IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0178804
(2002-06-24)
|
등록번호 |
US-8155314
(2012-04-10)
|
발명자
/ 주소 |
- Evans, Glenn F.
- England, Paul
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
2 인용 특허 :
37 |
초록
▼
The various methods and systems described herein are directed to supplying a secure channel for software executing on a host computer. The methods and systems address and provide solutions for an attack model in which rogue software executing on the host computer attempts to inappropriately obtain o
The various methods and systems described herein are directed to supplying a secure channel for software executing on a host computer. The methods and systems address and provide solutions for an attack model in which rogue software executing on the host computer attempts to inappropriately obtain or otherwise manipulate data. Some embodiments can provide pixel data that can be kept confidential (in that untrusted software applications cannot read the data off of the display screen). In addition, other embodiments can preserve the integrity of the pixel data by detecting whether the pixel data has been inappropriately manipulated. Various embodiments are based on a decryption engine that is located on a video card very late in the video processing chain such that programmatic access to decrypted pixel data is denied.
대표청구항
▼
1. A method comprising: providing encrypted video data on a video card, wherein the video card contains memory comprising one or more secure and one or more non-secure regions and the encrypted video data is stored in the one or more secure regions; anddecrypting the encrypted video data on the vide
1. A method comprising: providing encrypted video data on a video card, wherein the video card contains memory comprising one or more secure and one or more non-secure regions and the encrypted video data is stored in the one or more secure regions; anddecrypting the encrypted video data on the video card at a point in a data process where there is no programmatic access to the decrypted video data. 2. The method of claim 1, wherein the act of decrypting is performed prior to providing the decrypted video data to a display converter on the video card. 3. The method of claim 1, wherein the act of decrypting is performed prior to providing the decrypted video data to a RAMDAC on the video card. 4. The method of claim 1, wherein the act of decrypting is performed by a hardware decryptor on the video card. 5. The method of claim 1, wherein the act of decrypting is performed by a decryptor intermediate a video card GPU and RAMDAC on the video card. 6. One or more computer-readable storage devices storing sets of computer-readable instructions thereon which, when executed by one or more computers, cause the one or more computers to implement the method of claim 1. 7. A system comprising: means for providing encrypted video data on a video card, wherein the video card comprises memory with one or more secure and one or more non-secure regions and the encrypted video data is stored in the one or more secure regions;means for decrypting the encrypted video data on the video card; andmeans for denying software access to the decrypted video data. 8. The system of claim 7, wherein said means for providing encrypted video data comprises a stream cipher. 9. The system of claim 7, wherein said means for providing encrypted video data comprises a block cipher. 10. The system of claim 7, wherein said means for decrypting comprises a hardware decryptor on the video card. 11. A system comprising: a graphics processor unit for processing video data that is to be rendered on a monitor;memory operably associated with the graphics processor unit for holding data that is to be or has been processed by the graphic processor unit, wherein the memory comprises a primary surface, and wherein the primary surface comprises one or more secure and one or more non-secure regions;a display converter for converting digital data to signals for use in rendering the data on the monitor; anda decryptor configured to decrypt pixel data for provision to the display converter, the decryptor being disposed at a data processing point where there is no programmatic access. 12. The system of claim 11, wherein the memory comprises a primary surface that contains data that is to be rendered on the monitor, the primary surface comprising one or more secure regions in which encrypted data can be placed. 13. The system of claim 11 further comprising a control processor on the video card configured to impart decryption capabilities to the decryptor. 14. The system of claim 13, wherein the control processor includes a key manager for managing one or more keys that can be provided to the decryptor for decrypting encrypted pixel data. 15. The system of claim 13 further comprising a secure channel communicatively linking the control processor and the decryptor. 16. The system of claim 13, wherein the control processor comprises a separate integrated circuit chip on the video card. 17. The system of claim 11, wherein the decryptor comprises a separate component on the video card. 18. A system comprising: processor means, on a video card, for processing video data that is to be rendered on a monitor;memory means, on the video card, operably associated with the processor means for holding data that is to be or has been processed by the processor means, wherein the memory comprises one or more secure regions and one or more non-secure regions;converter means, on the video card, for converting digital data to signals for use in rendering the data on the monitor;decryptor means, on the video card, for decrypting pixel data for provision to the converter means; andmeans, on the video card, for denying one or more software applications any access to decrypted pixel data. 19. A system comprising: a video card;memory on the video card a portion of which comprises a primary surface that contains data that is to be rendered on a monitor, wherein the primary surface comprises both secure and non-secure regions;one or more of the secure regions on the primary surface storing encrypted pixel data; andat least one key associated with the one or more regions and configured to enable the encrypted pixel data to be decrypted. 20. The system of claim 19, wherein individual secure regions correspond to secure windows that can be provided on the monitor. 21. The system of claim 19, wherein individual secure regions have individual associated keys. 22. The system of claim 21, wherein there are multiple secure regions each with a different key. 23. The system of claim 19 further comprising a decryptor on the video card that is configured to decrypt the encrypted pixel data using an associated key. 24. The system of claim 23, wherein the decryptor decrypts the encrypted pixel data at a processing point where there is no programmatic access to decrypted pixel data. 25. The system of claim 23, wherein the decryptor comprises a hardware decryptor. 26. The system of claim 19, wherein the video card is authenticatable. 27. The system of claim 26, wherein the video card comprises a digital certificate that can be used for authentication. 28. The system of claim 26, wherein the video card is configured to respond to challenges for authentication. 29. The system of claim 19, wherein the video card comprises a key for encrypting communications with one or more secure applications. 30. A method comprising: defining one or more secure regions of a primary surface in the memory of a video card, wherein said primary surface comprises both secure and non-secure regions;associating at least one key with said one or more secure regions suitable for use in encrypting pixel data that is stored in said one or more secure regions;encrypting pixel data with said at least one key; andproviding the encrypted pixel data into said one or more secure regions. 31. The method of claim 30, wherein the one or more secure regions are rectangular in shape. 32. The method of claim 30, wherein the key comprises one that can be used to encrypt with a stream cipher. 33. The method of claim 30, wherein the key comprises one that can be used to encrypt with a block cipher. 34. The method of claim 30, wherein: the act of defining defines multiple secure regions; andthe act of associating associates a different key with each secure region. 35. The method of claim 30, wherein the act of encrypting is performed using stream cipher that is range-restricted to the one or more secure regions. 36. One or more computer-readable storage devices storing sets of computer-readable instructions thereon which, when executed by one or more computers, cause the one or more computers to implement the method of claim 30. 37. A system comprising: means for defining one or more secure regions of a primary surface in the memory of a video card, wherein the primary surface comprises both secure and non-secure regions;means for associating at least one key with said one or more secure regions suitable for use in encrypting pixel data that is stored in said one or more secure regions;means for encrypting pixel data with said at least one key; andmeans for providing the encrypted pixel data into said one or more secure regions. 38. A method comprising: providing encrypted data in a secure region of a video card's primary surface, wherein the primary surface comprises secure and non-secure regions;providing a key associated with the secure region that can be used for decrypting the encrypted data; andusing the key to decrypt the encrypted data in the secure region of the primary surface. 39. The method of claim 38, wherein the act of using the key takes place at a processing point where there is no programmatic access to the encrypted data. 40. The method of claim 38, wherein the act of providing the key is performed by a control processor on the video card. 41. The method of claim 38, wherein the act of using the key to decrypt the encrypted data is performed by a hardware decryptor on the video card. 42. The method of claim 38, wherein the act of using the key to decrypt the encrypted data is performed by a decryptor on the video card that can infer the secure region's geometry. 43. The method of claim 38 further comprising providing the decrypted data to a display converter for rendering on a display screen. 44. The method of claim 38, wherein there are multiple different secure regions, and the act of providing the key provides the key to be associated with each secure region. 45. The method of claim 38, wherein there are multiple different secure regions and the act of providing the key comprises providing multiple keys, each secure region being associated with a different key. 46. The method of claim 38, wherein the act of using the key to decrypt is performed using a stream cipher. 47. The method of claim 38, wherein the act of using the key to decrypt is performed using a range-restricted stream cipher. 48. The method of claim 38, wherein the act of using the key to decrypt is performed using a block cipher. 49. One or more computer-readable storage devices storing sets of computer-readable instructions thereon which, when executed by one or more computers, cause the one or more computers to implement the method of claim 38. 50. A system comprising: means for providing encrypted data in a secure region of a video card's primary surface, wherein the primary surface comprises both secure and non-secure regions;means for providing a key associated with the secure region that can be used for decrypting the encrypted data; andmeans for using the key to decrypt the encrypted data in the secure region of the primary surface. 51. A method comprising: providing encrypted data in a secure region of a video card's primary surface, the secure region having an associated geometry, wherein the primary surface comprises secure and non-secure regions;providing a key associated with the secure region that can be used for decrypting the encrypted data;informing a decryptor on the video card of the secure region's geometry;providing the key to the decryptor; anddecrypting, with the decryptor, the encrypted data in the secure region of the primary surface. 52. The method of claim 51, wherein the act of informing is performed responsive to a window displayed on a display monitor and associated with the secure region being dragged and dropped to a different location on the display monitor. 53. One or more computer-readable storage devices storing sets of computer-readable instructions thereon which, when executed by one or more computers, cause the one or more computers to implement the method of claim 51. 54. A method comprising: providing encrypted data in a secure region of a video card's primary surface, wherein the primary surface comprises secure and non-secure regions;providing a key associated with the secure region that can be used for decrypting the encrypted data;using the key to decrypt the encrypted data in the secure region of the primary surface; anddetecting whether any of the data has been modified. 55. The method of claim 54, wherein the act of detecting is performed before unencrypted data is rendered to a display monitor. 56. The method of claim 54, wherein the act of detecting is performed using authentication information that is associated with the encrypted data. 57. The method of claim 56, wherein the authentication information comprises a secure data format where predetermined pixels are required to have predetermined values. 58. The method of claim 54, wherein the act of detecting is performed using a hash comparison of hashes of the unencrypted data. 59. The method of claim 54, wherein notification is returned over a secure channel to an encrypting entity.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.