High-bandwidth Digital Content Protection (HDCP) is a digital content protection method that protects digital entertainment content by encrypting its transmission between video source and video receiver. Moreover, HDCP is used to authenticate devices and permit them to receive protected content. Devices are given a set of unique and secret device keys. During the authentication process, a receiver must demonstrate its knowledge of the secret device keys before content may be sent to it. After the receiver demonstrates its knowledge of the secret device keys, both the sending and receiving devices are prompted to generate a shared secret value that is designed to prevent unauthorized eavesdroppers from stealing the content. After the devices are duly authenticated, the content is encrypted and sent to the receiver whereupon it is decrypted.
FIG. 1 shows steps performed in a conventional HDCP transmission process. Referring to FIG. 1, at step 1, HDCP transmission begins with a controller initiating an authentication sequence which consists of a pseudo random number and a set of key selection values. At step 2, the receiver device receiving the HDCP transmission calculates an authentication key value and makes it available for reading as R′ (the device receiving the HDCP transmission has 100 ms to execute this step). At step 3, the controller reads the R value calculated by the HDCP transmitter and the R′ value calculated by the HDCP receiver, checks the R value and the R′ value for a match and if a match is verified it then starts sending each frame of transmitted content with a special flag (CNTRL3) during each sync pulse. At step 4, the receiver counts 128 frames and makes the updated R′ value available to the controller every time the receiver counter reaches zero. At step 5, the controller checks for a match (e.g., every 2+/−0.5 seconds). An occasional detection of a mismatch is assumed to be an I2C read error whereupon the test (for a match) repeated. It should be appreciated that the period for 128 frames is not exactly 2 seconds.
It should be noted that if it is determined that a set of secret device keys has been compromised, the keys are placed on a revocation list and authorized devices are provided with a new set of keys. During the authentication process, the transmitter checks the revocation list before transmitting any content. Nevertheless, in certain situations it is possible for the receiver counter to get out of synchronization with the transmitter such that the authentication criteria continues to be met but attempts to decrypt protected content fail. In such situations a clear picture e.g., free of artifacts, snow, may not be derived from the transmitted signal.
In conventional systems it is possible for counters located at the transmitter and receiver ends of a communications network to be out of synchronization by one or two frames. This mismatch window may last from 17 to 33 ms or about 1% of the period between authentication tests. A more accurate test is needed since being off by even one frame means the decrypted picture may appear as snow until the devices are re-synchronized. Another conventional HDCP system shortens the test period to 16 frames but provides an inadequate solution to the above described problem as it still leaves a large window of vulnerability to frame mismatches.