Method and system for providing secure video data transmission and processing

US 20100031342A1
Filed: 04/11/2008
Published: 02/04/2010
Est. Priority Date: 04/12/2007
Status: Abandoned Application

First Claim

Patent Images

1. A system comprising:

memory including partitions, wherein each partition has an associated security clearance level such that the partition only stores applications having the associated security clearance level;

a plurality of graphics engines for receiving data from applications and rendering an image based on the data onto a display, wherein during initiation of the graphics engines, each graphics engine is authorized to only receive data having given security clearance levels, and wherein the graphics engine will not process data not having the given security clearance levels or lower security clearance levels; and

a guard routing policy engine for receiving data from each application via respective secure channels and identifying a security clearance level of the data, the guard routing policy engine further for sending the data via respective secure channels to only graphics engines authorized to receive data having the identified security clearance level.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for secure graphics processing employing an operating system that supports multiple independent levels of security (MILS) is described. A video queuing mechanism is provided in conjunction with a cross domain guard to receive extended graphics language video inputs from multiple input applications in multiple security enclaves. Without accessing sensitive data, a function manages desired format and mode selections of the displays, coordinates the execution of multiple graphics applications that produce the needed video content, as well as communicate with a one or more high assurance render functions regarding how to draw each video output'"'"'s content in a secure and easily certifiable manner.

26 Citations

View as Search Results

20 Claims

1. A system comprising:
- memory including partitions, wherein each partition has an associated security clearance level such that the partition only stores applications having the associated security clearance level;
  
  a plurality of graphics engines for receiving data from applications and rendering an image based on the data onto a display, wherein during initiation of the graphics engines, each graphics engine is authorized to only receive data having given security clearance levels, and wherein the graphics engine will not process data not having the given security clearance levels or lower security clearance levels; and
  
  a guard routing policy engine for receiving data from each application via respective secure channels and identifying a security clearance level of the data, the guard routing policy engine further for sending the data via respective secure channels to only graphics engines authorized to receive data having the identified security clearance level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the guard routing policy engine maintains separation of received data.
  - 3. The system of claim 1, wherein a user identifies the user during initiation of the system and sets the given security clearance levels of the plurality of graphics engines to be authorized to receive data having the given security clearance levels.
  - 4. The system of claim 1, wherein the guard routing policy engine identifies a security clearance level of the data by reviewing header information of data packets.
  - 5. The system of claim 1, wherein the guard routing policy engine identifies a security clearance level of the data by identifying an incoming port of the data.
  - 6. The system of claim 1, wherein the guard routing policy engine further includes a table indicating security clearance levels of each graphic engine, and wherein the guard routing policy engine sends the data via the respective secure channels to the graphics engines by referencing the table to identify which graphics engines are to be sent the data.
  - 7. The system of claim 1, wherein during initiation of the graphics engines, the plurality of graphics engines are authorized to receive data having an unclassified security clearance level.
  - 8. The system of claim 7, wherein a user identifies the user during initiation of the system and sets the given security clearance level of the plurality of graphics engines to be authorized to receive data having a higher security clearance level.
  - 9. The system of claim 1, further comprising a display for displaying data rendered by the plurality of graphics engines.
  - 10. The system of claim 9, wherein a graphics engine will render images according to the data such that a rendering order is by graphical object or graphical object group and independent of a security clearance level or source of the data.
  - 11. The system of claim 9, wherein a graphics engine will render data by referencing a table that indicates a rendering order for types of data.

12. A method comprising:
- initiating a system including a plurality of graphics engines to given security clearance levels, wherein each graphics engine is authorized to only receive data having the given security clearance levels, and wherein the graphics engine will not process data not having the given security clearance level; and
  
  receiving data at a guard routing policy engine from applications via separate channels for each respective application;
  
  identifying a security clearance level of received data;
  
  sending the data via respective secure channels to a graphics engine authorized to receive data having the identified security clearance level; and
  
  the graphics engine rendering an image based on the data from a plurality of sources on a display.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, further comprising storing the applications in respective partitions of memory, wherein each partition in the memory has an associated security clearance level such that the partition only stores applications that use data having the associated security clearance level.
  - 14. The method of claim 12, further comprising during initiation of the graphics engine, a user authorizing the graphics engine to receive data having a given security clearance.
  - 15. The method of claim 12, wherein identifying the security clearance level of received data comprises reviewing header information of data packets in the data.
  - 16. The method of claim 12, wherein identifying the security clearance level of received data comprises identifying an incoming port of the data.
  - 17. The method of claim 12, wherein the guard routing policy engine further includes a table indicating security clearance levels of each graphic engine, and wherein the method further comprises referencing the table to identify which graphics engine to send the data.
  - 18. The method of claim 12, further comprising rendering images according to the data such that a rendering order is by graphical object or graphical object group and independent of a security clearance level or source.
  - 19. The method of claim 18, wherein a graphics engine will render data by referencing a table that indicates a rendering order for types of data.
  - 20. The method of claim 12, further comprising the graphics engine determining a security clearance level of received data and ignoring data not having a security clearance level the same as or lower than a security clearance level at which the graphics engine has been initialized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Vogsland, Robin O.

Application Number

US12/082,450
Publication Number

US 20100031342A1
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/105   Multiple levels of security

H04L 67/131   Protocols for games, networ...

H04L 67/63   Routing a service request d...

Method and system for providing secure video data transmission and processing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing secure video data transmission and processing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links