Tag Archives: DTCP

DTCP Order Format 小註解

繼上次的 key format 之後, 又多了一個進階題叫做 order format. 根據 [1] 的 p. 20, 有 3 種 order formats. 價格也略有不同, 當然大客戶比較便宜 (large adopter) 是無庸置疑的. 為何 fomrat 3 比較貴呢?

根據定義, order format 1/3/5 的差異可以用 certificate (證書) / key 和 full / restricted 的排列組合來表現. 如下表, order foramt 3 的範圍最廣, license fee 也就最貴, Order format 1 居中, Order foramt 5 的範圍最小. 

Certificate\Key Full Restricted
Full Order Format 1/3/5 Order Format 1/3
Restricted Order Format 3 Order Format 3

根據 [1] 的 P.2, 證書和 key 的說明如下:

1.11 “Device Certificate” means a cryptographically encoded value which may be provided by
DTLA or its designee which authorizes a device to exchange certain Commercial Entertainment
1.12 “Device Keys” means cryptographic values which may be provided by DTLA or its designee
for use in devices, and include the “Private Device Key” and the “Public Device Key” and keys
associated with Restricted Authentication, all identified in the Specification.

DTCP 的 content 裡面包括一個 CCI (copy control information), CCI 裡面存放 EMI (encryption mode indicator) 來標記可以做甚麼樣的加密: copy free, copy never, copy once.

當 copy once 的 content 被 DTCP sink 處理的時候, 它的 EMI 若改記為 copy no more, 後續就可以只做 restricted authentication ([3] 的 P.891). 假如 content 被標記為 “copy never”, 就必須做 full authentication.

當需要做 full authentication 時, source 和 sink 要互相檢查對方的證書 (certificate), 然後做 key exchange. Restricted authentication 時, sink 只要向 source 證明他們的 secret key 都一樣. 

因此對於一個 recorder 來說, 它可能可以支援 full authentication certificate (計算能力夠強), 也可能只支援 restricted authetication certificate (計算能力弱). 為了降低計算需求, 採用 restricted authetication 比較方便.  但 key 為何又分為 full 和 restricted 呢? 這牽涉到 full authentication 下要選擇 order format 1 或是 5?

我們可以發現 restricted certificate 就不能選 full key, 但是 full certificate 可以選 restricted key. 我推測這是給予 full certificate 去選擇要把 copy once 減一成為 copy never (full key) 或是單純降為 copy no more (restricted key) 的權利.

客戶又問了 AP 和 AL 是 0 還是 1? 

AL flag (1 bit). Additional Localization flag. The AL flag is set to value of one to indicate that the associated device is capable of performing the additional localization test, otherwise shall be set to value of zero.

AP flag (1 bit). Authentication Proxy flag. A device certificate with an AP flag value of one is used by a DTCP bus bridge device, which receives a content stream using a sink function and retransmits that stream to another bus using a source function5.

首先看 Localization flag 是什麼? 根據 [4], 它在 DTCP + 1394 的規格也出現過. IEEE 1394 就是那個已經沒人在用的 DV 規格, 但 localization 的精神應該是一樣的. 基本上, 它要避免利用網路來遠端破解 DTCP, 所以要用網路封包的 round trip time 來檢查 sink 是否在很遠的地方. 如果我們要遠端 debug DTCP-IP 的 content, 我當然希望是 AL = 0. 但正常的產品給 AL = 1 即可.

什麼是 authentication proxy 呢? 顧名思義, 這是不是一個 DTCP 橋接器, 把左手的 DTCP 送給右手. 做為一個 recorder 來說, AP 應該要為 0. 因為不能把收進來的 DTCP-IP 不解就直接寫進 time shift buffer 等下次用. 既然 DTCP-IP 和 Time shift buffer 的 key 不能共用, AP = 0 就好.


  1. http://www.dtcp.com/documents/licensing/dtla-adopter-agreement.pdf
  2. ITU-T_J.95Y1999.PDF
  3. Multimedia Encryption and Authentication Techniques and Applications
  4. https://www.dtcp.com/documents/dtcp/info-20070615-dtcp-v1sf-rev-1-p-0.pdf

DTCP Key Format 小註解

因為 OEM 在問, 所以我上網找了些公開的資料. DTCP (Digital Transmission Content Protection) 的概念類似 HDCP, 由 DTLA (Digital Transmission License Administrator) [1] 所維護. 顧名思義 DTCP 強調傳輸的部分.

版本又分成 DTCP [3] 和 DTCP2, “2” 和 “1” 不相容, DTCP2 主要是用來保護 4K, 8K 的 content. 舊版的的 DTCP 主要用來保護 HD 的影像. 再來就講到 key 的內容了, 首先分成 unique key 和 common key.

CK flag (1 bit): A value of zero indicates the device is using unique DTCP2 keying material
(Unique-key Device) and a value of one indicates that the device is using common keying material
(Common-key Device).

詳細的說明在 [4] 的 P.6, 本來每個 device 的 key 都要長得不一樣. 但是如果你是大戶買很多把的話, 就可以都用一樣的 key 比較方便, 這個叫做 common key. 當然 common key 被濫用的話, 必須要能夠被註銷. 這些規範寫在 Section 2.2 of the Procedural Appendix. F (p. 60).

2.3 Device Certificate and Device Keys. Device Certificates and Device Keys are necessary to
manufacture Licensed Products. These are generated under the direction of DTLA and, except in the
case that Adopter elects to use a Common Device Certificate and Common Device Key for certain
devices as described in the Procedural Appendix and Compliance Rules, are generated uniquely per
device. Without limiting any other provision of this Agreement, Adopter may not use the same
Device Key or Device Certificate in more than one individual unit or copy of any product or
component except for the use of Common Device Keys and Common Device Certificates in
accordance with Section 2.2 of the Procedural Appendix. F

Unique key 在 DTCP 有三種 certificate format, 在 DTCP2 只有一種. DTCP 的三種 format. 定義在  RFC7562 [2]. Format 0 給計算能力比較有限的 device 用. Format 1 給計算能力強的 device 用, Format 3 就給有額外需求的 device 用 [3]. 看起來 embedded system 比較適合 format 0.

Certificate Format (4 bits). This field specifies the format for a specific type of certificate. Currently three
formats are defined:
o Format 0 = the Restricted Authentication device certificate format (See Chapter 5).
o Format 1 = the Baseline Full Authentication device certificate format.
o Format 2 = the Extended Full Authentication device certificate format (NOT ESTABLISHED2
o Other encodings are currently reserved.

DTCP certificates issued by [DTLA] to DTLA-compliant devices come in
   three general variations (see Section of [DTCP]):

   o  Restricted Authentication device certificate format (Format 0):
      Typically issued to devices with limited computation resources.

   o  Baseline Full Authentication device certificate format (Format 1):
      This is the most commonly issued certificate format.  Format 1
      certificates include a unique DeviceID and device EC-DSA public/
      private key pair generated by the DTLA.  (See Section 4.3 of

   o  Extended Full Authentication device certificate format (Format 2):
      This is issued to devices that possess additional functions (e.g.,
      additional channel ciphers, specific device properties).  The
      presence of these additional functions is indicated by the device
      capability mask as specified in Section of [DTCP].  Format
      2 certificates also include a unique DeviceID and device EC-DSA
      public/private key pair generated by the DTLA (see Section 4.3 of

   The mechanism specified in this document allows only Formats 1 and 2
   DTCP certificates to be exchanged in the supplemental data message
   since it requires the use of the EC-DSA private key associated with
   the certificate.

既然 DTCP2 用來保護 4K, 8K 的內容, 當然就不用顧及老弱殘兵的計算能力了. 按照 2018 年的 DTCP2 spec., 就只有 format 1 一種.

Format (4 bits): This field specifies certificate format and currently only one format is defined:
116 : DTCP2 Device Certificate Format 1


1. https://www.dtcp.com/default.aspx

2. https://tools.ietf.org/html/rfc7562#page-6

3. http://www.dtcp.com/documents/dtcp/info-20130605-dtcp-v1-rev-1-7-ed2.pdf

4. http://www.dtcp.com/documents/licensing/dtla-adopter-agreement.pdf