HDCP

1.HDCP key

ksv：All HDCP transmitters or receivers also include a Key Selection Vector (KSV) provided by DCP.
This 20-bit binary value uniquely identifies the HDCP transmitter or receiver. Devices exchange
KSVs and use them during authentication and encryption.

private key：Each HDCP transmitter or receiver includes 40 56-bit secret keys, known as Device Private Keys.

2.HDCP授权过程

•  First Part of Authentication: The transmitter and receiver both calculate a shared secret

session key that they use for encrypting and decrypting data. By completing this process,
the receiver demonstrates that it holds valid, secret device keys without needing to reveal
those keys publicly.

This happens in several steps. First, the transmitter sends its KSV to the receiver,
along with a pseudo-random value generated by its cipher. In return, the receiver
sends its KSV to the transmitter, along with a single bit that indicates whether the
receiver is a repeater.
The transmitter and receiver then each use the other device’s KSV and their own Device
Private Keys to generate a shared secret value. Because all HDCP keys are mathematically
related, this calculation results in an identical value within each device.
This value is secret, so the two devices do not transmit the value over the network;
however, they each feed the shared secret value and the pseudo-random number
into their HDCP cipher engine. The HDCP cipher generates a secret shared session key
along with another value, which the receiver sends to the transmitter to indicate it has
successfully completed its part of the authentication process. The transmitter compares it
with its own calculated value, and if the two are identical, authentication is successful. The
transmitter can then start sending a stream of content, encrypted using the session key,
which only the receiver can decipher.

• Second Part of Authentication: This occurs only if the receiving device is a repeater.

The receiver sends to the transmitter a list of all downstream receiver KSVs, as well as
the number of levels in the tree. This enables the transmitter to determine whether the
maximum tree size has been exceeded and whether all devices in the tree are valid.

• Third Part of Authentication: This final stage occurs periodically during the transmission

of encrypted content. Every 128 video frames or at least once every two seconds, the receiver sends information to the transmitter, and the transmitter uses this information to
verify that the devices are synchronized and that the receiver is receiving and accurately
decrypting the content.

3.Revocation

Any security system needs to anticipate the possibility that keys could be compromised
and then used to make unauthorized copies of content. To protect against this, the HDCP
specification and license agreement include a mechanism for revoking products’ unique KSVs.
Once a KSV has been revoked, a receiver with that KSV can no longer receive HDCP content.
Sources check the receiver’s KSV during authentication to determine whether it has been
revoked. Lists of revoked KSVs are typically delivered with audiovisual content on media such
as DVDs. A source checks the receiver’s KSV against this list.

4.物理链路

TX 和 RX 之间的通道包括数据通道和控制通道：

控制通道：

TX和RX之间通过I2C进行控制信号的传输，包括授权过程key的交换，EDID的读取

注意：CEC通过CE线进行传输的

详细信息请参考官方网站：www.digital-cp.com/，对应的HDMI接口上HDCP的标准规范文档为：https://www.digital-cp.com/sites/default/files/specifications/HDCP%20Specification%20Rev1_4_Secure.pdf