This invention relates to the play of software (e.g., motion picture) carriers, and more particularly to a technique for authenticating optical disks playable on compatible players.
The invention uses crytographic techniques to insure that any disk which is played has been authorized. The same basic technique can be used to authorize the disk as a whole, or to authorize individual standards. The lead-in section of the disk may contain an authorization code for the disk as a whole. In the illustrative embodiment of the invention, there is an authorization code for each individual standard. The player checks that the necessary authorization code is on the disk. If it is not, the player will not play the disk at all, or it will lock out particular standards. Obviously, it is not sufficient simply to assign an authorization code for the disk as a whole, or authorization codes for each of the different standards, because an unauthorized publisher could readily determine the codes simply by reading them from the disks of authorized publishers.
For this reason, an authorization code is made a function of the data contained on the disk itself. An authorized software publisher is provided with-a secret algorithm, known only to authorized publishers (or publishers who are authorized to publish for play in a respective standard), which is used to process the data on the disk and to generate a coded xe2x80x9cresult.xe2x80x9d This result is the authorization code which is actually stored on the disk. Every player reads certain predetermined data on the disk, before data is used to generate a video signal, and computes a comparable xe2x80x9cresult.xe2x80x9d If the two results match, then the disk (or the particular standard) is assumed to be authorized. In this way, it is not sufficient simply to copy the authorization code on a truly authorized disk because the authorization code necessary for any disk is a function of the content of the program material on the disk, and that, of course, varies from disk to disk. (Instead of providing the secret algorithms to all authorized publishers, a central licensing organization may do all the coding.)
Even this may not be sufficient, however, because with enough time and effort it may be possible to reverse engineer a player and to learn the algorithm for processing the predetermined data on a disk in order to derive the authorization codes. Once the algorithm used in a player is known, that algorithm could be used by an unauthorized publisher to derive the necessary code for any software. With the algorithm being encoded in the software for controlling millions of players, and with dozens of manufacturers making players, it may be difficult to assure secrecy. For this reason, it is preferred to use encrypted codes and what is known as public-key cryptography.
As in any cryptographic scheme, two keys are usedxe2x80x94one to encrypt and one to decrypt. What is unique about public-key cryptography is that even if the public key is known, the secret key cannot be determined from it with reasonable efforts. Let it be assumed that the algorithm for processing predetermined data to derive an authorization code is known to all. An authorized software publisher uses the algorithm to derive an authorization code for its disk, but the authorization code itself is not stored on the disk. What is stored is the encrypted authorization code, with the secret key being used for the encryption. Every player carries out the same algorithm and derives the same result, a computed code. The player then uses the paired public key to decrypt the encrypted code on the disk, and checks whether the decrypted code matches the computed code. Only if they match is it assumed that a proper authorization code is on the disk. This scheme works because even if the algorithm and the public key are known, unauthorized manufacturers will have no way of knowing how to do the encryption, and they will be unable to store encrypted authorization codes on their disks. The technique has elements in common with xe2x80x9csignature authenticationxe2x80x9d in public-key cryptography.
However, there is still a practical problem with this approach, at least in the illustrative embodiment of the present invention. As will be described, multiple versions of the same motion picture can be played. Data is stored in discrete blocks, and the way in which multiple versions of the same motion picture can be contained in a single track is to control the skipping over of certain data blocks (those required for play of a version not being viewed at the time). The algorithm for deriving the computed code from data stored on the disk processes data in particular blocks (blocks with specific predetermined addresses). This would allow an unauthorized publisher to copy the specified data blocks from an authorized disk and use the encrypted authorization code for that disk on the unauthorized disk. The player algorithm would process those data blocks, and derive a computed code which would match the legitimate publisher""s authorization code on the disk after it is decrypted in the player. While this copying could lead to the display of totally out-of-context frames (not to mention copyright infringement problems), this could be avoided by storing the appropriate on the disk which would cause the player to skip over these copied blocks, just as blocks are skipped over when they are not required for a selected version.
Even this problem can be avoided by insuring that the data blocks which are processed to derive the code in the first place, both by the software publisher and by every player, are blocks in the lead-in section of the disk, which blocks contain data which cannot be copied from another publisher""s disk. That is because the lead-in data consists of things such as a table of contents, available display languages, and many other items which are peculiar to the software to be played. In this way, it is not feasible for an unauthorized publisher to copy the code and data blocks of an authorized publisher.
The same basic technique can be used to authorize play of a disk as a whole, or play in accordance with any particular video standard. In the illustrative embodiment of the invention, a different public/private key pair is provided for each standard. The algorithm for processing the data blocks may-be common, but every standard requires encryption of the common xe2x80x9cresultxe2x80x9d with a unique private key which is furnished only to software publishers who are authorized to distribute disks which are to play according to that standard. The player software checks the video standard desired by the user, employs the standard algorithm to-derive the computed code, and then uses a stored public key unique to that standard to decrypt the encrypted code on the disk to see if it matches the computed code. In the absence of a match, play in that standard is not allowed.
The invention is disclosed in the context of an overall system which offers numerous advantageous features. The entire system is described although the .appended claims are directed to specific features. The overall list of features which are of particular interest in the description below include:
Video standard and territorial lock out.
Play in multiple aspect ratios.
Play of multiple versions, e.g., PG-rated and R-rated, of the same motion picture from the same disk, with selective automatic parental disablement of R-rated play.
Encrypted authorization codes that prevent unauthorized publishers from producing playable disks.
Provision of multiple-language audio tracks and multiple-language subtitle tracks on a single disk, with the user specifying the language of choice.
Provision of multiple xe2x80x9cotherxe2x80x9d audio tracks, e.g., each containing some component of orchestral music, with the user choosing the desired mix.
Variable rate encoding of data blocks, and efficient use of bit capacity with track switching and/or mixing, to allow all of the above capabilities on a single carrier.