Hardware-based protection of secure data
First Claim
1. One or more computer-storage media having computer-executable instructions embodied thereon that, when executed, perform a method for protecting secure data by writing content of the secure data to a protected memory segment, the method comprising:
- receiving streaming media from a media-reading device;
identifying portions of the streaming media as secure data;
allocating a region of memory to provide the protected memory segment to accept the identified secure data, wherein the protected memory segment represents a secure data store that restricts access from the operating system thereto utilizing a set of hardware-based rules instantiated for the secure data store, wherein allocating the region of memory to provide the protected memory segment comprises;
(a) incident to identifying portions of the streaming media as secure data, establishing the protected memory segment;
(b) determining a rate of flow of the streaming media; and
(c) dynamically manipulating the allocation of the region of memory to hold the protected memory segment as a function of the rate of flow, wherein dynamically manipulating comprises incrementally growing or incrementally shrinking the protected memory segment in accordance with changes to the rate of flow; and
at least temporarily storing content of the secure data at the protected memory segment, wherein the stored content is not encrypted; and
releasing the content from the protected memory segment for conveyance to one or more presentation devices, wherein releasing the content from the protected memory segment comprises;
(a) pushing the content to a frame buffer according to a rate of flow of the streaming media, wherein the content in the frame buffer is visible to the one or more presentation devices and is protected by the set of hardware-based rules; and
(b) scanning out the content to the one or more presentation devices for rendering thereby.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer-readable media, computerized methods, and computer systems for protecting secure data by writing content of the secure data to a protected memory segment are provided. Initially, streaming media is received from a media-reading device and portions of the streaming media are identified as secure data. A data-management process to protect content within the secure data is executed. During execution, the protected memory segment is instantiated, a region of memory is dynamically allocated to hold the protected memory segment, and content of the secure data is written thereto. The protected memory segment is generally a data store that conditionally limits access thereto utilizing hardware-based rules, thereby guarding the content against exposure to unauthorized systems and to attackers. The region of memory may be allocated on CPU hardware, GPU hardware, or a combination thereof. The content may then be encrypted and released for conveyance to one or more presentation devices.
-
Citations
17 Claims
-
1. One or more computer-storage media having computer-executable instructions embodied thereon that, when executed, perform a method for protecting secure data by writing content of the secure data to a protected memory segment, the method comprising:
-
receiving streaming media from a media-reading device; identifying portions of the streaming media as secure data; allocating a region of memory to provide the protected memory segment to accept the identified secure data, wherein the protected memory segment represents a secure data store that restricts access from the operating system thereto utilizing a set of hardware-based rules instantiated for the secure data store, wherein allocating the region of memory to provide the protected memory segment comprises; (a) incident to identifying portions of the streaming media as secure data, establishing the protected memory segment; (b) determining a rate of flow of the streaming media; and (c) dynamically manipulating the allocation of the region of memory to hold the protected memory segment as a function of the rate of flow, wherein dynamically manipulating comprises incrementally growing or incrementally shrinking the protected memory segment in accordance with changes to the rate of flow; and at least temporarily storing content of the secure data at the protected memory segment, wherein the stored content is not encrypted; and releasing the content from the protected memory segment for conveyance to one or more presentation devices, wherein releasing the content from the protected memory segment comprises; (a) pushing the content to a frame buffer according to a rate of flow of the streaming media, wherein the content in the frame buffer is visible to the one or more presentation devices and is protected by the set of hardware-based rules; and (b) scanning out the content to the one or more presentation devices for rendering thereby. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system for applying a set of hardware-based rules to content that is written to a protected memory segment, the system comprising:
-
an application to receive media streaming from a media-reading device and to identify secure data within the streaming media; a driver component to specify a type of memory that content of the streaming media is to be written, wherein the type of memory is specified as a function of whether the secure data is identified within the streaming media; a memory manager to allocate memory for the protected memory segment to, at least temporarily, store the content of the secure data, wherein the stored content is not encrypted, and wherein the memory manager is further configured to; (a) determine a rate of flow of the streaming media; and (b) dynamically allocate a size of the protected memory segment according the rate of flow by identifying a region of the memory; the protected memory segment to protectively hold the content and to deny unauthorized access from the operating system to the content by enforcing the set of hardware-based rules; and output-protection component to apply encryption to the content upon releasing the content from the protected memory segment to one or more presentation devices, wherein releasing the content from the protected memory segment comprises; (a) pushing the content to a frame buffer according to a rate of flow of the streaming media, wherein the content in the frame buffer is visible to the one or more presentation devices and is protected by the set of hardware-based rules; and (b) scanning out the content to the one or more presentation devices for rendering thereby. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computerized method for managing dynamic allocation of regions of memory to provide protected memory segments for storing secure data, the method comprising:
-
receiving streaming media from a first media-reading device; identifying a rate of flow of the streaming media; identifying secure data is included within the streaming media; instantiating a first protected memory segment for receiving the secure data from the first media-reading device, wherein the first protected memory segment conditionally limits access to the secure data residing therein; dynamically allocating the regions of memory to provide the first protected memory segment based on the rate of flow, wherein the memory comprises video memory and system memory, and wherein dynamically allocating the regions of memory comprises; (a) accessing the identified rate of flow of the streaming media; and (b) dynamically modifying a size of the protected memory segment according the identified rate of flow, wherein the protected memory segment is provisioned to protectively hold the secure data of the streaming media and to deny unauthorized access from the operating system to the secure data by enforcing a set of hardware-based rules; writing the secure data to the first protected memory segment, wherein content of the written secure data is not encrypted; and releasing the secure data from the first protected memory segment for conveyance to one or more presentation devices, wherein releasing comprises; (a) pushing the content to a frame buffer according to a rate of flow of the streaming media, wherein the content in the frame buffer is visible to the one or more presentation devices and is protected by the set of hardware-based rules; (b) recognizing a type of the one or more presentation devices receiving the streaming media; (c) applying encryption to the content according the type of the one or more presentation devices; and (d) scanning out the encrypted content to the one or more presentation devices for rendering thereby. - View Dependent Claims (17)
-
Specification