Gateway monitor marks premiere of display-based HD protection scheme


Irvine (CA) - The introduction by Gateway of the FPD2185W 21" high-resolution LCD to its product line brings to the computer display market some technologies that Gateway has featured in its widescreen, high-definition TV displays for the past few years. Among these is a controversial feature called High-bandwidth Digital Content Protection (HDCP).

Gateway's language in introducing HDCP may leave customers with some intriguing questions, as it may raise more concerns than it resolves: "The 21" Widescreen comes with built-in innovative compatibility features so you can handle tomorrow's technology today," begins one paragraph. "The HDCP Video Content Encryption Chip allows encrypted high-definition video to be played on the display through the DVI port. The Protection Video Path ensures the display is compatible with future software packages."

Some will interpret "future software packages" to include Microsoft Windows Vista, which will support HDCP internally, Microsoft announced last April. Speculation arising from that announcement led to inaccurate reports today that Vista would require users to upgrade their monitors, and that Gateway's would be among the first wave of "Vista-ready" replacement monitors. Vista will require HDCP monitors for playback of high-definition content; but if a high-def monitor is not installed, Vista will apparently comply with directives from HDCP's licensing agent, Digital Content Protection LLC, mandating that quality of playback for high-def content be reduced for lower-resolution displays.

The basic concept of HDCP is fairly simple: Decades ago, VHS manufacturers implemented crude means to try to prevent two cassette decks from being linked together, enabling a consumer to make a direct copy from an original. Customers classically thwarted these schemes by placing a TV in-between the playback deck and the copy deck. The copy deck simply recorded whatever was output from the TV. The recording quality was somewhat degraded, but for customers of the late 1970s and early '80s, that didn't matter much.

More recently, content providers' fears were that a similar scheme could be used to copy digital media from a digital TV, but without the loss of playback quality. So Intel spearheaded an initiative to endow these digital devices with digital networking equipment, which would include authentication and encryption. Using already proven network authentication protocols, HDCP devices would authenticate themselves to one another, in a kind of peer-to-peer handshaking scheme very similar to PGP. In this scheme, all the HDCP devices in a digital network broadcast initiation signals to one another, which are encrypted using their own private keys. Such messages can only be decrypted using these devices' public keys, which in this scheme are essentially long serial numbers that are attached to these signals. Properly decrypted signals serve as proof that the devices are what they claim to be, since only they could have encrypted the signals using the unshared keys.

Once authentication is complete, the devices can then agree upon a protocol for the transmission of streaming signals, and the encryption of those signals along the way. Here, the protocol calls for the creation of what is called the HDCP cipher, which is essentially the equivalent of a PGP "session key," except that all the connected devices play a role in the cipher's generation. This cipher (key) is used to encrypt content between them; but in this protocol, after the passing of so many screen refresh periods known as "vertical blanking intervals," the cipher is re-generated, and the stream becomes encrypted with an entirely new key. This way, even the breaking of one key would only result in the successful capture of a few seconds' worth of the stream.