HDCP stands for High-bandwidth Digital Content Protection created to protect digitally copyrighted content in its journey via a cable (HDMI, DVI) from a device like the DVD Player to your TV or a display device.
In this article, let’s look at how HDCP works, the latest standards (HDCP 2.3 and HDCP 2.2), and problems caused by HDCP’s protocols.
What is HDCP – High-bandwith Digital Content Protection?
As defined earlier, HDCP stands for High-Bandwidth Digital Content Protection.
Here is a definition From Wikipedia,
High-bandwidth Digital Content Protection (HDCP) is a form of digital copy protection developed by Intel Corporation to prevent copying of digital audio and video content as it travels across connections.
Simply put, HDCP is a standard that creates a secure connection between a source and a sink using a digital handshake mechanism. The secure connection is usually established over an HDMI cable, DVI, or DisplayPort (other technologies are also supported).
HDCP compliant devices fall into three major groups – source, sink, and repeaters.
- Source: A source can be a DVD player, Blu-ray player, Xbox, etc.
- Sink/destination: these are typically the final destinations of the transmitted media. Examples include TVs and projectors.
- Repeater: This is a device that can act as both a source and a sink. It accepts information from another source and then re-transmits it to another repeater or a sink, thereby acting as a source itself. The source and sink can be connected using an HDMI cable that is HDCP-compliant and prevents data from being pirated.
Finally, we also have a cable used to transmit the data. So, you have HDMI cables that are HDCP 2.1 or HDCP 2.2 compliant.
With that quick introduction to HDCP, let’s take a look at how the standard works in keeping your data safe.
How does HDCP Work?
HDCP works using three main processes –
- Authentication: there are specific steps to ensure that both the source and the sink are HDCP-compliant and authentic devices.
- Data Encryption: the data is encrypted before being transmitted via the cable, and this is to repel man-in-the-middle attacks or attempts at piracy.
- Key Revocation: the protocol also identifies which devices are compromised and can thus revoke their keys or permissions to transmit or accept HDCP content.
With these three steps, HDCP attempts to keep your content secure when it is being transmitted from one device to another.
Referring to the HDCP specifications, the authentication and encryption process is divided into the following stages –
- Authentication and Key-Exchange: The HDCP Receiver’s Public Key Certificate is verified by the HDCP Transmitter.
- Locality Check: by enforcing a Round-trip-time of 20ms, the HDCP protocol ensures that the source and sink are reasonably close to each other physically.
- Session Key Exchange: the HDCP transmitter exchanges a session key with the receiver.
Let’s take a closer look at some of the processes involved in the HDCP digital handshake process.
Keys. Each HDCP transmitter and receiver have exactly forty 56-bit private keys that are unique.
Key Selector Vectors: Each HDCP-enabled device has a public 40-bit vector called the Key Selection Vector (KSV).
- Any two licensed and authenticated devices (source and receiver) exchange their Key Selector Vectors.
- Each KSV contains exactly 20 ones and 20 zeros.
- When a receiver gets a transmitter’s KSV, it takes its private keys that correspond to the ones in the transmitter’s KSV and adds them (binary addition without overflow). The result of this operation is called the master key.
- The transmitter also uses its private key store and the receiver’s KSV to generate a master key.
- If the two devices are authentic and HDCP-licensed, then the two master keys generated will match. However, the master keys are not transmitted. Instead, they are fed to a stream cipher to generate another number called the Shared Session Key, which is sent from the receiver to the transmitter. The transmitter can use this to see if its master key matches the receiver’s master key and thus complete the authentication process.
HDCP Stream Cipher: The result of the addition process on both the receiver and transmitter devices (which is the master key) forms the seed for the stream cipher used to encrypt and decrypt the data transmitted using the HDCP protocol.
Revocation: Revocation is a mechanism to revoke keys when valid keys get compromised. Each time the authentication process occurs, the devices check the KSV against a list of known compromised keys. If either the transmitter or receiver appears on that list, authentication fails. Note that the KSV values are unique to a device and, thus, can be thought of as a unique identifier for a device (or a serial number).
The HDCP protocol is explained very nicely in the official specification, and it’s much too detailed to summarize here. Please refer to the linked document for a deeper, mathematical explanation of the process.
Suffice to say; the HDCP standards has tools and technology in place to
- identify and authenticate source, sinks, and repeaters.
- encrypt content.
- periodically check if the connection has been compromised and revoke the authentication if necessary.
What are the problems surrounding HDCP 2.2?
Whenever there is technology around content protection such as DRM, or HDCP, there is bound to murmur in the tech circles since these technologies prevent copying material that someone has bought. There are many debates around this, the legality of content protection, etc., but I am not going into it in this article.
However, the problem introduced by the HDCP 2.2 standard is unique!
With HDCP 1.x, 2.0, 2.1 supposedly cracked and the master keys floating around the Internet, there was a need to release HDCP version 2.2 which has tighter restrictions around the digital handshake and has made improvements to make it harder to crack.
However, HDCP 2.2 is also backward-incompatible, which is a pain bound to frustrate consumers and pirates.
HDCP 2.2. was released as a way to protect 4K content (primarily) and had restrictions surrounding this.
So, if you have an HDCP 2.2 Blu-ray Player that is playing 4K video, you need an HDCP 2.2 compliant television (the destination in this case) to decrypt the 4K video sent via the DVD player.
But, if you have an HDCP 2.2 Blu-ray Player and an HDCP 2.0-compatible TV, what do you do? Well, either you go out and buy a new TV, or you watch only 1080p content. Yup – the HDCP 2.2 protocol is strict for only 4K videos and not lower than that.
So the next time you go out to buy a TV or a streaming device, make sure you buy one that is HDCP 2.2 compatible and ensure that every point in your A/V signal chain is HDCP 2.2 consistent if you wish to watch 4K video.
Here’s a document from Roku that talks about the same. Roku answers the “What if my devices do not support HDCP 2.2?” question as follows –
“You can still enjoy HD content. During setup, your Roku player will automatically select 720p or 1080p instead of 4K UHD or 4K UHD HDR. Or you can select 720p or 1080p from Settings > Display type.”
Here’s another FAQ from BenQ that talks about HDCP2.2. and 4K playback.
And before you say anything, yes — HDCP 2.3 has also been released, and thankfully it is backward-compatible to HDCP 2.2
I hope you gained an understanding of the HDCP protocol and how it works. Whether you like it or not, HDCP 2.2 is here to stay, and with the influx of 4K televisions and 4K content, it’s best to make sure that your device chain is HDCP 2.2 compatible so that you can enjoy 4K content without breaking the bank!
Krishna Rao Vijayanagar
I’m Dr. Krishna Rao Vijayanagar, founder of OTTVerse. I have a Ph.D. in Video Compression from the Illinois Institute of Technology, and I have worked on Video Compression (AVC, HEVC, MultiView Plus Depth), ABR streaming, and Video Analytics (QoE, Content & Audience, and Ad) for several years.
I hope to use my experience and love for video streaming to bring you information and insights into the OTT universe.