Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Channels ▼

DTCP-IP: Developing a Technical Foundation for Digital Homes

Rapid and widespread adoption of digital media as the primary consumer entertainment medium has accelerated over the past several years. Sales of DVDs, digital camcorders and cameras have increased dramatically. Broadband access at home, enabling the delivery of rich audio and video content, has also grown at a phenomenal rate. Acknowledging the technology advances and widespread acceptance of universal Wi-Fi connectivity throughout the home, it is clear that the world today has gone digital.

To truly fulfill the technical demands of the digital home, however, requires not only a host of new technologies, but also the creation and adoption of industry-wide standards. A cornerstone technology necessary to enable this digital future is Digital Transmission Content Protection (DTCP).

DTCP has evolved from its existing implementations on IEEE 1394 and USB to Internet Protocol (IP) based networks to address the coming age of mainstream distribution of entertainment media within the growing and diverse home network. DTCP-IP provides the ability to deliver, protect, and manage digital data. It can help ensure interoperability between consumer devices and create a robust and transparent management system for digital information.

As the industry continues to innovate with new devices, usage models and services, DTCP-IP is expected to be a key technology enabling people to view any media they want, whenever and wherever they choose--media that will be available on a full range of digital devices including televisions, desktop PCs, laptops, media centers, portable media devices, and car entertainment systems.

DTCP-IP was developed by Hitachi, Intel, Matsushita, Sony, and Toshiba. They license the technology through the Digital Transmission Licensing Administrator (DTLA) to enable product manufacturers and service provides the ability to protect audiovisual content from unauthorized use or redistribution beyond the home network.

A Robust Basis for Online Copyright Protection

DTCP can be implemented over high-speed bidirectional digital bus, including IEEE 1394 and Universal Serial Bus (USB), Bluetooth, Media Oriented Systems Transport (MOST), and now IP.

The content-protection functionality of DTCP-IP consists of four primary components that together form a strong cryptographic standard for implementation on PCs and consumer electronics equipment. These components are:

  • Authentication & Key Exchange (AKE): For two devices to communicate, they must first confirm their identities and authorization to one another and then exchange the appropriate cryptographic information to support the session. DTCP-IP employs robust and well-known Elliptical Curve algorithms for effective yet practical implementations.
  • Content Encryption: DTCP-IP compliant systems use the Advanced Encryption Standard (AES) cipher to control access to the content in usable form.
  • Copy Control Information: DTCP-IP compliant systems use an Extended Encryption Mode Indicator (E-EMI) as well as additional copy control information embedded directly in the content stream to identify whether content is allowed to be copied, time shifted, and so on.
  • Renewability Mechanism: The DTLA issues System Renewability Messages (SRMs) that DTCP-IP-enabled devices use to "revoke" devices whose secret keys have been compromised and either publicly distributed or incorporated in unauthorized devices. The devices which are revoked are still capable of accessing and playing unprotected content.

Authentication & Key Exchange (AKE). To initiate an exchange of protected content, devices engage in challenge/response authentication using one of two levels of security: full authentication or restricted authentication. Only full authentication is permitted for all content DTCP-IP protected content. This authentication mode employs Elliptic Curve implementations of the Digital Signature Algorithm (EC-DSA) and Diffie-Hellman (EC-DH) algorithm. EC-DSA protects data integrity by supporting digital signatures and verification of those signatures. EC-DH is a key exchange methodology that generates shared symmetric (private) keys among two.

Encryption Algorithms. The DTCP-IP specification employs the recently approved Advanced Encryption Standard (AES), the successor to the Data Encryption Standard (DES). AES is open, well understood, and has been extensively tested by leading cryptologists around the world. The specific algorithm (Rijndael) offers over 1077 possible 256-bit keys, a substantial (1031) increase over the 56-bit DES keys in use today.

Copy Control Information. The content protection system embeds Copy Control Information (CCI) in the encrypted content data, which specifies the degree to which the content is allowed to be duplicated, moved or temporarily stored. The CCI is mapped into the Encryption Mode Indicator (EMI), which carries the information in a secure but accessible manner using two bits in the packet header. Alternate Embedded CCI extends on the base level of copy control information to include a richer set of copy control parameters that may be managed by higher level DRM and Conditional Access Systems.

Renewability Mechanism. DTCP-IP devices make use of System Renewability Messages (SRMs) that are distributed via new content. Each SRM contains a list of devices to be revoked. Revocation occurs during the authentication protocol by comparing the identity of the device being authentication to the list of revoked devices in the SRM. Devices which are present in the SRM are not permitted to complete the authentication protocol and thus do not receive the keys needed to decrypt DTCP protected content. Figure 1 illustrates how an updated SRM might enter a home and populate the Digital Home network.

Figure 1 shows digital content that contains a hypothetical SRM version 3 entering a home where all of the devices presently have SRM version 2. The new version of the SRM includes a revocation entry for the rogue device, which has been identified as having keys reverse engineered from another licensed device.

The revocation takes place as follows:

  1. The set-top box receives the content, which contains SRM version 3, and determines that this version is more current than the one it already has. The set-top box verifies that the CRM is legitimate using the licensing administrator's public key and then updates its own version with the new one.
  2. When the users view a cable television movie on the Digital Television (DTV), the DTV determines during that authentication protocol that the STB has a newer version of the SRM. It then receives the SRM from the STB, verifies the integrity of the new SRM, and updates its stored copy.
  3. The users place a DVD that contains SRM version 2 into their DVD player. The DVD player discovers during authentication that the DTV has a newer version of the SRM than the one that both the DVD player and the DVD have, and it requests a copy of SRM version 3. After verification, the DVD player updates its own SRM version.
  4. The rogue device is now fully revoked in the digital home network.

The "Lingua Franca" of Device Interoperability

In the current period of emerging rights management solutions, the overall landscape is one with a diverse range of solutions which generally do not interoperate with each other. Individual devices may support multiple rights management solutions. For instance, a PC may be capable of playing back CSS protected DVD Video disc and also a media file protected by Real Network's Helix, but interoperability is largely limited to families of products that support the same solution.

Looking forward, interoperability of rights management solutions between devices on the home network will be provided among by adaptation to DTCP-IP. Content that has been delivered to the home protected by a wide range of rights management solutions will be converted to DTCP-IP before transfer over the network, and the receiving device will decrypt the DTCP-IP and render the content back into clear text. This will enable devices like digital TVs to gain access to protected content from many difference sources, without the cost and complexity of supporting rights management solutions associated with each source.

From the ground up, DTCP-IP has been designed to be a robust and device agnostic foundation for home network content management systems.

UPnP Provides Device Discovery and Control

For example, device discovery and control for DTCP-IP is provided by Universal Plug and Play (UPnP) technology, providing an interconnected digital home network. All devices on the network would be able to communicate according to the full needs of the DTCP-IP modality, regardless of hardware type and origin.

UPnP uses standard Internet protocols to enable the digital home concept by creating an interface layer on a PC control device between TCP/IP (provided by the operating system) and service devices and applications. The API supported by the Intel SDK for UPnP devices incorporates HTTP, XML, Simple Object Access Protocol (SOAP), and other platform-independent, standards-based technologies to make the solution as flexible as possible.

DTCP-IP compliant devices are managed by the control PC as peripheral devices, and many aspects of DTCP-IP can be implemented in software. The system is designed to be extensible to support future generations of smart appliances and other devices.

UPnP AV allows discovery and sharing of audio/visual content throughout the digital home environment, including content from DVDs, CDs, MP3s, gaming consoles and cable television, as well as collections such as play lists and photo albums. Content can also be streamed from one device to another.

Integration of consumer electronics equipment, home computer networks, mobile devices, and home-automation environments are expected to provide new consumer capabilities. This enhanced user experience should, in turn, create opportunity for hardware manufacturers, content producers and service providers.


To realize the potential of the digital home, it is necessary to address not only technological innovations, but also the standards that ensure interoperability among these technologies when integrated into the digital home environment. Intel and other industry leaders are working to help define standards and recommendations that will enhance the user experience. The goal is to make the various elements simple to use and easy to combine, while offering a more secure delivery mechanism for enjoying digital media in the home.

Steve Balogh and Francis Bruening are engineers for Intel.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.