High-bandwidth Digital Content Protection

High-bandwidth Digital Content Protection ( HDCP) is a system developed by Intel in 2003 encryption system which is provided for the DVI, HDMI and Display Port for secure transmission of audio and video data. HDCP should be standard in Europe for HDTV. Even with Blu- ray Disc or HD DVD HDCP is used. HDCP with the tapping of the video and audio material is to be prevented in the communication between transmitter and receiver. Requests the playback one device (transmitter, eg SAT receiver or DVD player ) HDCP connection, the reproducing component (receiver, such as a TV, projector) must also support HDCP to display the video can. If the reproducing component does not support HDCP or no digital connection, the playback can be restricted (eg, in low resolution ) or completely prevented. The requirement for HDCP encryption Strictly speaking not charged even from winamp end device, but this communicated by be reproduced medium or to play back content (except for DVD players, here is the demand for HDCP part of the DVD license). An HDCP -enabled HDTV satellite receiver about HDCP will only be activated if the set station this just demands.

HDCP devices from which assume the competent bodies that they are " corrupted " may have been by the correspondingly keys HDCP chips are locked, shut down in their HDCP functionality. A similar mechanism was provided for the copy CSS, but could there not prevent unhinging of the algorithm.

For HDCP is the fact that the license prohibits storing or recording of "protected" ( = HDCP - encrypted ) content except for purposes of signal processing ( deinterlacing, etc.), and also by the fact that any parallel existing analog signal outputs in their signal quality must be reduced on demand or switched off completely.

In September 2010, the master key ( " Master Key" ) of HDCP was known with the any other key can be generated. This allows lever out of the copy protection. However, for the construction of a chip with integrated master key is required, it should therefore be mainly of interest to companies. Black copier, however, take advantage of gaps in the AACS copy protection. The authenticity of the key has been confirmed by Intel.

  • 3.1 HDCP in DVD players
  • 3.2 HDCP Blu- ray Disc and HD DVD players
  • 3.3 HDCP in TV sets
  • HDCP 3.4 and digital television 3.4.1 Problems with Premiere


HDCP is based on encryption and cryptographic techniques to verify the authenticity of a connection partner. Each HDCP -compliant device has stored as specified by 40 keys that have a length of 56 bits. Exchange to build an encrypted connection both components at the beginning of the connection their IDs and agree on a session key for further communication with the Blom method. From then runs the rest of the connection using a specially -designed encryption method. Which of the 40 keys of the two devices as to use is negotiated, even when, for example, the keys are changed. The key itself is never transmitted in plain text.

The actual copy protection comes only from the fact that the manufacturer of a device this must be certified by the Digital Content Protection, LLC. The provisions for licensing are the terms on which also means that HDCP - encrypted content may not be recorded. HDCP is thus a " one way street ": When an image signal once HDCP encrypted, it can be recorded by any HDCP licensed device more.

Thus, not every single device must be certified, there is for the series production rules according to which, for example, the chip manufacturer selling the matching decoder chips ( for the receiver ) control and this can only be sold to trusted partners. As a requirement for trusted Decoder customer applies, for example, that the players made ​​no points may have to tap the unencrypted signal ( within the unit). In addition, the players will in the future revocation lists (English Revocation List) have the undue decoder IDs are to be rejected.

For the HD DVD is currently a central registration office for HD - DVD media, in conversation, to ensure that on -selling HD DVDs the current revocation list is always saved, which can read out the player and handed over to the HDCP encoder. DVD playback devices currently can not issue any revocation data as the DVD specifications holds no direct control options for this HDCP - specific control packets.

About the blocking of HDCP device is designed to prevent that about " abusive" are in circulation decoder chips that have IDs could be traced, the data will also be played in the future or that devices in which means of manipulation, the decrypted image signals were made ​​available, can be used for the creation of unlicensed copies.

The company Sparrow had brought two decoder boxes in the sale, HDCP encrypted DVI signals change in unencrypted DVI signals or VGA. Sparrow had the surfaces of the decoder chips abraded according to the computer magazine c't, to prevent a reconstruction of the source for these chips. Still remains to be seen whether these are sooner or later in a revocation list with the content industry. Meanwhile, the company Sparrow has stopped selling the converter after threatening legal action.

The encryption used in HDCP as well as the authorization process part of the publicly available specification, which can be obtained from the Digital Content Protection, LLC. Only the keys used for authorization as well as the individual, used for series devices keys are secret. Due to low due to the high bandwidth of the key length, and the (theoretical) in each device other mounting of keys is assumed that a number of approximately 40 stocked with different key sets devices with a defined (e.g., black ) would be sufficient image content, to identify the secret key. Due to the legal situation in the United States after the introduction of the DMCA, which was introduced on 28 October 1998 there, but no scientist has dared to verify this assertion.

However, bearing in mind that HDCP and DVI transmit data at a data rate of up to 1.6 Gbit / s ( 1080p). Per minute so fall after deduction of tax and control data to roughly about 6 Gbytes of user data. A tapping at this point therefore seems technically not trivial, hence the importance of secure data transmission between the video source and screen for a functioning copy protection basically is not as crucial as it is portrayed by the industry often. Much more serious is the restriction within the HDCP specifications that an output device is not better than in SD (Standard Definition) quality may issue ( for USA and Japan NTSC, for the rest of the world PAL) parallel to a HDCP output analog video signals. This prevents devices such as HD - DVD or Blu- ray Disc players can output at all recordable analog HDTV signals.

Publication of the Master Keys

An article was published on 14 September 2010 at the technology blog Engadget, which announced the publication of a true HDCP Master Key. It is not yet clear who published the key and how he was found. The publication was announced initially on Twitter and linked to another pastebin text which contains instructions for the use of the key. The key is a 40 × 40 matrix, whose elements are 56- bit numbers.

Although HDCP devices have their own key pairs that can be withdrawn, they should be made, is the publication of the master key ( " Master Key" ) that new valid keys can be generated. This could only be prevented by the HDCP master key was changed. That it comes to that, is extremely unlikely, because this would make all of those players, projectors, set- top boxes, televisions and other HDMI devices unusable, which have no update feature for your key pair.


HDCP is not just a copy, but also prevents the mere reproduction of the content on unlicensed devices, regardless of whether they are able to keep records or copies of the content presented or not.

Apparently there are a wide room for interpretation for the implementation of HDCP, indicates the presence of HDCP output on winamp end device and the HDCP input on the screen does not even necessarily mean that an image appears. For the customer, then the question arises whether the playback one or the performing unit is responsible for the malfunction. Cause of this failure of HDCP should the structure of the underlying DVI be: in addition to over glitches very insusceptible, but only in one direction ( image data) ongoing communication via TMDS done another part of the communication bidirectional ( handshakes ) via I ² C, but is secured either by differential lines nor by marks.

HDCP itself determines in its certification guidelines partly very narrow restrictions on " unprotected ", that is, such as analog outputs for image and sound: These restrictions go partly beyond what the devices such as DVD players may provide the basis of their own rights management systems. Which then ultimately comes to the limitations on validity, is apparently a matter of interpretation: HD- DVD player will appear at the beginning and analog component outputs, these are likely but not longer be operated with signals with HDCP enabled, and the same applies to sound: A 5.1 decoder, it should specify any standard DVD player with DVI output, according to HDCP specifications, it would even be only the issue of matrix - encoded stereo allowed.

HDCP in use

HDCP in DVD players

Since the standards for DVD players ROCHE initially a purely analog signal output by PAL or NTSC, and established itself in the PC field of the DVI output until later, was about 2000 to pent-up demand for a digital image output to DVD players. The appropriate standards for the DVD player were then amended that a digital output is allowed. This had to be designed as a DVI connector, but HDCP master. The DVD itself but missing control information to enable HDCP or not (the presence of CSS alone is not enough for it, and apparently makes the DVD standard also no indication as to when exactly the protection to be activated ). In addition, no revocation lists can be transferred to the device output. Many DVD players also allow manufacturers to make their devices, the disconnection of HDCP, and partly a dummy HDCP is operated, the encryption completely shuts off upon detection of an incompatible terminal.

HDCP Blu- ray Disc and HD DVD players

For the AACS used in the HD DVD and Blu -ray Disc is a rule-compliant image output in a high quality copy-protected output needed. Appropriate graphics cards and chipsets with HDCP -protected HDMI or DVI interface on the market since 2006.

HDCP in TV sets

On 19 January 2005, the industry association announced EICTA (European Industry Association for Information Systems ), among other HDCP as one of the prerequisite components for the "HD ready " label of high-resolution ( television ) screens.

HDCP and digital television

Digital TV channels can send them along an HDCP control signals from the broadcast. If the receiving digital receiver supports this, then he gives the data stream only encrypted via its HDMI output. The evaluation of the control signal is optional ( the HDMI specification requires the use of HDCP not necessarily before ); the receiver can also output the data stream therefore unencrypted.

In practice, but still worth the vast majority of receivers with HDMI output HDCP - control signal correctly. The reason for this may lie in the fact that manufacturers certify their equipment by pay- TV providers. The providers allow the reception of their programs only such certified receivers usually have their terms and conditions. This business you do not want to jeopardize the sale of devices that run counter to the wishes of the provider probably.

Only a few devices manufactured by companies that waive the certification by pay- TV providers, the control signal do not evaluate. An example of this are the Dreambox models DM800 and DM8000, which also use instead of the HDMI - DVI outputs to save the licensing and the associated costs for the use of a HDMI interface. Technically, this is not a disadvantage, since DVI and HDMI are electrically identical. Also, an audio output via DVI is possible and is also utilized in the dreambox models mentioned above. Using a DVI to HDMI adapter, such a device can be connected to any device with HDMI input.

From a basic encryption of an entire television transmission path (eg, a digital cable connection ) or the encryption of individual pay-TV stations to their decoding a smart card is required, HDCP is completely independent. An encrypted pay- TV channels may, as a non-encrypted free-TV channels are transmitted with or without HDCP - control signal.

Problems with Premiere

The in January 2006 officially presented by the pay-TV broadcaster Premiere Premiere HD sets to receive DVB- S2 receiver with HDCP-capable digital image output ahead. At the start of channels offered only the movie channel was sent with HDCP enabled; however, occurred in 20 percent of customers to errors in the image output caused by the copy protection. Operation with AV receivers that hold HDMI-Ein/Ausgänge to output the image signal of several components such as DVD players and satellite or cable receiver onto a screen, it was not possible even after firmware corrections to the receiver. It is currently unclear whether the mechanism by broadcast flag HDCP on and off, part of the specifications of DVB -S2 is or is required only for " Premiere HD" -compatible receiver from the transmitter. For the former, is the fact that already in May 2006, another German HD channels have (eg Anixe HD) started to broadcast with a broadcast flag set.