In many applications, especially when it comes to confidential data, it is essential to be able to verify and secure a data content. Data integrity becomes more and more important, also in the sector of private applications and data. Conventional data administration concepts lack the possibility for users to allow other users to verify or integrity check data. Especially when using storage media that season and tend to become more and more erroneous with time it is a problem that at some point one can no longer be sure of the data validity or consistency, i.e. if the data can still be retrieved correctly from such a medium.
Moreover conventional storage concepts and storage media do not allow to verify an origin of data. For example if data is transferred using portable storage media, e.g. by sending a CD (CD=Compact Disc) or a DVD (DVD=Digital Versatile Disk) by mail, the receiver can not easily prove the origin of the data, i.e. verify the integrity of the data.
According to an embodiment, an apparatus for writing checksum information on a data content on a storage medium may have: a provider for providing checksum information based on a data content; and a writer for writing the data content and the checksum information on the storage medium, such that a baseline reader and an enhanced reader can read the data content, the enhanced reader can read and process the checksum information and the baseline reader ignores, skips or does not read the checksum information.
According to another embodiment, a method for writing checksum information on a data content on a storage medium may have the steps of: providing checksum information based on a data content; and writing the data content and the checksum information on the storage medium such that a baseline reader and an enhanced reader can read the data content, the enhanced reader can read and process the checksum information, and the baseline reader ignores, skips or does not read the checksum information.
According to another embodiment, a computer program may have a program code for performing, when the computer program runs on a computer, a method for writing checksum information on a data content on a storage medium, wherein the method may have the steps of: providing checksum information based on a data content; and writing the data content and the checksum information on the storage medium such that a baseline reader and an enhanced reader can read the data content, the enhanced reader can read and process the checksum information, and the baseline reader ignores, skips or does not read the checksum information.
According to another embodiment, an apparatus for verifying a data content from a storage medium may have: a reader for reading the data content and the first checksum information from the storage medium; a provider for providing a second checksum information based on the data content; and a provider for providing a verification indication if the first and the second checksum information are equal.
According to another embodiment, a method for verifying a data content from a storage medium may have the steps of: reading the data content and the first checksum information from the storage medium; providing a second checksum information based on the data content; and providing verification indication if the first and the second checksum information are equal.
According to another embodiment, a computer program may have a program code for performing, when the program code runs on a computer, a method for verifying a data content from a storage medium, wherein the method may have the steps of: reading the data content and the first checksum information from the storage medium; providing a second checksum information based on the data content; and providing verification indication if the first and the second checksum information are equal.
According to another embodiment, an optical disc may have a data section having data information, a checksum section having information on checksum data or encrypted checksum data based on the data information and a control section having information on the association of the data information and the information on checksum data or encrypted checksum data.
The present invention is based on the finding that based on checksums, respectively encrypted checksums, data validity and integrity can be verified. In one embodiment, this is accomplished by storing a checksum over each file that is recorded on an optical disc in a file system independent way.
Embodiments of the present invention therefore provide the advantage that data can be verified, and a user can be pre-vented from working with broken data. Moreover, an effective mechanism is enabled to verify an origin of data stored on a storage medium. Some embodiments support public key signatures for optical storage media. Using this technology, the authenticity of a disc can be proven by verifying a digital signature stored on the disc against a public verification key that needs to be provided once by an author of optical media. The digital signature refers to a checksum of the data on the storage medium. Some embodiments can use the private counterpart to the verification key to digitally design a hash value generated over the checksums.
Embodiments may allow users to verify that data stored on a disc has not decayed in any way and is still in its original state by creating checksums over all files stored on the disc. In a similar way embodiments may store checksums or encrypted checksums on any other storage media as memory cards, hard discs, magneto-optic memory devices, ROM (ROM=Read Only Memory) etc.
In one embodiment, checksum generation can be done on-the-fly and checksums can be stored at the end of, for example, an optical disc. The allocations can be referenced through a pointer stored in a certain sector, in one embodiment sector 15 of the user data area could be used.
Assignment of a particular checksum to its respective file can be done through a chunk table in an embodiment specifying a logical sector number of a first data block of a file and a checksum the file is associated with.
Algorithms used for building the checksums can be chosen from a number of different options, including but not restricted to conventional algorithms as, for example, SHA-1 (SHA=Secure Hash Algorithm), SHA-256, MD5 (MD=Message Digest Algorithm) or custom AES-128 (AES=Advanced Encryption Standard).
File checksum calculation can be performed by host software as part of a file system authoring process in one embodiment. Protection flags may specify for each file whether a sector payload encryption has been applied to that file and whether the host software needs to decrypt sector content before being able to use it.
The chunk size can be the size of a single entry of the chunk table, the size may be fixed for a particular embodiment and serves as an extensibility feature with backwards compatibility for future extensions of embodiments.