HDCP: HIGH-BANDWIDTH DIGITAL CONTENT PROTECTION
A Complete Solution Comprised of Software and Hardware IP
Accelerating the development of interoperable media devices both, wired and wireless
High-bandwidth Digital Content Protection (HDCP) is a method of protecting digital entertainment content such as high-definition movies, pay-per-view television or music on home and personal networks including devices such as PCs, tablets, smartphones and gaming devices. Licensed to device manufacturers by Digital Content Protection LLC (DCP), the initial 1.x versions of HDCP were mainly used over HDMI wired connections with great success, achieving over 3 billion implementations. As content distribution has moved to phones and tablets and key leakage vulnerabilities were found, the HDCP standard has evolved to keep pace, with 2.x versions that protect TCP/ IP based connections across an array of wired and wireless interfaces and provide greater key protection.
HDCP combines the need for managing and performing advanced cryptographic functions, incorporating authentication, digital signature algorithms, key storage and management all in accordance with the specified standard. The development of this type of encryption engine and management software requires expertise in cryptography, digital rights management, hardware and software design, a level of security specialization best handled by experts and which can lead to long development cycles for those looking to implement HDCP internally without the required expertise.
HDCP Solution Features
- Comprehensive support for the HDCP standard
- Efficient solutions for both compressed and uncompressed data streams
- Support for HDCP 2.0, 2.1 and 2.2
- Backward compatibility with HDCP 1.3, 1.4
- Configurable for designs using a Trusted Execution Environment (TEE)
- Hardware IP-based content protection for designs without a TEE
HDCP Solutions With or Without a TEE
Inside Secure offers alternative methods for implementing an HDCP solution:
- Designs using a Trusted Execution Environment (TEE): As part of the HDCP license, an integrator agrees to certain rules, including the use of hardware protection for storing secret keys and for implementing the cryptographic functions. A TEE is considered to provide hardware based protection; Inside Secure provides a software solution, operating within the TEE, which implements all the functions of the HDCP protocol. Hardware acceleration options are also available to enhance the TEE-based solution in cases where higher performance or more CPU offloading are required.
- Designs without a TEE: When a TEE is not part of the system design, Inside Secure delivers a solution with all the HDCP content protection functions implemented in a highly secure hardware IP module
Both approaches significantly reduce the cost and complexity of security solutions while helping designers get to market quickly with HDCP compliant, robust cryptographic content protection across a range of architectures and use cases.
INSIDE Secure’s HDCP Software Solution
The Inside Secure HDCP2.2 High-bandwidth Digital Content Protection software solution provides all the required features for a complete content protection solution and includes all control and management software for the HDCP2.2 specification. It is fully backwards compatible with the earlier versions: HDCP2.1 and HDCP2.0.
The HDCP software, without hardware acceleration, is sufficient in cases where a TEE is available and the content is in a compressed data stream. In this situation, very high performance is not a requirement.
For situations where a TEE is available but using an uncompressed video protocol (for example, HDMI or DisplayPort), the HDCP software needs to access the EIP-114 Datapath Engine, an AES cypher IP core which delivers the required level of high-bandwidth performance. This module implements the HDCP 1.4 and HDCP 2.x data plane in hardware. It is designed for integration with a TEE and must be located within the security boundary of the processor.
The HDCP software also includes specific API’s for signaling the HDCP protection status to a higher level content control function like DRM, and can be used in combination with Inside Secure’s DRM PlayReady and Widevine software solutions to implement a complete end-to-end content protection solution.
INSIDE Secure’s HDCP Hardware IP Solution
For implementations that do not include a TEE, the EIP-116 Hardware Security Module is available. This security module provides all the required technology for implementing a secure HDCP2.2 content protection solution. It includes functions like Secure Key Storage, all cryptographic computations and AES based ciphering as defined in the HDCP2.2 specifications.
The EIP-114 IP module is offered for systems with at TEE that need to support uncompressed content with HDCP1.4/2.x protection. The EIP-114 module includes a data plane only implementation, where the EIP-116 implements both the HDCP control plane and the data plane for compressed streaming interfaces like DLNA and Miracast.
Both the EIP-114 and the EIP-116 modules include an AES-128 based cipher engine for encrypting or decrypting the content stream. The EIP-116 also provides all the cryptographic functions for Authentication, Key Exchange, Locality Check and certificate verification. In addition to a very high level of security the EIP-116 module offers significant performance improvements and reduced power consumption compared to a software only implementation.
The EIP-116 module includes a secure interface to Non-Volatile Memory (NVM) for storing and retrieving the HDCP2.2 secure keys which must be programmed during the manufacturing of the device. The EIP-116 hardware security module can be integrated into a wide range of semiconductors, including Application Processors, Multimedia Processors, SoCs for Settop Boxes and Graphics Processors. The EIP-116 generates session keys and input vectors which are then used by the AES-128 based cipher core within the module. EIP-116 supports a variety of interfaces, including USB, WiFi and Ethernet for streaming compressed video.
In addition, for systems without a TEE, EIP-116 can be used as both the control plane and data plane security module for the protection of streaming un-compressed video over HDMI and DisplayPort.