DesignWare OTP NVM for Secure Encryption Keys

High-definition (HD) digital content is driving the need for higher security in the system-on-chip (SoC) devices used to transfer content between consumer devices. The number and types of these devices that store and play video and audio content is skyrocketing. Digital Content Protection (DCP) is a mechanism for the use of copyrighted content such as movies and music by authorized (licensed) personnel while blocking the use of this content by unauthorized persons.

One example of DCP is High-Bandwidth Digital Content Protection (HDCP) for controlling the flow of high-definition video (and audio) from source to display. The HDCP protocol for this transfer comprises authentication of receiving devices, encryption of the content, and procedures to revoke authorization for equipment no longer licensed to receive the HDCP content. Typically, HDCP encryption key storage requirements are just a few kilobytes, but the storage technology has to be low cost, highly secure, field-updatable, non-volatile and very reliable.

Besides media storage and transfer, secure encryption keys are found in many other devices, including encrypted flash memory drives, hard disk drives (HDDs) and electronic Point of Sale (POS) systems.

OTP Requirements for Secure Keys

  • A few Kbits of NVM storage
  • Small memory area for minimal cost impact
  • Very secure storage
  • Ability to easily update encryption keys

DesignWare OTP Features and Benefits

  • The smallest embedded field-programmable OTP bit-cell area in the industry to minimize encryption key storage area
  • No additional masks or process steps means no processing cost impact, a critical requirement for consumer electronics devices
  • Highly secure – virtually impossible to read bit-cell states – to ensure the integrity of authorized users. Additional security features available in Synopsys DesignWare® OTP macros further enhance system security
  • Supports emulated multi-time programmable (eMTP) operation through inclusion of non-committed memory sectors for replacing keys
  • Field-programmable without the need for special equipment or programming sources

Example: HDCP Encryption Keys

An HDCP system has three "pieces":

  1. An authentication protocol, during which the HDCP source verifies that a specific HDCP receiver is licensed to receive HDCP content
  2. When authenticity is verified, the source sends encrypted HDCP content to the display based on encryption keys set up during the authentication protocol
  3. If a legitimate device has been compromised, the HDCP source identifies compromised devices and prevent transmission of the HDCP content

The following example shows a DVR connected to an HDTV. An entire set of encryption keys for one device requires about 2.5 Kbits of storage.

The following diagram illustrates a Digital TV SoC using DesignWare OTP to securely store HDCP keys for decoding HDMI video.