Contained herein is material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction of the patent disclosure by any person as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights to the copyright whatsoever.
This invention relates to static and dynamic information storage and retrieval. More particularly, this invention relates to methods, apparatus and systems for the protection of stored information from unauthorized access.
Information or content may be stored on a wide variety of media. As the speed and convenience of accessing and copying stored information have increased, the threat of unauthorized copying of the information has increased correspondingly. Various schemes have been employed to protect the stored information from unauthorized access. For instance, the content stored on the media may be encrypted with a secret key, or keys, known only to devices authorized to access the media. A disadvantage of only one key is the inability to revoke the authorization of a particular device, by changing the key, without revoking the authority of all devices to read the media. Some of the disadvantages of using multiple keys include the potentially large burden of transmitting and storing the keys for each particular device.
An alternative method developed to protect content from unauthorized copying uses a media key block (MKB) to authorize copying of the content, as described by a publication from 4C Entity, LLC, entitled xe2x80x9cCONTENT PROTECTION FOR RECORDABLE MEDIA SPECIFICATION,xe2x80x9d Revision 0.94 (Oct. 18, 2000). Authorized devices process the MKB to calculate, as described in part below, a media key allowing an authorized device to copy the content. The MKB method uses a media unique key to bind encrypted content to the media from which it will be played back.
As keys are compromised and revoked, the MKB can become quite large, with a size of several megabytes not being unusual. Since many types of media have limited read-only space, it becomes necessary to store the MKB on writeable areas of the media. Storing the MKB on the writeable area creates a vulnerability of the MKB to direct malicious tampering. In such a direct attack, the intent of the tamperer will likely be to substitute an older MKB for the current MKB stored on the media. In the alternative, the tamperer may substitute a portion of an older MKB for a portion of the current MKB stored on the media. Since the older MKB will still contain keys that are revoked by the current MKB, the substitution will potentially compromise the content protection provided by the current MKB.
Even if the MKB is stored on the read-only area of the media, another weakness of the MKB approach is the ability for a man-in-the-middle attack to substitute an older MKB for the current MKB during the attempted processing of the current MKB. In the alternative, the man-in-the-middle attacker may substitute a portion of an older MKB for a portion of the current MKB during the attempted processing of the current MKB. Thus, a man-in-the-middle attack also potentially compromises the contept protection provided by the current MKB.
Thus, media without a valid MKB could be read and readers without authorization could read content stored on protected media. In a variation on the MKB approach, a hash value is calculated over the MKB and stored on the read-only area of the media. The reader reads the MKB, calculates a hash value of the MKB as read from the media and compares that hash value to the hash value as read from the read-only area. Calculating the hash value however imposes an undesirable delay upon the authorization process.