Method and system for maintaining secure data input and output

US 7,007,025 B1
Filed: 06/10/2002
Issued: 02/28/2006
Est. Priority Date: 06/08/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method in a computer system for ensuring secure display of valid data on a video display device of a video display system, the video display system having video display memory for storing data to be displayed on the video display device, comprising:

using scheduling to control the content of the video display memory such that the video display memory contains invalid data and, when valid data is needed for display, providing valid data to replace the invalid data in the video display memory to thereby prevent access to valid data in the video display memory to code that is external to the scheduling.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for enhancing the security of data during input and output on a client computer system are provided to prevent attempts by unauthorized code to access, intercept, and/or modify data. Example embodiments provide a plurality of obfuscation techniques and security enhanced drivers that use these obfuscation techniques to prohibit unauthorized viewing/receiving of valid data. When the drivers are used together with the various obfuscation techniques, the security enhanced drivers provide mechanisms for “scheduling” the content of the storage areas used to store the data so that valid data is not available to unauthorized recipients. When unauthorized recipients attempt to access the “data,” they perceive or receive obfuscated data. The obfuscation techniques described include “copy-in,” “replace and restore,” and “in-place replacement” de-obfuscation/re-obfuscation techniques. In one embodiment, a security enhanced display driver, a security enhanced mouse driver, a security enhanced keyboard driver, and a security enhanced audio driver are provided. To complement the security enhancements, the methods and systems also provide for a watchdog mechanism to ensure that the driver is functioning as it should be and various user interface techniques for denoting security on a display device.

99 Citations

View as Search Results

130 Claims

1. A method in a computer system for ensuring secure display of valid data on a video display device of a video display system, the video display system having video display memory for storing data to be displayed on the video display device, comprising:
- using scheduling to control the content of the video display memory such that the video display memory contains invalid data and, when valid data is needed for display, providing valid data to replace the invalid data in the video display memory to thereby prevent access to valid data in the video display memory to code that is external to the scheduling.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74)
- - 2. The method of claim 1 wherein the invalid data is created by transforming the valid data to at least one of obfuscated data, encrypted data, and masked data and storing the transformed data in the video display memory.
  - 3. The method of claim 1 wherein the invalid data is at least one of garbage data, a bitmap, and an opaque single color region.
  - 4. The method of claim 3 wherein the bitmap is a company logo.
  - 5. The method of claim 3 wherein the region is black.
  - 6. The method of claim 3 wherein the bitmap is an advertisement.
  - 7. The method of claim 3 wherein the region is the entire video display device.
  - 8. The method of claim 1, being performed by a scheduling process, the valid data to be displayed in a region on the video display device, the region corresponding to a portion of the video display memory, and further comprising:
    - storing invalid data in the portion of the video display memory that corresponds to the region; and
      
      under an exclusive locking mechanism that disallows a process other than the scheduling process from accessing the portion, temporarily transforming the stored invalid data to valid data in the portion of the video display memory.
  - 9. The method of claim 8 wherein the exclusive locking mechanism is an interprocess locking mechanism provided by an operating system.
  - 10. The method of claim 8 wherein the exclusive locking mechanism is accomplished by ensuring that the scheduling process is a real-time priority process.
  - 11. The method of claim 8, the computer system having an operating system that allows access to device drivers in a controlled order, the order having a first driver, wherein the exclusive locking mechanism is accomplished by ensuring that a display driver that implements the scheduling is the first driver.
  - 12. The method of claim 8 wherein the transforming the stored invalid data comprises one of decrypting, applying a raster operation to the stored invalid data using a mask, copying valid data from a buffer, and creating valid data from a buffer and copying the created valid data from the buffer.
  - 13. The method of claim 12 wherein the buffer is one of an overlay buffer, a secure data buffer, a mask buffer, and a valid data buffer.
  - 14. The method of claim 12 wherein the buffer is another area of the video display memory that is not the portion that corresponds to the region.
  - 15. The method of claim 12 wherein the buffer is stored in a secure location outside the video display memory.
  - 16. The method of claim 1, the video display system having a graphics processor to transfer data from the video display memory to the video display during a plurality of time slices, the valid data being displayed in a region on the video display device, the region corresponding to a portion of the video display memory, and further comprising:
    - storing invalid data in the portion of the video display memory that corresponds to the region; and
      
      replacing the invalid data in the video display memory with the valid data during a time slice, such that when the graphics processor accesses the portion of the video display memory that corresponds to the region, the graphics processor can transfer the valid data and when the graphics processor is not accessing the portion of the video display memory, the portion contains the invalid data.
  - 17. The method of claim 16 wherein the invalid data is replaced with valid data by temporarily transforming the invalid data to valid data in the video display memory during the time slice and then restoring the invalid data.
  - 18. The method of claim 17 wherein the transforming is one of decrypting and applying a raster operation.
  - 19. The method of claim 17 wherein the transforming applies a mask buffer to the invalid data using an XOR raster operation.
  - 20. The method of claim 16 wherein the invalid data is replaced with valid data by copying valid data from an overlay buffer and then restoring the invalid data after the time slice.
  - 21. The method of claim 20 wherein the restoring is done by copying invalid data from a mask buffer.
  - 22. The method of claim 16 wherein the invalid data is replaced with valid data by copying valid data from a secure buffer that contains the valid data and then restoring the invalid data after the time slice.
  - 23. The method of claim 22 wherein the restoring is done by copying invalid data from a mask buffer.
  - 24. The method of claim 22 wherein the valid data buffer is stored in a secure area of video display memory.
  - 25. The method of claim 22 wherein the valid data buffer is accessible only to a process that controls the scheduling.
  - 26. The method of claim 22 wherein the valid data buffer is stored in an area of computer system memory that is located outside of the video display system.
  - 27. The method of claim 26 wherein the computer system memory area is a secure area that is not accessible to non-authorized process.
  - 28. The method of claim 16 wherein the invalid data is one at least one of garbage data, a bitmap, and an opaque single color region.
  - 29. The method of claim 16 wherein the invalid data is created by transforming the valid data to at least one of obfuscated data, encrypted data, and masked data and storing the transformed data as invalid data in the portion of the video display memory.
  - 30. The method of claim 16 wherein the graphics processor performs the storing of invalid data and the replacing of invalid data with valid data for a plurality of regions on the video display device.
  - 31. The method of claim 30 wherein each region has an associated portion of video display memory slice and the graphics processor coordinates the storing and replacing of data for the associated portions of the video display memory.
  - 32. The method of claim 30 wherein the graphics processor performs the storing and replacing of data on a scan line basis.
  - 33. The method of claim 16 wherein the invalid data is replaced with valid data by creating valid data from invalid data stored in a buffer and then restoring the invalid data after the time slice.
  - 34. The method of claim 1, further comprising receiving requests for the secure display of valid data for a plurality of regions on the video display device of the video display system.
  - 35. The method of claim 34 wherein the request is received from one of an application program, an application programming interface, an operating system function, and other process.
  - 36. The method of claim 34 wherein each request is associated with a level of security.
  - 37. The method of claim 36 wherein at least two requests have different levels of security.
  - 38. The method of claim 34 wherein the secure display of valid data for each region of the plurality of regions is performed using an associated obfuscation method.
  - 39. The method of claim 38 wherein at least two regions having different associated obfuscation methods.
  - 40. The method of claim 1, further comprising storing the valid data in a storage area selected from a group of storage areas comprising the video display memory, a portion of random access memory in the computer system, a secondary memory that resides on a video card that controls the video display device, system memory, and storage accessible by other means.
  - 41. The method of claim 1, the valid data being displayed in a region on the video display device, the region corresponding to a set of locations in the video display memory, and further comprising:
    - storing one of the valid data, a mask, and a decryption key in a buffer; and
      
      storing invalid data in the corresponding set of locations in the video display memory.
  - 42. The method of claim 41, further comprising copying out the data stored in the data buffer to the video display device to display the valid data on the video display device.
  - 43. The method of claim 42 wherein the data stored in the buffer is copied out to the video display memory locations prior to being copied out to the video display device.
  - 44. The method of claim 42 wherein the data stored in the buffer is copied to the video display device without being copied out to the video display memory.
  - 45. The method of claim 42 wherein the data stored in the buffer is combined with the invalid data stored in the corresponding set of locations in video display memory to create valid data for the copy out to the video display device.
  - 46. The method of claim 45 wherein the data stored in the buffer is a mask and valid data is created through a raster operation that combines the data stored in the buffer with the invalid data stored in the video display memory.
  - 47. The method of claim 42 wherein the data stored in the buffer is a decryption key and valid data is created by decrypting the invalid data stored in the video display memory using the decryption key.
  - 48. The method of claim 42 wherein the buffer is at least one of an overlay buffer and a valid data buffer.
  - 49. The method of claim 48 wherein the buffer is located in at least one of the video display memory and a secure location.
  - 50. The method of claim 41 wherein the invalid data stored in the corresponding set of locations in the video display memory is at least one of garbage data, a bitmap, and an opaque single color region.
  - 51. The method of claim 50 wherein the invalid data is an advertisement.
  - 52. The method of claim 50 wherein the invalid data is a company logo.
  - 53. The method of claim 50 wherein the region is black.
  - 54. The method of claim 1, the valid data being displayed in a region on the video display device, the region corresponding to a set of locations in the video display memory, and further comprising:
    - storing invalid data in a buffer;
      
      storing invalid data in the corresponding set of locations in the video display memory; and
      
      transforming the invalid data stored in the buffer to valid data when the invalid data stored in the buffer is copied out to the region on the video display device.
  - 55. The method of claim 54 wherein the transformed data is first copied to the corresponding set of locations in the video display memory as part of copying-out to the region on the video display device.
  - 56. The method of claim 54 wherein the invalid data stored in the buffer is an encrypted form of the valid data.
  - 57. The method of claim 56 wherein the transformation of the invalid data stored in the buffer comprises decrypting the invalid data.
  - 58. The method of claim 54, the transformation further comprising combining the invalid data stored in the buffer with valid data stored in a valid data buffer.
  - 59. The method of claim 58 wherein the valid data buffer is a secure location.
  - 60. The method of claim 54 wherein the buffer is a secure location.
  - 61. The method of claim 54 wherein the buffer is a location in video display memory.
  - 62. The method of claim 54 wherein the invalid data stored in the corresponding set of locations in the video display memory is at least one of garbage data, a bitmap, and an opaque single color region.
  - 63. The method of claim 62 wherein the invalid data is at least one of a company logo and an advertisement.
  - 64. The method of claim 62 wherein the region is black.
  - 65. The method of claim 1, the valid data being displayed in a region on the video display device, the region corresponding to a set of locations in the video display memory, and further comprising:
    - storing the valid data as at least one of encrypted data and masked data in the corresponding set of locations in the video display memory; and
      
      transforming the data stored in the corresponding set of locations in the video display memory to valid data in time to be displayed on the video display device such that only the at least one of encrypted data and masked data is accessible to code that is external to the scheduling.
  - 66. The method of claim 65 wherein the transforming comprises decrypting encrypted data stored in the corresponding set of locations.
  - 67. The method of claim 65 wherein the transforming comprises applying a raster operation to masked data stored in the corresponding set of locations.
  - 68. The method of claim 1, the video display system having a graphics processor for copying data from the video display memory to the video display in order to display the valid data in a region on the video display device, the region corresponding to a portion of the video display memory, further comprising:
    - storing invalid data in the portion of the video display memory that corresponds to the region; and
      
      in time for the graphics processor to access the portion of the video display memory that corresponds to the region, temporarily transforming the invalid data to valid data in time to copy the data from the video display memory to the video display, thereby displaying the valid data on the video display device.
  - 69. The method of claim 68 wherein the stored invalid data is an encrypted form of the valid data and wherein the transforming of the invalid data comprises decrypting the invalid data.
  - 70. The method of claim 68 wherein the stored invalid data is created by applying a raster operation to combine the valid data with a mask and wherein the transforming of the invalid data to valid data comprises applying a raster operation to combine the invalid data with a mask.
  - 71. The method of claim 70 wherein the raster operation is an XOR operation and the mask applied to the valid data is the same as the mask applied to the invalid data.
  - 72. The method of claim 68 wherein the transforming of the stored invalid data to valid data comprises at least one of copying valid data from a buffer and creating valid data from a buffer and copying the created data.
  - 73. The method of claim 72 wherein the buffer is one of an overlay buffer, a valid data buffer, and a secure data buffer.
  - 74. The method of claim 1 wherein providing valid data to replace the invalid data comprises replacing the invalid data in the video display memory with valid data.

75. A video display driver for ensuring secure display of valid data on a video display device of a video display system, the video display system having video display memory for storing data to be displayed on the video display device, comprising:
- a scheduler that is structured to schedule content of the video display memory such that the valid data is available when needed for display on the video display device and such that only invalid data is accessible from the video display memory to a process that is external to the scheduling; and
  
  a mechanism configured to receive and store the valid data for access by the scheduler to securely display the valid data on the video display device.
- View Dependent Claims (76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98)
- - 76. The driver of claim 75 wherein the invalid data is created by transforming the valid data to at least one of obfuscated data, encrypted data, and masked data and storing the transformed data in the video display memory.
  - 77. The driver of claim 75 wherein the invalid data is at least one of garbage data, a bitmap, and an opaque single color region.
  - 78. The driver of claim 75 wherein the driver receives requests to securely display valid data for a plurality of regions on the video display device of the video display system.
  - 79. The driver of claim 78 wherein a request is received from one of an application program, an application programming interface, an operating system function, and other process.
  - 80. The driver of claim 78 wherein each request is associated with a level of security.
  - 81. The driver of claim 78 wherein the secure display of valid data for each region of the plurality of regions is performed using an associated obfuscation method.
  - 82. The driver of claim 75 wherein the driver is structured to store the valid data in one of video display memory, a portion of random access memory in the computer system, a secondary memory that resides on a video card that controls the video display device, system memory, and storage accessible by other means.
  - 83. The driver of claim 75, the valid data being displayed in a region on the video display device, the region corresponding to a set of locations in the video display memory, and wherein the driver is structured to:
    - store one of the valid data, a mask, and a decryption key in a buffer; and
      
      store invalid data in the corresponding set of locations in the video display memory.
  - 84. The driver of claim 83 wherein the buffer is located in at least one of the video display memory and a secure location.
  - 85. The driver of claim 75, the valid data being displayed in a region on the video display device, the region corresponding to a set of locations in the video display memory, wherein the driver is further structured to store the valid data as at least one of encrypted data and masked data in the corresponding set of locations in the video display memory;
    - and the scheduler is further structured to transform the data stored in the corresponding set of locations in the video display memory to valid data in time to be displayed on the video display device and such that only the at least one of encrypted data and masked data is accessible to code that is external to the scheduling.
  - 86. The driver of claim 75, the video display system having a graphics processor configured to transfer data from the video display memory to the video display in order to display the valid data in a region on the video display device, the region corresponding to a portion of the video display memory, wherein the scheduler is further structured to:
    - temporarily transform invalid data that is stored in the portion of the video display memory that corresponds to the region to valid data in time for the graphics processor to access the portion of the video display memory that corresponds to the region and transfer the data from the video display memory to the video display, thereby displaying the valid data on the video display device.
  - 87. The driver of claim 86 wherein the stored invalid data is an encrypted form of the valid data and wherein the transforming of the invalid data comprises decrypting the invalid data.
  - 88. The driver of claim 86 wherein the stored invalid data is created by applying a raster operation to combine the valid data with a mask and wherein the transforming of the invalid data to valid data comprises applying a raster operation to combine the invalid data with a mask.
  - 89. The driver of claim 75 wherein the scheduler uses an exclusive locking mechanism to disallow access to a portion of the video display memory.
  - 90. The driver of claim 89 wherein the exclusive locking mechanism is an interprocess locking mechanism provided by an operating system.
  - 91. The driver of claim 89 wherein the exclusive locking mechanism is accomplished by ensuring that the scheduler is a real-time priority process.
  - 92. The driver of claim 89, the computer system having an operating system that allows access to device drivers in a controlled order, the order having a first driver, wherein the exclusive locking mechanism is accomplished by ensuring that the secure video display driver is the first driver.
  - 93. The driver of claim 75, the video display system having a graphics processor configured to transfer data from the video display memory to the video display during a plurality of time slices, the valid data being displayed in a region on the video display device, the region corresponding to a portion of the video display memory, wherein the scheduler is further structured to replace invalid data that is stored in the video display memory with the valid data during a time slice, such that when the graphics processor accesses the portion of the video display memory that corresponds to display of the valid data in the region, the graphics processor can retrieve the valid data and when the graphics processor is not accessing the portion of the video display memory, the portion contains the invalid data.
  - 94. The driver of claim 93 wherein the invalid data is replaced with valid data by temporarily transforming the invalid data to valid data in the video display memory during the time slice and then restoring the invalid data.
  - 95. The driver of claim 94 wherein the transforming is one of decrypting and applying a raster operation.
  - 96. The driver of claim 93 wherein the invalid data is replaced with valid data by copying valid data from an overlay buffer and then restoring the invalid data after the time slice.
  - 97. The driver of claim 93 wherein the invalid data is replaced with valid data by creating valid data from invalid data stored in a buffer and then restoring the invalid data after the time slice.
  - 98. The driver of claim 93 wherein the invalid data is created by transforming the valid data to at least one of obfuscated data, encrypted data, and masked data and storing the transformed data as invalid data in the portion of the video display memory.

99. A computer-readable memory medium containing instructions for controlling a computer processor to ensure secure display of valid data on a video display device of a video display system, the video display system having video display memory for storing data to be displayed on the video display device, by:
- controlling scheduling of the content of the video display memory such that the valid data is available when needed for display on the video display device and such that only invalid data is accessible, from the video display memory, to a process that is external to the scheduling.
- View Dependent Claims (100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114)
- - 100. The computer-readable medium of claim 99 wherein the invalid data is created by transforming the valid data to at least one of obfuscated data, encrypted data, and masked data and storing the transformed data in the video display memory.
  - 101. The computer-readable medium of claim 99 wherein the valid data is to be displayed in a region on the video display device using a scheduling process, the region corresponding to a portion of the video display memory, the computer-readable medium further comprising computer instructions that cause the computer processor to:
    - store invalid data in the portion of the video display memory that corresponds to the region; and
      
      under an exclusive locking mechanism that disallows a process other than the scheduling process from accessing the portion, temporarily transform the stored invalid data to valid data in the portion of the video display memory.
  - 102. The computer-readable medium of claim 101 wherein transforming the stored invalid data comprises one of decrypting, applying a raster operation to the stored invalid data using a mask, copying valid data from a buffer, and creating valid data from a buffer and copying the created valid data from the buffer.
  - 103. The computer-readable medium of claim 102 wherein the buffer is one of an overlay buffer, a secure data buffer, a mask buffer, and a valid data buffer.
  - 104. The computer-readable medium of claim 102 wherein the buffer is another area of the video display memory that is not the portion that corresponds to the region.
  - 105. The computer-readable medium of claim 102 wherein the buffer is stored in a secure location outside the video display memory.
  - 106. The computer-readable medium of claim 99 wherein the video display device comprises a graphics processor configured to transfer data from the video display memory to the video display during a plurality of time slices, the valid data being displayed in a region on the video display device, the region corresponding to a portion of the video display memory, the computer-readable medium further comprising computer instructions that cause the computer processor to:
    - store invalid data in the portion of the video display memory that corresponds to the region; and
      
      replace the invalid data in the video display memory with the valid data during a time slice, such that when the graphics processor accesses the portion of the video display memory that corresponds to the region, the graphics processor can transfer the valid data and when the graphics processor is not accessing the portion of the video display memory, the portion contains the invalid data.
  - 107. The computer-readable medium of claim 106 wherein the invalid data is replaced with valid data by temporarily transforming the invalid data to valid data in the video display memory during the time slice and then restoring the invalid data.
  - 108. The computer-readable medium of claim 99, further comprising computer instructions that cause the computer processor to store the valid data in a storage area selected from a group of storage areas comprising the video display memory, a portion of random access memory in the computer system, a secondary memory that resides on a video card that controls the video display device, system memory, and storage accessible by other means.
  - 109. The computer-readable medium of claim 99 wherein the valid data is intended to be displayed in a region on the video display device, the region corresponding to a set of locations in the video display memory, the computer-readable medium further comprising computer instructions that cause the computer processor to:
    - store one of the valid data, a mask, and a decryption key in a buffer; and
      
      store invalid data in the corresponding set of locations in the video display memory.
  - 110. The computer-readable medium of claim 99, the valid data is intended for display in a region on the video display device, the region corresponding to a set of locations in the video display memory, the computer-readable medium further comprising computer instructions that cause the computer processor to:
    - store invalid data in a buffer;
      
      store invalid data in the corresponding set of locations in the video display memory; and
      
      transform the invalid data stored in the buffer to valid data when the invalid data stored in the buffer is copied out to the region on the video display device.
  - 111. The computer-readable medium of claim 110 wherein the transformed data is first copied to the corresponding set of locations in the video display memory as part of copying-out to the region on the video display device.
  - 112. The computer-readable medium of claim 99, the valid data is intended for display in a region on the video display device, the region corresponding to a set of locations in the video display memory, the computer-readable medium further comprising computer instructions that cause the computer processor to:
    - store the valid data as at least one of encrypted data and masked data in the corresponding set of locations in the video display memory; and
      
      transform the data stored in the corresponding set of locations in the video display memory to valid data in time to be displayed on the video display device such that only the at least one of encrypted data and masked data is accessible to code that is external to the scheduling.
  - 113. The computer-readable medium of claim 99, the video display system having a graphics processor configured to copy data from the video display memory to the video display in order to display the valid data in a region on the video display device, the region corresponding to a portion of the video display memory, the computer-readable medium further comprising computer instructions that cause the computer processor to:
    - store invalid data in the portion of the video display memory that corresponds to the region; and
      
      in time for the graphics processor to access the portion of the video display memory that corresponds to the region, temporarily transform the invalid data to valid data in time to copy the data from the video display memory to the video display, thereby displaying the valid data on the video display device.
  - 114. The computer-readable medium of claim 99 wherein providing valid data to replace the invalid data comprises replacing the invalid data in the video display memory with valid data.

115. A data display system comprising:
- a video display device;
  
  a video display memory to store data to be displayed on the video display device; and
  
  a processor configured to control operation of the video display device using scheduling to control the content of the video display memory such that the video display memory contains invalid data and, when valid data is needed for display, providing valid data to replace the invalid data in the video display memory to thereby prevent access to valid data in the video display memory to code that is external to the scheduling.
- View Dependent Claims (116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130)
- - 116. The system of claim 115, wherein the processor is configured to create the invalid data by transforming the valid data to at least one of obfuscated data, encrypted data, and masked data, the video display memory being configured to store the transformed data.
  - 117. The system of claim 115 wherein the valid data is intended to be displayed in a region on the video display device, the region corresponding to a portion of the video display memory, the processor being configured to:
    - perform a scheduling process to control storing invalid data in the portion of the video display memory that corresponds to the region; and
      
      under an exclusive locking mechanism that disallows a process other than the scheduling process from accessing the portion of the video display memory, temporarily transforming the stored invalid data to valid data in the portion of the video display memory.
  - 118. The system of claim 117 wherein the processor is configured to transform the stored invalid data by performing an operation from a selected group of operations comprising decrypting, applying a raster operation to the stored invalid data using a mask, copying valid data from a buffer, and creating valid data from a buffer and copying the created valid data from the buffer.
  - 119. The system of claim 118 wherein the buffer is one of an overlay buffer, a secure data buffer, a mask buffer, and a valid data buffer.
  - 120. The system of claim 118 wherein the buffer is another area of the video display memory different from the portion of the video display memory that corresponds to the region.
  - 121. The system of claim 118, further comprising a secure location outside the video display memory wherein the buffer is stored in the secure location outside the video display memory.
  - 122. The system of claim 115 for use with the video display system having a graphics processor to transfer data from the video display memory to the video display during a plurality of time slices, the valid data being displayed in a region on the video display device, the region corresponding to a portion of the video display memory, the processor being configured to:
    - store invalid data in the portion of the video display memory that corresponds to the region; and
      
      replace the invalid data in the video display memory with the valid data during a time slice, such that the graphics processor transfers the valid data when the graphics processor accesses the portion of the video display memory that corresponds to the region, the portion of the video display memory configured to contain the invalid data when the graphics processor is not accessing the portion of the video display memory.
  - 123. The system of claim 122 wherein the processor is configured to replace the invalid data with valid data by temporarily transforming the invalid data to valid data in the video display memory during the time slice and then restoring the invalid data.
  - 124. The system of claim 115 wherein the processor is further configured to store the valid data in a storage area selected from a group of storage areas comprising the video display memory, a portion of random access memory in the computer system, a secondary memory that resides on a video card that controls the video display device, system memory, and storage accessible by other means.
  - 125. The system of claim 115 wherein the valid data is intended for display in a region on the video display device, the region corresponding to a set of locations in the video display memory, the system further comprising a buffer wherein the processor is further configured to:
    - store the valid data, a mask, or a decryption key in a buffer; and
      
      store invalid data in the corresponding set of locations in the video display memory.
  - 126. The system of claim 115 wherein the valid data is intended for display in a region on the video display device, the region corresponding to a set of locations in the video display memory, the system further comprising:
    - a buffer wherein processor is further configured to;
      
      store invalid data in the bufferstore invalid data in the corresponding set of locations in the video display memory; and
      
      transform the invalid data stored in the buffer to valid data when the invalid data stored in the buffer is copied out to the region on the video display device.
  - 127. The system of claim 126 wherein the transformed data is first copied to the corresponding set of locations in the video display memory as part of copying-out to the region on the video display device.
  - 128. The system of claim 115 wherein the valid data is intended for display in a region on the video display device, the region corresponding to a set of locations in the video display memory, the processor being further configured to:
    - store the valid data as encrypted data, masked data, or encrypted and masked data in the corresponding set of locations in the video display memory; and
      
      transform the data stored in the corresponding set of locations in the video display memory to valid data in time to be displayed on the video display device such that only the encrypted data, masked data, or encrypted and masked data is accessible to code that is external to the scheduling.
  - 129. The system of claim 115 for use with the video display system having a graphics processor to copy data from the video display memory to the video display in order to display the valid data in a region on the video display device, the region corresponding to a portion of the video display memory, the processor further configured to:
    - store invalid data in the portion of the video display memory that corresponds to the region; and
      
      temporarily transform the invalid data to valid data in time for the graphics processor to access the portion of the video display memory that corresponds to the region to thereby display the valid data on the video display device.
  - 130. The system of claim 115 wherein the processor is configured to provide valid data to replace the invalid data by replacing the invalid data in the video display memory with valid data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ostendo Technologies Inc.
Original Assignee
xSides Corporation
Inventors
Smith, Jason M., Nason, D. David, Kaan, Carson, Painter, John A., Heaton, William J., Easton, John E.
Primary Examiner(s)
Wassum, Luke S
Assistant Examiner(s)
Black, Linh

Application Number

US10/167,053
Time in Patent Office

1,359 Days
Field of Search

707 1-1041, 348/231.2, 348659-661, 348/841, 348/835, 352/7.91 S, 352/237, 386/131
US Class Current

1/1
CPC Class Codes

G06F 21/82   Protecting input, output or...

Y10S 707/99932   Access augmentation or opti...

Y10S 707/99939   Privileged access

Method and system for maintaining secure data input and output

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

130 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for maintaining secure data input and output

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

130 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links