EP1834329A2 - Appareil pour reproduire des donnees, procede d'utilisation associe et support d'enregistrement - Google Patents
Appareil pour reproduire des donnees, procede d'utilisation associe et support d'enregistrementInfo
- Publication number
- EP1834329A2 EP1834329A2 EP06700231A EP06700231A EP1834329A2 EP 1834329 A2 EP1834329 A2 EP 1834329A2 EP 06700231 A EP06700231 A EP 06700231A EP 06700231 A EP06700231 A EP 06700231A EP 1834329 A2 EP1834329 A2 EP 1834329A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- file
- application
- signature
- data
- title
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B27/00—Editing; Indexing; Addressing; Timing or synchronising; Monitoring; Measuring tape travel
- G11B27/10—Indexing; Addressing; Timing or synchronising; Measuring tape travel
- G11B27/19—Indexing; Addressing; Timing or synchronising; Measuring tape travel by using information detectable on the record carrier
- G11B27/28—Indexing; Addressing; Timing or synchronising; Measuring tape travel by using information detectable on the record carrier by using information signals recorded by the same method as the main recording
- G11B27/32—Indexing; Addressing; Timing or synchronising; Measuring tape travel by using information detectable on the record carrier by using information signals recorded by the same method as the main recording on separate auxiliary tracks of the same or an auxiliary record carrier
- G11B27/327—Table of contents
- G11B27/329—Table of contents on a disc [VTOC]
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00855—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server
- G11B20/00869—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server wherein the remote server can deliver the content to a receiving device
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B27/00—Editing; Indexing; Addressing; Timing or synchronising; Monitoring; Measuring tape travel
- G11B27/10—Indexing; Addressing; Timing or synchronising; Measuring tape travel
- G11B27/102—Programmed access in sequence to addressed parts of tracks of operating record carriers
- G11B27/105—Programmed access in sequence to addressed parts of tracks of operating record carriers of operating discs
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B2220/00—Record carriers by type
- G11B2220/20—Disc-shaped record carriers
- G11B2220/21—Disc-shaped record carriers characterised in that the disc is of read-only, rewritable, or recordable type
- G11B2220/213—Read-only discs
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B2220/00—Record carriers by type
- G11B2220/20—Disc-shaped record carriers
- G11B2220/25—Disc-shaped record carriers characterised in that the disc is based on a specific recording technology
- G11B2220/2537—Optical discs
- G11B2220/2541—Blu-ray discs; Blue laser DVR discs
Definitions
- the present invention relates to reproduction of data within a recording medium and/or a local storage, and more particularly, to an apparatus for reproducing data, method thereof and recording medium.
- BD Blu-ray disc
- the BD as a next generation recording medium technology is a next generation optical record solution provided with data remarkably surpassing that of a conventional DVD . And, many efforts are made to research and develop the BD together with other digital devices .
- the optical recording/reproducing device should be provided with a basic function of recording and reproducing a Blu-ray disc (BD) and additional functions considering convergence with peripheral digital devices .
- the optical recording/reproducing device should be provided with a general function of receiving to display an external input signal and a function of reproducing a BD together with the external input signal .
- the present invention is directed to an apparatus for reproducing data, method thereof and recording medium that substantially obviate one or more problems due to limitations and disadvantages of the related art .
- An obj ect of the present invention is to provide an apparatus for reproducing data, method thereof and recording medium, by which contents provided by an authentic content provider and a user' s playback system can be protected.
- Another obj ect of the present invention is to provide an apparatus for reproducing data, method thereof and recording medium, in which an application is authenticated to be executed and by which contents and a payback system can be protected.
- a method of reproducing data includes the steps of checking information of identifying an application associated with the title from an obj ect file corresponding to the title, authenticating the associated application, and reproducing the title by executing the application .
- the application is authenticated through an authentication of a file configuring the application .
- the file is a JAR file .
- the authentication of the file comprises verification of a digital signature of an entity signing the application using a signature block file with the file .
- the verification is performed using a public key within the signature block file .
- the public key corresponds to a private key used for a generation of the digital signature .
- the verification comprises verifying certificates of a certificate chain, and wherein the certificate chain is included within the signature block file .
- the authentication of the file comprises checking integrity of a manifest file within the file using a signature file within the file .
- the authentication of the file comprises checking integrity for actual data of the file using a manifest file within the file .
- the authenticating is performed on Java virtual machine .
- the application is not executed.
- the application is executed within a sandbox on Java virtual machine .
- the information is an application management table (AMT) .
- AMT application management table
- a recording medium in another aspect of the present invention, includes a data area on which contents are recorded and a management area for managing a reproduction of the contents , wherein a title configured with at least one or more signed applications is recorded in the data area, wherein an obj ect file including information of identifying an application associated with the title is recorded in the management area, and wherein the signed application includes a signature file and a signature block file .
- the signature file includes a digest of a manifest file for the file configuring the signed application .
- the digest of the manifest file is computed by applying the manifest file to SHA 1 digest algorithm.
- the signature block file includes a digital signature of an entity signing the application .
- an apparatus for reproducing data in reproducing a title configured with data within a record medium and/or data within a local storage, includes a controller checking information for identifying an application associated with the title from an obj ect file corresponding to the title, the controller authenticating the associated application, and a decoder reproducing the title according to an execution of the application .
- the controller authenticates the application in a manner of authenticating a file while data of the file is being loaded to Java virtual machine .
- the authenticating comprises verification of a digital signature of an entity signing the file using a signature block file with the file .
- the verification is performed using a public key within the signature block file .
- the public key corresponds to a private key used for a generation of the digital signature .
- the authenticating comprises checking integrity of a manifest file within the file using a signature file within the file .
- the controller controls the application not to be executed .
- the controller controls the application to be executed within a sandbox on Java virtual machine .
- FIG . 1 is an exemplary diagram for explaining a unified use between an optical recording/reproducing device and peripheral devices to facilitate conceptional understanding of the present invention
- FIG . 2 is a diagram of a file structure recorded within a recording medium according to the present invention such as a BD-ROM;
- FIG . 3 is a diagram of a data record structure written on an optical disc according to the present invention.
- FIG . 4 is a block diagram of an optical recording/reproducing device according to one embodiment of the present invention
- FIG. 5 is a block diagram of a data reproducing apparatus utilizing a playback system according to one embodiment of the present invention
- FIG . 6 is a diagram of a JAR file configuring a signed application according to one embodiment of the present invention.
- FIG . 7 is a flowchart of configuration of a signed JAR file according to one embodiment of the present invention.
- FIG . 8 is a diagram of a process for configuring a digital signature according to one embodiment of the present invention.
- FIG . 9 is a flowchart of an authentication process of a file within a JAR file configuring a signed application according to one embodiment of the present invention.
- FIG . 10 is a diagram of a process of verifying a digital signature in an authentication process . of a file within a JAR file according to one embodiment of the present invention
- FIG. 11 is a diagram of a certificate chain used for authentication of a JAR file according to the present invention.
- FIG . 12 is a flowchart of a method of reproducing a title according to the present invention .
- the present invention takes an optical disc, and more particularly, "BIu- ray disc (BD) " as an example of a recording medium. Yet, it is apparent that the technical idea of the present invention is identically applicable to other record media .
- "local storage” is a sort of a storage means provided within an optical recording/reproducing device shown in FIG . 1 and means an element in which a user can randomly store necessary information and data to utilize .
- the local storage which is currently used in general, includes “hard disc”, “system memory”, “flash memory” or the like, which does not put limitation on the scope of the present invention .
- the "local storage” is utilized as a means for storing data associated with a recording medium (e . g . , BIu- ray disc) .
- the data associated with the recording medium to be stored within the local storage generally includes data downloaded from outside .
- a permitted data directly read out of a recording medium in part or a generated system data (e . g . , metadata, etc . ) associated with record reproduction of the recording medium can be stored within the local storage .
- the data recorded within the recording medium shall be named "original data” and the data associated with the recording medium among the data stored within the local storage shall be named “additional data” .
- "title” is a reproduction unit configuring an interface with a user . Each title is linked to a specific obj ect file .
- a stream associated with the corresponding title recorded within a disc is reproduced according to a command or program within the obj ect file .
- a title having moving picture, movie and interactive information according to MPEG2 compression among titles recorded within a disc shall be named "HDMV Title” .
- a title having moving picture, movie and interactive information executed by a Java program among titles recorded within a disc shall be named "BD-J Title” .
- the title also means an indexing item existing in an index table .
- "First Playback” which has information of an initially reproduced image once a recording medium is loaded
- “Top Menu” which provides a menu image is a sort of the title .
- a reproduction unit configuring an interface with a user corresponds to a title of the present invention regardless of its name .
- the title is characterized in being configured with data within a recording medium and/or a local storage .
- the data within the local storage can include data that is downloaded while the title is being reproduced.
- FIG. 1 is an exemplary diagram for explaining a unified use between an optical recording/reproducing device 10 and peripheral devices to facilitate conceptional understanding of the present invention .
- optical recording/reproducing device 10 enables a record or reproduction of an optical disc according to versatile specifications .
- the optical recording/reproducing device 10 can be designed to record/reproduce an optical disc (e . g . , BD) of a specific specification .
- the optical recording/reproducing device 10 can be made to reproduce an optical disc only .
- BD Blu-ray disc
- the "optical recording/reproducing device” 10 includes "drive” loadable within a computer or the like .
- the optical recording/reproducing device 10 is equipped with a function of recording/reproducing an optical disc 30 and a function of receiving an external input signal , performing signal- processing on the received signal , and delivering a corresponding image to a user via another external display 20.
- a DMB digital multimedia broadcast
- an Internet signal or the like can be a representative one of the external input signals .
- a specific data on Internet can be downloaded via the optical recording/reproducing device 10 to be utilized.
- CP content provider
- contents which configure a title
- contents mean data provided by a recording medium author .
- the obj ect of the present invention is to protect the contents provided by the content provider and to protect a user' s playback system.
- the original data and the additional data will be explained in detail as follows . For instance, if a multiplexed AV stream for a specific title is recorded as an original data recorded within an optical disc and if an audio stream (e . g . , English) different from the audio stream (e . g . , Korean) of the original data is provided as an additional data on Internet, a request for downloading the audio stream (e . g .
- additional data which is identified according to a method of acquiring each data but does not put limitation on restricting the original or additional data to a specific data .
- the additional data generally includes audio, presentation graphic ( PG) , interactive graphic (IG) , text subtitle or the like, on which limitation is not put .
- the additional data can correspond to a multiplexed AV stream including all of the illustrated data and video . Namely, data having any kind of attribute, which exists outside the optical disc and is associated with the original data, can become the additional data .
- the additional data can be individually downloaded per index file (index) , PlayList file ( * .m2ts ) or clip information file ( * . clpi) .
- the additional data can be downloaded by contents unit or by title unit .
- it is essential to provide a file structure between the original data and the additional data File and data record structures usable for a Blu-ray disc (BD) are explained in detail with reference to FIG . 2 and FIG . 3 as follows .
- FIG . 2 is a diagram of a file structure recorded within a recording medium according to the present invention .
- a reproduction management file structure according to the present invention, at least one
- BDMV directory exists below one root directory .
- An index file
- the BDMV directory which has information of data actually recorded within a disc and information about reproducing the recorded data information, is provided with PLAYLIST directory, CLIPINF directory, STREAM directory, BDJO directory including a BD-J Object file, and JAR directory including a JAR file .
- the BDMV directory is also provided with AUXDATA directory including auxiliary data associated with disc reproduction .
- AV stream files recorded within a disc in a specific format exist and use " .m2ts" as an extension of a stream file ( 01000. m2ts , ...) .
- moving picture data is generally recorded as contents associated with the present invention within the stream file .
- CLIPINF directory includes clip information files ( 01000. clpi, ...) corresponding to the stream files , respectively.
- the clip information file ( * . clpi ) includes attribute information and timing information of the corresponding stream file .
- the clip information file ( * . clpi) corresponding to the stream file ( * .m2ts ) by one-to-one are bound together to be named "clip" . Namely, this means that a clip information file
- PLAYLIST directory includes PlayList files ( 00000.mpls, ...) .
- Each of the PlayList files ( 00000.mpls , ...) includes at least one Playltem designating a reproducing time of a specific clip .
- the Playltem has information about reproduction start time (IN-Time) and reproduction end time (OUT-Time) of a clip designated as a clip name (clip_Information_File_name) within a specific clip, i . e . , Playltem to be reproduced.
- the PlayList file ( * .mpls ) becomes a basic management file unit within an entire management file structure, which performs a reproduction of a specific clip by a combination of at least one or more Playltems .
- the PlayList file ( * .mpls ) can be operated by a command given by a specific obj ect file .
- the obj ect file performs or manages a dynamic scenario
- the PlayList file ( * . mpls ) performs or manages a static scenario .
- BDJO directory includes a BD-J Obj ect file for reproducing a BD-J Title .
- JAR directory contains all "xxxxx. jar" files for BD-J.
- a JAR (Java archive ) file is a compressed file used in distributing a plurality of file collections .
- the JAR file is generally configured with a J ava classes file associated with a specific J ava program, auxiliary resources , metadata and the like .
- Various applications can be configured by the JAR file .
- AUXDATA directory includes files containing auxiliary information associated with disc playback. For instance, AUXDATA directory can include a sound file ( "Sound.bdmv") providing click sound and menu sound information and the like in playback and font files ( "1111. otf”) providing font information in reproducing a text subtitle .
- META directory is provided with metadata .
- the metadata is the data about a data .
- the metadata includes a search file, a file for
- Positions of the above explained files and directories are exemplary. And, it is apparent that the positions can be varied if necessary. For instance, a BDJO directory and JAR directory as subdirectories can be separately configured below the root directory . For another instance, JAR directory can be configured as a higher directory below the root directory .
- the root directory can include a directory containing information about protection of data recorded within the recording medium or data downloaded to the local storage . This is represented as CERTIFICATE directory of the embodiment shown in FIG . 2.
- the root certificate file used for authentication of application and binding unit authentication is placed in the CERTIFICATE directory.
- FIG . 3 is a diagram of a data record structure written on an optical disc according to the present invention, in which a format of recording information associated with the aforesaid file structure within a disc is shown .
- a file system information area as system information for managing an entire file
- an area ( "database area") in which index file, obj ect file, PlayList file, clip information file and metadata file are written to reproduce a recorded stream ( * .m2ts ) are recorded, and a stream or data area in which a stream configured with audio/video/graphic and the like or a JAR file is recorded.
- An area for recording file information for reproducing contents within the data area and , the like is named a management area .
- the file system information area and the database area correspond to the management area .
- each of the areas shown in FIG . 3 is exemplarily proposed .
- the present invention is not limited to the arranged structure of the respective areas shown in FIG. 3.
- FIG . 4 is a block diagram of an optical recording/reproducing device according to one embodiment of the present invention.
- an optical recording/reproducing device basically includes a pickup 11 for reproducing management information including original data and reproduction management file information recorded in an optical disc, a servo 14 controlling an action of the pickup 11 , a signal processor 13 restoring a reproduction signal received from the pickup 11 to a specific signal value , modulating a signal to be recorded . into a signal recordable on the optical disc, and delivering the modulated signal, and a microprocessor 16 controlling the overall operations . Additional data existing on a place except an optical disc is downloaded to a local storage 15 by a controller 12.
- the controller 12 generates a binding unit using information recorded in a binding unit manifest file within the local storage 15.
- the controller 12 generates a virtual package to reproduce recording medium data and data within the local storage 15 using name mapping information recorded in the binding unit manifest .
- the controller 12 reproduces original data and/or additional data according to a user' s request by utilizing the generated virtual package .
- the virtual package is generated via a binding operation performed by a virtual file system and becomes a file structure for reproducing and managing an original clip configured with original data stored in a different area within a disc and an additional clip configured with additional data within the local storage 15.
- the binding unit manifest file includes information used for a binding operation for generating the virtual package . Without the binding unit manifest file, the virtual package cannot be generated from binding the data within the local storage 15 with the file structure (disc package) within the recording medium.
- the name mapping information which is recorded in the binding unit manifest file, indicates where the data recorded within the recording medium is located in the virtual package .
- the newly generated virtual package can be stored in the local storage 15 for later reuse or temporarily stored in a separate dynamic memory to be utilized.
- the controller 12 authenticates whether an application to be executed is defective and then executes the application . Through this , it is able to disable an application distributed by an unauthorized entity to access contents provided by an authentic content provider . Furthermore , it is able to protect a user' s playback system 17 against a malicious function of the application .
- the authentication of the application will be explained in the description of FIG. 5 in detail .
- a playback system 17 finally decodes output data according to provide to a user under the control of the controller 12.
- the playback system 17 includes a decoder decoding an AV signal and a player model deciding a reproduction direction by analyzing an obj ect file command or application associated with the aforesaid reproduction of a specific title and a user command inputted via the controller 12. And, the playback system 17 will be explained in detail in the description of FIG . 5.
- an AV encoder 18 converts an input signal to a signal of a specific format, e . g . , an MPEG2 transport stream according to a control of the controller 12 and then provides the converted signal to the signal processor 13.
- FIG. 5 is a block diagram of a data reproducing apparatus utilizing a playback system according to one embodiment of the present invention .
- “playback system” includes a collective reproduction processing means constructed with a program ( software) and/or hardware provided within the optical recording/reproducing device .
- the playback system plays a recording medium loaded in the optical recording/reproducing device and simultaneously reproduces and manages the data that is associated with the recording medium and is stored in the local storage (e . g . , data downloaded from outside) .
- the local storage e . g . , data downloaded from outside
- a virtual file system 40 binds original data recorded in the recording medium and additional data of a local storage together and then generates a virtual package 51. Yet, if a binding unit corresponding to the loaded recording medium does not exist in the local storage, the virtual file system 40 can generate the virtual package 51 using a disc package within the recording medium.
- the virtual file system 40 provides a binding operation of the virtual package and controls an access mechanism to a file belonging to the virtual package 51.
- the generation of the virtual package 51 performed by the virtual file system 40 is defined by a binding unit manifest file .
- the binding unit manifest file includes management information of the binding operation and provides a valid combination of files bound into the virtual package together .
- the virtual package 51 generated by the virtual file system 40 is used in both BD-J and HDMV modes . In the BD-J mode, an application located at the recording medium or local storage can access the virtual package 51 via the virtual file system 40. In the HDMV mode, MovieObj ect can access the virtual package .
- an index table is provided to a user .
- the index table provides the user with indexing items by the virtual package .
- an index table within the recording medium is provided to the user .
- an index table enabling a reproduction of the binding result is provided to a user .
- a reproduction command for a HDMV title among indexing items of the index table is given, a corresponding PlayList file is executed according to a command provided within MovieObj ect of a management file structure . Thereafter, according to PlayList file information, at least one clip configuring the title is reproduced by a specific Playltem and/or SubPlayltem.
- the present invention relates to a reproduction of a title and has a target of a title including at least one application .
- the title corresponding to a reproduction unit for reproducing data of a recording medium and/or local storage can include A/V data associated with the application .
- the title can simply reproduce the A/V data without including the application .
- autostart PlayList can be executed without an associated application .
- A/V data For instance, a title configured with at least one application can exist like a game .
- the present invention is characterized in protecting data of a recording medium and data of a local storage by authenticating the application associated with the title and by reproducing the title .
- BD-J Title among titles including applications is taken as an example .
- a reproduction of the BD-J Title is explained with reference to FIG . 5 as follows .
- BD-J title has one associated BD-J Obj ect 42.
- Each BD-J Obj ect is stored in a separate "xxxxx . bdj o" file .
- a BD-J Obj ect contains management information associated BD-J title .
- the associated BD-J Obj ect becomes valid.
- As the management information there are "KeylnterestTable ( 42a) " , “Terminallnfo ( 42b) “, “AMT ( 42c) “ , “AppCachelnfo ( 42d) " and the like .
- Obj ect is sent to "Application Manager ( 174a) " by the "BD-J
- AMT, 42c “Application Management Table (AMT, 42c) " identifies the applications associated with a title and provides comprehensive information about each of the applications such as lifecycle-, prameterization-, profile & version-, and user-comprehensive information . If the "Application Management Table (AMT, 42c) " is loaded in the "Application Manager (174a) " , the “Application Manager ( 174a) " executes an auto-run application signaled in the "Application Management Table (AMT, 42c) " .
- an application is an abbreviation of an application program and means a program designed, which means a program designed to enable a specific function to be directly performed .
- the application is executed by "Java VM (virtual machine) ( 175b) " .
- the application officially requests or communicates with another program using an API (application program interface ) .
- the application manages a network function within an optical recording/reproducing device such as an operation of downloading additional data from outside of a recording medium.
- the application can manage the local storage 15. for instance, the application generates a virtual package in a manner of editing files stored in the local storage 15 or binding the files with a disc package . Namely, a specific function is performed within a playback system by the application .
- JAR Java archive
- the JAR is a compressed file used in distributing a plurality of file collections .
- a J ava classes file associated with a specific program, auxiliary resources, metadata and the like are stored in the JAR file in general .
- An application may exist within a recording medium or within a local storage .
- JAR files configuring a specific application may exist in a recording medium or a local storage .
- the JAR file can be downloaded from outside of a recording medium. It is a matter of course that the JAR file can be read out of a loaded recording medium as well .
- Playback Control Engine ( 176) " interprets PlayList file information existing in a disc or local storage substantially and then executes a corresponding PlayList with reference to "Player
- Registers ( 176 (b) " storing a reproduction environment and state of a player . Clips reproduced by the execution of the PlayList are provided to "Presentation Engine ⁇ 111 ) " and are then decoded into one of video, audio, graphic and text subtitle according to a stream type . The decoded stream will be displayed to a user via planes .
- the "Playback Control Engine ( 176)” includes "Playback Control functions ( 176a) " actually managing all reproductions and "Player Registers (176b) " storing player status registers ( PSR) and general purpose register (GPR) . In some cases ,
- Playback Control functions may mean "Playback
- the "Module Manager ( 171 ) “, ⁇ HDMV Module ( 175 ) “, “BD-J Module (174 ) “ and “Playback Control Engine (176)” are designed as software, respectively. Substantially, software is more advantageous than a hardware configuration in design. Yet, the “Presentation Engine ( 177 ) “ , decoder and planes are normally designed by hardware . In particular, the elements (e . g . , reference numbers 171 , 174 , 175, 176) processed by software can be configured with a portion of the controller 12 described in FIG . 4. Hence , the configuration of the present invention should be understood by its meaning but is not limited to a hardware configuration or a software configuration .
- the playback system 17 according to the present invention has the following features .
- HDMV Module ( 175) for HDMV Title
- BD-J Module ( 174 ) for BD-J Title
- both of the modules 174 and 175 are not simultaneously executed. Namely, BD-J Title cannot be reproduced while HDMV Title is being reproduced, and vice versa .
- HDMV Title and BD-J Title receive user commands of separate types , respectively and execute user commands independent from each other, respectively.
- "Key Event Handler ( 171)” receives a user command to deliver to one of "HDMV Module ( 174 ) “ , “BD-J Module ( 175 ) “ and “Module Manager ( 172 ) /Navigator ( 171) " .
- “User Operation (UO)” For instance, if a received command is a user command by "User Operation (UO) ", "Key Event Handler ( 171 ) “ transfers the command to "Module Manager ( 172 ) " . If a received command is a user command by "Key Event”, “Key Event Handler ( 171 ) “ transfers the command to "BD-J Module ( 175 ) " .
- a management which can be called “master”, of the aforesaid “Playback control Engine ( 176) " is taken charge of by one of the currently operating modules 174 and 175.
- “HDMV Module ( 174 )” becomes a master while HDMV title is being reproduced.
- BD-J Module ( 175 ) becomes a master while BD-J title is being reproduced.
- “Navigator ( 173 )” is made to perform a title selection under the control of a user at anytime and can provide a recording medium and title metadata to a user .
- FIG . 6 is a diagram of a JAR file configuring a signed application according to one embodiment of the present invention .
- a JAR file as a sort of a compressed file is used in collecting a plurality of files into one . If the JAR file is signed, the JAR file is called a signed JAR file . And, an application configured with the signed JAR file is called a signed application .
- the signed JAR file is equivalent to an original JAR file except that a manifest file is updated and that a signature file and a signature block file are added to METAINFO directory.
- a JAR file configuring the application includes "APPO" file and METAINFO directory 61.
- "APPO" file includes "classes” file and a data directory.
- "APPO . dat” exists in the data directory.
- the "classes” file includes "APPO . class” file and "subclasses” directory. "subl . class” and "sub2. class” exist in the "subclasses” directory .
- the METINFO directory 61 includes a manifest file (MANIFEST . MF) 611 and a signature book (XXX . RSA) 613.
- MANIFEST . MF manifest file
- XXX . RSA signature book
- the file name "XXX” indicates an entity having signed the JAR file .
- the file name "XXX” can be called a signature alias of a content provider .
- the manifest file, the signature file and the signature block file are the authentication messages used for the authentication of the application according to the present invention .
- the manifest file 611 contains a listing of the files in a JAR file along with a message digest for each file signed . Besides , not all files in the JAR file need to be listed in the manifest file 611 as entries , but all files which are to be signed should be listed. Hence, in an embodiment of FIG. 6, in case that all class files (APPl . class , subl . class , sub2. class ) within the JAR file are signed, entries for "APPO . clas" file, "subl . class” file and ⁇ sub2. class” file should be listed in the manifest file 611.
- the signature file 612 contains the digest of the manifest file .
- the signature file will be the data signed by an authorizing organization . After a message digest has been computed using contents of the signature file 612 , a digital signature is generated by encrypting the computed result via
- the digital signature can be a signed version of a signature file .
- the generated digital signature is placed within the signature block file 613.
- Each signature file may have multiple digital signatures , but those signatures should be generated by the same legal entity.
- the private key is a private key corresponding to a public key existing in the signature block file 613.
- the public key is placed in one of leaf certificates of certificates within the signature block file 613.
- the signature block file 613 contains one or more certificate chains used for signature verification .
- the signature block file 613 can be called a digital signature file .
- the digital signature file has the same file name of the signature file 612 but differs in extension. The extension is determined by signature algorithm. For instance , the extension corresponds to " .
- FIG . 7 is a flowchart of configuration of a signed JAR file according to one embodiment of the present invention .
- digest for data of files included within a JAR file is computed (S710 ) .
- a manifest file is generated and the computed result is stored in the manifest file (S720 ) .
- the digest of files included in the JAR file is used in proving that an application provided to a user are not changed.
- the digest is computed by a digest algorithm.
- the digest algorithm means an algorithm for finding a hash having a predetermined length corresponding to each data after completion of a hashing process of data .
- the computed digest which is mapped to corresponding data by one-to-one correspondence, can be utilized as a code that can prove contents of information . Namely, if data is computed into digest via digest algorithm, integrity of data such as correction, sequence change, deletion, addition and the like can be checked using the corresponding digest .
- the digest algorithm receives data having a random length and then computes a result having a uniform length .
- the digest algorithm used for the present invention is a unidirectional hash function .
- the digest algorithm is suitable for a recording medium according to the present invention .
- SHA 1 secure hash algorith-1
- MD5 messages digest algorithm 5
- a digest of the manifest file including the digest of the files included within the JAR file is computed (S730 ) .
- a signature file is generated to store the digest of the manifest file ( S740 ) .
- the signature file is used in guaranteeing the integrity of the manifest file .
- the signature file is signed using a content provider' s private key that provides the JAR file . Namely, after the digest has been computed using data of the signature file (S750 ) , a result of the digest computation of the signature file is encrypted using the private key (S760 ) . The encrypted result is added to the signature block file with a certificate ( S770 ) . Besides , the encrypted result of the signature file becomes a digital signature .
- a signature algorithm is used for the generation of the digital signature .
- the signature algorithm is a sort of an encryption algorithm.
- RSA Raster-Shamir-Adelman
- DSA digital signature algorithm
- the generation of the digital signature will be explained in detail with reference to FIG . 8.
- a provided of the application generates a signed JAR file by- binding the generated manifest, the signature file and the signature block file together and then provides the signed JAR file to a user .
- FIG. 8 is a diagram of a process for configuring a digital signature according to one embodiment of the present invention .
- a content provider who provides an application, signs a JAR file to guarantee authenticity of the application provided to a user and then provides the signed JAR file to the user .
- a digital signature is used in checking whether the application is provided by an authentic entity . And, the digital signature is used in preventing the application from being forged in the process of providing the application .
- An entity having a secret key can make a signature and has to prove that the signature is made by the entity himself .
- the signed application cannot be changed, Data within a signature file included in the signed JAR file is applied to a digest algorithm 6010 and digest 6011 for the signature file is computed.
- a digital signature is generated by applying the digest for the signature to a signature algorithm 6012.
- a private key 6013 of a content provider who provides the application is used for the signature algorithm.
- the generated digital signature is included in a signature block file to be provided in a JAR file format to a user via a recording medium or network.
- the private key is a key, which is not opened to the public, of an asymmetric key pair, which is used for a public key cryptosystem, of one entity.
- the private key may means a key used in a symmetric key cryptosystem.
- a key corresponding to the private key is called a public key .
- the public key means a key, which is opened to the public, of an asymmetric key pair, which is used for a public key cryptosystem, of one entity .
- the public key is used in deciding authenticity of a signature in a signature system to be called a verification key as well .
- FIG . 9 is a flowchart of an authentication process of a file within a JAR file configuring a signed application according to one embodiment of the present invention .
- a signature over a signature file is firstly verified when a manifest is firstly parsed (S910 ) .
- a digital signature exists in a signature block file .
- the signature block file corresponding to the signature file is located and certificates are read out of the signature block file .
- a public key corresponding to a private key used for the generation of the signature file exists within a leaf certificate among the certificates .
- An encrypted digital signature existing within the signature block file is restored to digest using the public key.
- the restored digest is then compared to digest of the signature file . If the compared digests are identical to each other, a verification of the digital signature is executed . If the verification of the digital signature fails , an authentication of the file fails ( S970 ) .
- the public key is a key corresponding to a private key used for a generation of the digital signature .
- digest for a manifest file is computed (S920 ) .
- the computed digest is then compared to the digest existing within the signature file ( S930 ) . If the two compared digests are different from each other, the authentication of the file fails ( S970 ) . If the two compared digests are identical to each other, integrity for the manifest file is confirmed.
- Digest for actual data of the file to be authenticated is computed (S940 ) .
- the computed digest is compared to the digest within the manifest file (S950 ) . If the compared digests are identical to each other, the validity of the file is confirmed so that the file succeeds in the authentication ( S960 ) .
- the present invention is characterized in that integrity of a manifest file is checked using a signature file and in that a digital signature is verified using a signature block file . And, the present invention is characterized in that integrity for actual data of a JAR file is checked using the manifest file .
- the integrity check for the actual data of the JAR file S940 , S950
- the integrity check of the manifest file S920 , S930
- the verification of the digital signature S910
- the verification result (S910 ) of the digital signature and the result (S930 ) of the integrity check for the manifest file can be stored for a later use .
- the steps S910 to S930 will be executed once in an authentication process of one JAR file .
- a certificate used for the verification of the digital signature exists on certificates field within the signature block file .
- the certificates field includes at least one or more certificate chains . In verifying a digital signature of a signature block file using a public key within a leaf certificate, each of the certificate chains should be verified as well . The verification of the certificate chain is performed to a root certificate .
- FIG . 10 is a diagram of a process of verifying a digital signature according to one embodiment of the present invention, which is provided to help understanding of a method of verifying a digital signature in an authentication process of a file within a JAR file . Referring to FIG .
- a digital signature can be restored to a digest 6018 through a signature algorithm 6016 using a public key 6017 corresponding to a private key 6013 used for the digital signature .
- information encrypted with the private key 6013 should be restored using the public key 1017 corresponding to the private key 6013.
- the public key 6017 corresponding to the private key 6013 used for the generation of the digital signature does not exist, the digital signature cannot be restored to the digest 6018. In this case, it cannot be authenticated that a provided application is provided by a legitimate content provider .
- the public key 6017 is included within a certificate . And, the certificate is stored within a signature block file to be provided to a user .
- a playback system 17 computes digest 6015 by applying a signature file of a JAR file to be authenticated to a digest algorithm 6014.
- the digest algorithm is the digest algorithm used for the generation of the digital signature .
- the computed digest 6015 is compared to the digest 6018 generated from restoring the digital signature ( 6019) . If the compared digests are not identical to each other, a verification of the digital signature fails . Moreover, in case that certificates of a certificate chain certifying integrity of the public key 6017 fail in verifications , the verification of the digital signature fails as well . Since it is unable to decide that the application is signed by an authentic content provider, the authentication of the application cannot be achieved.
- FIG . 11 is a diagram of a certificate chain used for authentication of a JAR file according to the present invention .
- a trusted root certificate authority can certify certificate authorities ( 1102 , 1103) .
- the certificate authority to be authenticated can be an AACS (advanced access content system) or a CPS (content protection system) .
- the AACS or CPS can become a root certificate authority by itself .
- the AACS, CPS or other certificate authority can certify lower structures such as an optical recording/reproducing device, a content provider and the like independently ( 1102a, 1102b, 1102c) .
- Such a structure is called a certificate chain .
- a higher certificate authority which can certify the trusted certificate root authority (CA) does not exist .
- the trusted certificate authority certifies itself ( 1101 ) , which corresponds to a root certification ( 1101) .
- Each of the certificate authorities provides a certificate including a digital structure of each of the certificate authorities for a result of certification of itself or its lower structures .
- a certificate provided by a lowest certificate authority of the certificate chain can be called a leaf certificate, and a certificate provided by a highest certificate authority of the certificate chain can be called a root certificate .
- the certificates can secure the integrity of the public key that restores the digital signature in the verification process of the digital signature .
- each of the certificate authorities can make a certificate revocation list (CRL) .
- a content provider and user receives a downloaded the certificate revocation list, and then checks whether a certificate to be used for authentication is revoked before performing the authentication via the certificate . If the certificate is revoked, the authentication is not achieved . If the certificate is not revoked, the authentication is achieved on condition that other authentication requirements are met .
- a trusted root certificate provided by a trusted certificate authority is stored in a specific area of a recording medium in a file format or the like to be provided to a user or can be downloaded from outside of a recording medium to be stored in a key store of an optical recording/reproducing device .
- an optical recording/reproducing device While an application is being authenticated, an optical recording/reproducing device checks whether a root certificate within a signature block file is identical to a trusted root certificate stored within the recording medium or key store . If the two certificates are not identical to each other, the application is not loaded in "Java VM” . Even if the application is loaded in "Java VM", the application is preferably not executed.
- FIG . 12 is a flowchart of a method of reproducing a title according to the present invention.
- BD-J title is taken as an example for explanation .
- "BD-J Module” loads BD-J Obj ect corresponding to the BD-J title (S210 ) .
- the BD-J Object includes management information associated with the BD-J Title .
- "AMT" i . e .
- “Application Management Table” among the management information is loaded in "Application Manager” ( S1220 ) .
- the management information includes "AppCachelnfo" .
- the "AppCachelnfo" is provided to "Application Cache Manager" within "BD-J Module” to decide what kind of file is transferred to "Application Cache” from a virtual package .
- Classes configuring an application associated with the reproduction of the BD-J title are loaded from JAR files of the virtual package .
- the JAR files of the virtual package can exist in a recording medium or in a local storage .
- the JAR file may exist in an application data area within the local storage .
- the application data area is an area where data configuring an application is stored .
- the present invention is characterized in authenticating an application during a class loading . An authentication of the application shall be performed by "Java VM" .
- the authentication of the application is achieved in a manner of performing authentication on the JAR files configuring the application ( S1230 ) .
- An authentication of a signed JAR file comprises checking integrity of a manifest file using a signature file and verifying a digital signature using a signature block file . Integrity of actual data of the signed JAR file can be confirmed by the manifest file for the JAR file .
- the digital signature is verified according to the present invention and if the integrity of the actual data ⁇ within the JAR file and the manifest file is confirmed according to the present invention, the authentication of the application succeeded.
- the application ( s ) is executed by "Java VM" (S1240 ) .
- the BD-J application accesses an actual resource of a playback system using "API (application programming interface) " .
- resources of the playback system include a disc file system, media decoders , static content decoders , storage devices and network connections .
- the application can perform specific functions required for the reproduction of the BD-J Title .
- data configuring the BD-J title within a recording medium and/or data within a local storage can be reproduced .
- an unauthenticated application can be executed within a limited range in "Java VM" .
- This is called “Sandbox” .
- An access of the unauthenticated application to resources of a playback system is restricted according to a security policy within the "sandbox” .
- an application approved to access the resources of the playback system by the "Sandbox” is able to perform its j obs .
- an application prohibited from accessing the resources of the playback system by the "Sandbox” is unable to read or change files within the resources , thereby avoiding causing damage to the layback system.
- it is difficult to identify a distributor of the application .
- the application is not executed for the protection of a playback system. This is because the playback system can be damaged by a malicious function caused by the application . .Even if the unsigned application is executed, it is preferable that the unsigned application is executed within "Sandbox" approving an access to the restricted resources only.
- an unauthenticated application is not executed or is executed within "Sandbox" .
- it is able to decide a content provider having distributed the application through a digital signature of the application .
- damage is caused to a playback system by a malicious function of the application, it is able to accuse the content provider of responsibility for the distribution of the application .
- a data reproducing apparatus using a local storage includes a controller 12 checking information for identifying an application associated with a title from an obj ect file corresponding to the title to be reproduced, the controller 12 authenticating the associated application and a decoder reproducing the title according to an execution of the application.
- the decoder configures a playback system 17 in part .
- the application exists within a recording medium or local storage .
- the controller 12 authenticates the application in a manner of authenticating a file while data of the file configuring the application is being loaded to Java virtual machine .
- the authentication of the file configuring the application comprises a verification of a digital signature of an entity singing the application using a signature block file within the file .
- the verification of the digital signature is performed using a public key within the signature block file .
- the public key is a key corresponding to a private key used for a generation of the digital signature .
- the authentication of the file configuring the application includes integrity check of a file included in the file using a signature file within the file .
- the controller 12 can control application not to be executed in case that the application is unauthenticated . And, the controller 12 can control the unauthenticated application to be executed within a sandbox on Java virtual machine 174b . Hence, a playback system can be protected against an unauthenticated application . And, by controlling an access of the unauthenticated application to contents, the present invention can protect the contents . Accordingly, the present invention provides the following effects and/or advantages .
- the present invention can protect contents provided by a content provider and a user' s playback system. Hence, the content provider can provide contents safely and the user can reproduce the contents with security . Therefore, the present invention can provide more convenient functions .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un appareil pour reproduire des données, un procédé associé et un support d'enregistrement. Lors de la reproduction d'un titre, configuré au moyen des données, à l'intérieur du support d'enregistrement et/ou des données à l'intérieur de la mémoire locale, un procédé de reproduction des données comprend les étapes suivantes : vérification des informations d'identification d'une application associées avec le titre provenant d'un fichier d'objets correspondant au titre ; authentification de l'application associée, et la reproduction du titre par exécution de l'application. Selon l'invention, des contenus, fournis par un fournisseur de contenu et par un système de lecture de l'utilisateur, peuvent être protégés. De ce fait, le fournisseur de contenus peut fournir des contenus de manière sûre et l'utilisateur peut reproduire les contenus en toute sécurité. Ainsi l'invention permet la création de fonctions plus commodes.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US64177905P | 2005-01-07 | 2005-01-07 | |
KR1020050118682A KR20060081339A (ko) | 2005-01-07 | 2005-12-07 | 데이터 재생방법 및 재생장치, 기록매체 |
PCT/KR2006/000003 WO2006073252A2 (fr) | 2005-01-07 | 2006-01-02 | Appareil pour reproduire des donnees, procede d'utilisation associe et support d'enregistrement |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1834329A2 true EP1834329A2 (fr) | 2007-09-19 |
Family
ID=36647880
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP06700231A Withdrawn EP1834329A2 (fr) | 2005-01-07 | 2006-01-02 | Appareil pour reproduire des donnees, procede d'utilisation associe et support d'enregistrement |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP1834329A2 (fr) |
WO (1) | WO2006073252A2 (fr) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW200707417A (en) | 2005-03-18 | 2007-02-16 | Sony Corp | Reproducing apparatus, reproducing method, program, program storage medium, data delivery system, data structure, and manufacturing method of recording medium |
BRPI0608830B1 (pt) * | 2005-03-18 | 2018-05-29 | Sony Corporation | Aparelho e método de processamento de informação, e, mídia de armazenamento legível por computador |
EP1950963B1 (fr) * | 2005-11-15 | 2012-12-12 | Panasonic Corporation | Dispositif, procédé et programme de reproduction vidéo |
WO2009044508A1 (fr) * | 2007-10-02 | 2009-04-09 | Panasonic Corporation | Système de protection des droits d'auteur, dispositif de reproduction et procédé de reproduction |
CN101911089B (zh) * | 2008-01-21 | 2013-06-12 | 索尼公司 | 信息处理设备,盘和信息处理方法 |
EP2254117B1 (fr) * | 2009-05-20 | 2018-10-31 | Sony DADC Austria AG | Procédé de protection de copie |
RU2539717C2 (ru) | 2009-05-20 | 2015-01-27 | Сони Дадк Аустриа Аг | Способ защиты от копирования |
US9263085B2 (en) | 2009-05-20 | 2016-02-16 | Sony Dadc Austria Ag | Method for copy protection |
KR20150035249A (ko) * | 2013-09-27 | 2015-04-06 | 삼성전자주식회사 | 어플리케이션 패키지를 저장하는 기록 매체, 어플리케이션 패키지 생성 방법 및 장치, 어플리케이션 패키지 실행 방법 및 장치 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7031473B2 (en) * | 2001-11-13 | 2006-04-18 | Microsoft Corporation | Network architecture for secure communications between two console-based gaming systems |
WO2004064314A1 (fr) * | 2003-01-15 | 2004-07-29 | Sony Corporation | Systeme de traitement de signaux, procede d'enregistrement, programme, support d'enregistrement, dispositif de reproduction, et dispositif de traitement d'information |
JP2004103239A (ja) * | 2003-10-20 | 2004-04-02 | Sony Computer Entertainment Inc | ディスク状記録媒体、この媒体の再生装置及び方法 |
-
2006
- 2006-01-02 EP EP06700231A patent/EP1834329A2/fr not_active Withdrawn
- 2006-01-02 WO PCT/KR2006/000003 patent/WO2006073252A2/fr active Application Filing
Non-Patent Citations (1)
Title |
---|
See references of WO2006073252A3 * |
Also Published As
Publication number | Publication date |
---|---|
WO2006073252A3 (fr) | 2006-11-02 |
WO2006073252A2 (fr) | 2006-07-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7668439B2 (en) | Apparatus for reproducing data, method thereof and recording medium | |
RU2414757C2 (ru) | Носитель записи, устройство и способ для воспроизведения данных, устройство и способ для сохранения данных | |
US8667036B2 (en) | Bonding contents on separate storage media | |
US8233777B2 (en) | Data transmitting method, recording medium, apparatus for reproducing data from recording medium using local storage and method thereof | |
US20060153017A1 (en) | Method and apparatus for protecting shared data and method and apparatus for reproducing data from recording medium using local storage | |
US20070133944A1 (en) | Information processing apparatus, information recording medium manufacturing apparatus, information recording medium, method, and computer program | |
EP1834329A2 (fr) | Appareil pour reproduire des donnees, procede d'utilisation associe et support d'enregistrement | |
US8438651B2 (en) | Data reproducing method, data recording/ reproducing apparatus and data transmitting method | |
US8873934B2 (en) | CPS unit management in the disc for downloaded data | |
US20060262710A1 (en) | Recording medium, and method and apparatus for reproducing data from the recording medium | |
WO2006073251A2 (fr) | Procede et appareil permettant de proteger des donnees partagees, et procede et appareil permettant de reproduire des donnees a partir d'un support d'enregistrement au moyen d'une memoire locale | |
KR20080014881A (ko) | 기록 매체, 데이터 재생 장치, 데이터 재생 방법, 데이터저장 장치, 그리고 데이터저장 방법 | |
WO2006078099A2 (fr) | Procede de transmission de donnees, support d'enregistrement, appareil pour la reproduction de donnees a partir d'un support d'enregistrement utilisant une memoire locale et procede correspondant |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20070725 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20090312 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20110802 |