DTCP-IP: DIGITAL TRANSMISSION CONTENT PROTECTION – INTERNET PROTOCOL
Now referred to as DTCP-IP (Digital Transmission Content Protection — Internet Protocol), the standard provides a framework for the protection of Internet-based premium content. DTCP-IP support is a mandatory requirement for DLNA devices that support protected streaming and applies to many Digital Rights Management (DRM) and content protection solutions. DTCP-IP combines managing and performing advanced cryptographic functions, incorporating authentication, digital signature algorithms, key storage and management all in accordance with the specified standard. The development of this type of encryption engine and management software requires expertise in cryptography, digital rights authentication, verification against the DTLA standards, hardware and software design, a level of specialization best handled by experts and which can lead to long development cycles for those looking to implement DTCP-IP internally without the required expertise.
Server and player support for protected streaming and move/copy
INSIDE Secure’s solutions for DTCP-IP can be used for streaming media and deployed for both transmission (server-side) and receiving (client-side). When deployed server-side it encrypts premium content files saved on a content serving device using DTCP-IP and streams the encrypted files to a client player device. DTCP-IP prevents contents from being leaked illegally by performing interactive device authentication between server and player devices before initiating the encrypted communications.
To copy or move content data requiring copyright protection between devices, DTCP-IP move/copy must be supported by both content data’s transmitter and receiver. A device that is capable of recording digital broadcasting programs encrypts and transmits the recorded data, and a receiver displays it. If a receiver device has a server feature, it can also stream and distribute moved/copied content. DTCP-IP also supports the ability to enforce copy rules regarding whether copies may be made and the number of copies allowed under license.
Optimized for mobile to support the growing number and type of mobile devices
Multi-screen viewing and the ability to view premium content on a mobile device has become the expected standard rather than the exception. Given this expectation and the need to protect content, which invariably relies on encryption, device manufactures are faced with a challenge of meeting the requirements of content providers and delivering a positive consumer experience. This challenge arises because power consumption on mobile devices is at a premium and encryption typically is power intensive; as a consequence, deploying an optimized solution is key. INSIDE Secure’s DTCP-IP solutions are optimized to reduce power consumption and also offer the ability to offload processing to hardware, thus further reducing the power used in the DTCP-IP media consumption.
In a system where high value, premium content is available and which requires copy protection, the digital content and the technology that provides the secure communication between two devices must be protected. The secure part of the content protection system can be implemented in hardware-protected software by using a Trusted Execution Environment (TEE).
Inside Secure provides complete software solutions for implementing DTCP-IP to ensure the protection of the device secret keys, the encryption of high-value content, key exchange mechanisms, mutual authentication and repudiation of devices that have been compromised. Our DTCP-IP solutions support all four layers of copy protection: copy control information, device authentication and key exchange, content encryption, and system renewability.
In addition, a highly secure and optimized hardware module (EIP-115) is available to provide maximum security, easy system integration, optimal performance and lowest power dissipation in applications where no TEE is required or available. The EIP-115 forms the hardware-based security boundary wherein all secure parameters and cryptographic computations are managed during all the DTCP-IP protocol phases from authentication of the connected devices up to and including the generation of the key stream.
INSIDE Secure’s DTCP-IP software provides all the required features for a complete content protection solution comprised of all content control and management capabilities for the DTCP-IP standard. Besides the cryptographic functions and secure computations module the software includes the implementation of the state diagrams as defined by the DTCP-IP standard and supports the TCP/IP based communications between a transmitter, receiver and repeater (bridge).
High Performance Security Module
The EIP-115 Hardware Security Module can be used seamlessly with the INSIDE Secure’s DTCP-IP software by replacing the content protection requirement in the protocol. The EIP-115 module includes API’s for DRM that can be used with DRM Fusion agent software to implement an end-end content protection solution. It provides all the required technology for implementing secure content protection including: secure key storage, cryptographic computations and ciphering as defined by DTCP V1.7 specifications. This module not only generates the session keys and input vectors for the AES-128 based cipher engine used to encrypt and decrypt the content stream but also provides all the cryptographic functions for authentication, key exchange, locality check and certificate verification.
In addition to providing the highest level of security the EIP-115 provides hardware-based acceleration that exceeds the capabilities of software to perform power optimized cryptographic operations. The module also includes a secure interface to Non-Volatile Memory for retrieving the device unique keys that must be programmed as part of the manufacturing process.
The EIP-115 is designed to be used in source and sink devices or in combination with both (bridge/repeater devices). It can be integrated into Application Processors, Multimedia Processors, SOCs for Set-top boxes and Graphics Processors. The EIP-115 generates session keys and input vectors which are used by the AES-128 based cipher module and it supports the use of multiple commonly used interfaces such as USB, Ethernet, WiFi and Bluetooth as well as Media Oriented Systems Transport (MOST) and WirelessHD.