Methods and systems for cryptographically protecting secure content

US 7,203,310 B2
Filed: 04/18/2002
Issued: 04/10/2007
Est. Priority Date: 12/04/2001
Status: Active Grant

First Claim

Patent Images

1. A method for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:

requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said requesting includes transmitting by said one of an application and device a session key to the graphics system and transmitting said secure content to encrypted overlay surfaces which overlay at least one primary surface of said video memory, including a first encrypted confidential overlay for basic rendering of secure content and a second encrypted protected overlay specifically designed to present sensitive user interfaces, the second encrypted protected overlay being always-on-top and non-obscurable and the contents of the second encrypted protected overlay being verified by said at least one GPU;

decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device, said decrypting including decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, and decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay;

performing said one of processing and rendering on said decrypted content by said at least one GPU; and

outputting said content from the at least one GPU.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for cryptographically protecting secure content in connection with a graphics subsystem of a computing device. Techniques are implemented to encrypt the contents of video memory so that unauthorized software cannot gain meaningful access to it, thereby maintaining confidentiality. Moreover, a mechanism for tamper detection is provided so that there is awareness when data has been altered in some fashion, thereby maintaining integrity. In various embodiments, the contents of overlay surfaces and/or command buffers are encrypted, and/or the GPU is able to operate on encrypted content while preventing its availability to untrusted parties, devices or software.

91 Citations

View as Search Results

54 Claims

1. A method for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
- requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said requesting includes transmitting by said one of an application and device a session key to the graphics system and transmitting said secure content to encrypted overlay surfaces which overlay at least one primary surface of said video memory, including a first encrypted confidential overlay for basic rendering of secure content and a second encrypted protected overlay specifically designed to present sensitive user interfaces, the second encrypted protected overlay being always-on-top and non-obscurable and the contents of the second encrypted protected overlay being verified by said at least one GPU;
  
  decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device, said decrypting including decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, and decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay;
  
  performing said one of processing and rendering on said decrypted content by said at least one GPU; and
  
  outputting said content from the at least one GPU.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. A method according to claim 1, wherein if the output of said outputting is different than the secure content of said requesting adjusted for any processing performed on said secure content by said at least one GPU, said one of an application and device is alerted to the difference.
  - 3. A method according to claim 1, wherein said decrypting the content of said at least one encrypted portion of video memory includes decrypting a geometrical fraction of a primary surface, whereby pixels other than the geometrical fraction are not decrypted.
  - 4. A method according to claim 1, wherein the cryptographic processor is permanently attached to the graphics card, by one of (A) adding the cryptographic processor to an existing chip and (B) adding the cryptographic processor as a separate chip to the graphics card,whereby the physical connection between the cryptographic processor and the rest of the graphics card is not accessible and is not exposed.
  - 5. A method according to claim 1, wherein said decrypting includes decrypting said at least one encrypted overlay surface by a decryption mechanism of said GPU communicatively coupled to said cryptographic processing device.
  - 6. A method according to claim 1, wherein said decrypting includes one of (A) decrypting said at least one encrypted overlay surface on the fly by digital to analog conversion (DAC) hardware of the graphics system as the content is output according to said outputting and (B) decrypting said at least one encrypted overlay surface on the fly just previous to the content reaching the DAC hardware of the graphics system.
  - 7. A method according to claim 1, wherein said decrypting includes decrypting said at least one encrypted overlay surface previous to the content reaching the DAC hardware of the graphics system by a component having no back channel to the host system.
  - 8. A method according to claim 1, farther including:
    - re-encrypting said content by said at least one GPU in communication with said cryptographic processing device prior to said outputting; and
      
      decrypting said re-encrypted content by at least a second cryptographic processing device of an external computing device.
  - 9. A method according to claim 8, wherein said external computing device is one of (A) a monitor, (B) a set top box and (C) a digital signal processing (DSP) rendering device.
  - 10. A method according to claim 1, wherein the content is transmitted in digital form to an external device having a second cryptographic processing device and said decrypting occurs on said external device.
  - 11. A method according to claim 1, wherein said decrypting includes calculating a cryptographic digest of the decrypted data, and said method farther includes:
    - transmitting said cryptographic digest to the one of an application and device to ensure that the displayed pixels are the pixels sent in connection with said requesting by the one of an application and device.
  - 12. A method according to claim 1, wherein at least one bit of each pixel in a primary surface is used to determine membership in a virtual protected surface for the pixel, wherein the graphics card selects an appropriate decryption key for the pixel based on said at least one bit.
  - 13. A method according to claim 12, wherein if said at least one bit contains a zero value, then the virtual protected surface associated with said at least one bit is interpreted as a region not to decrypt.
  - 14. A method according to claim 1, further including once the decrypted pixel values are available, selecting by a pixel select component of said at least one GPU the pixel value of one of (A) the second encrypted protected overlay, (B) the first encrypted confidential overlay and (3) a primary surface.
  - 15. A method according to claim 1, wherein said requesting includes at least one of (A) a source and destination bounding box of said at least one encrypted overlay surface, (B) a destination color key of said at least one encrypted overlay surface, (C) in the case of the first encrypted confidential overlay, a specification of an encryption key index of the contents of an overlay back buffer to which the data is to be flipped (D) in the case of the second encrypted protected overlay, a specification of a memory location where at least one of a cyclic redundancy code (CRC), an integrity measure and a digest value of the decrypted overlay contents are to be written, (L) a source and destination bounding box of at least one encrypted primary surface, and (F) a destination color key of said at least one encrypted primary surface.
  - 16. A method according to claim 15, wherein said one of an application and device calculates said at least one of the CRC, integrity measure and digest value if said one of an application and device is concerned with integrity of the content.
  - 17. A method according to claim 1, wherein at least one command buffer sent to a video decode unit of the at least one GPU incident to said requesting is encrypted by said at least one of an application and device and decrypted by said video decode unit in communication with said cryptographic processing unit.
  - 18. A method according to claim 17, further comprising tamper detecting said at least one command buffer one of (A) by using two passes before consumption of the at least one command buffer and (B) after the command buffer has been consumed.

19. At least one computer readable medium comprising computer executable modules including computer executable instructions for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, the computer executable modules comprising:
- means for requesting by one of an application and device the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system and means for transmitting said secure content to encrypted overlay surfaces which overlay at least one primary surface of said video memory, including a first encrypted confidential overlay for basic rendering of secure content and a second encrypted protected overlay specifically designed to present sensitive user interfaces, the second encrypted protected overlay being always-on-top and non-obscurable and the contents of the second encrypted protected overlay being verified by said at least one GPU;
  
  means for decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device, said decrypting including decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, and decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay;
  
  means for performing said one of processing and rendering on said decrypted content by said at least one GPU; and
  
  means for outputting said content from the at least one GPU.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 20. At least one computer readable medium according to claim 19, wherein if the output of said means for outputting is different than the secure content of said means for requesting adjusted for any processing performed on said secure content by said at least one GPU, said one of an application and device is alerted to the difference.
  - 21. At least one computer readable medium according to claim 19, wherein said means for decrypting the content of said at least one encrypted portion of video memory includes means for decrypting a geometrical fraction of a primary surface, whereby pixels other than the geometrical fraction are not decrypted.
  - 22. At least one computer readable medium according to claim 19, wherein the cryptographic processor is permanently attached to the graphics card, by one of (A) adding the cryptographic processor to an existing chip and (B) adding the cryptographic processor as a separate chip to the graphics card,whereby the physical connection between the cryptographic processor and the rest of the graphics card is not accessible and is not exposed.
  - 23. At least one computer readable medium according to claim 19, wherein said means for decrypting includes means for decrypting said at least one encrypted overlay surface by a decryption mechanism of said GPU communicatively coupled to said cryptographic processing device.
  - 24. At least one computer readable medium according to claim 19, wherein said means for decrypting includes one of (A) means for decrypting said at least one encrypted overlay surface on the fly by digital to analog conversion (DAC) hardware of the graphics system as the content is output according to said outputting of said means for outputting and (B) means for decrypting said at least one encrypted overlay surface on the fly just previous to the content reaching the DAC hardware of the graphics system.
  - 25. At least one computer readable medium according to claim 19, wherein said means for decrypting includes means for decrypting said at least one encrypted overlay surface previous to the content reaching the DAC hardware of the graphics system by a component having no back channel to the host system.
  - 26. At least one computer readable medium according to claim 19, further including:
    - means for re-encrypting said content by said at least one GPU in communication with said cryptographic processing device prior to said outputting by said means for outputting; and
      
      means for decrypting said re-encrypted content by at least a second cryptographic processing device of an external computing device.
  - 27. At least one computer readable medium according to claim 26, wherein said external computing device is one of (A) a monitor, (B) a set top box and (C) a digital signal processing (DSP) rendering device.
  - 28. At least one computer readable medium according to claim 19, wherein the content is transmitted in digital form to an external device having a second cryptographic processing device and said decrypting of said means for decrypting occurs on said external device.
  - 29. At least one computer readable medium according to claim 19, wherein said means for decrypting includes means for calculating a cryptographic digest of the decrypted data, and said computer executable modules further include:
    - means for transmitting said cryptographic digest to the one of an application and device to ensure that the displayed pixels are the pixels sent in connection with said requesting by the one of an application and device via said means for requesting.
  - 30. At least one computer readable medium according to claim 19, wherein at least one bit of each pixel in a primary surface is used to determine membership in a virtual protected surface for the pixel, wherein the graphics card selects an appropriate decryption key for the pixel based on said at least one bit.
  - 31. At least one computer readable medium according to claim 30, wherein if said at least one bit contains a zero value, then the virtual protected surface associated with said at least one bit is interpreted as a region not to decrypt.
  - 32. At least one computer readable medium according to claim 19, the computer executable modules further including, means for selecting, once the decrypted pixel values are available, by a pixel select component of said at least one GPU the pixel value of one of (A) the second encrypted protected overlay, (B) the first encrypted confidential overlay and (3) a primary surface.
  - 33. At least one computer readable medium according to claim 19, wherein said requesting of said means for requesting includes at least one of (A) a source and destination bounding box of said at least one encrypted overlay surface, (B) a destination color key of said at least one encrypted overlay surface, (C) in the case of the first encrypted confidential overlay, a specification of an encryption key index of the contents of an overlay back buffer to which the data is to be flipped (D) in the case of the second encrypted protected overlay, a specification of a memory location where at least one of a cyclic redundancy code (CRC), an integrity measure and a digest value of the decrypted overlay contents are to be written, (L) a source and destination bounding box of at least one encrypted primary surface, and (F) a destination color key of said at least one encrypted primary surface.
  - 34. At least one computer readable medium according to claim 33, wherein said one of an application and device calculates said at least one of the CRC, integrity measure and digest value if said one of an application and device is concerned with integrity of the content.
  - 35. At least one computer readable medium according to claim 19, wherein at least one command buffer sent to a video decode unit of the at least one GPU incident to said requesting of said means for requesting is encrypted by said at least one of an application and device and decrypted by said video decode unit in communication with said cryptographic processing unit.
  - 36. At least one computer readable medium according to claim 35, the computer executable modules further comprising means for tamper detecting said at least one command buffer one of (A) by using two passes before consumption of the at least one command buffer and (B) after the command buffer has been consumed.

37. A computing device comprising means for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
- means for requesting by one of an application and device the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system and means for transmitting said secure content to encrypted overlay surfaces which overlay at least one primary surface of said video memory, including a first encrypted confidential overlay for basic rendering of secure content and a second encrypted protected overlay specifically designed to present sensitive user interfaces, the second encrypted protected overlay being always-on-top and non-obscurable and the contents of the second encrypted protected overlay being verified by said at least one GPU;
  
  means for decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device, said decrypting including decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, and decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay;
  
  means for performing said one of processing and rendering on said decrypted content by said at least one GPU; and
  
  means for outputting said content from the at least one GPU.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 38. A computing device according to claim 37, wherein if the output of said means for outputting is different than the secure content of said means for requesting adjusted for any processing performed on said secure content by said at least one GPU, said one of an application and device is alerted to the difference.
  - 39. A computing device according to claim 37, wherein said means for decrypting the content of said at least one encrypted portion of video memory includes means for decrypting a geometrical fraction of a primary surface, whereby pixels other than the geometrical fraction are not decrypted.
  - 40. A computing device according to claim 37, wherein the cryptographic processor is permanently attached to the graphics card, by one of (A) adding the cryptographic processor to an existing chip and (B) adding the cryptographic processor as a separate chip to the graphics card,whereby the physical connection between the cryptographic processor and the rest of the graphics card is not accessible and is not exposed.
  - 41. A computing device according to claim 37, wherein said means for decrypting includes means for decrypting said at least one encrypted overlay surface by a decryption mechanism of said GPU communicatively coupled to said cryptographic processing device.
  - 42. A computing device according to claim 37, wherein said means for decrypting includes one of (A) means for decrypting said at least one encrypted overlay surface on the fly by digital to analog conversion (DAC) hardware of the graphics system as the content is output according to said outputting of said means for outputting and (B) means for decrypting said at least one encrypted overlay surface on the fly just previous to the content reaching the DAC hardware of the graphics system.
  - 43. A computing device according to claim 37, wherein said means for decrypting includes means for decrypting said at least one encrypted overlay surface previous to the content reaching the DAC hardware of the graphics system by a component having no back channel to the host system.
  - 44. A computing device according to claim 37, further including:
    - means for re-encrypting said content by said at least one GPU in communication with said cryptographic processing device prior to said outputting by said means for outputting; and
      
      means for decrypting said re-encrypted content by at least a second cryptographic processing device of an external computing device.
  - 45. A computing device according to claim 44, wherein said external computing device is one of (A) a monitor, (B) a set top box and (C) a digital signal processing (DSP) rendering device.
  - 46. A computing device according to claim 37, wherein the content is transmitted in digital form to an external device having a second cryptographic processing device and said decrypting of said means for decrypting occurs on said external device.
  - 47. A computing device according to claim 37, wherein said means for decrypting includes means for calculating a cryptographic digest of the decrypted data, and said computing device further includes:
    - means for transmitting said cryptographic digest to the one of an application and device to ensure that the displayed pixels are the pixels sent in connection with said requesting by the one of an application and device via said means for requesting.
  - 48. A computing device according to claim 37, wherein at least one bit of each pixel in a primary surface is used to determine membership in a virtual protected surface for the pixel, wherein the graphics card selects an appropriate decryption key for the pixel based on said at least one bit.
  - 49. A computing device according to claim 48, wherein if said at least one bit contains a zero value, then the virtual protected surface associated with said at least one bit is interpreted as a region not to decrypt.
  - 50. A computing device according to claim 37, further including, means for selecting, once the decrypted pixel values are available, by a pixel select component of said at least one GPU the pixel value of one of (A) the second encrypted protected overlay, (B) the first encrypted confidential overlay and (3) a primary surface.
  - 51. A computing device according to claim 37, wherein said requesting of said means for requesting includes at least one of (A) a source and destination bounding box of said at least one encrypted overlay surface, (B) a destination color key of said at least one encrypted overlay surface, (C) in the case of the first encrypted confidential overlay, a specification of an encryption key index of the contents of an overlay back buffer to which the data is to be flipped (D) in the case of the second encrypted protected overlay, a specification of a memory location where at least one of a cyclic redundancy code (CRC), an integrity measure and a digest value of the decrypted overlay contents are to be written, (L) a source and destination bounding box of at least one encrypted primary surface, and (F) a destination color key of said at least one encrypted primary surface.
  - 52. A computing device according to claim 51, wherein said one of an application and device calculates said at least one of the CRC, integrity measure and digest value if said one of an application and device is concerned with integrity of the content.
  - 53. A computing device according to claim 37, wherein at least one command buffer sent to a video decode unit of the at least one GPU incident to said requesting of said means for requesting is encrypted by said at least one of an application and device and decrypted by said video decode unit in communication with said cryptographic processing unit.
  - 54. A computing device according to claim 53, further comprising means for tamper detecting said at least one command buffer one of (A) by using two passes before consumption of the at least one command buffer and (B) after the command buffer has been consumed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Peinado, Marcus, Wilt, Nicholas P.
Primary Examiner(s)
Moise; Emmanuel L.
Assistant Examiner(s)
ABYANEH, ALI S

Application Number

US10/124,922
Publication Number

US 20030140241A1
Time in Patent Office

1,818 Days
Field of Search

380/210, 380/200, 713/153, 711/2
US Class Current

380/200
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06F 21/79   in semiconductor storage me...

G06F 21/83   input devices, e.g. keyboar...

Methods and systems for cryptographically protecting secure content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

54 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for cryptographically protecting secure content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

54 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others