Get Started Today! Contact Us For More Information

Controlled Remote Display

HDCP: A Complete solution comprised of software and hardware IPs /  DTCP: A Complete solution comprised of software and hardware IPs

 

Accelerating the development of interoperable media devices both wired and wireless

High-bandwidth Digital Content Protection (HDCP) is a method for protecting digital entertainment content such as high-definition movies, pay-per-view television or music on home and personal networks including devices such as PCs, tablets, smartphones and gaming devices. Licensed to device manufacturers by Digital Content Protection LLC (DCP), the initial 1.x versions of HDCP were mainly used over HDMI wired connections with great success and over 3 billion implementations. With content distribution moving to mobile devices including phones and tablets, new security vulnerabilities have appeared. The HDCP standard has evolved to solve these issues with 2.x versions that protect TCP/ IP based connections across an array of wired and wireless interfaces.
HDCP combines advanced cryptographic functions, authentication, digital signature algorithms, key storage and management, all in accordance with the standard. The development of this type of content protection solutions requires time and expertise in many domains including cryptography, DRM and hardware and software design. INSIDE Secure HDCP solutions are ready-to-use.

 

INSIDE Secure HDCP Software Solution

The INSIDE Secure HDCP2.2 software solution provides all the required functions for an efficient content protection. It includes all the control and management software following the HDCP2.2 specifications. It is fully backward compatible with the earlier versions: HDCP2.1 and HDCP2.0.
The HDCP software, without hardware acceleration, offers enough performances in the cases where a TEE is available and the content is in a compressed data stream.
For situations where a TEE is available but an uncompressed video protocol is used (for example, HDMI or DisplayPort), the HDCP software needs to be supported by INSIDE Secure EIP-114 Datapath Engine, an AES cyphering hardware IP which delivers the required level of performance. This module implements the HDCP 1.4 and HDCP 2.x data plane in hardware. It is designed for an integration with a TEE and must be located within the security boundary of the processor.
The HDCP software also includes specific APIs to manage the protection status in cooperation with higher level content control functions such as INSIDE Secure DRM Fusion Agent, thus implementing a complete end-to-end content protection process.

 

INSIDE Secure HDCP Hardware IP Solutions

For implementations that do not include a TEE, INSIDE Secure EIP-115 Hardware Security Module is available. This security module provides all the required functions to implement a secure HDCP2.2 content protection solution. It includes advanced security procedures such as secure key storage, all cryptographic primitives and AES based ciphering as defined in the HDCP2.2 specifications. 
The EIP-114 hardware IP module is suitable for systems with a TEE that need to support uncompressed content with HDCP1.4/2.x protections. The EIP-114 module includes a data plane only implementation, whereas the EIP-115 implements both the HDCP control plane and the data plane for compressed streaming interfaces like DLNA and Miracast.
Both the EIP-114 and the EIP-115 modules include an AES-128 ciphering engine for the encryption or decryption of the content stream. The EIP-115 also provides all the cryptographic functions for Authentication, Key Exchange, Locality Check and certificate verification. In addition to a very high level of security, the EIP-115 module offers significant performance improvements and reduced power consumption compared to a software only implementation.
The EIP-115 module includes a secure interface to Non-Volatile Memory (NVM) to securely store the HDCP2.2 secret keys. The EIP-115 hardware security module can be integrated into a wide range of semiconductors, including application processors, multimedia processors, SoCs for Set-Top-Boxes and graphics processors. The EIP-115 generates session keys and input vectors which are then used by the AES-128 ciphering core. It supports a variety of interfaces including USB, WiFi and Ethernet for the streaming of compressed video.
In addition, for systems without a TEE, the EIP-115 can be used as both the control plane and the data plane security module for the protection of un-compressed video streaming over HDMI and DisplayPort.

 

Key Features

HDCP Solution Features

  • Comprehensive support of the HDCP standard:
    • Efficient solutions for both compressed and uncompressed data streams
    • Support of HDCP 2.0, 2.1 and 2.2
    • Backward compatibility with HDCP 1.3, 1.4
  • Configurable for designs using a Trusted Execution Environment (TEE)
  • Hardware IP-based content protection for designs without a TEE

HDCP Solutions With or Without a TEE

INSIDE Secure offers alternative methods to implement HDCP:

  • Designs using a Trusted Execution Environment (TEE): Included in the HDCP license, integrators agree on certain rules, including the use of hardware protection to store the secret keys and to implement the cryptographic functions. A TEE is considered to provide enough hardware protection. INSIDE Secure provides a software solution, operating within the TEE, which implements all the functions of the HDCP protocol. Hardware acceleration options are also available to enhance the TEE-based solution in the cases where higher performances or more CPU off-loading are required.
  • Designs without a TEE: When a TEE is not part of the system design, Inside Secure delivers a solution with all the HDCP content protection functions implemented in a highly secure hardware IP module

Both approaches significantly reduce the cost and complexity of HDCP security solutions helping designers shorten the time-to-market with HDCP compliant, robust cryptographic content protection across a range of architectures and use cases.

 
secure-distribution

 

DTCP: A Complete solution comprised of software and hardware IPs

 

Accelerating the development of interoperable media devices both wired and wireless

Digital Transmission Content Protection - Internet Protocol (DTCP-IP) is a method for protecting digital entertainment content such as high-definition movies, pay-per-view television or music on home and personal networks including devices such as PCs, tablets, smartphones and gaming devices. It has been widely adopted across the globe in consumer electronic products from set top boxes and digital TVs to Blu-ray and DVD recorders, in conjunction with a spectrum of cable, satellite, and media services and over a variety of wireless and wired interfaces.
Now referred to as DTCP-IP (Digital Transmission Content Protection - Internet Protocol), the standard provides a framework for the protection of Internet-based premium content. DTCP-IP is a mandatory requirement for DLNA devices that support protected streaming and applies to many Digital Rights Management (DRM) and content protection solutions. DTCP-IP combines the management of advanced cryptographic functions, authentication, digital signature algorithms, key storage and management, all in accordance with the standard. The development of this type of content protection solutions requires time and expertise in mainy domains including cryptography, DRM and hardware and software design.INSIDE Secure DTCP-IP solutions are ready-to-use.

 

Server and player support for protected streaming and move/copy

INSIDE Secure solutions for DTCP-IP can be used for streaming media and deployed for both transmission (server side) and reception (client side). When deployed on the server side it encrypts premium contents saved on a server using DTCP-IP and distributes the encrypted files to a client player. DTCP-IP prevents contents from being pirated by performing interactive device authentication between the server and the player before initiating the encrypted communications.
To copy or move between devices content data requiring copyright protection, DTCP-IP copy/move must be supported on both the transmitter and the receiver sides. A device that is capable of recording digital broadcasting programs encrypts and transmits the recorded data, and a receiver displays them. If a receiver device has a server feature, it can also stream and distribute moved/copied content. DTCP-IP also supports the ability to enforce copy rules.

 

Optimized for mobile to support the growing number and type of mobile devices

Multi-screen viewing and the ability to access premium content on mobile devices has become a standard expectation. Given this expectation and the need to monetize and protect contents, device manufactures are facing the challenge to meet the security requirements of the content providers and to deliver a positive consumer experience. Moreover, a low power consumption in often mandatory in the mobile world. As a consequence, deploying an optimized mobile solution is key. INSIDE Secure DTCP-IP solutions are optimized to reduce the power consumption and to also offer the ability to off-load data processing to the hardware, thus further reducing the power used by the DTCP-IP protocol.

 

Technology Overview

In a system where premium contents are available and require copy protection, the digital content and the communication between two devices must be protected. The secure part of the content protection system can be implemented by a hardware-protected software using a Trusted Execution Environment (TEE).
INSIDE Secure provides ready-to-use software solutions to implement DTCP-IP and guarantee the protection of the secret keys, the encryption of high-value contents, key exchange mechanisms, mutual authentication and repudiation of devices that have been compromised. Our DTCP-IP solutions support the four layers of copy protection: copy control information, device authentication and key exchange, content encryption and system renewability.
In addition, a highly secure and optimized hardware module (EIP-115) is available to provide the maximum security, an easy system integration, optimal performances and low power consumption for applications where no TEE is required or available. The EIP-115 forms the hardware-based secure area where all the secure parameters and the cryptographic computations are managed during all the DTCP-IP protocol phases from authentication of the connected devices up to and including the generation of the key stream.

 

DTCP-IP Software

INSIDE Secure DTCP-IP software provides all the required features for a complete content protection solution comprised of all content control and management capabilities of the DTCP-IP standard. Besides the cryptographic functions and secure computation module, the software includes the implementation of the state machines as defined by the standard and supports the TCP/IP based communication between a transmitter, a receiver and a repeater (bridge).

 

High Performance Security Module

The EIP-115 Hardware Security Module can be used in cooperation with the INSIDE Secure DTCP-IP software to securely enhance and manage the protocol. The EIP-115 module includes DRM functions that can be used together with INSIDE Secure DRM Fusion agent software to implement an end-to-end content protection solution. It provides all the required services including: secure key storage, cryptographic computations and ciphering as defined by DTCP V1.7 specifications. This module not only generates the session keys and input vectors for the AES-128 based ciphering engine used to encrypt and decrypt the content stream, but also provides all the cryptographic functions for authentication, key exchange, locality check and certificate verification.
In addition to providing the highest level of security, the EIP-115 offers hardware acceleration to perform power optimized cryptographic operations. The module also includes a secure interface to Non-Volatile Memory for the secure storage of the keys.
The EIP-115 is designed to be used in source and sink devices. It can be integrated into application processors, multimedia processors, SoCs for set-top-boxes and graphic processors. It supports multiple commonly used communication interfaces such as USB, Ethernet, WiFi and Bluetooth as well as Media Oriented Systems Transport (MOST) and WirelessHD.

 

Key Features

DTCP-IP Solution Features

  • Comprehensive support of the DTCP-IP standard:
    • DLNA compliant
    • Supports the four layers of copy protection
  • Broad platform support: ARM, MIPS, x86 (32 and 64 bit), PPC, Tensilica
  • Implementation for designs using a Trusted Execution Environment (TEE)
  • Hardware IP-based content protection for designs without a TEE
 

DTCP-IP Solutions With or Without a TEE

INSIDE Secure offers alternative methods to implement the DTCP-IP protocol:

  • Designs using a Trusted Execution Environment (TEE): Inside Secure provides a software solution, easily integrated with a TEE, which implements all the functions of the DTCP-IP protocol.
  • Designs without a TEE: The DTCP-IP software can be implemented simply with OS interfaces. INSIDE Secure also offers a hardware IP module that increases the performances and the security of the system.

Both approaches significantly reduce the cost and complexity of bringing to market server and client DLNA-certified media devices.