Block-based media content authentication
First Claim
Patent Images
1. A block-based media device comprising:
- an authentication mechanism comprising a processor;
the authentication mechanism authenticating a block of data up to a maximum size;
a disk header including a first hash H(1,n1* . . . *nx+1,Y), wherein n1 . . . nx+1 are selected from a group of integers consisting of 1 and the number of hashes necessary to cover the maximum size of the block of data that can be authenticated by the authentication mechanism such that n1<
n2<
. . . nx<
nx+1;
a second hash H(n1* . . . *nx−
1+1,n1* . . . *nx−
1*m nx,Y), wherein m is selected from a group of integers consisting of 1 and the number of child nodes of the first hash;
a block including;
a plurality of third hashes that are children of the second hash block;
a plurality of fifth hashes that are children or grandchildren of one of the plurality of third hashes;
a data block Yk associated with at least one of the fifth hashes, at least one of the third hashes, the second hash, and the first hash, wherein Yk;
is one of a set of data blocks {Y1, Y2, . . . , YN}, wherein H(i,i,Y)=f(Yi) and f(Yi) is a one-way function;
wherein, in operation, the authentication mechanism uses the first hash, the second hash, at least one of the third hashes, and at least one of the fifth hashes to authenticate the data block Yk.
3 Assignments
0 Petitions
Accused Products
Abstract
A technique for security and authentication on block-based media includes involves the use of protected keys, providing authentication and encryption primitives. A system according to the technique may include a secure device having a security kernel with protected keys. A disk drive security mechanism may support authentication of data, secrecy, and ticket validation using the security kernel and, for example, a ticket services module (e.g., a shared service that may or may not be used by other storage devices like flash).
-
Citations
18 Claims
-
1. A block-based media device comprising:
-
an authentication mechanism comprising a processor; the authentication mechanism authenticating a block of data up to a maximum size; a disk header including a first hash H(1,n1* . . . *nx+1,Y), wherein n1 . . . nx+1 are selected from a group of integers consisting of 1 and the number of hashes necessary to cover the maximum size of the block of data that can be authenticated by the authentication mechanism such that n1<
n2<
. . . nx<
nx+1;a second hash H(n1* . . . *nx−
1+1,n1* . . . *nx−
1*m nx,Y), wherein m is selected from a group of integers consisting of 1 and the number of child nodes of the first hash;a block including; a plurality of third hashes that are children of the second hash block; a plurality of fifth hashes that are children or grandchildren of one of the plurality of third hashes; a data block Yk associated with at least one of the fifth hashes, at least one of the third hashes, the second hash, and the first hash, wherein Yk;
is one of a set of data blocks {Y1, Y2, . . . , YN}, wherein H(i,i,Y)=f(Yi) and f(Yi) is a one-way function;wherein, in operation, the authentication mechanism uses the first hash, the second hash, at least one of the third hashes, and at least one of the fifth hashes to authenticate the data block Yk. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
providing a first hash H(1,n1* . . . *nx+1,Y), wherein n1 . . . nx+1 are selected from a group of integers consisting of 1 and the number of hashes necessary to cover the maximum size of the block of data that can be authenticated by the authentication mechanism such that n1<
n2<
. . . nx<
nx+1;providing a second hash H(n1* . . . *nx−
1+1,n1* . . . *nx−
1*m nx,Y), wherein m is selected from a group of integers consisting of 1 and the number of child nodes of the first hash;providing a block including; a plurality of third hashes that are children of the second hash block; a plurality of fifth hashes that are leaf nodes that are children or grandchildren of one of the plurality of third hashes; a data block Yk associated with at least one of the fifth hashes, at least one of the third hashes, the second hash, and the first hash, wherein Yk;
is one of a set of data blocks {Y1, Y2, . . . , YN}, wherein H(i,i,Y)=f(Yi) and f(Yi) is a one-way function;using a hash value H(i,j,k) to authenticate Yk, wherein Yk is one of a set of data blocks {Y1, Y2, . . . , YN} wherein H(i,i,Y)=f(Yi) and f(Yi) is a one-way function; enabling access to data of the data block Yk when the data block Yk is authenticated. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
A processor for processing a first hash H(1,n1* . . . *nx+1,Y), wherein n1 . . . nx+1 are selected from a group of integers consisting of 1 and the number of hashes necessary to cover the maximum size of the block of data that can be authenticated by the authentication mechanism such that n1<
n2<
. . . nx<
nx+1;a processor for processing a second hash H(n1* . . . *nx−
1+1,n1* . . . *nx−
1*m nx,Y), wherein m is selected from a group of integers consisting of 1 and the number of child nodes of the first hash;a processor for processing a block including; a plurality of third hashes that are children of the second hash block; a plurality of fifth hashes that are leaf nodes that are children or grandchildren of one of the plurality of third hashes; a data block Yk associated with at least one of the fifth hashes, at least one of the third hashes, the second hash, and the first hash, wherein Yk;
is one of a set of data blocks {Y1, Y2, . . . , YN}, wherein H(i,i,Y)=f(Yi) and f(Yi) is a one-way function;using a hash value H(i,j,k) to authenticate Yk, wherein Yk is one of a set of data blocks {Y1, Y2, . . . , YN}, wherein H(i,i,Y)=f(Yi) and f(Yi) is a one-way function; enabling access to data of the data block Yk when the data block Yk is authenticated.
-
Specification