METHOD AND APPARATUS FOR PROVIDING A SECURE DISPLAY WINDOW INSIDE THE PRIMARY DISPLAY
First Claim
1. A system for securing data, comprising:
- a platform having virtualization technology (VT) capabilities;
a capability operating system (COS) to be run in a first virtual machine on the platform, an application running under the COS to request data from a source;
a service operating system (SOS) to be run in a second virtual machine on the platform, the SOS configured to retrieve the requested data from the source and to encrypt the data before storing the encrypted data in a first memory store, the first memory store being accessible to the COS; and
a graphics engine having decryption capabilities and having access to tile first memory store and a protected second memory store, the second memory store to store decrypted data, and the second memory store being inaccessible to the first and second virtual machines.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, the invention involves securing sensitive data from mal-ware on a computing platform and, more specifically, to utilizing virtualization technology and protected audio video path technologies to prohibit a user environment from directly accessing unencrypted sensitive data. In an embodiment a service operating system (SOS) accesses sensitive data requested by an application running in a user environment virtual machine, or a capability operating system (COS). The SOS application encrypts the sensitive data before passing the data to the COS. The COS makes requests directly to a graphics engine which decrypts the data before displaying the sensitive data on a display monitor. Other embodiments are described and claimed.
-
Citations
15 Claims
-
1. A system for securing data, comprising:
-
a platform having virtualization technology (VT) capabilities; a capability operating system (COS) to be run in a first virtual machine on the platform, an application running under the COS to request data from a source; a service operating system (SOS) to be run in a second virtual machine on the platform, the SOS configured to retrieve the requested data from the source and to encrypt the data before storing the encrypted data in a first memory store, the first memory store being accessible to the COS; and a graphics engine having decryption capabilities and having access to tile first memory store and a protected second memory store, the second memory store to store decrypted data, and the second memory store being inaccessible to the first and second virtual machines. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for securing data, comprising:
-
requesting data from a source by an application running in a first virtual machine on a platform having virtualization technology architecture, the first virtual machine executing a capability operating system (COS) to control a user environment; intercepting the request for data by a second application running in a second virtual machine, the second virtual machine executing a service operating system (SOS); retrieving the requested data from the source by the second application; encrypting the retrieved data, by the second application; storing the encrypted data in a first memory store accessible to the first application and to a graphics engine; decrypting the encrypted data, by the graphics engine, responsive to a request to display the requested data, by the first application; storing the decrypted data in a protected second memory store, the COS having no access to the second memory store; and displaying the requested data on a display monitor by the graphics engine. - View Dependent Claims (9, 10, 11)
-
-
12. A machine readable storage medium having instructions stored thereon for securing data, that when executed on a platform, cause the platform to:
-
request data from a source by an application running in a first virtual machine on a platform having, virtualization technology architecture, the first virtual machine executing a capability operating system (COS) to control a user environment; intercept the request for data by a second application running in a second virtual machine, the second virtual machine executing a service operating system (SOS); retrieve the requested data from the source by the second application; encrypt the retrieved data, by the second application; store the encrypted data in a first memory store accessible to the first application and to a graphics engine; decrypt the encrypted data, by the graphics engine, responsive to a request to display the requested data, by the first application; store the decrypted data in a protected second memory store, the COS having no access to the second memory store; and display the requested data on a display monitor by the graphics engine. - View Dependent Claims (13, 14, 15)
-
Specification