Patent Grant
8301906
The present invention is in the field of data security and content verification.
In many applications, especially when it comes to confidential data, it is essential to be able to verify and secure a data content. Data integrity becomes more and more important, also in the sector of private applications and data. Conventional data administration concepts lack the possibility for users to allow other users to verify or integrity check data. Especially when using storage media that season and tend to become more and more erroneous with time it is a problem that at some point one can no longer be sure of the data validity or consistency, i.e. if the data can still be retrieved correctly from such a medium.
Moreover conventional storage concepts and storage media do not allow to verify an origin of data. For example if data is transferred using portable storage media, e.g. by sending a CD (CD=Compact Disc) or a DVD (DVD=Digital Versatile Disk) by mail, the receiver can not easily prove the origin of the data, i.e. verify the integrity of the data.
According to an embodiment, an apparatus for writing checksum information on a data content on a storage medium may have: a provider for providing checksum information based on a data content; and a writer for writing the data content and the checksum information on the storage medium, such that a baseline reader and an enhanced reader can read the data content, the enhanced reader can read and process the checksum information and the baseline reader ignores, skips or does not read the checksum information.
According to another embodiment, a method for writing checksum information on a data content on a storage medium may have the steps of: providing checksum information based on a data content; and writing the data content and the checksum information on the storage medium such that a baseline reader and an enhanced reader can read the data content, the enhanced reader can read and process the checksum information, and the baseline reader ignores, skips or does not read the checksum information.
According to another embodiment, a computer program may have a program code for performing, when the computer program runs on a computer, a method for writing checksum information on a data content on a storage medium, wherein the method may have the steps of: providing checksum information based on a data content; and writing the data content and the checksum information on the storage medium such that a baseline reader and an enhanced reader can read the data content, the enhanced reader can read and process the checksum information, and the baseline reader ignores, skips or does not read the checksum information.
According to another embodiment, an apparatus for verifying a data content from a storage medium may have: a reader for reading the data content and the first checksum information from the storage medium; a provider for providing a second checksum information based on the data content; and a provider for providing a verification indication if the first and the second checksum information are equal.
According to another embodiment, a method for verifying a data content from a storage medium may have the steps of: reading the data content and the first checksum information from the storage medium; providing a second checksum information based on the data content; and providing verification indication if the first and the second checksum information are equal.
According to another embodiment, a computer program may have a program code for performing, when the program code runs on a computer, a method for verifying a data content from a storage medium, wherein the method may have the steps of: reading the data content and the first checksum information from the storage medium; providing a second checksum information based on the data content; and providing verification indication if the first and the second checksum information are equal.
According to another embodiment, an optical disc may have a data section having data information, a checksum section having information on checksum data or encrypted checksum data based on the data information and a control section having information on the association of the data information and the information on checksum data or encrypted checksum data.
The present invention is based on the finding that based on checksums, respectively encrypted checksums, data validity and integrity can be verified. In one embodiment, this is accomplished by storing a checksum over each file that is recorded on an optical disc in a file system independent way.
Embodiments of the present invention therefore provide the advantage that data can be verified, and a user can be pre-vented from working with broken data. Moreover, an effective mechanism is enabled to verify an origin of data stored on a storage medium. Some embodiments support public key signatures for optical storage media. Using this technology, the authenticity of a disc can be proven by verifying a digital signature stored on the disc against a public verification key that needs to be provided once by an author of optical media. The digital signature refers to a checksum of the data on the storage medium. Some embodiments can use the private counterpart to the verification key to digitally design a hash value generated over the checksums.
Embodiments may allow users to verify that data stored on a disc has not decayed in any way and is still in its original state by creating checksums over all files stored on the disc. In a similar way embodiments may store checksums or encrypted checksums on any other storage media as memory cards, hard discs, magneto-optic memory devices, ROM (ROM=Read Only Memory) etc.
In one embodiment, checksum generation can be done on-the-fly and checksums can be stored at the end of, for example, an optical disc. The allocations can be referenced through a pointer stored in a certain sector, in one embodiment sector 15 of the user data area could be used.
Assignment of a particular checksum to its respective file can be done through a chunk table in an embodiment specifying a logical sector number of a first data block of a file and a checksum the file is associated with.
Algorithms used for building the checksums can be chosen from a number of different options, including but not restricted to conventional algorithms as, for example, SHA-1 (SHA=Secure Hash Algorithm), SHA-256, MD5 (MD=Message Digest Algorithm) or custom AES-128 (AES=Advanced Encryption Standard).
File checksum calculation can be performed by host software as part of a file system authoring process in one embodiment. Protection flags may specify for each file whether a sector payload encryption has been applied to that file and whether the host software needs to decrypt sector content before being able to use it.
The chunk size can be the size of a single entry of the chunk table, the size may be fixed for a particular embodiment and serves as an extensibility feature with backwards compatibility for future extensions of embodiments.
Embodiments of the present invention will be detailed subsequently referring to the appended drawings, in which:
a shows an embodiment of an apparatus for writing;
b shows another embodiment of an apparatus for writing;
a shows an embodiment of an apparatus for verifying;
b shows another embodiment of an apparatus for verifying;
a shows an embodiment of an apparatus 100 for writing checksum information on a data content on a storage medium 105. The apparatus 100 comprises a means 110 for providing checksum information based on the data content. Furthermore, the apparatus 100 comprises a writer 115 for writing the data content and the checksum information on the storage medium 105 such that a baseline reader and an enhanced reader can read the data content, the enhanced reader can read and process the checksum information, and the baseline reader ignores, skips or does not read the checksum information.
b shows another embodiment of an apparatus 100 for writing information on data content on a storage medium 105. The apparatus 100 shown in
In another embodiment, the writer 115 is adapted for using an optical disc as a storage medium 105. Moreover, the writer 115 can be adapted for writing control information on a physical or logical location of the checksum information or integrity information on the storage medium 105. Furthermore, the writer 115 can be adapted for writing the checksum information or the integrity information to the logical end of the storage medium 105.
In yet another embodiment, the writer 115 may be adapted for writing a chunk table specifying an association between data and checksums or integrity information. The writer 115 may further be adapted for writing a 128-bit checksum for a data segment to the storage medium 105.
In embodiments, the means 120 for encrypting the checksum information may utilize asymmetrical or symmetrical encryption algorithms. For example, a private key of a user may be used to encrypt the checksum and to obtain the integrity information so that using a public key of that user serves for verifying the checksums and, thus, the data content.
a shows an apparatus 150 for verifying a data content from a storage medium 155. The apparatus 150 comprises a means 160 for reading the data content and a first checksum information from the storage medium 155. The apparatus 150 further comprises a means 165 for providing a second checksum information based on the data content and the means 170 for providing a verification indication if the first and the second checksum information are equal.
b shows another embodiment of an apparatus 150 for verifying a data content from a storage medium 155. The embodiment shown in
In embodiments, the means 160 for reading can be adapted for reading from optical discs. Moreover, the means 160 for reading can be adapted for reading control information from the storage medium 155, the control information may comprise information of a physical or logical location of the first checksum information or the first encrypted checksum information.
In another embodiment, the means 160 for reading can be adapted for reading a chunk table having information on an association between data and first checksum information or first encrypted checksum information from the storage medium 155. In one embodiment, the means 160 for reading can be adapted for reading a first 128-bit checksum or encrypted checksum information from the storage medium 155.
The field DSILSN (DSI=Disc Security Information) specifies the logical sector number of the disc security information structure as a Big-Endian value. If this security information is not present, all bytes of this field are set to zero. Furthermore,
Another field shown in
Header information is comprised in the FFITH (FFITH=FFIT Header)-field containing version information and a field indicating the different SecurDisc features that are used on any part of the media. A backup of the FFIT is referenced by the BTAS as mentioned above. Its location may be freely selected. However, to achieve maximum reliability, the backup FFIT should be physically distant from the first copy of the FFIT, as a minimum requirement, the backup FFIT can be stored in a packet different to the primary FFIT.
As indicated in
Moreover,
Furthermore,
Moreover,
Furthermore, there is a SecurDisc global feature flag mask in
The FFITH may grow as additional fields are added in further embodiments. The location of the FFITE can be calculated as
FFITEOFFSET[0]=FFITLSN*BPS+FFITHS
FFITELSN[0]=FFITEOFFSET[0] DIV BPS
FFITERBP[0]=FFITEOFFSET[0] MOD BPS
with FFITEOFFSET[0] being the relative bit position (RBP=Relative Bit Position) of the first FFITE relative to the beginning of the user data area of the disc, BPS is the number of bytes per sector and FFITELSN is the LSN of the FFIT.
The result of this operation is FFITELSN[0], the LSN of the first FFITE and FFITERBP[0], the relative byte position of the first FFITE from the beginning of the sector specified by the FFITELSN[0].
FFITE are stored in ascending order of their fragments' LSN. The location of a particular entry x is calculated as
FFITEOFFSET[x]=FFITEOFFSET[0]+x*FFITECS
FFITELSN[x]=FFITEOFFSET[x] DIV BPS
FFITERBP[x]=FFITEOFFSET[x] MOD BPS,
where FFITEOFFSET[x] is the RBP of the x-th FFITE relative to the beginning of the user data area of the disc, x is a number between 0 and NUMFFITE−1 and FFITECS is the FFITE content size.
The result of this operation is FFITELSN[x], the LSN of the x-th FFITE and FITERBP[x], the relative byte of the x-th FFITE from the beginning of the sector specified by FFITELSN[x].
An embodiment of an FFITE structure is shown in
A pass phrase protected field “PP” comprises a flag, also being part of the SecurDisc feature flag mask. If true, the file fragment managed by this FFIT is pass phrase protected. The “CS”-field is also part of the SecurDisc feature flag mask. If true, the content of the file fragment managed by this FFITE can be verified using the “File Fragment Checksum”-field stored in this FFITE.
The “CP”-field is part of the SecurDisc feature flag mask. It can assume four distinct conditions regarding copy protection for the file fragment managed by this FFITE as specified in the Table in
Moreover, a backup DSI may be referenced by the BTAS in an embodiment. Its location may be freely selected. However, to achieve maximum reliability, the backup DSI should be physically distant from the first DSI copy. As a minimum requirement, the backup DSI should be stored in a different packet than the primary DSI in an embodiment.
If the backup DSI is located on a disc before the primary DSI, a “RSA Disc Signature”-field of the backup DSI may be assumed to have all its bits set to zero when calculating the digital signature in this embodiment (RSA=Initials of Surnames of Inventors, Rivest, Shamir and Adleman). Moreover, the DSI structure may store up to 65535 redundancy map references in embodiments. This allows for a very fine-grained configuration of redundancy mapping.
In an embodiment a SecurDisc DSI version number specifies the version number of the structure. The first byte may contain the higher version number and the second byte may contain the lower version number in this embodiment. The higher version number may be 01h for this embodiment, the low version number may be 00h. An implementation may only rely on the layout of the remaining information of DSI if the higher version number is 01h. If only the low version number is higher than the version number the implementation supports, the implementation may still rely on the structures that have been defined in a previous version.
The number of redundancy maps N specifies the number of redundancy maps referenced by the structure as a 16-bit Big-Endian value. The minimum number of redundancy maps may be 1 in an embodiment, so the actual number of redundancy maps can be N+1. As mentioned above, in the “Reserved”-field, all bytes may be set to zero.
A “Disc Signature RSA Public Key Hash”-field may contain a 128-bit AES hash value of the public key that can be used for signature verification. It may be used by an implementation to check whether the correct public key has been supplied by the user to verify the authenticity of the disc. If the disc is not digitally signed, all bits of the field may be set to zero.
A “RSA Disc Signature”-field may contain a 256-bit RSASSAPSS digital signature (PSS=Probabilistic Signature Scheme). If the disc is not digitally signed, all bytes of this field are set to zero. An SHA-1 (SHA=Secure Hash Algorithm) hash value generated for the digital signature contains all data starting from the beginning of the session until the last byte before the “RSA Disc Signature”-field of the primary DSI. If the area covered by the SHA-1 hash includes the backup DSI structure, the structure can be included in the hash with its “RSA Disc Signature”-field set to all zeros.
The redundancy information contains information about redundancy maps on the SecurDisc media. It is used when data is stored redundantly to allow recovery from fatal read errors, and corresponds to control information, specifying location and presence of redundancy data, according to an embodiment.
A more detailed embodiment of a redundancy information structure is shown in
The “Map Type”-field may specify the type of mapping between redundancy packets and user data packets, i.e. between data and redundancy data. If this bit is set to true, the mapping between user data packets and redundancy packets may be 1:N. This means that for a single user data packet, at least one redundancy packet exists. The exact number may be specified by a “Redundancy Level”-field. If the bit is set to false, the mapping between user data packets and redundancy packets may be N:1. This means that at least one user data packet may be mapped to a single redundancy packet. The exact number of user data packets mapped to a single redundancy packet may be specified by the “Redundancy Level”-field. In the “Reserved”-field, all bits are set to zero as mentioned above.
A “Redundancy Function”-field can specify the redundancy function used. In one embodiment, a value of 00h may indicate that enhanced data security is not used. For example, a value of 01h may indicate that an XOR redundancy grouping scheme is used. In this scheme, two data packets are processed using an XOR operation, of which a redundancy packet results. Any two of the then three packets allow to restore the two data packets. The “Redundancy Function”-field may specify other redundancy functions as, for example, the usage of Reed Solomon encoding, a convolutional coding scheme or even enable the usage of turbo codes.
A “Number of Redundancy Map Entries”-field may specify the number of redundancy map entries as a Big-Endian DWORD value. The “Redundancy Map LSN”-field specifies the LSN of the redundancy map as a Big-Endian 64-bit value or zero if the enhanced data security feature is not used. A “Backup Redundancy Map LSN”-field may specify the LSN of the backup redundancy map as a Big-Endian 64-bit value or zero, when the feature is not used.
The redundancy map information structure provides a 1:N or N:1 mapping between user data packets and redundancy packets. Which mapping mode is in use for a particular disc may be determined by the “Map Type”-field specified in the “Redundancy Information”-field of the DSI structure. If the “Map Type”-field is set to false, a unique packet corresponds to a redundancy packet and a mapped packet corresponds to a user data packet according to the structure depicted in
A backup of the redundancy map information is referenced by the DSI structure. Its location may be freely selected. However, to achieve maximum reliability, the backup redundancy map should by physically distant from the first copy. As a minimum requirement, the backup redundancy should be stored in a different packet than the primary in an embodiment.
In
The application revocation block, as exemplified in
Part of an embodiment of SecurDisc, can be that a SecurDisc feature descriptor allows the host to determine whether SecurDisc is supported by an optical disc drive and whether the optical disc currently in the drive can be used with SecurDisc. In an embodiment the feature will be set to active regardless of whether an optical disc has already been written to using SecurDisc or not. An optical disk drive (ODD=Optical Disk Drive) may support a GET CONFIGURATION command as specified by the MMC/MtFuji (MMC=Multimedia Command) specification and it may be used to obtain the feature descriptor from the ODD. The execution of this command may not be necessary prior drive host authentication.
An embodiment of a feature descriptor structure is depicted in
After the Securdisc feature descriptor is read, the host may make sure that it is working with a licensed Securdisc drive. Reading the Securdisc feature descriptor can be mandatory for drive host authentication to work in some embodiments. During drive host authentication, in addition to making sure that both the host application and the optical disc drive are licensed components, a bus key can be established. This bus key is used later to exchange cryptographic data for copy protection. Drive host authentication may be necessary before writing any Securdisc content.
Embodiments of the present invention provide the advantage that data can be verified and their origin can be authenticated. Therewith, embodiments of the present invention provide an enhanced data security and reliability.
Depending on certain implementation requirements of the inventive methods, the inventive methods can be implemented in hardware or in software. The implementation can be performed using a digital storage medium, in particular, a disc, DVD or a CD having an electronically readable control signals stored thereon, which co-operate with a programmable computer system, such that the inventive methods are performed. Generally, the present invention is, therefore, a computer program product with a program code stored on a machine-readable carrier, the program code being operated for performing the inventive methods when the computer program product runs on a computer. In other words, the inventive methods are, therefore, a computer program having a program code for performing at least one of the inventive methods when the computer program runs on a computer.
While this invention has been described in terms of several embodiments, there are alterations, permutations, and equivalents which fall within the scope of this invention. It should also be noted that there are many alternative ways of implementing the methods and compositions of the present invention. It is therefore intended that the following appended claims be interpreted as including all such alterations, permutations and equivalents as fall within the true spirit and scope of the present invention.
| Number | Date | Country | Kind |
|---|---|---|---|
| 07007621 | Apr 2007 | EP | regional |
This application is a continuation of copending International Application No. PCT/EP2007/003658, filed Apr. 25, 2007, which designated the United States, and claims priority to U.S. Provisional Patent Application No. 60/746,964 filed May 10, 2006, U.S. Provisional Patent Application No. 60/747,363, filed May 16, 2006, and European Patent Application No. 07007621.1, filed Apr. 13, 2007.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5544083 | Iizuka et al. | Aug 1996 | A |
| 5596639 | Kikinis | Jan 1997 | A |
| 5796824 | Hasebe et al. | Aug 1998 | A |
| 5940505 | Kanamaru | Aug 1999 | A |
| 6188659 | Mueller et al. | Feb 2001 | B1 |
| 6243796 | Otsuka | Jun 2001 | B1 |
| 6578164 | Stokes et al. | Jun 2003 | B1 |
| 6694023 | Kim | Feb 2004 | B1 |
| 6978376 | Giroux et al. | Dec 2005 | B2 |
| 7057993 | Barnard et al. | Jun 2006 | B2 |
| 7080041 | Nagel | Jul 2006 | B2 |
| 7095694 | Sako et al. | Aug 2006 | B2 |
| 7117422 | Duncan et al. | Oct 2006 | B2 |
| 7194636 | Harrison | Mar 2007 | B2 |
| 7203140 | Haga | Apr 2007 | B2 |
| 7213005 | Mourad et | May 2007 | B2 |
| 7260219 | Linnartz et al. | Aug 2007 | B2 |
| 7379549 | Pelly et al. | May 2008 | B2 |
| 7526657 | Saneto et al. | Apr 2009 | B2 |
| 20010018729 | Johnson | Aug 2001 | A1 |
| 20010049662 | Linnartz et al. | Dec 2001 | A1 |
| 20020023219 | Treffers et al. | Feb 2002 | A1 |
| 20020080416 | Quine | Jun 2002 | A1 |
| 20020154779 | Asano et al. | Oct 2002 | A1 |
| 20030007437 | Staring | Jan 2003 | A1 |
| 20030028809 | Goodman et al. | Feb 2003 | A1 |
| 20030046563 | Ma et al. | Mar 2003 | A1 |
| 20030046592 | Woodruff | Mar 2003 | A1 |
| 20030101330 | Duesterwald et al. | May 2003 | A1 |
| 20040081047 | Baik | Apr 2004 | A1 |
| 20040193871 | Seshadri | Sep 2004 | A1 |
| 20050044045 | Pelly et al. | Feb 2005 | A1 |
| 20050086567 | Cronch | Apr 2005 | A1 |
| 20050152251 | Harumatsu | Jul 2005 | A1 |
| 20050180573 | Pelly et al. | Aug 2005 | A1 |
| 20050246392 | Ishizaka | Nov 2005 | A1 |
| 20060041529 | Nakayama | Feb 2006 | A1 |
| 20060062073 | Kitani et al. | Mar 2006 | A1 |
| 20060177066 | Han et al. | Aug 2006 | A1 |
| 20070253676 | Roh | Nov 2007 | A1 |
| 20070288713 | Sugimoto et al. | Dec 2007 | A1 |
| 20080114981 | Hars | May 2008 | A1 |
| 20080276092 | Eberhardt et al. | Nov 2008 | A1 |
| Number | Date | Country |
|---|---|---|
| 199960936 | Aug 2003 | AU |
| 0785547 | Jul 1997 | EP |
| 0802527 | Oct 1997 | EP |
| 0984346 | Mar 2000 | EP |
| 1164588 | Dec 2001 | EP |
| 1184774 | Mar 2002 | EP |
| 1587095 | Oct 2005 | EP |
| 1622145 | Feb 2006 | EP |
| 2375651 | Nov 2002 | GB |
| 2003006996 | Jan 2003 | JP |
| WO 9955055 | Oct 1999 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20080256365 A1 | Oct 2008 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60746964 | May 2006 | US | |
| 60747363 | May 2006 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | PCT/EP2007/003658 | Apr 2007 | US |
| Child | 11829439 | US |
