CD and Copy Prevention question

Factual Questions
1

Ok Mod’s I’m not asking for help in bypassing protection of any sort just some questions.

An article on The Register’s website talks about a “Copy-Proof” CD that an Israeli security firm has developed. This technology is smart card based and is part of the CD. Supposedly this technology will work on conventional PC CD or DVD drives but they don’t mention about stereo cd players.

The idea behind it is you can copy the CD or DVD wich will copy the data but the smart card on the CD/DVD wouldn’t be copied.

This leads me to a few questions

  1. How can a CD or DVD player read a smart card when it is not part of the CD or DVD spec

  2. Would CD’s using this not be able to use the CD logo just like the CD like disc’s with other protections can’t use the CD logo

and

  1. With a CD or DVD being a read only media how can a smart card know if the software has been installed
2

I’m sceptical, this sounds more like marketecture (A Register term for an architecture lead by marketing rather than technology) than a technical innovation. There is nothing magical about a smart card, it is just a format for storing data. Since a normal optical drive doesn’t have the hardware to read a smart card, what they are probably doing is just storing a digital certificate in the normal optical way on the CD or DVD. The site points out that they are targeting software vendors as their customers, so this isn’t about music CD or movie DVD protection. The digital certificate would be used to encrypt/decrypt the contents of the CD, and could be used to enforce licence agreements.

3

kferr I’m a skeptical also since according to one site, the defination of a Smart Card is "Smart Card ~ Conforms to ISO 7816 dimensions, is a portable programmable device containing an integrated circuit and stores and process information " so how a smart card can be on a CD I have no idea.
Also many DVD’s refer to their content as software I assume because they consider the menu to be a program so this applies to entertainment titles on a DVD

4

Based on the hype on their website, the embedded circuitry can “receive, store, process, and transmit information”. I’m just guessing wildly here, but this might be how it works: it’s a regular disc that’s covered with an extra layer containing smart card circuitry. Parts of this layer (probably most of it) is completely transparent.

The smart card circuitry has light-sensitive areas that can detect particular reading patterns from the disc - this is how it can receive information, for example from an installation program stored unencrypted on the disc. Based on the received information the circuitry could alter the reflectivity on another part of the disc, perhaps to match a sequence of keys used for decrypting the rest of the data. A raw copy of the disc would obviously not be able to change dynamically in this way, and so wouldn’t work.

If properly done, such a disc would be readable using regular CD/DVD drives. It’s a cool idea, but like all similar technology it can’t offer any real protection against pirating. If you can read the information, you can copy it.

5

What it could be is a encryption key. Without the smart card (or trying to read the disk on a cd drive w/o the smart card reader) will get you nothing.

justa wag

6

Color me skeptical too. First it would require the computer hardware to cooperate and second, as soon as tit is out it will be cracked. No way.

BTW, IBM was proposing something similar with hard disks which would not copy copyrighted data. It’s fun to remember how all these things went nowhere.

7

There are lots of problems with this scenario. First of all, smartcard doesn’t work that way. You can call it anything you want, as long as it is not something prescribed by an existing industrial stardard. Maybe, say, CleverCard. Secondly, detecting read patterns won’t help since there is no difference between reading a legit copy and a pirated copy. Third, you can’t have all that crap on the disc and still call it a CD. Remember Compact Dicc is a trademark held by Philips, and there is a standard to be adhered to.

There are also assorted technological problems I won’t get into now.

I am highly skeptical of this.

8

The firm that developed the technology claims that it will work in existing CD and DVD-ROM drives. I am skeptical. Supposedly, there is a “smart card” and the associated circuity sitting behind the data layer that somehow authenticates the drive, then returns a code needed to decrypt the data. The only way I could see this working is if they invented some way to dynamically change the data on a certain part of the CD surface, and I have no idea how that could be possible. Even if you can do that, how do you POWER the smart card?
I think it will end up being the standard type of copy protection, with a twist. You’ll have a huge encrypted file on the disk containing the data, and a small autorunning program that decrypts it. The program retrieves the decryption key from a protected area of the disk (Subchannel or bad-CRC), and uses this to decrypt and open the contents of the disk. This kind of copy protection would be effective at preventing piracy for about the first two hours after release of the disk, beyond that someone will find out where the key is kept, and the whole scheme is pointless. They probably work in the smart card by using it to hold the key, or to “authenticate” the disk.

9

The read pattern isn’t used by the smart card to validate the disc, it’s used by the installer to communicate with the card.

The card could have a large photodetector covering several circular “tracks” of the disc, say tracks 1 to 1000 (I know CDs aren’t separated into tracks, but cut me some slack), and a way to change the reflectivity of other tracks, say an LCD covering tracks 1000 to 2000.

The installer tells the CD-ROM drive to read tracks 1, 500, 600, 300, and 1000 to activate the smart card. As the drive reads from the tracks, it shines a laser on the photodetector. The smart card detects that particular pattern and begins outputting a decryption key with the LCD… maybe one bit of the key per track. The installer reads from the output tracks, and where the LCD has been turned on, it reads a 0; where the LCD has been turned off, it reads a 1.

There are still technical problems: The behavior of the laser is uncontrollable. Maybe some drives leave the laser on whenever the disc is spinning, so the laser would end up striking every part of the smart card input whenever the head moves past it.

The smart card can’t be powered by the laser alone, it would need a battery. What happens when the battery dies, you have to buy a new CD? (On second thought, that’s probably exactly what they want you to do.)

The smart card won’t work without a specially designed program to use it. So this won’t work on audio CDs and probably won’t work on DVDs.

And practical problems: Once the key is found by crackers, the encryption is broken; all you need to do is download a cracked version of the installer that includes the key. It’s possible (though expensive) for each disc to have a different key, but in that case, it’d still be relatively easy for crackers to produce an ISO, so you can download it and burn an unencrypted CD.

10

Before this gets out of hand: taking marketing crap at face value and dreaming up advanced technological scenarios fulfilling these promises is a game I like to play, and sometimes I get a bit carried away. The above fantasy is based on the receive/store/process/transmit claim - that would require technology along the lines of what I described. There are lots of practical problems, and it might not be feasible, but I think it is possible. Exploring the possible is an interesting exercise, isn’t it?

You should, of course, be sceptical of this. Even if it does work like they claim it would only be a fancy and considerably more expensive way of the “defeat grandma” copy protection already available.

Well, assuming my scenario, the difference would be the “smart card” technology, which wouldn’t be present on a copy. The read pattern recognized doesn’t necessarily have to be any different from a standard read operation from some part of the disc; that would make cooperation from hardware or software unnecessary.

Good point, but that’s just a case of terminology and trademarks. Philips doesn’t like it, but there are lots of products already out there in violation of the CD specifications (like 99 min CDs). If it looks like a CD and is readable like any other CD, customers will consider it a CD.

To me, this is one of the more interesting engineering problems. The embedded circuitry would be extremely simple and shouldn’t need much power, so I thought it might just be possible to use the laser energy. Perhaps not; I’ll have to think about that.

11

Ok I just came across an article at technologyreview.com that has a tad bit more info. They say

"A “smart card” embedded in the CD unlocks the disc’s encrypted content. You can copy the CD, but without the card the software won’t run. Try to install the software on more computers than the publisher allows and the smart card will shut you downThe technology works by turning an ordinary CD drive into a smart-card reader. A photodetector at the edge of the CD turns the drive’s laser light into electrical pulses, which travel to the embedded smart card and request the key. If the card deems the request legitimate, it returns the key as an electronic signal that an onboard light-emitting diode converts into light and beams back to the drive. "

What would prevent someone from reading the unlocked information to another form of media then writing an unlocked version to another CD?

12

The same location on the disc (where the LED is) will contain different data when it’s read more than once, but a normal CD will always have the same data in the same place.

However, there’s nothing to stop people from using regular cracking techniques to create a CD that will work. Once the key is found (perhaps by running the installer under a debugger and waiting for it to read the key from the smart card), someone can just decrypt the data and create a new installer.

13

You cannot communicate with the card. There is no such provision in any CD/DVD drives.

That won’t fly, because

a) a large photodetector can only detect whether the laser is on or off, it cannot detect any bit patterns. That will require a large array of photodetectors that aligns perfectly with the “dots” on a CD’s surface

b) The photodetectors must be *in front *of the reflective layer, but this means the detectors must be transparent or nearly so, otherwise they’ll just completely mess up reading the CD.

c) Not just the photodetectors but the “smart card” and huge number of wires or other connectors must be also in front of the reflective layer.

d) You need to power the whole circuitry indefinitely.

e) The extra layer adds to the thickness of the disc.

f) You need some material that will become reflective in an electric field. Liquid crystal doesn’t cut it.

g) Cost.

As I pointed out above, you need an enormous array of photodetectors, a spider web of connectors, the card circuitry, power source, and some strange and unknown material, all packed in front of the reflective layer in an extremely precise manner.

Highly implausible.

14

This sounds like that company that had invented the incredible compression algorithm. They find some investors, take the money and run. Let’s see where this particular invention goes.