The present invention is in the field of data security and content verification.

In many applications, especially when it comes to confidential data, it is essential to be able to verify and secure a data content. Data integrity becomes more and more important, also in the sector of private applications and data. Conventional data administration concepts lack the possibility for users to allow other users to verify or integrity check data. Especially when using storage media that season and tend to become more and more erroneous with time it is a problem that at some point one can no longer be sure of the data validity or consistency, i.e. if the data can still be retrieved correctly from such a medium.

Moreover conventional storage concepts and storage media do not allow to verify an origin of data. For example if data is transferred using portable storage media, e.g. by sending a CD (CD = Compact Disc) or a DVD (DVD = Digital Versatile Disk) by mail, the receiver can not easily prove the origin of the data, i.e. verify the integrity of the data.

It is therefore the object of the present invention to provide a concept for data storage enabling verification consistency and integrity of the data.

The object is achieved by an apparatus for writing according to claim 1, a method for writing according to claim 8, an apparatus for verifying according to claim 10, a method for verifying according to claim 16 and an optical disc drive according to claim 18.

The object is achieved by an apparatus for writing checksum information on a data content on a storage medium, the apparatus comprising a means for providing checksum information based on the data content. Furthermore, the apparatus comprises a writer for writing the data content and the checksum information on the storage medium, such that a baseline reader and an enhanced reader can read the data content, an enhanced reader can read and process the checksum information, and the baseline reader ignores, skips or does not read the checksum information.

The object is further achieved by an apparatus for verifying a data content from a storage medium, the apparatus comprising a means for reading the data content and a first checksum information from the storage medium. Furthermore, the apparatus comprises a means for providing a second checksum information based on the data content and a means for providing a verification indication if the first and the second checksum information is equal.

The present invention is based on the finding that based on checksums, respectively encrypted checksums, data validity and integrity can be verified. In one embodiment, this is accomplished by storing a checksum over each file that is recorded on an optical disc in a file system independent way.

Embodiments of the present invention therefore provide the advantage that data can be verified, and a user can be prevented from working with broken data. Moreover, an effective mechanism is enabled to verify an origin of data stored on a storage medium. Some embodiments support public key signatures for optical storage media. Using this technology, the authenticity of a disc can be proven by verifying a digital signature stored on the disc against a public verification key that needs to be provided once by an author of optical media. The digital signature refers to a checksum of the data on the storage medium. Some embodiments can use the private counterpart to the verification key to digitally design a hash value generated over the checksums.

Embodiments may allow users to verify that data stored on a disc has not decayed in any way and is still in its original state by creating checksums over all files stored on the disc. In a similar way embodiments may store checksums or encrypted checksums on any other storage media as memory cards, hard discs, magneto-optic memory devices, ROM (ROM = Read Only Memory) etc.

In one embodiment, checksum generation can be done on-the-fly and checksums can be stored at the end of, for example, an optical disc. The allocations can be referenced through a pointer stored in a certain sector, in one embodiment sector 15 of the user data area could be used.

Assignment of a particular checksum to its respective file can be done through a chunk table in an embodiment specifying a logical sector number of a first data block of a file and a checksum the file is associated with.

Algorithms used for building the checksums can be chosen from a number of different options, including but not restricted to conventional algorithms as, for example, SHA-1 (SHA = Secure Hash Algorithm), SHA-256, MD5 (MD = Message Digest Algorithm) or custom AES-128 (AES = Advanced Encryption Standard).

File checksum calculation can be performed by host software as part of a file system authoring process in one embodiment. Protection flags may specify for each file whether a sector payload encryption has been applied to that file and whether the host software needs to decrypt sector content before being able to use it.

The chunk size can be the size of a single entry of the chunk table, the size may be fixed for a particular embodiment and serves as an extensibility feature with backwards compatibility for future extensions of embodiments.

The embodiments of the present invention will be detailed using the accompanying Figs. in which:

Fig. 1a

shows an embodiment of an apparatus for writing;

Fig. 1b

shows another embodiment of an apparatus for writing;

Fig. 2

shows an embodiment of an apparatus for verifying;

Fig. 2b

shows another embodiment of an apparatus for verifying;

Fig. 3

shows an embodiment of a storage medium;

Fig. 4

shows an embodiment of an anchor structure;

Fig. 5

shows an embodiment of a file fragment information table structure;

Fig. 6

shows an embodiment of a file fragment information table entry;

Fig. 7

shows an embodiment of a definition of a copy protection field;

Fig. 8

shows an embodiment of a disc security information structure;

Fig. 9

shows an embodiment of a redundancy information field structure;

Fig. 10

shows an embodiment of a redundancy map information structure;

Fig. 11

shows an embodiment of an application revocation block structure; and

Fig. 12

shows an embodiment of a secure disc feature descriptor and feature control structure.

Fig. 1a shows an embodiment of an apparatus 100 for writing checksum information on a data content on a storage medium 105. The apparatus 100 comprises a means 110 for providing checksum information based on the data content. Furthermore, the apparatus 100 comprises a writer 115 for writing the data content and the checksum information on the storage medium 105 such that a baseline reader and an enhanced reader can read the data content, the enhanced reader can read and process the checksum information, and the baseline reader ignores, skips or does not read the checksum information.

Fig. 1b shows another embodiment of an apparatus 100 for writing information on data content on a storage medium 105. The apparatus 100 shown in Fig. 1b further comprises a means 120 for encrypting the checksum information to obtain an integrity information, the encryption being based on an encryption key and the writer 115 is adapted for writing the integrity information to the storage medium 105.

In another embodiment, the writer 115 is adapted for using an optical disc as a storage medium 105. Moreover, the writer 115 can be adapted for writing control information on a physical or logical location of the checksum information or integrity information on the storage medium 105. Furthermore, the writer 115 can be adapted for writing the checksum information or the integrity information to the logical end of the storage medium 105.

In yet another embodiment, the writer 115 may be adapted for writing a chunk table specifying an association between data and checksums or integrity information. The writer 115 may further be adapted for writing a 128-bit checksum for a data segment to the storage medium 105.

In embodiments, the means 120 for encrypting the checksum information may utilize asymmetrical or symmetrical encryption algorithms. For example, a private key of a user may be used to encrypt the checksum and to obtain the integrity information so that using a public key of that user serves for verifying the checksums and, thus, the data content.

Fig. 2a shows an apparatus 150 for verifying a data content from a storage medium 155. The apparatus 150 comprises a means 160 for reading the data content and a first checksum information from the storage medium 155. The apparatus 150 further comprises a means 165 for providing a second checksum information based on the data content and the means 170 for providing a verification indication if the first and the second checksum information are equal.

Fig. 2b shows another embodiment of an apparatus 150 for verifying a data content from a storage medium 155. The embodiment shown in Fig. 2b comprises similar components as the apparatus 150 shown in Fig. 2a, with the means 160 for reading being adapted for reading a first encrypted checksum information and further comprising a means 175 for decrypting the first encrypted checksum information to obtain the first checksum information. Embodiments, therefore, read and decrypt encrypted checksum information, which may serve as integrity information e.g. in case of usage of a private and public key encryption. With these embodiments, a user can use a private key to encrypt the checksums, another user can verify the checksums by decrypting them with a public key to obtain the decrypted checksum information, which can be verified against checksum information obtained from the data content.

In embodiments, the means 160 for reading can be adapted for reading from optical discs. Moreover, the means 160 for reading can be adapted for reading control information from the storage medium 155, the control information may comprise information of a physical or logical location of the first checksum information or the first encrypted checksum information.

In another embodiment, the means 160 for reading can be adapted for reading a chunk table having information on an association between data and first checksum information or first encrypted checksum information from the storage medium 155. In one embodiment, the means 160 for reading can be adapted for reading a first 128-bit checksum or encrypted checksum information from the storage medium 155.

Fig. 3 shows an embodiment of a storage medium 300. The storage medium may be an optical disc comprising a data section 310 having data information. The storage medium or optical disc 300 further comprises a checksum section 320 having information on checksum data or encrypted checksum data based on the data information. Moreover, the optical disc or storage medium 300 comprises a control section 330 having information on the association of data information and information on checksum data or encrypted checksum data. Within the control section 330, a chunk table may be provided indexing or pointing to, in one embodiment in terms of logical sector numbers, data blocks and associated checksum information. For a better overview Fig. 3 shows a logical structure of a storage medium, which could have a sequential physical structure as for example used for optical storage media written sequentially in one long track.

Fig. 4 shows a basic SecurDisc technology anchor structure (BTAS = Basic SecurDisc Technology Anchor Structure). The BTAS can e.g. be located in RLSN 15 (RLSN = Relative Logical Sector Number), relative to the beginning of a SecurDisc enabled recording session at offset RBP 64 (RBP = Relative Byte Position). Moreover, one redundant copy of BTAS can be located at either the last LSN of a SecurDisc enabled recording session, or the logical sector immediately preceding the secondary AVDP (AVDP = Anchor Volume Description Pointer). The BTAS references an FFIT (FFIT = File Fragment Information Table) and a redundancy information block, as well as a second redundancy backup copy of each of these structures, and thus serves as an anchor for all SecurDisc structures located in the user data area. Fig. 4 shows an embodiment of an exemplified BTAS.

Fig. 4 shows a field for the structure size which specifies the total size of the structure in bytes as a Big-Endian value, which can for example always be 56-bytes. Moreover, Fig. 4 shows a structure identifier "BTAS", which contains an ASCII (ASCII = American Standard Code for Information Interchange) representation of "BTAS" identifying the structure as a SecurDisc technology anchor structure.

The field DSILSN (DSI = Disc Security Information) specifies the logical sector number of the disc security information structure as a Big-Endian value. If this security information is not present, all bytes of this field are set to zero. Furthermore, Fig. 4 shows the FFITLSN, which specifies the logical sector number of the FFIT as a 64-bit Big-Endian value.

Another field shown in Fig. 4 is the ARBLSN (ARB = Application Revocation Lock) and specifies the logical sector number of ARB as a 64-bit Big-Endian value, or a field filled with zeros, if no ARB is present. The ARB is required in the embodiments for all media that use copy protection or pass phrase protection features of SecurDisc. An ARB is a revocation block, which can be used to revoke compromised applications.

Fig. 4 further shows a "Backup DSILSN"-, a "Backup FFITLSN"- and a "Backup ARBLSN"-field, which specify the logical sector numbers of the respective backup structures. The FFIT contains information about each contiguous area of the disc that is managed by SecurDisc, such contiguous areas may include files that are copy protected or pass phrase protected, as well as files protected by checksums. The FFIT is stored after all other files on the disc, to allow checksums to be generated on-the-fly during the recording process. The location of the FFIT is flexible, the FFIT is referenced by the BTAS. It begins with a header and an embodiment of a structure is shown in Fig. 5.

Header information is comprised in the FFITH (FFITH = FFIT Header)-field containing version information and a field indicating the different SecurDisc features that are used on any part of the media. A backup of the FFIT is referenced by the BTAS as mentioned above. Its location may be freely selected. However, to achieve maximum reliability, the backup FFIT should be physically distant from the first copy of the FFIT, as a minimum requirement, the backup FFIT can be stored in a packet different to the primary FFIT.

As indicated in Fig. 5, the structure starts with the "FFITH Size"-field (FFITHS = FFITH size), which specifies the total size of the FFITH and bytes as a Big-Endian value. In one embodiment the structure size may always be 40bytes. Moreover, Fig. 5 shows the FFIT identifier, which contains a ASCII representation of the string "BFIT" identifying the structure as a SecurDisc file fragment information table.

Moreover, Fig. 5 shows a SecurDisc FFIT version number, which specifies a version number of the structure. The first byte contains a high version number the second byte contains a low version number. The high version number is 01h in one embodiment. An implementation may only rely on the layout of the remaining information of the FFITH and its FFITE (FFITE = FFIT Entry) if the high version number is 01h. If only the low version number is higher than the version number an implementation supports, the implementation may still rely on the structures that have been defined in a previous version of an embodiment.

Furthermore, Fig. 5 shows a "SecurDisc Copy Protection Recovery"-field, which comprises the 128-bit disc unique ID encrypted with a 128-bit AES key value derived from a special copy protection recovery pass phase calculated as described above. There may be no pass phrase verification checksum for this value in another embodiment. If no copy protection recovery pass phrase has been specified during the authoring process all bytes of this field may be set to zero.

Moreover, Fig. 5 shows a SecurDisc pass phrase verification checksum, which comprises an 128-bit checksum that can be used to verify the correctness of the pass phrase entered by a user. The pass phrase verification checksum has a fixed value PVC, which can be encrypted using the key contribution derived from the user pass phrase, as it was described above.

Furthermore, there is a SecurDisc global feature flag mask in Fig. 5 comprising the result of an XOR operation, combining all feature flag masks of all FFITE of this FFIT. Fig. 5 also shows an FFITE chunk size, which is a 32-bit Big-Endian value in this embodiment, and all FFITE may be stored as a chunked information list with a fixed chunk size. At the bottom of the structure shown in Fig. 5 there is a number of FFITE chunks, which specifies the number of FFITE chunks contained in the file fragment information table as a 64-bit Big-Endian value. The chunk list of FFITE starts immediately after the FFITH, as depicted in Fig. 5.

The FFITH may grow as additional fields are added in further embodiments. The location of the FFITE can be calculated as $$\begin{array}{lll}\mathrm{FFITEOFFSET}\left[0\right]& =\mathrm{FFITLSN}*\mathrm{BPS}& +\mathrm{FFITHS}\\ \mathrm{FFITELSN}\left[0\right]& =\mathrm{FFITEOFFSET}\left[0\right]& \mathrm{DIV\; BPS}\\ \mathrm{FFITERBP}\left[0\right]& =\mathrm{FFITEOFFSET}\left[0\right]& \mathrm{MOD\; BPS}\end{array}$$

with FFITEOFFSET[0] being the relative bit position (RBP = Relative Bit Position) of the first FFITE relative to the beginning of the user data area of the disc, BPS is the number of bytes per sector and FFITELSN is the LSN of the FFIT.

The result of this operation is FFITELSN[0], the LSN of the first FFITE and FFITERBP[0], the relative byte position of the first FFITE from the beginning of the sector specified by the FFITELSN[0].

FFITE are stored in ascending order of their fragments' LSN. The location of a particular entry x is calculated as $$\begin{array}{lll}\mathrm{FFITEOFFSET}\left[\mathrm{x}\right]& =\mathrm{FFITEOFFSET}\left[0\right]& +\mathrm{x}*\mathrm{FFITECS}\\ \mathrm{FFITELSN}\left[\mathrm{x}\right]& =\mathrm{FFITEOFFSET}\left[\mathrm{x}\right]& \mathrm{DIV\; BPS}\\ \mathrm{FFITERBP}\left[\mathrm{x}\right]& =\mathrm{FFITEOFFSET}\left[\mathrm{x}\right]& \mathrm{MOD\; BPS},\end{array}$$

where FFITEOFFSET[x] is the RBP of the x-th FFITE relative to the beginning of the user data area of the disc, x is a number between 0 and NUMFFITE-1 and FFITECS is the FFITE content size.

The result of this operation is FFITELSN[x], the LSN of the x-th FFITE and FITERBP[x], the relative byte of the x-th FFITE from the beginning of the sector specified by FFITELSN[x].

An embodiment of an FFITE structure is shown in Fig. 6. Fig. 6 shows an "LSN of File Fragment"-field, which specifies the LSN of the file fragment managed by the FFITE. Moreover, a field is dedicated to the size of the file fragment in logical sectors, specifying the size of the file fragment managed by the FFITE in logical sectors. A logical sector is the smallest logical unit for SecurDisc. If a sector is not used completely, the remaining space can be filled with zeros in this embodiment.

A pass phrase protected field "PP" comprises a flag, also being part of the SecurDisc feature flag mask. If true, the file fragment managed by this FFIT is pass phrase protected. The "CS"-field is also part of the SecurDisc feature flag mask. If true, the content of the file fragment managed by this FFITE can be verified using the "File Fragment Checksum"-field stored in this FFITE.

The "CP"-field is part of the SecurDisc feature flag mask. It can assume four distinct conditions regarding copy protection for the file fragment managed by this FFITE as specified in the Table in Fig. 7. Fig. 7 shows an embodiment of the copy protection values, indicating whether copy protection is used or not for this file fragment, and whether special protected output rules apply.

Fig. 6 further shows the file fragment checksum in case the CS flag is true, this field may contain a AES-128 cryptographic hash of the file fragment managed by this FFITE. If the CS flag is false, this field may contain all zeros. Moreover, Fig. 6 shows in row 6, a space that can be reserved for SecurDisc feature flag mask extensions.

Fig. 8 shows an embodiment of a disc security information structure (DSI = Disc Security Information). The disc security information structure stores global information about disc security. It is stored after all other files on the disc to allow digital signatures to be generated on-the-fly. The location of the DSI may be referenced by the BTAS as mentioned above. The DSI can be stored in a contiguous area of the disc.

Moreover, a backup DSI may be referenced by the BTAS in an embodiment. Its location may be freely selected. However, to achieve maximum reliability, the backup DSI should be physically distant from the first DSI copy. As a minimum requirement, the backup DSI should be stored in a different packet than the primary DSI in an embodiment.

If the backup DSI is located on a disc before the primary DSI, a "RSA Disc Signature"-field of the backup DSI may be assumed to have all its bits set to zero when calculating the digital signature in this embodiment (RSA = Initials of Surnames of Inventors, Rivest, Shamir and Adleman). Moreover, the DSI structure may store up to 65535 redundancy map references in embodiments. This allows for a very fine-grained configuration of redundancy mapping.

Fig. 8 shows an embodiment of a DSI structure. The "DSI Size"-field specifies the size of the structure in bytes, as a Big-Endian value. In this embodiment, the size is 120+(N+1)x1Ch. The DSI identifier can be a 4 byte identifier, identifying the structure as a DSI structure. This identifier may contain the ASCII representation of "BDSI".

In an embodiment a SecurDisc DSI version number specifies the version number of the structure. The first byte may contain the higher version number and the second byte may contain the lower version number in this embodiment. The higher version number may be 01h for this embodiment, the low version number may be 00h. An implementation may only rely on the layout of the remaining information of DSI if the higher version number is 01h. If only the low version number is higher than the version number the implementation supports, the implementation may still rely on the structures that have been defined in a previous version.

The number of redundancy maps N specifies the number of redundancy maps referenced by the structure as a 16-bit Big-Endian value. The minimum number of redundancy maps may be 1 in an embodiment, so the actual number of redundancy maps can be N+1. As mentioned above, in the "Reserved"-field, all bytes may be set to zero.

A "Disc Signature RSA Public Key Hash"-field may contain a 128-bit AES hash value of the public key that can be used for signature verification. It may be used by an implementation to check whether the correct public key has been supplied by the user to verify the authenticity of the disc. If the disc is not digitally signed, all bits of the field may be set to zero.

A "RSA Disc Signature"-field may contain a 256-bit RSASSA-PSS digital signature (PSS = Probabilistic Signature Scheme). If the disc is not digitally signed, all bytes of this field are set to zero. An SHA-1 (SHA = Secure Hash Algorithm) hash value generated for the digital signature contains all data starting from the beginning of the session until the last byte before the "RSA Disc Signature"-field of the primary DSI. If the area covered by the SHA-1 hash includes the backup DSI structure, the structure can be included in the hash with its "RSA Disc Signature"-field set to all zeros.

The redundancy information contains information about redundancy maps on the SecurDisc media. It is used when data is stored redundantly to allow recovery from fatal read errors, and corresponds to control information, specifying location and presence of redundancy data, according to an embodiment.

A more detailed embodiment of a redundancy information structure is shown in Fig. 9. The structure shown in Fig. 9 may repeat N+1 times, so one entry can be present for each redundancy map defined in the DSI structure explained above. If the "Map Type"-field is set to false, the "Redundancy Level"-field specifies how many packets may form a redundancy group. The value may be in the range from 1 through (2³²-1) with 1 being the highest security level. If the "Map Type"-field is set to true, the redundancy level may specify how many redundancy packets are written for a single user data packet. The value can be in the range from 1 to (2³²-1) with 2³²-1 being the highest security level. In one embodiment setting this field to zero may serve as switching off the enhanced data security feature.

The "Map Type"-field may specify the type of mapping between redundancy packets and user data packets, i.e. between data and redundancy data. If this bit is set to true, the mapping between user data packets and redundancy packets may be 1:N. This means that for a single user data packet, at least one redundancy packet exists. The exact number may be specified by a "Redundancy Level"-field. If the bit is set to false, the mapping between user data packets and redundancy packets may be N:1. This means that at least one user data packet may be mapped to a single redundancy packet. The exact number of user data packets mapped to a single redundancy packet may be specified by the "Redundancy Level"-field. In the "Reserved"-field, all bits are set to zero as mentioned above.

A "Redundancy Function"-field can specify the redundancy function used. In one embodiment, a value of 00h may indicate that enhanced data security is not used. For example, a value of 01h may indicate that an XOR redundancy grouping scheme is used. In this scheme, two data packets are processed using an XOR operation, of which a redundancy packet results. Any two of the then three packets allow to restore the two data packets. The "Redundancy Function"-field may specify other redundancy functions as, for example, the usage of Reed Solomon encoding, a convolutional coding scheme or even enable the usage of turbo codes.

A "Number of Redundancy Map Entries"-field may specify the number of redundancy map entries as a Big-Endian DWORD value. The "Redundancy Map LSN"-field specifies the LSN of the redundancy map as a Big-Endian 64-bit value or zero if the enhanced data security feature is not used. A "Backup Redundancy Map LSN"-field may specify the LSN of the backup redundancy map as a Big-Endian 64-bit value or zero, when the feature is not used.

The redundancy map information structure provides a 1:N or N:1 mapping between user data packets and redundancy packets. Which mapping mode is in use for a particular disc may be determined by the "Map Type"-field specified in the "Redundancy Information"-field of the DSI structure. If the "Map Type"-field is set to false, a unique packet corresponds to a redundancy packet and a mapped packet corresponds to a user data packet according to the structure depicted in Fig. 10. If the "Map Type"-field is set to true, a unique packet corresponds to a user data packet and a mapped packet corresponds to a redundancy packet in Fig. 10. Therewith, different code rates are enabled, which are literally 1:N, respectively N:1. The redundancy map comprises entries according to the structure depicted in Fig. 10. Redundancy map entries are sorted in ascending order of their unique packet number in this embodiment.

A backup of the redundancy map information is referenced by the DSI structure. Its location may be freely selected. However, to achieve maximum reliability, the backup redundancy map should by physically distant from the first copy. As a minimum requirement, the backup redundancy should be stored in a different packet than the primary in an embodiment.

In Fig. 10, a "Unique Packet Number"-field may specify a packet number of the unique packet with the meaning specified above. The packet number of a "Mapped Packet#N"- field may specify a REDLEVEL entry following the unique packet number. They specify the mapped packets with the meaning specified above.

Fig. 11 shows an embodiment of an application revocation block structure (ARB = Application Revocation Block). The primary and backup ARB are referenced by the BTAS. The allocation may be freely selected. However, to achieve maximum reliability, the backup ARB should be physically distant from the primary ARB copy. In one embodiment, the minimum requirement would be to store the backup ARB in a different packet than the primary ARB.

The application revocation block, as exemplified in Fig. 11, may serve as a key ingredient and has two fields. According to Fig. 11, the "ARB Length"-field specifies the length of the application revocation block in bytes as a Big-Endian WORD value. The "Application Revocation Block"-field specifies the application revocation block in the format of a revocation block, as described above.

Part of an embodiment of SecurDisc, can be that a SecurDisc feature descriptor allows the host to determine whether SecurDisc is supported by an optical disc drive and whether the optical disc currently in the drive can be used with SecurDisc. In an embodiment the feature will be set to active regardless of whether an optical disc has already been written to using SecurDisc or not. An optical disk drive (ODD = Optical Disk Drive) may support a GET CONFIGURATION command as specified by the MMC/MtFuji (MMC = Multimedia Command) specification and it may be used to obtain the feature descriptor from the ODD. The execution of this command may not be required prior drive host authentication.

An embodiment of a feature descriptor structure is depicted in Fig. 12. The structure in Fig. 12 shows a feature code, which could for example be 0113h (Big-Endian) for an embodiment of Securdisc. The "Current"-field comprises a flag indicating whether an optical disc can be used for Securdisc recording is in the drive. The "Persistent"-field comprises a flag indicating that the status of the current flag may change any time, in other embodiments it may always be set to true. Moreover, the "Version"-field may always be set to zero for a version of an embodiment. It is meant to change, only if any optical disc drive side changes may occur in the future. The "Reserved"-field is reserved and may contain only zeros in this embodiment. The "Additional Lengths"-field may be set to 4 to allow for future extensions. If the CPA (CPA = Copy Protection Active) is set to true, this flag specifies that the Securdisc copy protection feature can be used with the optical disc that is currently inserted in a drive.

After the Securdisc feature descriptor is read, the host may make sure that it is working with a licensed Securdisc drive. Reading the Securdisc feature descriptor can be mandatory for drive host authentication to work in some embodiments. During drive host authentication, in addition to making sure that both the host application and the optical disc drive are licensed components, a bus key can be established. This bus key is used later to exchange cryptographic data for copy protection. Drive host authentication may be required before writing any Securdisc content.

Embodiments of the present invention provide the advantage that data can be verified and their origin can be authenticated. Therewith, embodiments of the present invention provide an enhanced data security and reliability.

Depending on certain implementation requirements of the inventive methods, the inventive methods can be implemented in hardware or in software. The implementation can be performed using a digital storage medium, in particular, a disc, DVD or a CD having an electronically readable control signals stored thereon, which co-operate with a programmable computer system, such that the inventive methods are performed. Generally, the present invention is, therefore, a computer program product with a program code stored on a machine-readable carrier, the program code being operated for performing the inventive methods when the computer program product runs on a computer. In other words, the inventive methods are, therefore, a computer program having a program code for performing at least one of the inventive methods when the computer program runs on a computer.

100

Apparatus for writing

105

Storage medium

110

Means for providing

115

Writer

120

Means for encrypting

150

Apparatus for verifying

155

Storage medium

160

Means for reading

165

Means for providing second checksum

170

Means for providing verification

175

Means for decrypting

300

Storage medium

310

Data section

320

checksum/integrity section

330

Control information/jump table