Methods and systems for cryptographically protecting secure content
First Claim
1. A method for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
- requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said requesting includes transmitting by said one of an application and device a session key to the graphics system and transmitting said secure content to encrypted overlay surfaces which overlay at least one primary surface of said video memory, including a first encrypted confidential overlay for basic rendering of secure content and a second encrypted protected overlay specifically designed to present sensitive user interfaces, the second encrypted protected overlay being always-on-top and non-obscurable and the contents of the second encrypted protected overlay being verified by said at least one GPU;
decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device, said decrypting including decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, and decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay;
performing said one of processing and rendering on said decrypted content by said at least one GPU; and
outputting said content from the at least one GPU.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for cryptographically protecting secure content in connection with a graphics subsystem of a computing device. Techniques are implemented to encrypt the contents of video memory so that unauthorized software cannot gain meaningful access to it, thereby maintaining confidentiality. Moreover, a mechanism for tamper detection is provided so that there is awareness when data has been altered in some fashion, thereby maintaining integrity. In various embodiments, the contents of overlay surfaces and/or command buffers are encrypted, and/or the GPU is able to operate on encrypted content while preventing its availability to untrusted parties, devices or software.
91 Citations
54 Claims
-
1. A method for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
-
requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said requesting includes transmitting by said one of an application and device a session key to the graphics system and transmitting said secure content to encrypted overlay surfaces which overlay at least one primary surface of said video memory, including a first encrypted confidential overlay for basic rendering of secure content and a second encrypted protected overlay specifically designed to present sensitive user interfaces, the second encrypted protected overlay being always-on-top and non-obscurable and the contents of the second encrypted protected overlay being verified by said at least one GPU; decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device, said decrypting including decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, and decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay; performing said one of processing and rendering on said decrypted content by said at least one GPU; and outputting said content from the at least one GPU. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. At least one computer readable medium comprising computer executable modules including computer executable instructions for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, the computer executable modules comprising:
-
means for requesting by one of an application and device the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system and means for transmitting said secure content to encrypted overlay surfaces which overlay at least one primary surface of said video memory, including a first encrypted confidential overlay for basic rendering of secure content and a second encrypted protected overlay specifically designed to present sensitive user interfaces, the second encrypted protected overlay being always-on-top and non-obscurable and the contents of the second encrypted protected overlay being verified by said at least one GPU; means for decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device, said decrypting including decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, and decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay; means for performing said one of processing and rendering on said decrypted content by said at least one GPU; and means for outputting said content from the at least one GPU. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A computing device comprising means for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
-
means for requesting by one of an application and device the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system and means for transmitting said secure content to encrypted overlay surfaces which overlay at least one primary surface of said video memory, including a first encrypted confidential overlay for basic rendering of secure content and a second encrypted protected overlay specifically designed to present sensitive user interfaces, the second encrypted protected overlay being always-on-top and non-obscurable and the contents of the second encrypted protected overlay being verified by said at least one GPU; means for decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device, said decrypting including decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, and decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay; means for performing said one of processing and rendering on said decrypted content by said at least one GPU; and means for outputting said content from the at least one GPU. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
Specification