Media Key Block

This article may require cleanup to meet Wikipedia's quality standards. The specific problem is: Cases of odd sentence structure and improper punctuation. Please help improve this article if you can. (March 2022) (Learn how and when to remove this message)

The Media Key Block (MKB) is one of the keys included inside the optical discs implementing AACS DRM system. The MKB is used to prevent unauthorized and revoked devices from playing Blu-ray and HD DVD discs content. The MKB is defined by AACS consortium, which is the consortium by companies from the film industry and the electronics industry including IBM, Intel, Microsoft, Matsushita (Panasonic), Sony, Toshiba, The Walt Disney Company and Warner Bros.

The MKB key is found in the physical support (the disc) together with the content of the disc encrypted. The MKB has the function of validating the reproduction devices on which the disc is being played and obtained, from the devices codes, the key that will allow the decryption of the disc content. That is the Media Key (${\displaystyle K_{m}}$). Since August 2022^[ref], version 78 has been the most recent MKB version.^[1]

Blu-Ray and HD-DVD discs contain the following data: the encrypted content (usually video), the Volume ID (VID), the Encrypted Title Key(s), and the MKB. The Volume ID is stored in the BD-ROM Mark (on Blu-ray disc) or burst cutting area (on HD DVD and Blu-ray discs), a special area of the disc unable to be copied by consumer optical disc drives. The MKB is also found encrypted in the disc to prevent it from being extracted off the disc and being manipulated and/or reproduced by another non authorized device.

The reproduction device contains its own keys, unique for each model, called Device Keys. These keys are conceded by the AACS LA. In the moment of the reproduction, one of these keys will decrypt the MKB contained on the disc, and as a result of this process, we obtain the Media key.

The Media key is combined with the VID (Volume ID) and as a result we obtain the Volume Unique Key (${\displaystyle K_{vu}}$). With the ${\displaystyle K_{vu}}$, we are able to decrypt the Encrypted Title Key and obtain the Title key that finally allows to decrypt the content of the disc and view it.^[2]

This way the system can prevent contents from being viewed on devices that have not been authorized. Therefore, the system allows updating the MKB in the future release of the content in order to revoke the compromised devices that are unauthorized to view the content.

Even though it seems a simple mechanism, the MKB key, which is found in the physical support of the disc, follows a complex structure. The MKB is distributed in blocks that contain the version of the Media key, the list of devices that have been revoked, a field to authenticate the MKB, and other fields that specify parameters corresponding to the decryption algorithm and define the structure of the own Media Key and also the Media key itself.

The MKB itself is found inside the field Media Key Data Record and has a variable length but it is always a multiple of 4 bytes.^[3]

Many consumer associations have complained against this system since it can lead to a situation where some physical devices cannot reproduce contents even though they do not infringe any intellectual property, which makes the consumers that use the device model will not be able to view contents encrypted with the MKB.

This situation has become even worse with the recent publication in multiple web sites of the Media Key, which is the key that allows decryption of Volume ID,^[4] and at the same time, the encrypted content, without the need of using a playback device authorized by the AACS or a valid MKB to view the content, can be viewed on the unauthorized device. This is especially critical because nowadays the Volume ID is the same in all the Blu-ray and/or HD-DVD discs of the same content.

• AACS web page.
• Guide to understand AACS.
• Introduction and Common Cryptographic Elements. Rev. 0.91.
• AACS Technical Overview. 7/2004.