KR102029550B1 - Design of hdcp for displayport - Google Patents

Abstract

It relates to HDCP technology for DisplayPort. The HDCP system for DisplayPort is connected to the auxiliary channel (AUX) of DisplayPort, which is a display interface, to verify that the transmitter interface and the receiver interface support HDCP (High Definition Contents Protect), and to encrypt and decrypt digital data. An authentication block for sharing an encryption key required for And an encryption block connected to a main link of the display port and encrypting the digital data at the transmitter interface using the encryption key and decrypting the encrypted digital data at the receiver interface. A control unit for controlling the block is configured as a micro controller unit (MCU), and the authentication block includes a control unit interface for receiving a control signal from the MCU and outputting a status signal of the authentication block to the MCU.

Description

HDCP design for DisplayPort {DESIGN OF HDCP FOR DISPLAYPORT}

The description below relates to data encryption techniques.

Recently, the importance of security is emerging as social issues are raised regarding copyright. Accordingly, as the demand for digital data encryption increases, data protection is required not only for general data but also for display interfaces such as HDMI (High Definition Multimedia Interface) and DisplayPort.

In response to this demand, High Definition Contents Protect (HDCP), a data encryption standard, has been released. Data that requires HDCP cannot be transmitted to a device that does not support HDCP, and it is safe for attackers because it transmits the data by determining whether the receiver is authenticated. In addition, HDCP uses data encryption using AES-CTR, which changes as data is transmitted, making it difficult to attack from the outside and relatively high-speed encryption makes it suitable for high-speed interfaces. It is also safe against attacks during key exchange by exchanging keys through RSA, a highly reliable cryptographic algorithm. Using a simplified key exchange method between devices that have once exchanged a key, fast key exchange is possible, and the risk of key exchange is minimized by blocking key exchange by sharing information of incorrect receivers.

Due to the speed and safety of HDCP, devices that support HDCP are required. Interfaces that can support HDCP include HDMI, DisplayPort, Universal Serial Bus (USB), and Ethernet. Among these, DisplayPort is a display interface that delivers digital video and audio information, and is being adopted in many PCs and mobile devices due to the recent increase in data transmission rates and the demand for ultra-high resolution displays of more than 4K.

In order to satisfy the demand for HDCP-enabled devices, the present invention provides a High Definition Contents Protect (HDCP) structure for encrypting video and audio data transmitted from DisplayPort.

HDCP exists at both the transmitter interface and the receiver interface and is intended to encrypt digital content transmitted from the transmitter to the receiver so that unauthorized devices cannot see what is being transmitted from the transmitter.

It is connected to the auxiliary channel (AUX) of DisplayPort, which is a display interface, to verify that the transmitter interface and the receiver interface support HDCP (High Definition Contents Protect), and to share the encryption key for encrypting and decrypting digital data. Authentication block; And an encryption block connected to a main link of the display port and encrypting the digital data at the transmitter interface using the encryption key and decrypting the encrypted digital data at the receiver interface. The controller for controlling the block is configured as a micro controller unit (MCU), and the authentication block includes a controller interface for receiving a control signal from the MCU and outputting a status signal of the authentication block to the MCU. Provides HDCP system for DisplayPort.

According to an aspect, the MCU is connected to the outside of the DisplayPort and is operated by program code stored in an external memory.

According to another aspect, the controller interface is fixed to the output signal until the output of the MCU changes, and generates a pulse signal synchronized to the clock of the HDCP when the output of the MCU changes.

According to another aspect, the authentication block further includes a message interface, and the message interface of the HDCP for DisplayPort transmitter converts a message generated in the authentication process into an AUX message and delivers it to the auxiliary channel (AUX) of the DisplayPort. In addition, the message interface of the HDCP for the DisplayPort receiver outputs a memory control signal together with the corresponding message data to input the message generated during the authentication process into the memory of the receiver.

According to another aspect, the encryption block includes an encryption control unit for detecting an encryption status signal and determining whether to encrypt, and an encryption structure for generating an encryption data string, wherein the encryption control unit is based on a control symbol of the main link; Control the operation of the encryption structure.

According to another aspect, the encryption structure generates an encrypted data sequence according to the clock of the main link and performs an XOR operation on the encrypted data sequence with the main link data.

According to embodiments of the present invention, the proposed HDCP can increase the flexibility of operation because the authentication block is controlled by the microcontroller unit (MCU), not the state machine. In addition, this structure allows the program code to be tested in real time by changing the program code in real time without having to synthesize a new digital circuit every time a new operation is tested in the design. In the future, when the latest HDCP standard is released, program code changes can be added and improved, and changing the program code will be compatible with display interfaces such as HDMI in addition to DisplayPort.

According to the embodiments of the present invention, the proposed encryption structure has a problem that the correct encryption data string is not calculated with the main link data due to an operation delay during the XOR operation because the main link data and the encryption data string are generated with different clocks. The solution can reliably encrypt data in high speed main link.

1 illustrates an HDCP structure for DisplayPort according to the present invention.
2 illustrates a hash message authentication code algorithm block diagram.
3 illustrates a SHA-256 algorithm block diagram.
4 illustrates a SHA-256 compression function block diagram.
Figure 5 illustrates a SHA-256 compression function round block diagram.
Figure 6 shows a 128-bit advanced encryption standard algorithm block diagram.
7 shows the contents of the S-box.
8 illustrates the operation of row movement.
9 through 10 illustrate key expansion block diagrams.
11 illustrates an authentication and key exchange process with a receiver in which K _m is not stored.
12 illustrates an authentication and key exchange process with a receiver in which K _m is stored.
13 shows a receiver certificate signature verification process.
14 illustrates a locality testing process.
15 shows the contents of a system resumability message.
Figure 16 illustrates the structure of a cipher block in HDCP for DisplayPort.
17 illustrates a cryptographic structure block diagram.
18 shows the structure of an HDCP authentication block for a DisplayPort transmitter.
19 shows the structure of an HDCP authentication block for a DisplayPort receiver.
20 shows the configuration of an encryption structure.
21 illustrates an encryption status signal and an HDCP encryption operation.
FIG. 22 illustrates an HDCP structure for a DisplayPort transmitter including 8051.
FIG. 23 illustrates an HDCP structure for a DisplayPort receiver including 8051.
24 illustrates a control process of an HDCP authentication block for DisplayPort transmitter.
25 illustrates a control process of an HDCP authentication block for a DisplayPort receiver.
Fig. 26 shows a state diagram of a PC to MCU serial communication block.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

The present invention provides an HDCP structure for a DisplayPort transmitter and a receiver in order to satisfy the demand for the HDCP support device. HDCP for DisplayPort is designed using Verilog HDL and is based on specification HDCP 2.2, published by Digital Content Protection LLC.

Figure 1 shows the structure of the HDCP for DisplayPort.

HDCP is a block that encrypts and decrypts transmission data in data communication interfaces such as HDMI, DisplayPort, and USB. Referring to FIG. 1, the HDCP for DisplayPort is connected to an auxiliary channel (AUX) of DisplayPort and is connected to an authentication block (Authentication Block) for device authentication and key exchange, and connected to a DisplayPort main link (Main Link). It operates by dividing into a cipher block that encrypts and decrypts data.

Authentication Block

Before sending the data that requires encryption, the transmitter's HDCP communicates with the receiver via an auxiliary channel to determine if the device is allowed to send data and exchanges the key for data encryption. The authentication block in the HDCP is composed of a required algorithm block and a controller at this time. The authentication phase is divided into three stages: authentication, key exchange (AKE), locality check, and session key exchange (SKE). In this case, three encryption algorithms, RSA, HMAC-SHA256, and AES, are used.

(1) RSA cryptographic algorithm

The RSA cryptographic algorithm is the most time consuming and most secure cryptography algorithm in the HDCP, when the transmitter determines whether the receiver's certificate and system resumability message (SRM) are authenticated, and when the transmitter and receiver first communicate. It is used when the transmitter generates a master key and sends it to the receiver during authentication and key exchange (AKE) phase.

RSA is an asymmetric key exchange cryptographic algorithm that uses a property of modulo operation to encrypt and decrypt a key. At this time, the relationship between the existing data, the key, and the encrypted data is shown in Equation 1.

[Relationship 1]

Where m is the existing data, d is the secret key, e and n are the public key, and c is the encrypted data. The encryption keys e and n are disclosed externally so that the data transmitter can encrypt the data with this key, and the decryption key d is not disclosed outside of the data receiver, so the third party cannot recover the encrypted data.

By setting e, d and n in relation to relation 2, relation 1 can be established for any m and c.

[Relationship 2]

Proving that the above equation holds,

[Relationship 3]

(2) hash message authentication code (HMAC-SHA256)

The hash message authentication code is used to determine whether the receiver correctly received the transmitter's message and correctly restored the keys and random numbers during the authentication and key exchange (AKE) and locality check phases.

It is used to generate a code of small data that is additionally transmitted to determine the suitability of data, and is an algorithm that converts data of arbitrary length into a code of a predetermined length using an encryption key. The transmitter and receiver share the same encryption key, and in general, the receiver uses this algorithm to extract a code from the transmitted data and to determine if the code is the same as the code sent by the transmitter to determine if the proper transmitter has a matching encryption key. do. In HDCP, the receiver generates a code using the data received from the transmitter, and then the transmitter reads the code from the receiver and compares it with the code generated by the transmitter to determine whether it has a suitable encryption key.

It uses a hash function algorithm that compresses data of arbitrary length into a code of fixed length and is named HMAC-X according to the hash function X used. HDCP uses HMAC-SHA256, which uses the hash function SHA256. The hash message authentication code algorithm is shown in FIG.

Referring to FIG. 2, K + is a value obtained by expanding a 256-bit input key of 256 bits to 512 bits, and ipad is a 512-bit value that repeats 8 bits 0x36 64 times, and opad repeats an 8-bit number 0x5c 64 times. One 512bits value. IV is the initial hash value of 256 bits, which is the 32-bit number of decimal places of the least squares starting from 3 and the eight smallest fractions.

The value of XOR of K + and ipad is called Si, and the extended input data is added to the hash function input after this value to generate 256 bits of H (Si || M).

The value of XOR operation of K + and opad is called So, and after this value, H (Si || M) is extended to be 512bits and put as input of hash function to generate output code HMAC (K, M).

The algorithm of the hash function SHA256 used at this time is shown in FIG. 3.

The input data is padded so that its length is a multiple of 512 bits and entered into the input of the hash function. The rule is shown in Equation 1.

[Equation 1]

The next bit after the last bit of the input data is '1', followed by '0' by k that satisfies the following formula. After that, add a 64-bit number that represents the number of bits of the original input data so that it is a multiple of 512 bits. The contents of the compression function used for SHA256 are the same as those of FIGS. 4 to 5.

Where sum is arithmetic addition and the definitions of the other logical operations are

RotRx (W) is an operation that rotates W to the right by x-bit, and ShRx (W) is an operation to move W to the right by x-bit and fill it with '0'.

(3) Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) uses both HDCP's authentication block and cipher block. Especially, the cipher block is used in counter mode (AES-CTR) so that new cipher data is released every 128 bits. In the authentication block, it is used to generate a key for authentication using random numbers exchanged by the transmitter and receiver.

It is a symmetric key cryptographic algorithm that the transmitter and receiver share the same encryption key. It has 128bit input data and output data and is divided into AES-128, AES-192 and AES-256 according to the key length used. The number after each number is the number of bits in the key, and HDCP uses AES-128 with a 128-bit key.

AES treats 128-bit input data as a 4 * 4 data matrix and encrypts the data by repeating four operations on the matrix. The entire encryption algorithm is shown in FIG.

Add Round Key is a block that performs XOR operation on expansion keys and data.Substitute Bytes is a block that replaces the input value with the corresponding byte of S-box by byte unit. Shift Rows Is a block that moves a row to the left, and Mix Columns is a block that mixes all the bytes of a column through a specific operation. The contents of the S-box are shown in FIG. 7 and the operations of Shift Rows are the same as those of FIG. 8, and the operations of the Mix Columns are as follows.

If the number of columns to be expanded is a multiple of 4, it is expanded to the operation shown in FIG.

(4) Authentication and Key Exchange (AKE)

When the DisplayPort transmitter and receiver are connected and the transmission data requires HDCP support, the transmitter and receiver begin authentication and key exchange over an auxiliary channel (AUX).

11 illustrates an authentication and key exchange process with a receiver that does not store Km, and FIG. 12 illustrates an authentication and key exchange process with a receiver that stores Km.

In the first order, the transmitter generates a random number R _tx of 64 bits. The R _tx is then sent to the receiver via AUX with a 24-bits value TxCaps containing the transmitter's information. When the receiver reads this message (here, the data exchanged between the transmitter and the receiver via AUX is called a message), it generates a 64-bit random number R _rx and sends a 24-bit value RxCaps containing the receiver's certificate and the receiver's information together with R _rx. To send.

The transmitter reads the message from the receiver 100ms after sending the message to the receiver and checks whether the receiver ID is in the receiver ID list. If the receiver is in the list, read the K _m , m, E _kh (K _m ) of the corresponding ID. If the receiver is not in the list, verify the signature of the certificate. The contents of the certificate are shown in Table 1, and the signature verification process is shown in FIG.

name Bits Bit position function Receiver ID 40 4175: 4136 Receiver-specific ID, consisting of 20 1s and 20 0s. Receiver
Public Key 1048 4135: 3088 The unique RSA public key of the HDCP receiver, commonly named kpub _rx . The first 1024 bits are n and the next 24 bits are e. Reserved2 4 3087: 3084 It has a value of 0x0 or 0x1. Reserved1 12 3083: 3072 It has a value of 0x000. DCP LLC
Signature 3072 3071: 0 This is the security signed value of the above certificate. PKCS # 1 V2.1: Follows the RSASSA-PKCS1-v1_5 signature rule defined in the RSA Cryptography Standard.

The lower 3072bits of the certificate is the signature of the certificate, which is RSA-encrypted with the hash function of the upper 1104bits of the certificate with the private key of the DCP LLC. Therefore, if the certificate is signed correctly, when RSA decrypted with DCP LLC's public key, the lower 256bits value is the same as the hash function calculated from the upper 1104bits of the certificate. If the signature is not correct, it stops the authentication process and goes back to before authentication.

If the signature verification succeeds, it generates a 128-bit random number K _m , RSA encryption using the receiver's public key, and _sends the encrypted K _m (E _kpub (K _m )) to the receiver. Also generates a key 128bits dkey0, dkey1 via AES with a key input for K _m. Use this as an input key to generate a 256-bit value H through HMAC-SHA256.

The receiver reads E _kpub (K _m ), decrypts it with the receiver's private key, obtains K _m , and generates dkey0 and dkey1 in the same way as the transmitter. Using this as the input key, create a 256-bit value H 'through HMAC-SHA256 and send this value to the transmitter. After that, k _h is generated through the hash function SHA256 using the receiver's private key, and E _kh (K _m ) is generated by performing XOR operation with K _m on the AES operation of m using the input key. Where m is R _tx 128-bits followed by R _rx .

After transmitting E _kh (K _m ), the transmitter checks whether the receiver's ID is included in the system resumability message, and if so, stops the authentication process and returns to the start of authentication. If not, wait until the receiver generates H ', read H', and compare to see if it's the same as H. If the same face to which the receiver has to wait for the generation of E _kh (K _m) reads the E _kh (K _m). The receiver's ID, K _m , m, and E _kh (K _m ) are then stored in the receiver ID list and the locality check is started. If H and H 'are not equal or the waiting time is exceeded, the authentication process stops and the process returns to before the authentication starts.

If the transmitter initially has the ID of the receiver in the receiver ID list, it reads K _m , m, E _kh (K _m ) of the corresponding ID, and transmits E _kh (K _m ) and m to the receiver. The receiver generates a 128bits key dkey0, dkey1 via AES to obtain the K _m via AES using the E _kh (K _m) and the m key inputs for K _m. Using this as the input key, create a 256-bit value H 'through HMAC-SHA256 and send this value to the transmitter.

After transmitting E _kh (K _m ) and m, the transmitter checks whether the receiver's ID is included in the system resumability message, and if so, stops the authentication process and returns to before authentication. If not, wait until the receiver generates H ', read H', and compare to see if it's the same as H. If it is the same, start the locality test and if H and H 'are not equal or the waiting time is exceeded, the authentication process is stopped and the process returns to before the authentication is started.

The input and result of the encryption algorithm in the authentication and key exchange process are as above. The left term is "the result of the algorithm" and the right term is "the algorithm (input value, input key)".

(5) Locality Check

14 illustrates a locality testing process.

Referring to FIG. 14, if authentication and key exchange are successful, the transmitter generates a 64-bit random number R _n and transmits it to the receiver. Then R _n is input to generate a hash code L through HMAC-SHA256. The receiver generates a hash code L 'using the same method as the transmitter with R _n received from the transmitter. The transmitter reads the L 'from the receiver after the 20ms R _n from the transmission time is determined is the same as compared to L.

As can be seen in the above process, it is determined whether the transmitter and the receiver are within a proper distance from each other by determining whether the transmitter sends R _n and can read a normal L 'from the receiver in a short time. If L and L 'are equal, the locality check is successful and the session key exchange begins. However, if L and L 'are not the same, the authentication process is aborted and the process goes back to the start of authentication.

Where L and L 'are calculated through Equation 2.

[Equation 2]

The left term is "the result of the algorithm", the right term is the "algorithm (input value, input key)" and [63: 0] is the value from the lower 63 bits to zero.

(6) session key exchange (SKE)

If the locality check succeeds, the transmitter generates a 64-bit random number R _iv and a 128-bit session key K _S. We then create dkey2 in the same way as dkey0 and encrypt K _S with dkey2. Sending the encrypted K _S to a receiver R _iv together with the receiver to decrypt the encrypted K _S in the same way as the transmitter to recover the K _S.

The input and result of the encryption algorithm in the authentication and key exchange process are as above. The left term is the result of the algorithm, the right term is the algorithm (input value, input key) and [63: 0] is the value from the lower 63 bits to 0.

(7) Resumability test

Theoretically, receivers that support HDCP are never disclosed and have a reliable private key, but sometimes there may be an HDCP receiver whose private key is disclosed or incorrect. In order to prevent communication with such a receiver, a system resumability message provided by DCP LLC exists and is configured as shown in FIG. 15.

The HDCP sender has a system resumability message and during the authentication process it checks to see if the receiver is on the revocation list of the resumability message and if so, suspends authentication because it is an invalid HDCP receiver. When reading this system resumability message, it is necessary to determine if the message is correct, so verify the DCP LLC signature at the bottom of the message and verify the content of the message. The process is consistent with the process of verifying the receiver certificate in AKE.

(8) DPCP input and output

The DisplayPort receiver has a DPCD memory in the auxiliary channel (AUX) to store the state of the transmitter and the state of the receiver and exchange messages with each other. The sender exchanges messages by writing and reading messages to the receiver's DPCD via AUX, with a storage location for each message.

(9) CP IRQ interrupt

During the authentication process, the transmitter reads the message at least 3 times and 4 times from the receiver. Among them, <AKE_Send_Cert> and <LC_Send_L_prime> are read unilaterally from the DPCD after the transmitter sends a message for a certain time, and in case of <AKE_Send_H_prime> and <AKE_Send_Pairing_Info>. After the receiver generates an IRQ interrupt, the transmitter reads from the DPCD.

DisplayPort receivers use a method called IRQ interrupt, which shortens the Hot Plug Detect (HPD) line to ground for a short time and then raises it to notify DisplayPort transmitter of its status. Called IRQ interrupt. When the transmitter detects an IRQ interrupt, it reads the RxStatus byte in DPCD memory and acts on the byte value. The receiver changes the RxStatus byte to 0 after the transmitter reads the RxStatus byte.

The CP IRQ interrupt is generated after the authentication process has completed and the data integrity is not good enough to allow the authentication process to restart.

Cipher Block

Figure 16 illustrates the structure of a cipher block in HDCP for DisplayPort.

After all authentication process is completed by the authentication block, the cipher block uses the session key K _S to create a cipher data string and encrypts it by XORing with the transmitted data. AES encryption algorithm is used in this process. The encryption block is composed of an encryption control unit that detects an encryption status signal and determines whether to encrypt, and an encryption structure that generates an encryption data string. In addition to detecting the encryption status signal, the encryption control unit of the receiver also functions to check data integrity and generate a lack of integrity signal.

DisplayPort's Main Link has 1-lane, 2-lane, and 4-lane according to the number of lanes transmitting data, and the size of transmitted data is XORed at every link clock according to the number of lanes. For example, if data is transmitted in 1-lane, 8 bits of encrypted data is XORed with the transmitted data for each link clock. In this case, AES creates one encrypted data string every 16 link clocks. When the transmission data is XORed with 8 bits of encrypted data, the next transmission data is XORed with the next 8 bits of data of the encryption data string.

(1) cryptographic structure

The encryption structure uses the AES counter mode (AES-CTR) and the principle is as follows.

The counter mode is a structure that adds 1 to the input value and generates the next output each time the initial input is received and the output of the encryption algorithm is generated. The encryption data string, which is the algorithm output value, and the original data are encrypted by XOR operation. In this way, the encryption key and the original data become difficult to know by continuously changing the original data and the XOR operation data. AES-CTR follows the operation principle of this counter mode, and the encryption algorithm at that time is AES.

17 illustrates a cryptographic structure block diagram.

Referring to FIG. 17, the encryption structure uses a value obtained by performing an XOR operation on a constant lc128 having a size of K _S and 128 bits as an AES key, and using a value obtained by adding a counter number having a size of 64 bits after R _iv as an input. This counter is initialized to zero immediately after the HDCP authentication process and increments by 1 each time a cryptographic data sequence is created. The cipher data string generation cycle is dependent on the link clock and becomes shorter in proportion to the number of lanes in the main link.

(2) encryption status signal

After completing the authentication process in the HDCP authentication block, the SR is changed to CPSR in the SR generation block of the DisplayPort transmitter. Here, SR is control data transmitted to the main link and has a value of 0x1c7c7c1c (SR, BS, BS, SR) in Enhanced Framing Mode. CPSR has a value of 0x1c3c3c1c (SR, CP, CP, SR), and the encryption control unit of the HDCP cipher block detects this value and recognizes that the authentication process is completed. Once the CPSR is sent, the next main link data is encrypted until the SR is sent instead of the CPSR. Even if the SR is transmitted, the cipher data string and the counter number of the encryption structure are not initialized and the existing value is maintained. When the CPSR is sent again, encryption continues, starting with the old value.

(3) data safety check

Because HDCP uses counter mode as an encryption method, even slight differences in the counters of the transmitter and receiver do not restore encrypted data. To solve this problem, the cipher block of the HDCP receiver should check the data integrity of the main link. If the data is not restored correctly until a certain amount of data is transmitted, the transmitter and receiver counters are not matched and the HDCP transmitter is notified of the situation via CP IRQ interrupts. Upon receiving this signal, the HDCP transmitter starts a new authentication process and initializes the existing key values and counters.

The HDCP receiver reads the Bit 5 value of the recovered VB-ID byte and determines that the link integrity check failed if this bit has a value that is continuously different from the constant sequence (0x531F). If the link integrity check fails continuously for two frames, it is determined that the data integrity check failed and is changed to the non-encryptable state. At this time, CP IRQ interrupt is generated.

The configuration of the VB-ID byte is shown in Table 2.

name Bit field Justice VerticalBlanking_Flag 0 This bit becomes 1 at the end of the last active line and remains 1 for the vertical blanking period. This bit is 1 even when there is no video stream. FieldID_Flag One This bit is zero immediately after the last active line of the top field. It is 1 immediately after the last active line in the bottom field. Interlace_flag 2 This bit is 1 when the main stream is interlaced video. Non-interlaced video or zero if no video. NoVideoStream_Flag 3 This bit is 1 when the previous BS was added when the video stream was not transmitted. If this bit is 1, the Mvid 7: 0 value must be "don't care". AudioMute_Flag 4 This bit is 1 when audio is muted. HDCP SYNC DETECT 5 It has a value according to the HDCP operation and has a bit value of a specific sequence. RESERVED 7: 6 All zeros.

Hereinafter, the design of the HDCP for DisplayPort will be described. In addition, it describes the benefits of changing the control block of the authentication block from the state machine to the 8051 MCU and explains the design of the PC to MCU module for transferring program code from the PC to the 8051 MCU when designing with an FPGA.

Authentication block design

The authentication block of the HDCP for the DisplayPort transmitter is designed as shown in FIG. 18 and operates as follows. The controller interface receives the operation signal from the controller and controls other detailed blocks in the authentication block according to the operation signal. It also computes the values from each algorithm and binds them into messages according to the current authentication level. Each algorithm block takes keys and inputs, respectively, to generate and store output values. The internal memory stores the receiver ID list (RxID_list) and the system resumability message (SRM), and receives the read / write signal for the receiver ID list and the read / write signal for the SRM separately. The random number generator uses an oscillator to generate 128 bits long random numbers. The message interface converts the generated message into an AUX packet and outputs it to the link policy maker in DisplayPort's AUX block.

The authentication block of the HDCP for the DisplayPort receiver is designed as shown in FIG. It is a symmetrical structure except for the internal memory with the HDCP authentication block for the transmitter. Unlike the HDCP authentication block for the transmitter, a decoding RSA algorithm block is used. The message interface also outputs a DPCD memory control signal with the message data so that the generated message can be written to the DPCD memory.

(1) AES block

Since the AES block uses both an authentication block and a cipher block, uses the same AES128 in both blocks, and encrypts the data in the cipher block, one AES block exists and it is both blocks because the authentication block never uses AES. I use both of these.

In the cipher block, the AES block must operate according to the high speed main link clock, so data throughput is paramount in design. To ensure high data throughput, AES blocks are designed as one logic block. In other words, if you input only input value and key without input clock, it generates output value. In this case, since all the operation blocks corresponding to each round are required, there is a disadvantage in that it uses more resources than the method of making only one operation block and storing the operation values of each round. However, in the latter case, when the FPGA board is designed, the throughput is less than DisplayPort's main link throughput, and the encryption cannot be performed. In addition, there is a method of making all the operation blocks corresponding to each round and storing the operation value for each round, but in this case, there is a problem of using a lot of resources with higher throughput than necessary. Therefore, the AES block is designed in the above manner and the output value is stored according to the clock at the back of the AES block.

(2) HMAC-SHA256 Block

The HMAC-SHA256 block does this because during the HDCP authentication process only the SHA256 operation is required, not as part of the HMAC (signer verification of the receiver certificate, system resumability message signature verification, and the generation of k _h at the receiver). According to the design, it is divided into SHA256 mode and HMAC mode. In the case of SHA256 mode, the input of SHA256 is directly received from the outside, and the output goes directly to the outside. In HMAC mode, the input / output of SHA256 is connected to the inside of HMAC-SHA256 block and operates as a hash function of HMAC. In the HDCP authentication process, the value of HMAC input is fixed to 112 bits if the length is AKE and 64 bits for the locality check. Therefore, the lower bits of the extended message are fixed according to the authentication process and the hash function is repeated. Since these are always twice, these values are fixed as constants. When SHA256 is connected to the external I / O, the function of determining the length of the input message is omitted by receiving the repetition number from the outside.

(3) control interface

The controller interface is designed to be connected to an 8051 MCU external to DisplayPort to receive a control signal and output a status signal. The control signal is composed of a starting signal for starting the operation of the detailed blocks of the authentication block, a state signal for changing the current authentication step, a message ID signal for indicating the type of message to be transmitted, and the status signal for completing the operation of the detailed blocks. Consists of a done signal and a verifying signal that indicates a match between the values being compared during authentication (eg H and H ').

Since MCU and HDCP have different clocks, the controller interface freezes the output signal until the MCU's output changes to communicate with the MCU, and when the MCU's output changes, it creates a pulse signal synchronized to the clock of the HDCP to make the detailed blocks in the authentication block. Design to be controlled.

(4) message interface

HDCP's message interface for DisplayPort transmitters accepts 1024-bits of messages from the transmitter's authentication block as inputs, addresses the DPCD memory to be accessed according to the current authentication level and message ID, and stores the address, data and message length in the DisplayPort AUX. Designed to output to a link policy maker. The link policy maker is a block that packages messages sent from the AUX to the receiver and unpacks the packets sent from the receiver. Designed to be packaged and unpackaged in the message interface, the link policy maker simply connects the message interface to the outside when exchanging HDCP messages.

HDCP's message interface for DisplayPort receivers accepts 256bits of length from the receiver's authentication block and inputs the message into the corresponding DPCD memory address according to the current authentication phase and message ID. In addition, when a message is transmitted from the transmitter and stored in the DPCD memory, a message arrival signal is transmitted from the DPCD memory to the message interface, from which the message interface reads the data from the DPCD memory. Since the message sent from the transmitter often contains several data, the message arrival signal is generated when the last data transmitted from the transmitter is stored.

(5) receiver information block

The authentication block of HDCP for DisplayPort transmitters has internal memory that stores receiver information and system resumability messages, both of which are designed to have separate read / write operations. That is, when a signal for storing receiver information is received, an address is allocated to a section for storing receiver information even if there is no specific address designation, and new receiver information is stored at the end of the current receiver information list. When storing one receiver information, the receiver ID, K _m , E _kh (K _m ), m are stored in order. When determining whether to store the receiver ID, the stored receiver ID and the current receiver ID are directly compared by one bit and are not the same. If it is designed to be able to quickly compare the next receiver ID. In addition, the number of receiver IDs stored in the first address of the memory is stored and compared only by this number, so as not to compare more times than necessary.

(6) System Resumability Message Block

Since the minimum 5kB capacity is required to store the system resumability message, set the lower 5kB portion of the internal memory of the HDCP authentication block for the DisplayPort transmitter as the system resumability message block area. Also, like the receiver information block, when determining whether the revocation list includes the receiver ID, the stored receiver ID and the current receiver ID are directly compared bit by bit so that the next receiver ID can be quickly compared if they are not the same.

Cipher block design

The cipher block of the HDCP is divided into an encryption control unit and two encryption structures, and is positioned after the SR inserter and before the scrambler at the main link of the DisplayPort transmitter to be encrypted before the scramble. The receiver is located after the descrambler and before the stream unpacker.

(1) encryption control unit

When the authentication block completes the session key exchange phase, it sends an Encryption Enable signal to Displayport's SR inserter, which detects it and creates a CPSR instead of the SR. The encryption control unit of the HDCP reads the control symbol of the main link to determine whether or not it is a CPSR. If it is a CPSR, the cipher enable signal is set to 1. When the Cipher Enable signal is 1, the link clock counter operates to count the link clock. Depending on the number of lanes (15 for 1-lane, 7 for 4-lane, 3 for 4-lane 3), if the counter value goes up, it is initialized to 0 again and this counter value enters the encryption structure and stores the AES result. Generate a clock. In addition, if there is an SR in the control symbol, the Cipher Enable signal is set to 0 and the link clock counter stops counting without being initialized. When the Reauthentication signal comes from the authentication block, it initializes all the cipher blocks. In addition, since control symbols should not be encrypted, there is a MUX at the data output, so that either XOR-operated data or original data can exit.

(2) cryptographic structure

20 shows the configuration of an encryption structure. Counter and 256bit FIFO are connected to the input of AES128 block. It generates the cipher data string according to the clock of the main link and performs the XOR operation on the data string with the main link data.

When the Encryption Enable signal comes from the authentication block, the encryption structure is in Cipher Enable state and the link clock is divided to generate a clock that stores the AES results. The result is stored in a 256-bit-long FIFO, and when this FIFO is full, a clock is generated that stores the AES result as a link clock counter value read from the cryptographic controller. The reason for using two clocks of the same speed is to generate an extra sequence of encrypted data before the data is encrypted after authentication. That is, before the link clock counter operates, a cipher data string corresponding to inputCTR = 0 and inputCTR = 1 is generated and stored in the FIFO.

The encrypted data string is stored at 128 bits when stored and 8 bits when used, so the FIFO write clock and read clock are different. Therefore, if the cipher data string is not generated in advance, an issue occurs in which the cipher data string to be calculated is not properly stored before the XOR operation of the new cipher data string and the link data. To prevent this situation, a method of generating two encrypted data strings in advance is used.

(3) data integrity check block

The HDCP cipher block for DisplayPort receivers must be checked for data integrity, which can be operated as a single state machine. The operation of the state machine is shown in FIG. 21 and determines whether bit 5 of the VB-ID is equal to the current link verify pattern, otherwise a pattern error count. If both patterns pass and a pattern error occurs, an error is detected and the same check is made in the next frame. If the above pattern error occurs in the second frame, it is determined as a completeness error, a reauthentication request signal is sent to the authentication block, and the encryption is not in use. When the authentication block receives the reauthentication request signal, the authentication block changes the RxStatus value of the DPCD memory and generates a CP IRQ interrupt. If SR data comes in during data integrity checking, it is immediately disabled.

MCU and Serial Communication Block Design

FIG. 22 illustrates an HDCP structure for DisplayPort transmission including 8051, and FIG. 23 illustrates an HDCP structure for DisplayPort reception including 8051.

The authentication block consists of a cryptographic algorithm block (AES128, HMAC-SHA256, RSA), a random number generator, a message interface, a controller, and an internal memory (transmitter). The cipher block consists of an encryption control unit and an encryption structure. The message interface transfers the random number and encryption key generated in the authentication block in the form of AUX message to DisplayPort AUX according to the authentication process. The RSA, AES128, and HMAC-SHA256 generate encrypted output using inputs and encryption keys for each cryptographic algorithm. The random number generator outputs AES128 encoded noise from the oscillator. The encryption control unit reads the control symbol of the main link to control the operation of the encryption structure.

The HDCP authentication block acts as a state machine and can be designed to control other detailed blocks by designing the state machine block inside the authentication block. The state machine block can then be replaced with an external MCU. In other words, the control signal does not come out of the state machine block, but the control signal comes from an external MCU. In the HDCP, a control interface exists so that the control signal is received.

This design makes it easy to, firstly, change the behavior of the authentication block. In the case of control by the state machine block, the control operation of the authentication block is fixed, so it is difficult to change the operation when the protocol is changed later. However, if the MCU is controlled, the operation can be easily changed by changing the program code of the MCU. Second, it is easy to design the operation when designing. Designing with state machine blocks and verifying operation requires synthesis and FPGA board testing each time. In case of controlling by MCU, synthesize MCU and HDCP together on the FPGA board and upload the program code of MCU separately so that operation can be designed and verified in real time. Third, since the actual DisplayPort is often controlled along with other digital interfaces, it is actually controlled by the MCU. When designing HDCP, the controller is designed as an MCU, making it easy to optimize for actual DisplayPort environment. The MCU has changed its open source 8051 MCU source and is designed to include a PC to MCU block in the MCU. The MCU is connected to DisplayPort's AUX block to implement the entire system.

(1) HDCP control for transmitter

The HDCP authentication block for the display transmitter outputs the status of the block to the MCU and receives control signals from the MCU. Therefore, the controller interface is connected to the input / output pins of the MCU so that each signal can be exchanged. The MCU has an 8bit input pin and an 8bit output pin. The control operation of the MCU is shown in FIG. 24.

(2) HDCP control for receiver

The HDCP authentication block for the display receiver, like the authentication block for the transmitter, outputs the status of the block to the MCU and receives control signals from the MCU. Therefore, like the authentication block for the transmitter, the controller interface is connected to the input / output pins of the MCU so that each signal can be exchanged. The MCU has an 8bit input pin and an 8bit output pin. The control operation of the MCU is shown in FIG. 25.

(3) PC to MCU serial communication block

In the proposed HDCP, the 8051 MCU is connected outside the DisplayPort interface, and the 8051 MCU is operated by the program code stored in the external memory. The controller interface in the authentication block is connected to the PIN of the 8051 MCU, and the status of the authentication block is made as a status signal, input to the 8051 PIN IN, and the control signal is received from the 8051 PIN OUT to generate a signal to control the detailed blocks in the authentication block. UART communication block exists to receive the program code through PC and UART communication and store it in 8x65536 memory. MCU recognizes the value stored in 8x65536 memory as program code and operates accordingly.

In order to upload the program code to the MCU block synthesized in the FPGA, the program code must be written in the ROM of the MCU block. Therefore, data corresponding to the program code must be transferred from the PC to the FPGA. In addition, a separate block is required to store the transmitted data in the MCU's ROM.

Program code is written using Notepad and the free compiler SDCC. SDCC is freeware that provides simple reports, compiles c files into hex files, and hex files into ihx files. Rom_Maker program provided by OpenCore converts ihx file into OP code to use as program code.

The UART communication module of the FPGA is used to transfer the program code from the PC to the FPGA. In addition, the PC to MCU serial communication block is designed to create a separate memory and automatically store data received through UART communication in this memory to store the transmitted data. This memory is used as the ROM of the MCU block so that the program code can be uploaded from the PC to the MCU. At this time, the state machine of the PC to MCU serial communication block is shown in FIG.

Therefore, the proposed HDCP can increase the flexibility of operation because the authentication block is controlled by the MCU rather than the state machine. This structure also allows you to test the new behavior by changing the program code in real time without having to synthesize a new digital circuit every time you test a new behavior in the design. In the future, when the latest HDCP standard is released, program code changes can be added and improved, and changing the program code will make it compatible with display interfaces such as HDMI in addition to DisplayPort. In addition, the proposed encryption structure solves the problem that the correct encryption data string is not calculated with the main link data due to the operation delay during XOR operation because the main link data and the encryption data string are generated with different clocks, thereby making it stable in the high speed main link. Can encrypt the data.

The apparatus described above may be implemented as a hardware component, a software component, and / or a combination of hardware components and software components. For example, the devices and components described in the embodiments may include a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate array (FPGA), a programmable PLU (programmable). It can be implemented using one or more general purpose or special purpose computers, such as logic units, microprocessors, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and one or more software applications running on the operating system. The processing device may also access, store, manipulate, process, and generate data in response to the execution of the software. For convenience of explanation, one processing device may be described as being used, but one of ordinary skill in the art will appreciate that the processing device includes a plurality of processing elements and / or a plurality of types of processing elements. It can be seen that it may include. For example, the processing device may include a plurality of processors or one processor and one controller. In addition, other processing configurations are possible, such as parallel processors.

The software may include a computer program, code, instructions, or a combination of one or more of the above, and configure the processing device to operate as desired, or process it independently or collectively. You can command the device. The software and / or data may be embodied in any type of machine, component, physical device, computer storage medium or device in order to be interpreted by or provided to the processing device or to provide instructions or data. have. The software may be distributed over networked computer systems so that they may be stored or executed in a distributed manner. Software and data may be stored on one or more computer readable recording media.

The method according to the embodiment may be embodied in the form of program instructions that can be executed by various computer means and recorded in a computer readable medium. In this case, the medium may be to continuously store a program executable by the computer, or to temporarily store for execution or download. In addition, the medium may be a variety of recording means or storage means in the form of a single or several hardware combined, not limited to a medium directly connected to any computer system, it may be distributed on the network. Examples of the medium include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, And ROM, RAM, flash memory, and the like, configured to store program instructions. In addition, examples of another medium may include a recording medium or a storage medium managed by an app store that distributes an application, a site that supplies or distributes various software, a server, or the like.

Although the embodiments have been described by the limited embodiments and the drawings as described above, various modifications and variations are possible to those skilled in the art from the above description. For example, the described techniques may be performed in a different order than the described method, and / or components of the described systems, structures, devices, circuits, etc. may be combined or combined in a different form than the described method, or other components. Or even if replaced or substituted by equivalents, an appropriate result can be achieved.

Therefore, other implementations, other embodiments, and equivalents to the claims are within the scope of the claims that follow.

Claims (6)

It is connected to the auxiliary channel (AUX) of DisplayPort, which is a display interface, to verify that the transmitter interface and the receiver interface support HDCP (High Definition Contents Protect), and to share the encryption key for encrypting and decrypting digital data. Authentication block; And
An encryption block connected to a main link of the display port and encrypting the digital data at the transmitter interface using the encryption key and decrypting the encrypted digital data at the receiver interface
Including,
The control unit for controlling the authentication block is configured by a micro controller unit (MCU),
The authentication block includes a control unit interface for receiving a control signal from the MCU and outputting the status signal of the authentication block to the MCU,
The authentication block further comprises a message interface,
The message interface of the HDCP for the DisplayPort Transmitter converts the message generated during the authentication process into an AUX message and transmits the message to the AUX of the DisplayPort.
The message interface of HDCP for DisplayPort receivers is to output a memory control signal along with the corresponding message data to input the messages generated during authentication into the receiver's memory.
HDCP system for DisplayPort. The method of claim 1,
The MCU is connected to the outside of the DisplayPort and operated by program code stored in an external memory.
HDCP system for DisplayPort. The method of claim 1,
The control unit interface is fixed to the output signal until the output of the MCU changes, and if the output of the MCU is changed to generate a pulse signal synchronized to the clock of the HDCP
HDCP system for DisplayPort. delete It is connected to the auxiliary channel (AUX) of DisplayPort, which is a display interface, to verify that the transmitter interface and the receiver interface support HDCP (High Definition Contents Protect), and to share the encryption key for encrypting and decrypting digital data. Authentication block; And
An encryption block connected to a main link of the display port and encrypting the digital data at the transmitter interface using the encryption key and decrypting the encrypted digital data at the receiver interface
Including,
The control unit for controlling the authentication block is configured by a micro controller unit (MCU),
The authentication block includes a control unit interface for receiving a control signal from the MCU and outputting the status signal of the authentication block to the MCU,
The encryption block includes an encryption control unit for detecting an encryption status signal and determining whether to encrypt the encryption block, and an encryption structure for generating an encryption data string.
The encryption control unit controls the operation of the encryption structure based on the control symbol of the main link.
HDCP system for DisplayPort. The method of claim 5,
The encryption structure generates an encrypted data string according to a clock of the main link and performs an XOR operation on the encrypted data string with main link data
HDCP system for DisplayPort.

Images