comprising the redundancy data amount; and writing the data and the redundancy data to the storage medium.
  • 16. A computer program comprising a program code for performing, when the computer program runs on a computer, the method for writing data comprising a data amount on a storage medium, the storage medium comprising a limited data capacity being higher than the data amount, the method comprising: receiving information on the data amount and the data capacity of the storage medium; determining a redundancy data amount based on the data amount and the data capacity; generating redundancy data based on the data, the redundancy data comprising the redundancy data amount; and writing the data and the redundancy data to the storage medium.
  • 17. An apparatus for reading a data set from a storage medium, comprising: a reader for reading control information from the storage medium, the control information comprising information on redundancy data on the storage medium; a reader and indicator for reading data from the storage medium and for indicating if a subset of the data was read incorrectly; a reader for reading redundancy data based on the information on the redundancy data in response to the indication of the subset of a data having been read incorrectly; and a combiner for combining the data and the redundancy data to receive the data set.
  • 18. The apparatus of claim 17, wherein the reader for reading control information is adapted for reading a table from the storage medium, the table comprising information on an amount of redundancy data or a location of redundancy data on the storage medium.
  • 19. The apparatus of claim 17, wherein the reader for reading control information is adapted for reading control information in terms of logical sector numbers of redundancy data on the storage medium.
  • 20. The apparatus of claim 17, wherein the indicator for indicating if a subset of data was read incorrectly is adapted for determining a checksum or performing a CRC-check (CRC=Cyclic Redundancy Check) on the data read.
  • 21. The apparatus of claim 17, wherein the reader for reading the redundancy data is adapted for reading redundancy data for which data subsets have been read incorrectly from a location on which information is comprised in the control information.
  • 22. The apparatus of claim 17, wherein the combiner is adapted for combining the redundancy data and the data according to an XOR operation.
  • 23. The apparatus of claim 17, wherein the combiner is adapted for combining the redundancy data and the data according to a Reed Solomon code, a convolutional code or a turbo code.
  • 24. The apparatus of claim 17, which is implemented in an optical disc drive.
  • 25. A method for reading a data set from a storage medium, comprising: reading control information from the storage medium, the control information comprising information on redundancy data on the storage medium; reading data from the storage medium; indicating if a subset of data was read incorrectly; reading redundancy data based on an information on redundancy data in response to the step of indicating; and combining the data and the redundancy data to receive the data set.
  • 26. A computer program comprising a program code for performing, when the computer program runs on a computer, the method for reading a data set from a storage medium, the method comprising: reading control information from the storage medium, the control information comprising information on redundancy data on the storage medium; reading data from the storage medium; indicating if a subset of data was read incorrectly; reading redundancy data based on an information on redundancy data in response to the step of indicating; and combining the data and the redundancy data to receive the data set.
Priority Claims (1)
Number Date Country Kind
07007620.3 Apr 2007 EP regional
CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of copending International Application No. PCT/EP2007/003655, filed Apr. 25, 2007, which designated the United States.

Provisional Applications (2)
Number Date Country
60746964 May 2006 US
60747363 May 2006 US
Continuations (1)
Number Date Country
Parent PCT/EP07/03655 Apr 2007 US
Child 11831684 Jul 2007 US