CN101107665A - Secure host interface - Google Patents

Secure host interface Download PDF

Info

Publication number
CN101107665A
CN101107665A CNA2006800025869A CN200680002586A CN101107665A CN 101107665 A CN101107665 A CN 101107665A CN A2006800025869 A CNA2006800025869 A CN A2006800025869A CN 200680002586 A CN200680002586 A CN 200680002586A CN 101107665 A CN101107665 A CN 101107665A
Authority
CN
China
Prior art keywords
request
unit
response
message
inquiry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2006800025869A
Other languages
Chinese (zh)
Inventor
A·A·M·斯塔林
J·C·塔尔斯特拉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics NV filed Critical Koninklijke Philips Electronics NV
Publication of CN101107665A publication Critical patent/CN101107665A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention relates to a digital rights management system (40) for controlling access rights to copy protected content comprising an application unit (1, 21, 41) and a drive unit (3, 23, 43), to an application unit (1, 21, 41), to a drive unit (3, 23, 43) and to a corresponding digital rights management method. In order to allow an increased security in the management of digital rights, wherein in particular a ''filter-driver''-hack is made impossible or is at least substantially complicated and a reliable confirmation about a command given in respect of digital rights and its execution, a digital rights management system (40) is proposed wherein said application unit (1, 21, 41) comprises a key storage unit (45) for storing a bus key (KB), a request generation unit (47) for generating a request (7, 27) to be carried out by said drive unit including a message regarding said access rights and a challenge (RX), a communication unit (51) for transmitting said request (7, 27) and for receiving a response (13, 33) to said request (7, 27) from said drive unit (3, 23, 43), a response verification unit (49) for verifying a link between said request (7, 27) and said response (13, 33) by decoding said response (13, 33) using said bus key (KB) and by checking for the presence of an indication of said challenge (RX) in said response (13, 33) and said drive unit (3, 23, 43) comprises a key storage unit (55) for storing a bus key (KB), a communication unit (51) for receiving a request (7, 27) including a message regarding said access rights and a challenge (RX) from said application unit (1, 21, 41) and for transmitting a response (13, 33) to said request (1, 21, 41), a request processing unit (57) for verifying said request (7, 27) and processing said message, a response generation unit (59) for generating said response (13, 33) including an indication of said challenge (RX) and a reply to said message.

Description

The host interface of safety
The present invention relates to a kind of digital right management system, be used to control the right to access to the duplicating secure content, this system comprises applying unit and actuator unit.The invention still further relates to the digital rights management method of a kind of applying unit, a kind of actuator unit and a kind of correspondence.
About the strong candidate of the copy-protection system of Blu-ray disc and its competition form HD-DVD, the appearance of AACS has recovered the interest to the digital rights management on optical medium (DRM) again.One of them AACS requires, and this system must support to have expanded and extendible use, and it supports various still undefined at present business prototype and operating position.It must can be applicable to record and electronic download.
One similarly requires to play the part of the center role in known DRM system, wherein, such as decruption key with use the DRM data of right to be stored on the dish in the zone that is called as " keyLocker (keylocker) ", for example as described at WO 2002/015184A1 (PHNL000448).KeyLocker is to use wherein so-called hidden channel key (hidden channel key) to encrypt.This covert channel is exactly the zone that only can be driven the device visit on the dish, and it is preferably stored with the general data channel separation.In order to prevent replay attack, when the data of no matter when storing in keyLocker changed, driver all changed hiding channel keys.In replay attack, the bit diagram of the DRM right that the hacker at first will be coiled is stored in safe place (for example in the hard disk), with his/her right of post consumption (this right can suppose be tied to dish cryptographically), recover original bitmap then, thereby recover original rights.Encrypt right again when by no matter when right is consumed and stop attack.
In BD-VCPS, the VCPS that is used for DVD+RW is (for the standard of VCPS, referring to http://www.licensing.philips.com/vcps, the text of this standard is included as reference here) to the port of blu-ray disc format, also provide the feature that is similar to known covert channel so that any DRM right on the support disc.In this context, covert channel is called as " RE mark ".Different with in the known DRM system are provided to the direct interface of RE mark, and the structure of similar keyLocker are not provided.If desired, the latter can realize by host application.For this reason, main frame can need 3 orders with visiting the RE mark key, promptly reads, revises and eliminate.
Reading order returns the RE mark key, and the bus key of setting up before this RE mark key is used is encrypted.Modification command forces driver random modification is stored in the key in the RE mark.Eliminate the command forces driver and from dish, wipe the RE mark.As further enhancing, the storage of a plurality of (for example 8) RE mark is possible on dish.Therefore, each of these orders all comprises the parameter of the specific RE mark that indication will carry out thereon.
The host interface of CD drive is to define by multimedia command set (MMC) (referring to SCSI multimedia order-4 (T10/1545D) standard, the literal of this standard is incorporated by reference here).The order that should concentrate is by descriptor block and parameter block (if main frame sends data to driver) or data block (data block that main frame receives from driver) formation, and wherein descriptor block is indicated the action that driver should be carried out.An independent order can not designated parameter piece and data block.At first, above-mentioned necessity order is suitable for this structure, because these order neither ones require parameter block and data block simultaneously.But,, just have security breaches if there is not specific measure.Reason is exactly that the hacker can insert " filtrator-driver " in the OS software stack of main frame, and this has hindered and/or has been redirected these orders.As a result, can not determine that in the application that moves on the main frame RE on the dish marks whether to upgrade (perhaps, with regard to this part thing, this RE marks whether from suitable location retrieval).Between driver and main frame, carry out authentication protocol so that set up bus key, and to use this bus key to come encrypt command data itself subsequently be not enough.
Therefore the purpose of this invention is to provide a kind of digital right management system, applying unit, actuator unit and corresponding digital right management method, it has brought the security that improves in the management of digital right, " filtrator-driver " attacked can not or be made at least that attack has complicated widely.In addition, should exist reliable affirmation with regard to the given order of digital right, for example, aforesaid read command, write order or eliminate order, and to the reliable affirmation of its execution.
Realize this purpose according to the present invention by a kind of applying unit that is used for digital right management system, this system is used to control the right to access to the duplicating secure content, comprises actuator unit, and described applying unit comprises:
-key storing unit is used for the memory bus key,
-request generation unit is used to produce the request of being carried out by actuator unit, and this request comprises about the message of described right to access and inquiry,
-communication unit is used to transmit described request and receives response to described request from described actuator unit,
-response verification unit is used for by using the decode existence of described response and the indication by checking the described inquiry that has been performed in described response indication described request of described bus key to verify link between described request and the described response.
Further realize this purpose according to the present invention by a kind of actuator unit that is used for digital right management system, this system is used to control the right to access to the duplicating secure content, comprises applying unit, and described actuator unit comprises:
-key storing unit is used for the memory bus key,
-communication unit is used to receive the request that will be carried out by described actuator unit, and this request comprises that this communication unit also is used to transmit the response to described request about the message of described right to access with from the inquiry of described applying unit,
-requesting processing is used to handle described message,
-response generation unit, be used to produce described response, this response comprises the indication of described inquiry and to the answer of described message, the indication of wherein said inquiry and described answer link by described bus key encryptedly, and the indication of the wherein described inquiry in described response indication described request is performed.
In addition; realize this purpose according to the present invention by digital right management system and the corresponding method that is used to control to the right to access of duplicating secure content; it comprises aforesaid applying unit and actuator unit, and wherein said bus key is shared by described applying unit and described actuator unit.
The invention still further relates to a kind of computer program, this computer program comprises computer program code means, when moving, described computer program makes the step a) of applying unit execution according to the digital rights management method of claim 12 on described applying unit, b), e) and f), the invention still further relates to a kind of computer program, this computer program comprises computer program code means, makes the step b) of the digital rights management method of actuator unit enforcement of rights requirement 12 arrive e when described computer program moves on described actuator unit).
The present invention is based on such thought, promptly uses challenge-response mechanism in the relevant order of all covert channels or RE mark.Basically, the RE mark access be distributed in two independently the order in.Use first order, main frame is prepared driver for the RE mark access.This order comprises inquiry, the random number that produces by main frame for example, and can comprise additional parameter, (change the RE mark such as access module, read the RE mark, eliminate the RE mark) and if this dish comprise the designator which RE mark a plurality of RE marks will take action to.Use second order, main frame is retrieved the RE flag data from driver, and orders the random number that sends with first.The RE flag data that returns must be cryptographically bound to random number, so that avoid the cut and paste in institute's return data to attack (cut and paste attacks).Therefore, the request that is sent by applying unit and received by actuator unit comprises message and inquiry, and wherein said message comprises the order that is used to visit and/or handle right to access.
In the embodiment according to applying unit of the present invention, the described request generation unit is applicable to by described bus key and cryptographically links described message and described inquiry.When described message and described inquiry link by described bus key encryptedly, for example use described bus key to be encrypted together and/or comprise the cryptographic hash that derives from the combination of described message and described bus key, the recipient can verify that this message is really from described applying unit so.Therefore, expect that the actuator unit of the encrypted link between described message and the described inquiry can only be ignored message and the inquiry that does not link, because these can be used for cracking (hack) described bus key by the response of analyzing (in a large number).In addition, if do not verify applying unit, any other (undelegated) application meeting destroys described covert channel or RE mark by using to eliminate to order so.If there is other regulation to avoid these danger, the link between so described message and the described inquiry can be omitted, because order and inquiry can so not maintained secrecy.
In another embodiment according to applying unit of the present invention, the described request generation unit is applicable to a signature is included in the described request integrity test for use in described request.By checking the validity of described signature, whether the actuator unit that receives described request can determine this request (quilt) modification, for example in transport process, is perhaps received by halves.Described signature can be the known fixing or predetermined bit pattern (bit pattern) of applying unit and actuator unit both sides, wherein Qing Qiu integrality can be determined by deriving correct signature from described request, for example, by the decoding described request.Described signature also can be verification and, for example be described message and described inquiry combination verification and, the wherein verification of calculating by described actuator unit and compare with the signature that in described request, comprises.
In another embodiment according to applying unit of the present invention, the described request generation unit is applicable to and uses described bus key to encrypt described request.Because described bus key is only known by described actuator unit and described applying unit, therefore undelegated unit does not promptly have the unit of described bus key, with the digital rights management agreement that all can not participate in according to present embodiment.
In another embodiment according to applying unit of the present invention, the described request generation unit is applicable to and will especially uses described bus key to be included in the described request from the value of described inquiry and/or described message and the derivation of described bus key by means of the hash function of keying by means of hash function.Similar with previous embodiment, can be verified by corresponding adaptive actuator unit by described bus key according to the request that transmits from applying unit of present embodiment.
In the preferred embodiment according to applying unit of the present invention, described message comprises the order that is used to manage the covert channel inlet, in particular for the order of reading the covert channel inlet, being used to revise the covert channel inlet and/or being used to eliminate the covert channel inlet.Though other message can be included in the described message, thereby preferably protect these orders so that management covert channel inlet or RE mark prevent to distort and preferably allow these orders of affirmation reliably in fact to be carried out by correct and actuator unit that authorize.
Therefore, in the preferred embodiment according to actuator unit of the present invention, described answer comprises the covert channel inlet, especially the covert channel inlet that is read or revise by described actuator unit.
In another preferred embodiment according to applying unit of the present invention, the described request generation unit is applicable to the identifier with random number, sign described request, especially substantially unique identifier, and/or tentation data is included in the described request as described inquiry.Use random number to be that as the advantage of described inquiry it is uncertain, and in fact except obtaining, do not have other method to obtain described random number from described applying unit.Another provides the straightforward procedure of inquiry exactly described identifier to be included in the described request.In addition, can provide predetermined challenge, for example, perhaps provide fixing (but preferably unique) inquiry or by making described application produce (preferably at random) number as common inquiry to many requests to each applying unit to described applying unit.The combination of these possibilities can realize some their advantages by the balance of avoiding them.
In another embodiment of the present invention, described applying unit is a main frame, especially software application.The present invention is relevant with software application especially, and these software application should be used for seeing very easy under attack from other Malwares that can get involved between described applying unit and the described actuator unit.But, should be noted that in the applying unit that the present invention also may be used on otherwise realizing, for example the hardware device of communicating by letter with described actuator unit.
Come more detailed description the present invention below with reference to accompanying drawing, wherein:
Fig. 1 has shown the indicative flowchart according to first embodiment of digital rights management method of the present invention,
Fig. 2 has shown the structure of the supplemental characteristic of " sending key RE mark " (SEND KEY RE Mark) order,
Fig. 3 has shown the structure of the data of returning of " report key RE mark " (REPORT KEY RE Mark) order,
Fig. 4 has shown the indicative flowchart according to second embodiment of digital rights management method of the present invention,
Fig. 5 shown two kinds of insecure communication possible attacks,
Fig. 6 has shown the indicative flowchart of challenge-response and key-exchange agreement,
Fig. 7 has shown the another kind of possible attack to insecure communication,
Fig. 8 shown may the attacking of the communication of conventional security,
Fig. 9 shown the communication protocol that strengthens indicative flowchart and
Figure 10 has shown according to digital right management system of the present invention.
Fig. 1 has described an example according to the RE mark access protocol of an embodiment of digital rights management method of the present invention.Below describe and refer to the RE mark, but should be noted that the present invention is not limited to the particular type of RE mark as the covert channel data, and the present invention also is not limited to manage the specific type of data of covert channel data as digital rights management.Applying unit or main frame 1 are connected via suitable communicator (not looking out) with driver or actuator unit 3.Should be noted that followingly, term " main frame " will be used as the synonym of " applying unit ", and same " driver " and " actuator unit " also is synonym.Suppose that before this two step protocol, driver 3 and main frame 1 have been carried out authentication protocol, produced the bus key KB that shares.The example of this authentication protocol can find in the VCPS standard.
In order to read, revise or eliminate the RE mark value, driver 3 and main frame 1 must be carried out following steps with the order that occurs.
RE labeled slots (slot) n that main frame 1 selection will be visited, and access module [pattern=0 (reading), 1 (modification), 2 (eliminations)].In addition, main frame 1 produces random number R X (step 5).Then, main frame sends following message 7 and arrives driver 1:
(n‖mode‖RX‖sig)KB
Here, symbol (M) K means (preferably the using block encryption in CBC (CBC:Cipher Block Chaining) pattern) that message M is to use key K to encrypt.In addition, sig is known bit pattern, and it is comprised the purpose that is used to check message integrity.A reason noticing encrypting messages stops the unverified RE mark that should be used for destroying exactly.
Driver 3 is encrypted the message 7 that receives from main frame 1, and checks the form of this message 7.If form is incorrect, driver 3 just stops this agreement so.Incorrect form can indicate garble or indication to handle the trial of RE mark by using incorrect bus key.Otherwise (step 9), driver is carried out the request (step 11) of encoding in parameter n and pattern so if message format and message authenticity thus are verified.
Subsequently, driver sends following response message 13 and arrives main frame:
(n‖mode‖RM n‖RX)KB
In this response message 13, RM nIt is the currency of n RE mark value after possible renewal.Pattern=2 if (elimination), driver 3 can be with RM so nBe set to complete zero.
Response message 13 that main frame 1 deciphering receives from driver 3 and the form of checking this message 13.If random number R X and parameter n and pattern are not equal to main frame 1 has sent to driver 3 in message 7 value, main frame 1 just stops this agreement, and ignores the new value of RE mark.Otherwise, newly be worth RM nBe accepted and be used for protecting the DRM data by main frame 1.Should be noted that the retry of agreement must be from step 5 so if driver 3 and/or main frame 1 have stopped this agreement.
Fig. 2 and Fig. 3 provide the example VCPS standard of the additional information that is used for the relevant order of using at authentication protocol (also referring to) of MMC supplemental characteristic of the data of returning of each command descriptor block of realizing above-mentioned agreement.
Specific RE mark value is read, revises or eliminates in the request that sends main frame 1 in " sending key RE mark " (the SEND KEY RE Mark) order shown in Fig. 2." send key RE mark " (SEND KEY RE Mark) order provides the functional of message 7 in above-mentioned agreement.The semantics of " transmission key RE mark " (SEND KEY RE Mark) order is as follows:
If the drive host authentication protocol is not completed successfully, driver 3 just uses inspection condition (CHECK CONDITON) state to stop order so.In addition, driver 3 is provided with and judges that byte SK/ASC/ASCQ is illegal request/command sequence error (ILLEGAL REQUEST/COMMANDSEQUENCE ERROR) (0 * 05/0 * 2C/0 * 00).After successful authentication, the retry of agreement must be from step 5.Driver 3 checks that requested RE marks whether to comprise on dish.If not, it uses the value that has produced at random to produce the RE mark so.If an irrecoverable error takes place when writing the RE mark, driver 3 just uses inspection condition (CHECKCONDITON) state to stop this order so.In addition, driver 3 is provided with and judges that byte SK/ASC/ASCQ is illegal request/system resource failure (ILLEGAL REQUEST/SYSTEM RESOURCE FAILURE) (0 * 05/0 * 55/0 * 00).Otherwise driver uses good (GOOD) state to stop.All reserved byte are set to 0 * 00 (reservation) and data length is set to 38.
" message 1 of encryption " comprises parameter n (8 bit) and pattern (8 bit), random number R X (112 bit) and fixed bit pattern sig (128 bit) from main frame, all all use bus key KB (before using authentication protocol to obtain) to use the AES (referring to Advanced Encryption Standard, Federal Information ProcessingPublication (FIPS PUB) 197) in the CBC pattern to encrypt.
Current (the potential renewal) value of the RE mark of being asked is returned in " report key RE mark " (REPORT KEY RE Mark) order shown in Figure 3." report key RE mark " (REPORTKEY RE Mark) order in above-mentioned agreement, give information 13 functional.It is semantic as follows that " report key RE mark " (REPORT KEY RE Mark) orders:
If driver-host authentication protocol does not complete successfully, driver 3 just uses inspection condition (CHECK CONDITON) state to stop this order so.In addition, driver 3 is provided with and judges that byte SK/ASC/ASCQ is illegal request/command sequence error (ILLEGAL REQUEST/COMMANDSEQUENCE ERROR) (0 * 05/0 * 2C/0 * 00).After successful authentication, the retry of agreement must be from step 5.If RE mark access sequence is hindered, if perhaps driver 3 has stopped the RE mark access protocol in step 9, driver 3 just uses inspection condition (CHECK CONDITON) state to stop this order so.In addition, driver 3 is provided with and judges that byte SK/ASC/ASCQ is illegal request/command sequence error (ILLEGAL REQUEST/COMMANDSEQUENCE ERROR) (0 * 05/0 * 2C/0 * 00).After success identity, the retry of agreement must be from step 5.Otherwise driver 3 returns the RE mark value of being asked in response message 13, and uses good (GOOD) state to stop.All reserved byte are set to 0 * 00 (reservation) and data length is set to 38.
" message 2 of encryption " comprises parameter n (8 bit) and pattern (8 bit), the RE mark value RM of appointment n(128 bit) and the random number R X (112 bit) that is sent by main frame 1 before, all use bus key KB (before using authentication protocol to obtain) to use the AES in the CBC pattern to encrypt.
Fig. 4 has described the replacement example with similar RE mark access protocol embodiment illustrated in fig. 1.Equally, suppose that before this two step protocol, driver 3 and main frame 1 have been carried out authentication protocol, produced the bus key KB that shares.Be that with the main difference part of the agreement of the embodiment of Fig. 1 the RE mark value can not be considered to the data of secret.
In order to read, revise or eliminate the RE mark value, driver 23 and main frame 21 must be carried out following steps with the order that occurs.
The RE labeled slots n that main frame 21 selections will be visited, and access module [pattern=0 (reading), 1 (modification), 2 (eliminations)].In addition, main frame produces random number R X (step 25).Then, main frame 21 sends following message 27 and arrives driver 1:
n‖mode‖RX‖hash(KB,M 1),
M wherein 1Be the abbreviation of n ‖ mode ‖ RX ‖, hash function is to use the hash function of the keying of shared bus key.Should be noted that hash function also can be other types, and to being comprising of Hash optional.Its fundamental purpose stops unverified application to destroy the RE mark exactly.Driver 23 is checked the form (step 29) of received message 27.If this form is incorrect, driver just stops this agreement so, because this or indication garble or indication crack trial.Otherwise if message 27 is verified, driver 23 is just carried out the request (step 31) of encoding in parameter n and pattern so.Subsequently, driver 23 sends following response message 33 and arrives main frame 21:
RX‖RX n‖hash(KB,M 2),
Wherein, M 2Represent Rm n‖ RX, RM nIt is the currency of n RE mark value after possible renewal.Pattern=2 if (elimination), driver is with RM so nBe set to complete zero.Main frame 21 is checked the form of the response message 33 that receives.If random number R X is not equal to main frame has sent to driver in message 27 value, main frame 21 just stops this agreement, and ignores the new value of RE mark.If the remainder of Hash that comprises in message and message 27 is inconsistent, main frame just stops this agreement so, and ignores the new value of RE mark.Otherwise, newly be worth RM nBe accepted and be used for protecting the DRM data by main frame.Should be noted that identically with the embodiment of above-mentioned Fig. 1, if driver and/or main frame have stopped this agreement, the retry of agreement must be from step 25 so.
Be used for the parameter block of MMC and the data block returned and be similar to exemplary embodiment shown in Figure 1, promptly be similar to Fig. 2 and shown in Figure 3 those.
In the following description, provide the more abstract explanation of the present invention.From prior art, can know and be used for guaranteeing that communication security between Alice (A) and the Bob (B) is so that prevent the method for two famous attacks shown in Figure 5.Should be noted that in the context of the present invention sender Alice is used for sending message corresponding to main frame or applying unit, especially relevant with digital rights management order is to the recipient corresponding to Bob.When Alice (A) sent a message to Bob (B), Eve (E) may attempt to eavesdrop, and stole the information in the message.Eve (E) attempts by eavesdropping the information that Alice sends to Bob that steals, and promptly the confidentiality of this information is under attack.Mallory (M) not only eavesdrops, and revises the message of giving Bob.
If Mallory (M) revises the message that Alice sends to Bob, this information integrity is just under attack so.
Resistance is exactly a agreement one of below Alice and Bob participate in around the standard method of these attacks:
They begin communication before shared secret; The secret that should share can be repeated to use;
2. carry out protocol step shown in Figure 6 before their information under attack in sharing Fig. 5.Approximately, Alice verifies that to the understanding of shared secret she speaks with Bob by checking Bob: he should return the inquiry that correctly mixes with their shared secret that is sent by Alice.Alternatively, Bob can verify in a similar fashion that he is (authentication mutually) that is connected to Alice.Item f (x, y ...) indicated response or message to be to use x, y ... structure, for example working as x is data, when y was key, (x y) can indicate the result who x is encrypted by means of y to f;
3. they may for example use at US4 based on the challenge/response from preceding two steps, and the DiffieHellman key change of describing in 200,770 is shared interim secret (bus secret) thereby continued.
After this starting stage, to mix by the information and the bus key that will transmit, information now just can safe sharing between Alice and Bob.Guarantee confidentiality by using bus key to encrypt, and integrality comes from the message authentication code of enclosing based on bus key (MAC).This result is also referred to as secure authenticated channel (SAC).
As shown in Figure 6, has the secret that Alice and Bob share.The secret that should share is used to carry out (mutual) authentication, and wherein the Alice transmission comprises first request of inquiry to Bob.Bob uses described inquiry and described shared secret to produce first response concurrent to give this response to give Alice.Therefore, by checking the correct generation of described response, Alice can verify that she communicates by letter with Bob really.Same step application is in from second of Bob request with from second response of Alice.After the participant that checking is correct in communication, switching bus key between Alice and Bob.For further communication, described bus key is used as shared secret.
Except attack shown in Figure 5, there is the more not attack of common classification, the information that wherein sends Bob to stops by Otto (O) or stops, referring to Fig. 7 partly (a).Otto perhaps has the motivation of doing like this, for example stops the minimizing of digital right or from its account's extraction.Though, can not stop such attack basically, can make up agreement so that allow Alice know that she is stopped, for example, received transmission, referring to Fig. 7 partly (b) from Alice by requiring the Bob affirmative acknowledgement; Otto is punished in the measure that Alice can take to replace then, for example cancels his account.
Problem for this direct solution is; Bob not only, Otto also can produce this affirmative acknowledgement, even this affirmative acknowledgement has used bus key cryptographically to protect: at first leg; Otto allows the transmission of Alice to pass through, and he writes down the response from Bob simply.Transmission from Alice is subsequently stopped, and " affirmation " from Bob is so that allow her think that all goes well, referring to Fig. 8 but Otto resets.In part (a), Otto allows the transmission of Alice to pass through to Bob, and he just can write down the affirmation of Bob like this.In part (b), Otto stops after all the transmission from Alice, but allows her think that her message passes through by resetting from the response of the Bob of (a) partly.
One object of the present invention just provides the solution to a kind of attack in back.This solution is as follows: Alice should require to have following general format from the response of Bob
Response=f (bus key, security signature, other data)
Wherein " bus key " is the secret of sharing when SAC is established, and " security signature " is to satisfy the following binary string that requires:
-string should long enough, usually>and 64 bits;
-string should all be different for each information/order that Alice sends;
-Alice should know or can calculate this security signature.
" other data " are the optional Payloads to the incoherent response of present disclosure.
When receiving this response, Alice should check that this response is whether consistent with " security signature " and " bus key " that she knows.The purpose of bus key is exactly to stop Otto to calculate that correct response is what carries out attack shown in Figure 8 with this.The purpose of described string is exactly to stop Otto to reset from the old response of Bob; For this reason, signature should all change at every turn.This signature should long enough so that Otto can not only come with good probability conjecture response by choosing a random number.
Some examples of the structure of this response:
-" security signature " is the dull integer that increases of each information/order that sends for Alice, that is, " security signature " is the sequence number of order,
-" security signature " is such form: secsigl ‖ payload[n] ‖ secsig2, wherein payload[n] be the Payload of agreement n bout, secsigl and secsig2 are the strings of fixing.Alice has kept all payload[n that she receives] record, and check (a) do not have to receive for twice identical Payload and (b) secsig1 and secsig2 as expectation." security signature " of this form only just well works when Bob returns the Payload that is not the same in fact forever.It in the example of above-mentioned RE mark this situation.
-" security signature " is by the random number of Alice random choose (one " inquiry "), all is new for each bout of agreement, and is transmitted to Bob in information/command phase.One receives this response, and Alice just checks whether there is correct inquiry in from the response of Bob.Fig. 9 has provided an example of this agreement.When inquiry all was different each piece of the information that sends to Bob for Alice, corresponding response also was different; Therefore Alice can detect Otto and reset one and sending one from the old response of Bob or Bob oneself and upgrade response.
Fig. 9 has shown the possible security solution of attack to Fig. 8, and wherein each transmission of Alice all comprises (at random) inquiry now, and Bob need this inquiry of loopback in his affirmation (echo), and yes correctly mixes with bus key.
The step of (mutually) shown in Figure 9 authentication and key change is with shown in Figure 6 identical.But, this further communication comprise that message is right, promptly ask and respond rightly, wherein provide an inquiry, and wherein said inquiry is transmitted with described response (in described response) once more with described request.Cryptographically handle because address inquires to the shared secret that is to use described only Alice and Bob to know, therefore the sender of request can verify that the recipient has received corresponding request really.Preferably, each request and response to after, address inquires to and all to change, promptly identical inquiry will never be to twice of a request use.This has reduced to break the chance of the secret of described shared secret by analyzing a large amount of message, and has avoided the danger of replay attack.
Figure 10 has shown that according to digital right management system 40 of the present invention, it comprises applying unit 41 and actuator unit 43.Described applying unit 41 comprises first key storing unit 45 that is used for the memory bus key, request generation unit 47 and response verification unit 49.Described actuator unit 43 has the key storing unit 55 that is used to store described bus key, requesting processing 57 and response generation unit 59.Described actuator unit 43 and described applying unit 41 common share communication unit 51.Described actuator unit is applicable to that visit has the dish 53 of the content of the digital rights management of being subjected to, and is particularly useful for reading or writing to covert channel from the covert channel of described dish 53.
In operation, described request generation unit 47 produces the request that comprises message and inquiry, and wherein said message comprises the order relevant with digital rights management, for example is used to change the order of the RE mark on described dish 53.Described request is sent to described actuator unit 43 via described communication unit 51.Found under the effective situation by described request processing unit 57 that in described request therefore described request processing unit 57 will for example be caught to be modified in the described RE mark on the described dish 53.This is changed into described RE mark and gives new value, and the indication of itself and described inquiry is included in the described response by described response generation unit 59 together.At least use described bus key for the generation of described response, wherein preferably also used described bus key to produce described request.Shown in the response be sent to described applying unit 41 via described communication unit.The validity of described response is checked by check the existence of the described indication of described inquiry after the described bus key of use is decoded described response by described response verification unit.If described response is found to be effectively, so concerning described applying unit 41 clearly, described request is in fact handled by described actuator unit 43, and response is produced by described actuator unit 43.
By digital right management system as BD-VCPS, the safe storage (for example, permission is play for three times and duplicated for twice) that provides dish to go up state rights.The passage of optical side (for example, with the similar RE mark of covert channel that uses in known DRM system) is used to this purpose.Different with known DRM system, BD-VCPS does not define keyLocker, and provides the application that has to the direct interface of covert channel.The inventor has such viewpoint, and the authentication between application and driver is not enough to provide the protection to the various attack of relevant hidden channel access.According to the present invention, the solution of this problem is present in adds the additional challenge-response mechanism that preferably all must use for each visit covert channel.
Though the present invention describes by reference the foregoing description, what should affirm is that other embodiment replacedly are used to obtain identical purpose.Therefore scope of the present invention is not limited to the foregoing description, but also can be applied to other communication systems.
Should also be noted that, the verb that uses in this instructions (comprising claim) " comprises " and its distortion is understood that to specify the existence of feature, integer, step or the assembly spoken approvingly of, but does not get rid of the existence and the interpolation of one or more other features, integer, step or assembly or its combination.Shall also be noted that in the claim that the indefinite article " " before the element do not get rid of the existence of a plurality of this elements.In addition, any Reference numeral does not limit the scope of the claims; The present invention can realize by hardware and software, and several " devices " can be represented by same hardware.In addition, each new feature or combination of features are given the credit in the present invention.

Claims (15)

1. applying unit (1,21,41) that is used for digital right management system (40), this system comprises actuator unit (3,23,43), is used to control the right to access to the duplicating secure content, described applying unit (1,21,41) comprising:
-key storing unit (45) is used for memory bus key (KB),
-request generation unit (47) is used to produce the request (7,27) that will be carried out by actuator unit, and this request comprises about the message of described right to access and inquiry (RX),
-communication unit (51) is used to transmit described request (7,27) and receives response (13,33) to described request (7,27) from described actuator unit (3,23,43),
-response verification unit (49), be used for by using described bus key (KB) the described response (13 of decoding, 33) also by checking in described response (13,33) indication described request (7 in, described request (7 is verified in the existence of the indication of the described inquiry (RX) that 27) has been performed, 27) and the link between the described response (13,33).
2. applying unit according to claim 1 (1,21,41), wherein said request generation unit (47) are applicable to by described bus key (KB) and cryptographically link described message and described inquiry (RX).
3. applying unit according to claim 1 (1,21,41), wherein said request generation unit (47) are applicable to a signature (sig) are included in the described request (7) integrity test for use in described request (7).
4. applying unit according to claim 1 (1,21,41), wherein said request generation unit (47) are applicable to and use described bus key (KB) to encrypt described request (7,27).
5. applying unit (1 according to claim 1,21,41), wherein said request generation unit (47) is applicable to and will especially uses described bus key (KB) to be included in the described request (7,27) from the value of described inquiry (RX) and/or described message and described bus key (KB) derivation by means of the hash function of keying by means of hash function.
6. applying unit (1 according to claim 1,21,41), wherein said message comprises the order that is used to manage the covert channel inlet, in particular for the order of reading the covert channel inlet, being used to revise the covert channel inlet and/or being used to eliminate the covert channel inlet.
7. applying unit (1 according to claim 1,21,41), wherein said request generation unit (47) is applicable to random number, sign described request (7,27) identifier, especially substantially unique identifier, and/or tentation data is included in the described request (7,27) as described inquiry (RX).
8. applying unit according to claim 1 (1,21,41), wherein said applying unit (1,21,41) is a main frame, especially software application.
9. actuator unit (3,23,43) that is used for digital right management system (40), this system comprises applying unit (1,21,41), is used to control the right to access to the duplicating secure content, described actuator unit (3,23,43) comprising:
-key storing unit (55) is used for memory bus key (KB),
-communication unit (51), be used to receive the request (7 that to be carried out by described actuator unit, 27), this request comprises about the message of described right to access with from described applying unit (1,21,41) inquiry (RX), this communication unit also is used for transmitting the response (13 to described request (1,21,41), 33)
-requesting processing (57) is used to handle described message,
-response generation unit (59), be used to produce described response (13,33), this response comprises the indication of described inquiry (RX) and to the answer of described message, the indication of wherein said inquiry (RX) and described answer link by described bus key (KB) encryptedly, and wherein the indication of the described inquiry (RX) in described response (13,33) indication described request is performed.
10. actuator unit according to claim 9 (3,23,43), described answer comprise the covert channel inlet, especially the covert channel inlet that is read or revise by described actuator unit.
11. digital right management system (40) that is used to control to the right to access of duplicating secure content; comprise applying unit (1 according to claim 1; 21,41) and actuator unit according to claim 9 (3,23; 43); wherein said bus key (KB) is by described applying unit (1,21,41) and described actuator unit (3; 23,43) share.
12. a digital rights management method that is used for control to the right to access of the duplicating secure content of digital right management system (40), this system comprises the applying unit (1,21 of shared bus key (KB); 41) and actuator unit (3; 23,43), said method comprising the steps of:
A) produce the request (7,27) that (5,25) will be carried out by described actuator unit, this request comprises about the message of described right to access and inquiry (RX),
B) transmit described request (7,27) to described actuator unit (3,23,43) from described applying unit (1,21,41),
C) handle (11,31) described message,
D) produce response (13,33), this response comprises the indication of described inquiry (RX) and to the answer of described message, the indication of wherein said inquiry (RX) and described answer are linked at together by means of described bus key (KB) encryptedly,
E) from described actuator unit (3,23,43) transmit described response (13,33) to described applying unit (1,21,41) and
F) by using decode described response and of described bus key (KB) by checking in described response (13, the existence of the indication of the described inquiry (RX) that the indication described request has been performed 33) verifies (15,35) in described request (7,27) and the link between the described response (13,33).
13. digital rights management method also is included in after the step b) and the step of checking (9,29) described request (7,27) before step c).
14. a computer program, this computer program comprises computer program code means, makes described applying unit carry out step a) according to the digital rights management method of claim 12 when described computer program moves on applying unit, b), e) and f).
15. a computer program, this computer program comprises computer program code means, makes the step b) of the digital rights management method of described actuator unit enforcement of rights requirement 12 arrive e when described computer program moves on actuator unit).
CNA2006800025869A 2005-01-18 2006-01-13 Secure host interface Pending CN101107665A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP05100278.0 2005-01-18
EP05100278 2005-01-18
EP05108273.3 2005-09-09

Publications (1)

Publication Number Publication Date
CN101107665A true CN101107665A (en) 2008-01-16

Family

ID=39000611

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2006800025869A Pending CN101107665A (en) 2005-01-18 2006-01-13 Secure host interface

Country Status (1)

Country Link
CN (1) CN101107665A (en)

Similar Documents

Publication Publication Date Title
US9847880B2 (en) Techniques for ensuring authentication and integrity of communications
CN1697367B (en) A method and system for recovering password protected private data via a communication network without exposing the private data
TWI289829B (en) Mutual verification method, program, recording medium, signal processing system, regeneration device, and information processing device
EP1942430B1 (en) Token Passing Technique for Media Playback Devices
CN102099810B (en) Mobile device assisted secure computer network communications
CN101682612B (en) Controlled activation of function
CN101170554B (en) Message safety transfer system
US7100048B1 (en) Encrypted internet and intranet communication device
JP2007013433A (en) Method for transmitting/receiving encrypted data and information processing system
US20080320314A1 (en) Apparatus for writing data to a medium
US20060195402A1 (en) Secure data transmission using undiscoverable or black data
US20090279699A1 (en) Software defined radio device, and method for renewing software, and software defined radio system
CN102843232B (en) Generate secure device secret key
JP2009506613A (en) Information carrier authentication by physical one-way function
CN109063523B (en) Radio frequency identification security authentication method and system
US6831982B1 (en) Encryption key management system using multiple smart cards
KR100723868B1 (en) Method for verifying RFID tag and reader each other in EPC C1G2 RFID system
JP2013545195A (en) Bound data card and mobile host authentication method, apparatus and system
CN104956620A (en) Methods and devices for authentication and key exchange
US20080189794A1 (en) Secure Host Interface
JP2004318645A (en) Radio tag security extension method, id management computer system, proxy server device, their programs, and recording medium of programs
CN100561913C (en) A kind of method of access code equipment
CN110443326A (en) A method of improving RFID tag system safety
CN101107665A (en) Secure host interface
WO2007128418A1 (en) Apparatus for writing data to a medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20080116