As digital broadcasting televisions are increasing and the high definition audiovisual content becomes popular rapidly, the data size of the audiovisual content strikingly increases and the transfer rate of such content becomes much higher. As the result, a larger capacity to record an audiovisual Content and a higher access speed are increasingly demanded.
Hard disk drives themselves satisfy those requirements for the audiovisual content. However, the hard disk drive that it is difficult to be replaced with a larger capacity of a hard disk drive available in the current embedded in an appliance such as a set-top box has such problems market and the library of recorded content for a long time cannot be taken over to a new hard disk drive. To solve these problems, we proposed the iVDR1 media as a standard on the worldwide market.
Higher quality of content has become recognize more valuable. We must keep it in safety from a viewpoint of prevention from illegal copy, especially for removable hard disk drives, because content on such a removable medium is much easier to be copied to anther medium. This is why we developed the content protection technology focusing on disk drives that is equipped with cipher processing and input/output management. Content on a hard disk drive is encrypted with a content key, and a content key with user rules is stored in a tamper resistant module inside a hard disk This paper describes the architecture of our developed recorder, and the content protection technology for its audiovisual content. In Chapter 2, requirements for protection of an audiovisual content are described. Then, the architecture of an audiovisual content recorder is explained in Chapter 3,the recording structure of the protected audiovisual stream, and relations between the protected audiovisual stream and a content key with usage rules, are explained in Chapter 4,management of usage rules is explained in Chapter 5, prior to the conclusion.
II. REQUIREMENTS FOR PROTECTION OF AN AUDIOVISUAL
CONTENT
Requirements for protection of an audiovisual content, such as digital broadcasting television programs, which is one of the main applications to be recorded on the recorders, are the followings.
A. Multiple Content Keys for One Content
If one audiovisual content is encrypted by an unique content key, any break or leak of the content key will mean that the entire audiovisual content is put in danger of illegal accesses. The direct solution of reducing this danger is to use multiple content keys for one content. Additionally all content keys are protected independently and can be accessed individually.
Multiple content keys for a single content - different content key for a different part of a single content could be also useful for reducing time-consuming re-cipher process in combining two contents into one by editing.
B. Strict and Multiple application of Content Usage Rules
It is convenient in playback of an audiovisual content, because the corresponding usage rules are checked only in an audiovisual content recorder, but not in a storage device. In the case of an optical disc storage system, the usage rules with content key Kc are always transferred to the audiovisual content recorder for check, even if any kind of usage rule is set. In the case that the permitted times of playback or duplication are prescribed in the usage rules, the usage rules recorded in the storage deviceare renewed in the process of playback or duplication. The usage rules are renewed usually as follows: a) A content key Kc with usage rules is read from storage
Fig. 2 shows an attack of overwriting on usage rules. Overwriting of changed usage rules is prevented by attacks. As the result, the permitted time in usage rules recorded on the storage device is not reduced. In the case that the permission of move is prescribed in the usage rules, the content key Kc in the storage device is
with a process of move. Erasing of the content key Kc is prevented by an attack. It means making of illegal copy of an audiovisual content It is because usage rules are coerced only by an audiovisual content recorder. A conventional storage device, such as an optical disc, does not have a capability to check the usage rules and erase the content key Kc. It is possible to do this in a storage device, by taking the advantage of the intelligent capability of a hard disk drive. Therefore, it is necessary to have double-check usage rules at both a storage device and an audiovisual content recorder. Therefore, it needs a double application of usage rules in a storage device and an audiovisual content recorder. One the other hand, there are usage rules to coerce it only by an audiovisual content recorder like the conditions of an output form of the playback content
Fig. 3 shows the block diagram of the developed audiovisual content recorder with the removable hard disk drive. This recorder has a digital broadcast tuner of ISDB
(Integrated Services Digital Broadcasting) built-in. Usage Pass Manager, Usage Pass Transfer Unit, Content Encryptor, Content Decryptor and Secure Expansion of the file system are added to protect recorded contents. Usage Pass is information data which includes a content key Kc to decrypt the encrypted audiovisual stream and usage rules. Usage Pass Manager creates and extracted Usage Pass, and interprets usage rules in it. Usage Pass Transfer Unit sends and receives Usage Pass between a removable hard disk drive. Content Encryptor encrypts an audiovisual stream to be recorded with the content key Kc. Content Decryotor decrypts a recorded and encrypted audiovisual stream with it. Secure Expansion of the file system manages recording positions of Usage Passes, and relations between an encrypted audiovisual stream and some Usage Passes.
IV. AUDIOVISUAL STREAM RECORDING IN PROTECTION
A. Structure of audiovisual stream for protection
An audiovisual stream is time sequentially concatenated plural recording packets (RPs). Each of RP is defined as MPEG transport stream packet (188 bytes) with time code (4 bytes). The size of each RP is 192 bytes. On the other hand, a sector is an access unit of a hard disk drive for reading and writing of data. The size of a sector is 512bytes. An aligned unit (AU) is the smallest access unit of hard disk for the reading and writing of an audiovisual stream. Also it is a cipher block to encrypt through Advanced Encryption Standard [4] in cipher block chaining mode [5]. In consideration of effective and safety playback of an audiovisual stream, the size of an AU is selected among the common multiples of both sizes: It is 3072 bytes. An AU consists of continuous 16RPs and corresponds to 6 sectors. An allocation unit (ALU) is a recording unit that guarantees reproduction and recording of an audiovisual stream in real time. It is arranged in continuous sectors and consists of 512 Aus .The size of each ALU is 1.5M bytes. Fig. 4 shows the structure of an audiovisual stream.
B. Relations between encrypted audiovisual stream and
Usage Pass
An encrypted audiovisual stream relates to multiple Usage Pass in which a content key, a seed of initial vector, usage rules and so forth are stored. In other words, an audiovisual stream is protected by one or more Usage Passes. The relations between an Encrypted ALU and a Usage Pass are described in Usage Pass Effective Range. The range consists of one or more continuous encrypted ALUs. Fig. 5 shows the Relation between an audiovisual stream and Usage Passes. Here each encrypted ALUs in one Usage Pass Effective Range is numbered in ascending order from “1” as ALU number.
C. Decryption of Encrypted Allocation Unit
Encrypted ALU consists of sequential 512 encrypted AUs. Each of encrypted AU is decrypted through Advanced Encryption Standard in cipher block chaining mode. Initial vector is used at the beginning of each decryption. The same value of initial vector is used about 512 encrypted Aus included in the same encrypted ALU. The value corresponding to each AU is the value which encrypted seed of initial vector in the Usage Pass with the ALU number ofALU including in it through Advanced Encryption Standards electronic code book mode [6]. Fig shows decryption of an encrypted allocation unit. An audiovisual stream is encrypted in Content Encryptor, and an encryp audiovisual stream is decrypted in Content Decryptor
D. Relations between an audiovisual stream and Usage
Passes
A hard disk drive has two separated areas – the Open and the Qualified Area. The Open Area is a non-protection area that can be accessed by users. On the contrary, the Qualified Area is a special tamper-resisted protected area that cannot recessed besides a cipher road through bi-directional authentication. While encrypted audiovisual streams, Playback information and Usage control information are stored in the Open Area, Usage Passes are stored in the Qualified Area.
Pass and recording position of Usage Pass. Playback information is a list of one or plural Usage Pass Effective Range Entries (UPEREs) to describe relations between a Usage Pass Effective Range and a Usage Pass. Each of UPERE consists of Usage Pass Effective Range Start Position (UPERSP), Usage Pass Effective Range End Position(UPEREP) and Usage Pass Identifier. UPERSP and UPEREPis the position in which the first and last ALU in the range exists, respectively. And each of position is order from the top of an audiovisual stream.
Usage control information is a list of one or plural Usage Pass locations. Each of Usage Pass Location consists of Usage Pass Identifier and Logical Cluster Address to indicate the recorded position in the Qualified Area and is provided to indicate the recorded position of Usage Pass specified by the Usage Pass Identifier. Peres constituting Playback information and Usage Pass Locations constituting Usage control information are located in playback time order respectively. If an encrypted audiovisual stream is divided into two parts, Playback information and Usage control information are divided into two parts respectively similarly. Relations among encrypted
V. CONTROL OF USAGE RULES
This chapter describes how we design control of usage rule to satisfy requirements in Chapter 2.The usage rules are checked at two places of a hard disk drive and Usage Pass Manager in an audiovisual content recorder, See Fig. 8. The usage rules for storage device such as “Generation Count”, “Copy Count”, “Play Count” and “Move Control Flags” are checked twice. First, the output of the Usage Pass conforms to the usage rules for storage device. Secondly, the output of an audiovisual stream conforms to the usage rules for storage device and to the usage rules for export device such as “Encrypted Plus Non-assertion,” ”Digital Output Only,” “Image Constraint” Protection” and to the Copy control descriptor such as “Copy Control Information“ and so on.
A. Management of No More Copy Content As for “no more copy” content, copying is prohibited. The Usage Pass including Generation Count of the usage rule for
Qualified Area. And encrypted audiovisual stream including the copy control descriptor set to “Copy-one-generation,”“No-more-copies” or “Copy-not-asserted” is recorded in the Open Area.
The first usage rule gate outputs the Usage Pass from a hard disk drive according to Generation Count in the recorded Usage Pass. In the case of process of playback, the fist gate outputs the recorded Usage Pass as it is. In the case of process of move, the first gate duplicates the Usage Pass from the Qualified Area, and changes the value of Generation Count in the duplicated Usage Pass to “Copy one generation, “and outputs the changed Usage Pass. After output, the recorded Usage Pass in the Qualified Area is invalidated. Therefore, it means erasing of the content key Kc in the storage device. The second usage rule gate judges output conditions of the reproduced audiovisual content according to Generation Count in the received Usage Pass and the copy control descriptor. When Generation Count is “No more copy” and the copy control descriptor is “Copy-one-generation” or “No more-copies,” the reproduced audiovisual content as “No more copy” is output. When Generation Count is “Copy one generation” and the copy control descriptor is “Copy-one generation” r “No-more-copies,” the content as “One generation-copy” is output. When the copy control descriptor’s “copy-not-asserted,” the content as “Copy-not-asserted” is output. The judgment is notified the High-bandwidth Digital Content Protection system (HDCP) unit and the Analog CopyControl (ACC) unit. Both units output the decoded content according to it.
B. Management of Copy Count Content
As for a “copy count” content, the times of legal copying sis appointed. In other words, copying of the permitted number of times is forgiven. The Usage Pass including Copy Count of the usage rule for storage device set to the permitted number encrypted audiovisual stream including the copy control descriptor set to “no-more-copies” or “copy-not-asserted” is recorded on the Open Area. The first usage rule gate outputs the Usage Pass from a hard disk drive according to Copy Count in the recorded Usage Pass. In the case of process of playback, the first gate duplicates the Usage Pass from the Qualified Area, and changes Copy Count in the duplicated Usage Pass to “No more copy” (set to 0) and outputs the changed Usage Pass. In the case of process of copy, the first gate duplicates the Usage Pass from the Qualified Area, and changes Copy Count in the duplicated Usage Pass to Generation Count set to “Copy one generation,” and outputs the changed Usage Pass. After output, Copy Count in the recorded Usage Pass on the Qualified Areas decremented by one. If the value of Copy Count is 0, it means “No more copy”. In the case of process of move, the first gate judge’s permission of output of Usage Pass according to Move Control Flags. If output is permitted, the fist gate outputs the recorded Usage Pass as it is. After output, the recorded Usage Pass on the Qualified Area is invalidated.
C. Management of ISDB Copy Count Content
An ISDB copy count content is expected a “copy count “content. The processing of the first gate is the same as a copy control content. However, the Usage Pass including Copy Count set to the permitted number of times (1 to 9), and Move Control Flags always set to permitted. The processing of the second gate is the same as a no more copy content, except analog output. The reproduced audiovisual content of ISDB copy control content is always output as analog signal as “One-generation-copy”.
ADVAN TAGES AND ITS APPLICATION
We proposed the audiovisual recording structure considering for efficient cipher protection of content on the hard disk drive. This provides a reliable, flexible and efficient protection framework, especially for sharing digital broadcasting television programs among devices by using a removable hard disk drive. And we developed an audiovisual recorder which records digital broadcasting television programs according to this audiovisual recording structure on TV recording format of the iVDR technical specification. The recorded program with this audiovisual recording structure in the removable hard disk drive is reproduced by other audiovisual recorder for it. This audiovisual recording structure has been adopted into current iVDR devices available on the market, as their TV recording format according to the iVDR technical specification.
CONCLUSION
We have developed an audiovisual content recorder using a removable hard disk drive. Protection of digital content recorded on the removable medium is important. Besides a large capacity and a high speed, the hard disk drive has much better features than optical discs, one of which is intelligent enough to make bi-directional authentication in the system. This benefit realizes more flexible and reliable protection of digital content. This paper describes the architecture of the developed audiovisual content recorder, focusing on its content protection technology.
This is one of my favorite blog because whenever i visit this blog found something interested and different,you are doing very well job,keep it up...
ReplyDeleteRecord Phone Calls