Picking the right non-volatile memory to implement digital content protection could mean the difference between a successful, profitable product and one that stays on the shelves or has the potential for significant liabilities.
What is needed to support DCP for consumer equipment is a physically secure, inexpensive to implement, field-programmable NVM technology that resides inside the SoC.
Two aspects of IP protection increasingly important to many consumer applications are hardware security protections for third party IP and protection of the design IP of the SoC itself. The high costs of media content development whether in the form of movies, video programming, music, or video games drives the need for increased hardware security in order to assure profitability within these industries and reduce losses due to the global problem of copyright piracy. Likewise, increasing global competition within the technology sector makes protecting a company's design IP both more complex and a higher priority.
Crypto Key Storage
Security keys such as HDCP (High bandwidth Digital Content Protection) are needed for protecting the entertainment IP of the A/V streams that multimedia devices send and receive. Just like a secret that becomes harder to keep as more people share it, digital content becomes harder to protect as more devices for sending and receiving this content become available. Digital Content Protection (DCP) has become a critical issue in the development of any equipment involved in the transfer or playback of music and movies, including HDTVs, set-top boxes, DVD players, iPod-like personal entertainment players, and even your cell phone and PC. Of course, as with most consumer devices, the cost of adding an acceptable level of DCP must be low and the protection inviolate.
The most common way to make sure digital content is received by only authorized equipment is by using encryption and decryption keys, where the correct key values are known only by authorized devices. An example of a system which uses encryption for DCP is Intel's HDCP protocol, which is commonly employed with the HDMI (High-Definition Multimedia Interface) interface for sending and receiving high-definition video and audio streams.
The HDCP protocol employs three processes for DCP: an authentication process that only allows authorized devices to receive high-definition content; encrypting the content sent over the HDMI interface to prevent eavesdropping or "man in the middle" attacks on content; and procedures to revoke keys for equipment that is no longer licensed to receive HDCP content, blocking that equipment from receiving the content.
HDCP-compliant and HDMI-enabled equipment use non-volatile memory technology for storing the forty 56-bit keys and the Key Selection Vector (KSV) that HDCP requires and/or for storing proprietary boot code associated with these keys.
Three Primary Permanent Memory Technologies.There are several available embedded technologies that, at first glance, would seem to be viable for content protection in applications such as those that support the HDCP protocol. However, due to a variety of requirements beyond just those involving cost and security, the choices for the consumer marketplace are limited primarily to three non-volatile memory technologies:

Electric Fuse
Floating Gate
Antifuse

Secure key storage means a NVM storage technology that does not give away its contents through typical passive and invasive attacks including magnification, voltage-contrast and magnetic scan, and device de-processing. Compromising the encryption keys is akin to distributing pirate copies of movies or music on DVDs and CDs. In addition, the NVM must be field-programmable, since key values are not known and thus cannot be assigned to equipment until well after the silicon has been processed and packaged - each DCP-enabled chip has its own set of key values. Field-programmability means that ROM, which is cheap and secure, cannot be used for key storage.
Electric Fuse Technology. Embeddable electric fuses (e-fuses), metal and polysilicon, can store both security keys and IDs. However, both types of e-fuse are low-density technologies that are typically not capable of storing more than 1K-bits and are programmed in the factory at the wafer level. These limitations do not meet the requirements for HDCP key storage, since the device keys and KSV are more than 4K-bits and are not known until the fabricated chips are embedded in the receiver. In addition, the KSV and keys may need to be field-updated if the keys are compromised.
Floating Gate Technologies. Embedded floating gate technologies are also a possibility, since they are easy to program. However, technologies such as EEPROM or Flash raise security questions, since floating gate memory programming can be easily read by voltage contrast or other scanning techniques. These technologies are also more expensive to implement, adding die area and/or additional masks and programming steps to the SoC which can raise its cost by as much as 50%.
CMOS Logic Antifuse Technology. What is needed to support DCP for consumer equipment is a highly secure, inexpensive to implement and manufacture, and field-programmable NVM technology that resides inside the SoC device. A reconfigurable technology is not required provided that the OTP (one-time programmable) technology is a high density, low-cost technology in standard logic CMOS. For a Limited-MTP (multi-time programmable) application, such as HDCP key storage, an OTP memory technology that provides physical layer security is more ideal. The trick is to include one or more uncommitted sectors in the OTP memory along with the sectors storing the security keys. To upgrade the security keys or KSV, the updated key is programmed into an unused memory sector and the link table pointer is updated to point to the updated key location.