Education
current
Created Review
videohdcpdrmcopy-protectioncompliancecontent-protectionhdmirepeater

HDCP

HDCP (High-bandwidth Digital Content Protection) is an Intel-developed content protection scheme embedded in HDMI, DisplayPort, DVI, and MHL. It encrypts the digital video signal between source and display to prevent unauthorized recording, with authentication happening at every link in the signal chain. For AV integrators, HDCP is a constant presence — a matrix switcher, signal extender, or capture device that doesn't handle HDCP correctly causes black screens and frustrated clients.

How HDCP Authentication Works

HDCP authentication uses a three-stage process:

  1. Authentication and Key Exchange (AKE): Source and sink exchange Device Keys and KSV (Key Selection Vectors). Each licensed device has a unique 56-bit KSV. Source and sink multiply their keys to generate a shared cipher value.
  2. Locality Check: Verifies that the sink is local (not being relayed over the internet). The round-trip time of the check must be under 20 ms.
  3. Session Key Exchange: A 128-bit session key is established. Content is encrypted with AES-128 (HDCP 2.x) before transmission and decrypted inside the display.

Authentication occurs every time a new link is established — source boot, cable re-plug, display power cycle, or switcher transition. Each authentication takes 100–500 ms, which is why inputs take a moment to appear after source switching.

HDCP Versions

VersionAuthenticationEncryptionMax Downstream DevicesUse Case
HDCP 1.xHDCP 1.4 algorithmLFSR-based7 devices (repeater)Legacy SD/HD content
HDCP 2.0Public key + RSAAES-128-CTR31 devicesTransition version
HDCP 2.2Public key + Elliptic CurveAES-128-CTR31 devices4K UHD content (current standard)
HDCP 2.3Same as 2.2 + improvementsAES-128-CTR31 devicesMinor security enhancements

Critical version interaction: HDCP 2.2 sources will not downgrade to HDCP 1.x compatibility for 4K protected content. A 4K streaming source (Netflix, Disney+, Amazon Prime Video 4K) connected to a display supporting only HDCP 1.4 will display content in HD (not 4K) or refuse to play at all, depending on the service and playback device. Every device in the signal chain must support HDCP 2.2 for 4K protected content.

HDCP Topology: Repeaters

In AV systems with matrix switchers, distribution amplifiers, or signal extenders, every device that receives and re-transmits HDCP-protected content is an HDCP repeater. Repeaters must authenticate with both the upstream source and all downstream sinks simultaneously.

Repeater requirements:

  • Must be licensed by HDCP LLC (now owned by Intel)
  • Each repeater can pass protected content to a maximum of 7 HDCP 1.x devices or 31 HDCP 2.x devices downstream
  • The total downstream device count across all repeaters in a chain cannot exceed 127 (HDCP 1.x) or 32 levels deep (HDCP 2.x)
  • Repeaters add authentication latency — each hop adds 100–500 ms

Topology depth limit: HDCP 1.x allows a maximum of 7 levels of nesting (repeater inside a repeater chain). HDCP 2.x allows up to 4 levels. Exceeding these limits causes the entire chain to fail authentication.

In practice, a single-room system with a source → matrix → distribution amplifier → display is well within limits. Campus-wide video distribution through multiple layers of routing hardware approaches limits more quickly.

HDCP in Matrix Switchers

Matrix switchers that handle HDCP-protected content must be licensed HDCP repeaters:

  • Each output of the matrix authenticates independently with its connected sink
  • When an output is routed to a new source, HDCP re-authentication occurs (causing the brief black screen during switching)
  • Some matrices support background authentication — pre-authenticating potential routes to reduce switching latency

Matrices that strip HDCP (remove the protection entirely) may be marketed for "compatibility" purposes but violate the HDCP license agreement and will fail to pass 4K protected content from HDCP 2.2 sources. Verify that the matrix is a licensed HDCP 2.2 repeater for any installation involving 4K streaming.

HDCP over IP and AV-over-IP

HDCP can be transmitted over IP networks (HDCP 2.x is specifically designed for IP transport in addition to TMDS/HDMI). This is relevant for:

SDVoE (Software Defined Video over Ethernet): SDVoE encoders and decoders handle HDCP authentication as licensed devices. The HDCP key exchange occurs between the encoder (source side) and decoder (display side) across the IP network. HDCP authentication still requires sub-20 ms locality check — satisfied over LAN but not WAN.

NDI: NDI does not implement HDCP. An HDMI source with HDCP-protected content captured via HDMI-to-NDI converter will either output a blank stream for protected content or require HDCP to be stripped (which may violate license terms). For capturing content from sources that also output unprotected signals (computers, cameras, presentation sources), NDI works fine.

Video streaming over internet (CDNs, encoders): Internet streaming systems bypass HDCP entirely — they encode the source before the HDCP chain using capture devices connected to unprotected outputs (computer displayport without HDCP, or sources configured to output unprotected). Attempting to capture HDCP-protected consumer content for streaming is a license violation.

Lecture Capture and Recording

HDCP is the primary barrier to recording video in education and corporate environments. Strategies used in practice:

Use unprotected sources: Computers outputting presentation software, web cameras, document cameras — none of these typically enable HDCP on their outputs unless DRM-protected content is playing. Capture from these sources works without HDCP issues.

Capture before HDCP encryption: Capture cards (Magewell, Epiphan, AJA) connected to computer HDMI outputs capture presentation content before HDCP is applied to the computer's output. Most computers only activate HDCP when a DRM-protected stream (Netflix, Blu-ray) is active — regular desktop and presentation content is unprotected.

Use HDCP-exempt sources: Document cameras, PTZ cameras, graphics workstations running presentation software all output unprotected HDMI by default.

AV-to-IP capture systems: Crestron NVX, Extron NAV, and similar AV-over-IP systems that include HDCP-compliant encoders can capture and distribute protected content within a licensed network, but recording to files for redistribution still violates the HDCP license.

Analog conversion: Outputs from some older devices that provide analog (VGA, composite) bypass HDCP. Analog outputs are increasingly rare in modern equipment.

The bottom line: for recording presentations, design systems to capture from computer and camera sources, not from consumer video sources playing DRM-protected content.

Common Pitfalls

  • 4K source + HDCP 1.4 display — The display shows no 4K content from streaming services. The fix is replacing the display (or receiver/matrix) with HDCP 2.2 compliant hardware. This is often discovered post-installation when testing with actual streaming content rather than non-protected test patterns.
  • Matrix without HDCP 2.2 repeater license — The matrix passes lower-resolution content but 4K protected streams fail. Some budget matrices are licensed for HDCP 1.4 only. Verify HDCP 2.2 repeater certification before purchase.
  • HDBaseT extender HDCP incompatibility — Long HDBaseT runs sometimes fail HDCP locality check due to propagation delay exceeding the 20 ms limit. Certified HDBaseT products are designed to meet this requirement; uncertified products may not. See hdbaset.
  • Intermittent black screens after switching — Normal HDCP re-authentication (100–500 ms black screen) should not occur repeatedly. If it does, suspect a weak HDCP handshake from signal level issues, a damaged cable, or a non-compliant device in the chain. Check return loss on the cable and verify all devices are certified.
  • Recording system blocked by HDCP on computer output — If the capture device shows black for a specific application (a streaming browser tab) but not others (PowerPoint), HDCP is being selectively applied by the computer's GPU. Most capture systems include a setting to "disable HDCP" on the output for non-protected applications — consult the GPU driver or capture card documentation.
  • Commercial display lacking HDCP 2.2 — Commercial-grade displays (NEC, Sharp NEC, Samsung QM/QH series) sometimes omit HDCP 2.2 to reduce licensing cost. Verify HDCP 2.2 in the display's spec sheet when 4K streaming from consumer sources is a requirement.

Related

Continue reading in the knowledge base.

HDMI

Technical specification of the HDMI protocol for digital video and audio transmission.

Open note →

HDMI vs DisplayPort

Comparison of HDMI and DisplayPort protocols for AV applications, including version history, bandwidth, compatibility, audio, and use cases.

Open note →

HDBaseT

Extended-distance HDMI transmission standard using Category 5e/6 cabling — architecture, specifications, versions, and comparison with proprietary alternatives.

Open note →

Video Switching vs. Routing

Differences between video switching and routing architectures, including matrices, scalers, and signal management strategies.

Open note →

Signal Flow — AV System Signal Chain

Comprehensive guide to signal flow in AV systems — from microphone through DSP to amplifier, video distribution, conferencing bidirectional paths, and gain structure.

Open note →

Previous
HDBaseT
Next
HDMI vs DisplayPort

We use optional analytics cookies to understand site usage and improve the experience. You can accept or reject.