Methods and systems for maintaining an encrypted video memory subsystem
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-011/30
G06F-012/14
H04L-009/32
출원번호
US-0631023
(2003-07-30)
등록번호
US-7284135
(2007-10-16)
발명자
/ 주소
Evans,Glenn F.
England,Paul
Wilt,Nicholas P.
출원인 / 주소
Microsoft Corporation
인용정보
피인용 횟수 :
12인용 특허 :
33
초록▼
Methods and systems protect digital content such as premium content like movies, programs, and other types of digital audio/visual content. In some embodiments, an architecture and related methods protect content by maintaining the content in encrypted form, whether the content resides in video car
Methods and systems protect digital content such as premium content like movies, programs, and other types of digital audio/visual content. In some embodiments, an architecture and related methods protect content by maintaining the content in encrypted form, whether the content resides in video card memory (referred to herein as "VRAM"), or some other local or remote memory subsystem. The methods and systems enable video card co-processors, such as the graphics processing unit (GPU) to manipulate the encrypted content or data. In various embodiments, the content is maintained in an encrypted format and is unencrypted only when the GPU operates upon the data. After the GPU operates upon the data, the resultant data is re-encrypted and written to memory.
대표청구항▼
The invention claimed is: 1. A method comprising: decrypting encrypted data that resides on one or more memory surfaces established on a video card, said act of decrypting being performed under the influence of a cryptographic processor that resides on the video card, said act of decrypting taking
The invention claimed is: 1. A method comprising: decrypting encrypted data that resides on one or more memory surfaces established on a video card, said act of decrypting being performed under the influence of a cryptographic processor that resides on the video card, said act of decrypting taking place only when an operation is to be performed on the data by a graphics processor unit (GPU) that resides on the video card and is separate from the cryptographic processor; performing an operation on the decrypted data using the GPU to provide resultant data; re-encrypting, under the influence of the cryptographic processor, the resultant data; and writing the encrypted resultant data to a memory surface associated with the video card, wherein: a trusted software component establishes the one or more memory surfaces on the video card and negotiates one or more keys with the cryptographic processor to associate each of the one or more memory surfaces with at least one unique key; and the cryptographic processor distributes the negotiated one or more keys to cryptographic hardware of the GPU which uses the keys to perform the acts of decrypting and re-encrypting; at least one of said acts of decrypting and re-encrypting taking place on a per cache page basis. 2. The method of claim 1, wherein the acts of decrypting and re-encrypting are performed using one or more block ciphers. 3. The method of claim 1, wherein the acts of decrypting and re-encrypting are performed, at least in part, using one or more block ciphers whose block size bears an integer size relation to a cache line of a cache page. 4. The method of claim 1, wherein the act of decrypting and re-encrypting take place on a pixel-by-pixel basis. 5. The method of claim 1, wherein the cryptographic processor comprises a hardware component mounted on the video card. 6. The method of claim 1, wherein the cryptographic processor comprises an integrated circuit chip mounted on the video card. 7. The method of claim 1, wherein the cryptographic processor comprises a trusted component. 8. The method of claim 1 further comprising receiving pre-swizzled encrypted data and writing the pre-swizzled encrypted data to the one or more memory surfaces. 9. The method of claim 1 further comprising receiving pre-swizzled encrypted data that has been pre-swizzled by trusted software, and writing the pre-swizzled encrypted data to the one or more memory surfaces. 10. The method of claim 1, wherein the act of decrypting comprises caching decrypted pages in a local page pool cache to avoid multiple decryptions if a same page is needed. 11. A method comprising: decrypting encrypted data that resides on one or more memory surfaces associated with a video card, said act of decrypting being performed under the influence of a cryptographic processor that resides on the video card, said act of decrypting taking place only when an operation is to be performed on the data by a graphics processor unit (GPU) that resides on the video card; performing an operation on the decrypted data using the GPU to provide resultant data; re-encrypting, under the influence of the cryptographic processor, the resultant data; and writing the encrypted resultant data to a memory surface associated with the video card, wherein: a trusted software component establishes the one or more memory surfaces on the video card and negotiates one or more keys with a cryptographic processor provided on the video card separate from the GPU to associate each of the one or more memory surfaces with at least one unique key; and the cryptographic processor distributes the negotiated one or more keys to cryptographic hardware of the GPU which uses the keys to perform said acts of decrypting and re-encrypting; said acts of decrypting and re-encrypting taking place on a per cache page basis. 12. The method of claim 11, wherein the memory surfaces reside on the video card. 13. The method of claim 11, wherein the acts of decrypting and re-encrypting are performed using one or more block ciphers. 14. The method of claim 11, wherein the acts of decrypting and re-encrypting are performed, at least in part, using one or more block ciphers whose block size bears an integer size relation to a cache line of a cache page. 15. The method of claim 11, wherein the act of decrypting and re-encrypting take place on a pixel-by-pixel basis. 16. The method of claim 11, wherein the cryptographic processor comprises a hardware component mounted on the video card. 17. The method of claim 11, wherein the cryptographic processor comprises an integrated circuit chip mounted on the video card. 18. The method of claim 11, wherein the cryptographic processor comprises a trusted component. 19. The method of claim 11 further comprising receiving pre-swizzled encrypted data and writing the pre-swizzled encrypted data to the one or more memory surfaces. 20. The method of claim 11 further comprising receiving pre-swizzled encrypted data that has been pre-swizzled by trusted software, and writing the pre-swizzled encrypted data to the one or more memory surfaces. 21. The method of claim 11, wherein the act of decrypting comprises caching decrypted pages in a local page pool cache to avoid multiple decryptions if a same page is needed. 22. A method comprising: decrypting encrypted data that resides on one or more memory surfaces of a video card memory, said act of decrypting taking place only when an operation is to be performed on the data by a graphics processor unit (GPU) that resides on the video card; performing an operation on the decrypted data using the GPU to provide resultant data; re-encrypting the resultant data; and writing the encrypted resultant data to a video card memory surface associated with the video card, wherein: a trusted software component establishes the one or more memory surfaces on the video card and negotiates one or more keys with a cryptographic processor provided on the video card separate from the GPU to associate each of the one or more memory surfaces with at least one unique key; and the cryptographic processor distributes the negotiated one or more keys to cryptographic hardware of the GPU which uses the keys to perform said acts of decrypting and re-encrypting; at least one of said acts of decrypting and re-encrypting taking place on a per cache page basis. 23. The method of claim 22, wherein the acts of decrypting and re-encrypting are performed using one or more block ciphers. 24. The method of claim 22, wherein the acts of decrypting and re-encrypting are performed, at least in part, using one or more block ciphers whose block size bears an integer size relation to a cache line of a cache page. 25. The method of claim 22, wherein the acts of decrypting and re-encrypting take place on a pixel-by-pixel basis. 26. The method of claim 22 further comprising receiving pre-swizzled encrypted data and writing the pre-swizzled encrypted data to the one or more memory surfaces. 27. The method of claim 22 further comprising receiving pre-swizzled encrypted data that has been pre-swizzled by trusted software, and writing the pre-swizzled encrypted data to the one or more memory surfaces. 28. The method of claim 22, wherein the act of decrypting comprises caching decrypted pages in a local page pool cache to avoid multiple decryptions if a same page is needed. 29. A method comprising: decrypting encrypted data that resides on one or more memory surfaces of a video card memory, said act of decrypting taking place only when an operation is to be performed on the data by a graphics processor unit (GPU) that resides on the video card; performing an operation on the decrypted data using the GPU to provide resultant data; re-encrypting the resultant data; and writing the encrypted resultant data to a video card memory surface associated with the video card, wherein: a trusted software component establishes the one or more memory surfaces on the video card and negotiates one or more keys with a cryptographic processor provided on the video card separate from the GPU to associate each of the one or more memory surfaces with at least one unique key; and the cryptographic processor distributes the negotiated one or more keys to cryptographic hardware of the GPU which uses the keys to perform said acts of decrypting and re-encrypting; said acts of decrypting and re-encrypting taking place on a per cache page basis. 30. The method of claim 29, wherein the acts of decrypting and re-encrypting are performed using one or more block ciphers. 31. The method of claim 29, wherein the acts of decrypting and re-encrypting are performed, at least in part, using one or more block ciphers whose block size bears an integer size relation to a cache line of a cache page. 32. The method of claim 29, wherein the acts of decrypting and re-encrypting take place on a pixel-by-pixel basis. 33. The method of claim 29 further comprising receiving pre-swizzled encrypted data and writing the pre-swizzled encrypted data to the one or more memory surfaces. 34. The method of claim 29 further comprising receiving pre-swizzled encrypted data that has been pre-swizzled by trusted software, and writing the pre-swizzled encrypted data to the one or more memory surfaces. 35. The method of claim 29, wherein the act of decrypting comprises caching decrypted pages in a local page pool cache to avoid multiple decryptions if a same page is needed. 36. A system comprising: means residing on a graphics processor unit (GPU) for decrypting, on a per cache page basis, encrypted data that resides on one or more memory surfaces of a video card memory only when an operation is to be performed on the data by the graphics processor unit (GPU) that resides on the video card and is separate from the cryptographic processor; means for performing an operation on the decrypted data to provide resultant data; means residing on the graphics processor unit (GPU) for re-encrypting, on a per cache page basis, the resultant data; means for writing the encrypted resultant data to a video card memory surface associated with the video card, and a trusted software component to establish the one or more memory surfaces on the video card and negotiate one or more keys with the cryptographic processor such that each of the one or more memory surfaces is associated with at least one unique key; wherein the cryptographic processor distributes the one or more keys to said means for decrypting and said means for re-encrypting to perform the decrypting and re-encrypting respectively. 37. The system of claim 36, wherein the means for decrypting comprises, at least in part, cryptographic hardware inside the GPU. 38. The system of claim 36, wherein the means for performing comprises a GPU. 39. The system of claim 36, wherein the means for re-encrypting comprises, at least in part, cryptographic processor hardware mounted on the video card. 40. The system of claim 36, wherein said means for decrypting and re-encrypting comprise one or more block ciphers whose block size bears an integer size relation to a cache line of a cache page. 41. The system of claim 36 further comprising means for pooling decrypted pages to avoid multiple decryptions of a page that might be needed more than once. 42. A system comprising: a video card; a graphics processor unit (GPU) on the video card and configured to process video data that is to be rendered on a display device; memory on the video card comprising one or more input memory surfaces configured to hold encrypted data that is to be operated upon by the GPU, and one or more output memory surfaces configured to hold encrypted resultant data that is to be rendered on the display device; a cryptographic processor on the video card, separate from the GPU, and configured to initialize cryptographic hardware of the GPU including one or more encryptors and one or more decryptors to control encryption and decryption on the video card, the cryptographic processor being configured to enable encrypted data on one or more of the input memory surfaces to be decrypted, on a per cache page basis by decryption hardware inside the GPU, in connection with an operation that is to be performed on the data by the GPU; and a trusted software component to negotiate one or more keys with the cryptographic processor such that each of the one or more input and output memory surfaces is associated with at least one unique key, the cryptographic processor further being configured to distribute said negotiated keys to the cryptographic hardware of the GPU to enable data that has been operated upon by the GPU to be encrypted, on a per cache page basis by said one or more encryptors of the GPU, to an output memory surface. 43. The system of claim 42, wherein the cryptographic processor is configured to use block ciphers to effect encryption and decryption. 44. The system of claim 42, wherein the cryptographic processor is configured to use one or more block ciphers whose block size bears an integer size relation to a cache line of a cache page. 45. The system of claim 42, wherein the cryptographic processor comprises a hardware component mounted on the video card. 46. The system of claim 42, wherein the cryptographic processor comprises an integrated circuit chip. 47. The system of claim 42, wherein the cryptographic processor comprises a trusted component. 48. The system of claim 42, wherein the cryptographic processor is configured to set up a session key with a trusted software component. 49. A computer system embodying the system of claim 42. 50. A method comprising: providing multiple input memory surfaces that are to hold encrypted data that is to be processed by a graphics processor unit (GPU) on a video card; associating, with each input memory surface, a decryptor of the GPU_that is uniquely configured so as to decrypt the encrypted data that is held by the associated input memory surface; decrypting, with at least one associated decryptor, encrypted data that resides on at least one respective input memory surface; performing an operation on the decrypted data using the GPU to provide resultant data; re-encrypting the resultant data; and writing the encrypted resultant data to an output memory surface associated with the video card; wherein the video card includes a cryptographic processor as a distinct component separate from the GPU that is configured to: negotiate one or more cryptographic keys with a trusted software component; and initialize said decryptor of the GPU to perform said act of decrypting, at least one of said acts of decrypting and re-encrypting taking place on a per cache page basis. 51. The method of claim 50, wherein the act of providing the multiple input memory surfaces comprises providing at least one input memory surface on the video card. 52. The method of claim 50, wherein the act of re-encrypting comprises using an encryptor of the GPU that is uniquely associated with the output memory surface to re-encrypt the resultant data, and the cryptographic processor is further configured to initialize said encryptor of the GPU to perform said act of re-encrypting. 53. The method of claim 50, wherein the act of re-encrypting comprises using an encryptor of the GPU that is uniquely associated with the output memory surface to re-encrypt the resultant data, and wherein negotiated key indices are used to identify and regulate which keys are used in decrypt and re-encrypt operations. 54. The method of claim 50, wherein the acts of decrypting and re-encrypting are performed using one or more block ciphers. 55. The method of claim 50, wherein the acts of decrypting and re-encrypting are performed, at least in part, using one or more block ciphers whose block size bears an integer size relation to a cache line of a cache page. 56. The method of claim 50, wherein the acts of decrypting and re-encrypting take place on a pixel-by-pixel basis. 57. The method of claim 50, wherein the acts of decrypting and re-encrypting are performed under the influence of a cryptographic processor that resides on the video card. 58. The method of claim 57, wherein the cryptographic processor comprises an integrated circuit chip. 59. The method of claim 57, wherein the cryptographic processor comprises a trusted component. 60. The method of claim 50, wherein the act of decrypting is performed only when the GPU is to perform an operation on data that resides on a particular input memory surface. 61. The method of claim 50 further comprising restricting one or more operations that can be performed by the GPU based on whether encrypted output is available. 62. The method of claim 50 further comprising decrypting the encrypted resultant data for rendering on a display device. 63. The method of claim 50 further comprising decrypting with a display convertor, the encrypted resultant data for rendering on a display device. 64. The method of claim 50 further comprising receiving pre-swizzled encrypted data and writing the pre-swizzled encrypted data to the input memory surfaces. 65. The method of claim 50 further comprising receiving pre-swizzled encrypted data that has been pre-swizzled by trusted software, and writing the pre-swizzled encrypted data to the input memory surfaces. 66. The method of claim 50, wherein the act of decrypting comprises caching decrypted pages in a local page pool cache to avoid multiple decryptions if a page is needed. 67. A method comprising: providing multiple input memory surfaces that are to hold encrypted data that is to be processed by a graphics processor unit (GPU) on a video card; associating, with each input memory surface, a decryptor that is uniquely configured so as to decrypt the encrypted data that is held by the associated input memory surface; decrypting, with at least one associated decryptor, encrypted data that resides on at least one respective input memory surface; performing an operation on the decrypted data using the GPU to provide resultant data; re-encrypting the resultant data; and writing the encrypted resultant data to an output memory surface associated with the video card, wherein the video card includes a cryptographic processor as a distinct component separate from the GPU that is configured to: negotiate one or more cryptographic keys with a trusted software component to associate each of the one or more memory surfaces with at least one unique key; and initialize said decryptor of the GPU to perform said act of decrypting using the keys, said acts of decrypting and re-encrypting taking place on a per cache page basis. 68. The method of claim 67, wherein the act of providing the multiple input memory surfaces comprises providing at least one input memory surface on the video card. 69. The method of claim 67, wherein the act of re-encrypting comprises using an encryptor that is uniquely associated with the output memory surface to re-encrypt the resultant data. 70. The method of claim 67, wherein the act of re-encrypting comprises using an encryptor that is uniquely associated with the output memory surface to re-encrypt the resultant data, and wherein negotiated key indices are used to identify and regulate which keys are used in decrypt and re-encrypt operations. 71. The method of claim 67, wherein the acts of decrypting and re-encrypting are performed using one or more block ciphers. 72. The method of claim 67, wherein the acts of decrypting and re-encrypting are performed, at least in part, using one or more block ciphers whose block size bears an integer size relation to a cache line of a cache page. 73. The method of claim 67, wherein the acts of decrypting and re-encrypting take place on a pixel-by-pixel basis. 74. The method of claim 67, wherein the acts of decrypting and re-encrypting are performed under the influence of a cryptographic processor that resides on the video card. 75. The method of claim 74, wherein the cryptographic processor comprises an integrated circuit chip. 76. The method of claim 74, wherein the cryptographic processor comprises a trusted component. 77. The method of claim 67, wherein the act of decrypting is performed only when the GPU is to perform an operation on data that resides on a particular input memory surface. 78. The method of claim 67 further comprising restricting one or more operations that can be performed by the GPU based on whether encrypted output is available. 79. The method of claim 67 further comprising decrypting the encrypted resultant data for rendering on a display device. 80. The method of claim 67 further comprising decrypting, with a display convertor, the encrypted resultant data for rendering on a display device. 81. The method of claim 67 further comprising receiving pre-swizzled encrypted data and writing the pre-swizzled encrypted data to the input memory surfaces. 82. The method of claim 67 further comprising receiving pre-swizzled encrypted data that has been pre-swizzled by trusted software, and writing the pre-swizzled encrypted data to the input memory surfaces. 83. The method of claim 67, wherein the act of decrypting comprises caching decrypted pages in a local page pool cache to avoid multiple decryptions if a same page is needed. 84. A system comprising: a video card; a graphics processor unit (GPU) on the video card and configured to process video data that is to be rendered on a display device; memory on the video card comprising one or more input memory surfaces configured to hold encrypted data that is to be operated upon by the GPU, and one or more output memory surfaces configured to hold encrypted resultant data that is to be rendered on the display device; a cryptographic processor on the video card and configured to control encryption and decryption on the video card, the cryptographic processor being separate from the GPU and comprising a key manager for managing keys that can be utilized for encrypting and decrypting data on the video card, said managing keys including: negotiating the keys with a trusted software component such that each individual input memory surface has its own unique associated key for decrypting encrypted data held thereon; distributing corresponding keys to the GPU to enable encrypted data on one or more of the input memory surfaces to be decrypted by the GPU on a per cache page basis so that the decrypted data can be operated upon by the GPU; and distributing corresponding keys to the GPU to enable data that has been operated upon by the GPU to be encrypted on a per cache page basis to an output memory surface. 85. The system of claim 84, wherein the cryptographic processor is configured to control encryption and decryption using block ciphers. 86. The system of claim 84, wherein encryption and decryption takes place on a pixel-by-pixel basis. 87. The system of claim 84, wherein encrypted data held on an input memory surface is decrypted only when it is to be operated upon by the GPU. 88. The system of claim 84, wherein the cryptographic processor comprises an integrated circuit chip. 89. The system of claim 84, wherein the cryptographic processor comprises a trusted component. 90. The system of claim 84, wherein the cryptographic processor is configured to set up a session key with a trusted software component. 91. A computer system embodying the system of claim 84.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (33)
Cromer Daryl Carvis ; Desai Dhruv Manmohandas ; Locker Howard Jeffrey ; Ward James Peter, Access limiting to only a planar by storing a device public key only within the planar and a planar public key only within the device.
Porter,Allen J. C.; Wang,Chun; Kechichian,Kevork; Varga,Gabriel; Strasser,David, Method and apparatus for maintaining secure and nonsecure data in a shared memory system.
Cheng Wang J. (Martinsville NJ) Cheng Lee-Tin (East Brunswick NJ) Cochinwala Munir (Basking Ridge NJ) Lee Kuo-Chu (Princeton Junction NJ) Liu Cheng-Chung (Warren NJ) Wise Thomas L. (Piscataway NJ), Method for forwarding a call to a temporarily utilized portable telephone.
Gecht, Guy; Lodwick, Philip A.; Schoenzeit, Loren; Steinberg, John D.; Tenenbaum, Ofer, Methods and systems for the provision of remote printing services over a network.
Michael Man-Hak Tso ; Thomas G. Willis ; John W. Richardson ; Robert Conrad Knauerhase ; Damien Macielinski, System for dynamically transcoding data transmitted between computers.
Pendakur, Ramesh; Prakash, Gyan; Gintz, Walter C., Method and apparatus for dynamic, real-time ad insertion based on meta-data within a hardware based root of trust.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.