On Tuesday, May 8th, 2007 TiVo was issued a patent for a method of locking down hard drives such that they can only be accessed from inside one host machine. The idea behind this methodology is creating a password that would be so difficult to guess by the time you actually cracked it the drive it protected would be long dead. The method is described as follows from the patent document: "An authentication system for securing information within a disk drive to be read and written to only by a specific host computer such that it is difficult or impossible to access the drive by any system other than a designated host is disclosed. While the invention is similar in intent to a password scheme, it significantly more secure. The invention thus provides a secure environment for important information stored within a disk drive. The information can only be accessed by a host if the host can respond to random challenges asked by the disk drive. The host's responses are generated using a cryptography chip processing a specific algorithm. This technique allows the disk drive and the host to communicate using a coded security system where attempts to break the code and choose the correct password take longer to learn than the useful life of the disk drive itself." This reminds me of another system used by AutoCAD for the release 12 product version. When I was in high school I took a drafting class which used R12. Each day at the beginning of class I had to plug in a hardware dongle into the printer port of my machine before launching the software. The idea behind this was that the application would ask the hardware dongle a question and the hardware dongle would look up the answering in a huge table of possible answers. The premise for protection was it would take computing power at the time a claimed 25,000 years to generate a complete answer table. This was a great idea in theory but it had, in my humble opinion, one flaw, why would someone waste time trying to guess every possible answer to a question when they could just prevent the question from ever being asked in the first place. For those who are not sure what I'm talking about, imagine a fence consisting of a single picket one mile high. Why attempt to scale the one mile picket when you could just walk around it. It was much easier to deconstruct the program and remove all the code that queried the hardware dongle. Then all you had to do was drop this into your favorite IRC chat room or FTP server and it would be quickly distributed to any and all. My legalese is a bit rusty but from reading the patent document it sure sounds like a similar method of securing the hard drive inside a TiVo unit. The catch here is that this is wholly implemented in hardware, making it several orders of magnitude harder for someone to by-pass this security mechanism, let alone create a generic patch for the masses to consume. Despite these technological hurdles I believe there will be those who view this not as a step forward in digital rights management (and I'm not sure it is) but a challenge that must be met and defeated. I believe in the coming years there will be fairly detailed guides on how to defeat and/or by-pass this security mechanism for those with the stomach and technological know how. I can understand why TiVo is doing it. They have a great product and some pretty cool intellectual patents around their technology. But they are far from having the financial clout like Microsoft or Google to defend themselves from potential infringers (although that may change if Dish loses their appeal which could net TiVo $130 million). My guess is from their perspective it's best to try and appease the studios with technology such as this then risk a lengthy and possibly bankrupting lawsuit with Hollywood. An ounce of prevention is worth a pound of cure after all. |