Mt Fuji MeetingJune 5th/6th, 2007

SecurDisc

Nero action items SecurDisc

1. DUID redundancy

2. Drive and host Revocation1. Revocation mechanism

1. Authentication

2. Writer application

3. Reader application

2. Updating revocation information

3. Command set changes1. SecurDisc Feature Descriptor, CPA bit

2. Send Key, Key Format 0

1. DUID redundancy

The Disc Unique ID (DUID) is written in an unused Lead-In area. In order to increase the reliability against scratches, defects etc it is written in different ECC blocks.

2. Drive and host revocation

Drive and host revocation can be performed in two steps:

1. During authentication process

2. Before reading and decrypting SecurDisc protected user data

In order to perform revocation following elements are needed: Drive Revocation Block (DRB): build in host, used to revoke

compromised drives during authentication Application Authentication Revocation Block (AARB): stored in the

drive, used to revoke compromised applications during authentication Application Revocation Block (ARB): stored in the user data area of

the disc, used to revoke compromised applications before reading and decrypting SecurDisc protected user data

2. Drive and host revocation – revocation mechanism

1. Authentication

During authentication the drive checks if the application identified by his Application Unique ID (AUID) is valid using the AARB stored in the drive.

The host checks if the drive identified by his Device Unique ID (DEVID) is valid using the DRB included in the application.

Drive verifies host using AARB

Hostaccepted?

Host verifies drive using DRB

Yes

Driveaccepted?

Host revoked

No

Drive revoked

No

Authentication established

Yes

Start Authentication

Authentication

2. Drive and host revocation – revocation mechanism

Host writes own ARB to disc

Authentication established

Create a key ingredient from

ARB for encryption

Data can be encrypted

Writer application

2. Writer application

Before writing starts, the host writes his build-in ARB into the user data area of the disc and uses the ARB as a key ingredient for encrypting user data.

2. Drive and host revocation – revocation mechanism

3. Reader application

In order to decrypt the SecurDisc protected user data on a written disc the host needs to read the ARB from the disc and build a key ingredient for decrypting the user data using the ARB and the Application Unique ID (AUID).

Host read ARB from disc

Authentication established

Create a key ingredient from

ARB for decryption

Decryption valid?

Data can be decrypted

Host revoked

No Yes

Reader application

2. Drive and host revocation – updating

can revoke location updated

DRBDrive Revocation Block

Drive Host application

Update of host application

AARBApplication Authentication Revocation Block

Host application

Drive Drive firmware update

ARBApplication Revocation Block

Host application

Disc Update of host application

…which writes an updated ARB on a new disc. Compromised reader applications cannot build the key ingredient for decrypting data.

3. Command Set changes

1. SecurDisc Feature Descriptor, CPA bit

Bit

Byte

7 6 5 4 3 2 1 0

0 (MSB) Feature Code = 113h

(LSB)1

2 Reserved Version = 0h Persistent Current

3 Additional Length = 04h

4 CPA

5Reserved6

7

CPA bit will be removed for version 0 (Version = 0) of this Feature Descriptor. Future versions may have this or additional bits in case additional drive features will be added and specified.

3. Command Set changes

2. SEND KEY, Key Format 0

Key Format code definitions for SEND KEY command (Key Class = 21h)

Key Format Sent Data Description AGID Use

000000b 000001b

Host Key Contribution

Send host random number and protocol version

Valid AGID required

111111b NoneInvalidate Specified AGID.Invalidating an invalid AGID shall not be considered an error.An AGID that has not been granted shall be considered invalid.

All other values Reserved

In order to be conform with the SEND KEY definitions in Mt. Fuji where each Key Format number of REPORT KEY has a functional equivalent for SEND KEY, we changed the Key Format for Host Key Contribution from 000000b to 000001b.