Method and system for providing secure video data transmission and processing
First Claim
1. A system comprising:
- memory including partitions, wherein each partition has an associated security clearance level such that the partition only stores applications having the associated security clearance level;
a plurality of graphics engines for receiving data from applications and rendering an image based on the data onto a display, wherein during initiation of the graphics engines, each graphics engine is authorized to only receive data having given security clearance levels, and wherein the graphics engine will not process data not having the given security clearance levels or lower security clearance levels; and
a guard routing policy engine for receiving data from each application via respective secure channels and identifying a security clearance level of the data, the guard routing policy engine further for sending the data via respective secure channels to only graphics engines authorized to receive data having the identified security clearance level.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for secure graphics processing employing an operating system that supports multiple independent levels of security (MILS) is described. A video queuing mechanism is provided in conjunction with a cross domain guard to receive extended graphics language video inputs from multiple input applications in multiple security enclaves. Without accessing sensitive data, a function manages desired format and mode selections of the displays, coordinates the execution of multiple graphics applications that produce the needed video content, as well as communicate with a one or more high assurance render functions regarding how to draw each video output'"'"'s content in a secure and easily certifiable manner.
26 Citations
20 Claims
-
1. A system comprising:
-
memory including partitions, wherein each partition has an associated security clearance level such that the partition only stores applications having the associated security clearance level; a plurality of graphics engines for receiving data from applications and rendering an image based on the data onto a display, wherein during initiation of the graphics engines, each graphics engine is authorized to only receive data having given security clearance levels, and wherein the graphics engine will not process data not having the given security clearance levels or lower security clearance levels; and a guard routing policy engine for receiving data from each application via respective secure channels and identifying a security clearance level of the data, the guard routing policy engine further for sending the data via respective secure channels to only graphics engines authorized to receive data having the identified security clearance level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
initiating a system including a plurality of graphics engines to given security clearance levels, wherein each graphics engine is authorized to only receive data having the given security clearance levels, and wherein the graphics engine will not process data not having the given security clearance level; and receiving data at a guard routing policy engine from applications via separate channels for each respective application; identifying a security clearance level of received data; sending the data via respective secure channels to a graphics engine authorized to receive data having the identified security clearance level; and the graphics engine rendering an image based on the data from a plurality of sources on a display. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification