A popular copy-protection method, commonly used when storing data on a disk, is to use computer software to encrypt the data. The encrypted data is then saved on the disk, while the encryption keys are saved either on the computer or on a server. The encryption keys may also kept by the user or stored in the same location as the encryption software Examples of such systems may be found, for instance in U.S. Pat. Nos. 6,937,726, 6,954,860, 6,697,948, 7,069,246, 7,174,568, 6,591,367, 6,398,245, 6,983,371, 6,480,961, 6,865,550, 7,165,050, and 7,079,649.
One of the major industry approaches for data content protection is Digital Right Management (DRM). This is an umbrella term referring to technologies used by publishers or copyright holders to try to control access to or usage of digital data or hardware, as well as to restrictions associated with specific instances of digital works or devices, DRM is mainly focused on the copy-protection of data distributed over the internet and downloaded onto computers and/or portable devices. Content providers typically use servers to encrypt data. The encryption key is typically stored on the server or on a third-party clearing house. When users buy data content from the server, the encrypted data may then be downloaded from the server to the user's device. Then, the user's device obtains the license from the server or clearing house to activate the data. The license is bounded to the user's device that stores the data. If the data is copied to another device, that device needs to obtain its own binding license to play the data. Examples of such systems may be found in, for instance, U.S. Pat. Nos. 6,157,721, 6,112,181, 6,574,609, 7,065,216, 6,711,553, 5,513,260, 7,111,169, 6,898,706, 6,226,618, 6,636,966, 7,130,426 and 6,697,944. DRM systems typically rely on the storage device, player device, computer, and license server to work together to ensure the copy-protection function. If any of these components have security weaknesses, then the whole system becomes vulnerable.
Another industry approach for data content protection is the Trusted Platform Module (TPM) proposed by Trusted Computing group of Beaverton, Oreg. The TPM is a low-cost chipset module that consists of a processor, a memory, and an encryption and hash engine. The TPM functions as a slave processor for the host computer to keep secrets and perform security functions. The computer operating system and computer software controls the TPM operations. The critical root of trusted software is saved on a bootup ROM, which is the only entry point code to manage the TPM module.
Despite these, and many related, approaches to content protection, the piracy of copyrighted digital content, such as music, movies, books, etc, remains a significant problem. A major part of the problem is that once pirated, digital material may be repeatedly copied with no lose of quality and then proliferated throughout the Internet with ease.
To better examine the root cause of the digital content piracy problem, consider the current types of storage devices and their security problems. There are currently three major types of digital content storage devices: (1) flash drives or hard disks, (2) DVD or CD disks, and (3) standalone hardware storage devices that are not connectable to a PC, such as set-top boxes for cable TV.
Flash drives or hard disks typically store digital content written in or read out by a computer. The flash drive or hard disk itself does not have control over the security level of the digital data that it stores. Instead, this control is left to the computer that is connected to the storage device. In order to protect a digital data from been copied, the data must be encrypted by critical secrets, or keys, which must be hidden from all those who are not suppose to copy the digital data. Also, the software that the computer runs for protecting the digital data must be protected so that attackers cannot maliciously alter the software or obtain useful information through reverse-engineering the software. Currently, there are two major methods for implementing copy-protection of digital data in flash drives or hard disks.
One type of method is through purely computer software approaches. Such approaches are mainly used in general purpose computers so as to avoid making hardware changes to the computer. In this case, computer software is used to control encrypting the digital data, storing it into the flash or hard drive, and hiding the keys. However, there are problems with just using software to hide the keys on a general purpose computer. First, a general purpose computer does not have secure locations to store secret information. Such secure locations are needed because although encrypted data cannot be read by pirates, there will always be some critical secret that must remain in unencrypted form to be used by the software, and these secrets must be securely stored on the computer. Second, it is not secure to hide the keys within the software. A dedicated attacker would be able to reverse-engineer the software to figure out the secrets. In addition, the key could also be stored on a third-party system that is physically separated from the computer. However, such a system still demands some identification information that must be kept secret. This purely software method on a general purpose computer will not be able to protect the secrets.
Another type of method for implementing copy-protection of digital data in flash drives or hard disks is through adding security-based hardware modules to the computer system. Such hardware modules are designed to perform various security tasks such as securely storing critical secrets, acting as hardware-based cryptographic engines, protecting the integrity and/or privacy of security software that is run on the computer, and more. However, in all such cases, the computer operating system and software still has the master control over the security of the data content stored on the connected flash or hard disk. The computer OS and software control the access of the hardware module to manage the secret keys and perform data encryption for a file stored on the hard disk. An example of such a hardware-assisted security system is the Trusted Platform Module (TPM), which is an industry standard proposed by Trust Computing Group of Beaverton, Oreg. TPM is a chipset that contains memory, an encryption engine, and a hash engine. The TPM chipset stores secret keys that attackers are not supposed to access. Only measured operating system and measured computer software can access the TPM module. The critical root of trust software that performs the measuring of the computer operating system and software is stored on a boot-up ROM. The ROM is outside of TPM chipset and located on the computer's mother board because the ROM is application dependent instead of TPM dependent. This system has improved security since TPM is only accessible by measured operating system and measured software. However, this system still has some problems as described below.
A first problem is the weakness in the interfacing between the computer and the secure hardware module. This problem is a result of the computer still having control over the secure hardware module. The computer is an open system that makes it easy for attackers to understand and then simulate what the secure software does in order to access the critical secrets stored in the secure hardware module.
A second problem is the computer software security. The software controls access to the secure hardware module. Breaking the software may also break the secure hardware module. As operating system and other software become more and more complicated, their many requirements and performance goals began to contradict each other. Further, it is becoming more and more difficult to keep the software bug-free due to its increasing size and complexity. An example is the case of Microsoft's new operation system Vista, which showed security weakness after only several months after it is released to market. Hence, although the operating system and software could be improved, it is difficult to make them completely free of bugs and other security weaknesses.
A third problem is a hardware attack. The movie pirate may, for instance, be a person who can physically open up the computer to attack the secure hardware module. They may be able to open the secure hardware module and probe the internal bus, and then perform reverse-engineering on the module. For example, in the TPM system, an attacker may not even need to open up the TPM chipset. Instead, they only need to replace the boot-up ROM with a new Rom that contains a code that will bypass all the software security checks. Therefore, there are still a lot of security problems for a secure hardware module assisted computer. To better distinguish the security performances of various hardware modules, we define two security levels:
Chipset Level-1 Security Definition: a particular on-chip component has Chipset Level-1 Security if an attacker has to physically open up the chipset and probe the bus to obtain data from the component by either running software on the internal processor or external processor.
Chipset Level-2 Security Definition: a particular on-chip component has Chipset Level-2 Security if an attacker may not obtain data from the component even if they physically open up a chip, probe the bus, and run software on the internal processor or external processor. A possible way to obtain data from the component is to perform gate level reverse-engineering of the chipset.
Existing secure hardware-assisted computer systems and movie/music data security systems typically only have Chipset Level-1 security performance. The present invention is, in contrast, a Chipset Level-2 security system for protecting content that typically requires extremely high cost equipment that is typically not affordable to the individuals and small companies that typically pirate content.
Another method of storing, transporting, and playing digital contents is the DVD system. The DVD encryption system, however, has been compromised for some time, making DVD disks relatively easy to copy. The DVD system should, therefore, be considered as a convenient, portable, media player system, not as a copy-protected system.
The stand along hardware such as cable box provides some measure of copy-protection. Its security level, however, is typically only level-1 security. Some cable box systems, for instance, distribute their security measures over many hardware components, rather than having them inside one secure chipset, allowing an pirate multiple points of attack. In some cable box systems, secrets are stored on a smart card that is relatively easy for an experienced attacker to break and clone. One positive aspect of cable box security is that they do not typically interface directly to a PC or network, so they are typically less amenable to attack by the casual content pirate.
Modern digital, communication technology make the internet a powerful tool for bringing a myriad of media content directly to homes. However, the piracy of the digital contents is still a major barrier that discourages content providers from putting their contents online since pirating a single, digital copy of a movie may result in thousands of high quality copies being distributed over the Internet. Hence, potentially desirable services, such as interactive TV and home movie theaters that network directly to Hollywood movie databases, have not been implemented. To solve this piracy problem, a highly secured copy-protection system that overcomes the shortcomings of the prior-art systems, is needed. This secure copy-protection system should have the following features. First, the copy-protection performance should not be affected by weaknesses and bugs of computer operating system and computer software. Further, the copy-protection for a stored data should not rely on humans to keep secrets since even an legitimate user may make illegal copies of media contents. Moreover, this secure copy-protection system should have chipset level-2 security performance so that even if an adversary opens the hardware chipset and probes its internal bus, the adversary still cannot obtain the critical secrets.