Hardware-based output protection of multiple video streams

US 8,393,008 B2
Filed: 05/21/2008
Issued: 03/05/2013
Est. Priority Date: 05/21/2008
Status: Active Grant

First Claim

Patent Images

1. One or more computer-storage memory having computer-executable instructions embodied thereon that, when executed, perform a method for providing hardware-based output protection of multiple video streams, the method comprising:

receiving streaming media from one or more media-reading devices;

identifying portions of the streaming media as secure data;

detecting a mode of encryption applied to the secure data;

dynamically allocating a first region of memory to provide one or more protected source segments, wherein the one or more protected source segments are associated with streaming media from the one or more media-reading devices, respectively;

identifying a protected source segment of the one or more protected source segments using the mode of encryption applied to the secure data;

temporarily writing the secure data to the identified protected source segment;

detecting one or more presentation devices;

dynamically allocating a second region of memory to provide one or more protected target segments, wherein the one or more protected target segments are associated with the one or more presentation devices, respectively;

identifying a protected target segment of the one or more protected target segments that uses a standard of output protection associated with a particular type of the one or more presentation devices;

determining whether the mode of encryption and the standard of the output protection correspond based on, in part, whether a license attached to the mode of encryption is satisfied by a level of security attached to the standard of output protection;

when the mode of encryption and the standard of the output protection are determined to correspond, mapping the identified protected source segment to the identified protected target segment via a hardware mapping scheme, wherein the hardware mapping scheme enables mapping the one or more protected source segments to the one or more protected target segments, respectively, according to whether modes of encryption associated with the one or more protected source segments correspond with standards of output protection associated with the one or more protected target segments;

pushing the secure data from the identified protected source segment to the identified protected target segment according to the hardware mapping scheme; and

evicting the secure data from the identified protected target segment to one or more presentation devices that are of the particular type.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-readable media, computerized methods, and computer systems for managing dynamic allocation of one or more protected memory segments for storing content of secure data are provided. Initially, the secure data is recognized as being carried by a media stream being communicated from a media-reading device. One or more protected target segments and protected target segments are instantiated, where these protected memory segments are protected from illicit access by hardware-based rules. Regions of hardware memory are dynamically allocated to hold these protected memory segments and the secure data is iteratively written thereto. The protected source segments are associating with the media stream based on a license attached thereto, while the protected target segments are associating with presentation devices based on a standard of output protection supported thereby. Accordingly, the protected source segments are mapped to the protected target segments according to whether the license encompasses the standard of the output protection.

41 Citations

View as Search Results

19 Claims

1. One or more computer-storage memory having computer-executable instructions embodied thereon that, when executed, perform a method for providing hardware-based output protection of multiple video streams, the method comprising:
- receiving streaming media from one or more media-reading devices;
  
  identifying portions of the streaming media as secure data;
  
  detecting a mode of encryption applied to the secure data;
  
  dynamically allocating a first region of memory to provide one or more protected source segments, wherein the one or more protected source segments are associated with streaming media from the one or more media-reading devices, respectively;
  
  identifying a protected source segment of the one or more protected source segments using the mode of encryption applied to the secure data;
  
  temporarily writing the secure data to the identified protected source segment;
  
  detecting one or more presentation devices;
  
  dynamically allocating a second region of memory to provide one or more protected target segments, wherein the one or more protected target segments are associated with the one or more presentation devices, respectively;
  
  identifying a protected target segment of the one or more protected target segments that uses a standard of output protection associated with a particular type of the one or more presentation devices;
  
  determining whether the mode of encryption and the standard of the output protection correspond based on, in part, whether a license attached to the mode of encryption is satisfied by a level of security attached to the standard of output protection;
  
  when the mode of encryption and the standard of the output protection are determined to correspond, mapping the identified protected source segment to the identified protected target segment via a hardware mapping scheme, wherein the hardware mapping scheme enables mapping the one or more protected source segments to the one or more protected target segments, respectively, according to whether modes of encryption associated with the one or more protected source segments correspond with standards of output protection associated with the one or more protected target segments;
  
  pushing the secure data from the identified protected source segment to the identified protected target segment according to the hardware mapping scheme; and
  
  evicting the secure data from the identified protected target segment to one or more presentation devices that are of the particular type.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The memory of claim 1, the method further comprising:
    - enumerating capabilities or limitations of the one or more presentation devices based on the particular type; and
      
      applying a standard of output protection to the streaming media from each of the one or more media-reading devices based on the capabilities or the limitations of the one or more presentation devices.
  - 3. The memory of claim 2, the method further comprising temporarily writing the secure data to the one or more associated protected target segments for conveyance to the associated one or more presentation devices.
  - 4. The memory of claim 3, wherein temporarily writing the secure data to the one or more associated protected target segments comprises:
    - pushing the secure data from the one or more protected source segments to the one or more protected target segments according to a rate of flow of the streaming media, wherein the secure data in the one or more protected target segments is visible to the one or more presentation devices; and
      
      wherein the secure data in the one or more protected target segments and the one or more protected source segments is protected by a set of hardware-based rules; and
      
      scanning out the secure data to the one or more presentation devices for rendering.
  - 5. The memory of claim 1, wherein determining whether the particular mode of encryption corresponds with the particular standard of the output protection applied to the secure data comprises:
    - identifying at least one license defining the mode of encryption applied to the secure data; and
      
      verifying whether the standard of output protection is encompassed by the license.
  - 6. The memory of claim 1, wherein identifying a protected target segment of the one or more protected target segments allocated for conveying the secure data with a particular standard of the output protection applied thereto comprises:
    - receiving a selection of a particular presentation device of the one or more presentation devices for rendering a media stream of the streaming media; and
      
      dynamically allocating a protected target segment to scan out the media stream to the selected presentation device.
  - 7. The memory of claim 6, the method further comprising:
    - determining whether the standard of output protection associated with the selected presentation device is encompassed by at least one license attached to the streaming media being evicted to the selected presentation device; and
      
      disallowing pushing the secure data to the protected target segment allocated for the selected presentation device if the determination indicates the standard of output protection is not encompassed by the license.
  - 8. The memory of claim 6, the method further comprising:
    - querying the one or more presentation devices to detect which media stream of the streaming media is being evicted to each of the one or more presentation devices;
      
      updating the hardware mapping scheme based on the query;
      
      re-correlating each of the one or more protected source segments with each of the one or more identified protected target segments based on the updated hardware mapping scheme.
  - 9. The memory of claim 1, the method further comprising:
    - establishing a unique session key according to the mode of encryption applied to the secure data transmitted in the streaming media from a media-reading device transmitting in parallel with the one or more media-reading devices;
      
      dynamically manipulating the region of memory to initiate a protected source segment in conjunction with managing the one or more protected source segments;
      
      deciphering the secure data from the media-reading device utilizing the unique session key; and
      
      temporarily writing the deciphered secure data to the initiated protected source segment.
  - 10. The memory of claim 1, the method further comprising allowing non-secure data to be freely copied to the one or more protected source segments for rendering on the one or more presentation devices.
  - 11. The memory of claim 4, wherein protecting the secure data by the set of hardware-based rules comprises:
    - detecting an attempt to copy the secure data of the streaming media to a location other than the identified protected source segment of the one or more protected source segments allocated for holding the secure data; and
      
      conditionally limiting access the streaming media by altering the copied secure data to render a null presentation when processed by the one or more presentation devices.
  - 12. The memory of claim 4, wherein protecting the secure data by the set of hardware-based rules comprises:
    - detecting an unauthorized attempt to copy the secure data from the identified protected target segment of the one or more protected target segments allocated for conveying the secure data to an associated presentation device of the one or more presentation devices;
      
      conditionally limiting access the identified protected target segment by altering the copied secure data to render a null presentation when processed by the one or more presentation devices other than the associated presentation device.
  - 13. The memory of claim 4, wherein protecting the secure data by the set of hardware-based rules comprises:
    - detecting an unauthorized attempt to copy the secure data from a protected source segment of the one or more protected source segments to a location other than a correlating protected target segment of the one or more protected target segments, as indicated by the hardware mapping scheme;
      
      conditionally limiting access the protected source segment by altering the copied secure data to render a null presentation when processed by the one or more presentation devices.
  - 14. The one or more computer-storage memory of claim 1, the method further comprising applying a standard of output protection to the secure data based on the mode of encryption initially applied to the secure data.

15. A computer system for managing a mapping between a plurality of protected source segments and a plurality of protected target segments, the system comprising:
- an application to receive media streaming from media-reading devices and to identify secure data within the streaming media;
  
  a memory manager component to dynamically allocate protected source segments within system memory or video memory for, at least temporarily, writing the secure data received within the streaming media and to dynamically allocate protected target segments within system memory or video memory for, at least temporarily, writing the secure data pushed from the protected source segments;
  
  one or more presentation devices to render the streaming media;
  
  a policy manager component to manage the streaming media from the protected source segments to the protected target segments, wherein said policy manager is configured to associate the protected source segments with the streaming media based on detected modes of encryption applied to the streaming media, and associating the protected target segments with the one or more presentation devices based on standards of output protection that are supported by the one or more presentation devices, wherein said policy manger is further configured to map the protected source segments to the protected target segments according to whether the modes of encryption associated with the protected source segments correspond with the standards of the output protection associated with the protected target segments; and
  
  a mapping interface component for at least temporarily maintaining the mapped protected source segments to the protected target segments on a hardware mapping scheme accessible to a graphics processing unit (GPU), wherein the mapping scheme is employed to select one of the protected target segments to receive the secure data being pushed from a particular protected source segment of the protected source segments, and wherein the mapping scheme represents a coupling that ties the particular protected source segment to the selected one of the protected target segments, wherein the coupling between the particular source segment and the selected protected target segment is formed within the mapping scheme when a license attached to the mode of encryption is satisfied by a level of security attached to the standard of output protection.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15, wherein the memory manager is further configured to:
    - determine a rate of flow of the streaming media; and
      
      dynamically manipulate a region of the video memory or the system memory allocated for the protected source segments according the rate of flow.
  - 17. The system of claim 15, wherein the protected source segments is further configured to temporarily store the secure data of the media streams associated thereto, wherein the mode of encryption of the media streams is deciphered precedent to entering the protected source segments such that the stored secure data is decrypted information.
  - 18. The system of claim 15, wherein the policy manager component is further configured to:
    - query the protected target segments to verify which of the one or more presentation devices are evicting the secure data therefrom; and
      
      updating the hardware mapping scheme to reflect results of the query.

19. A computerized method for managing dynamic allocation of one or more protected memory segments for content of secure data, the method comprising:
- recognizing a media stream being communicated from a media-reading device, wherein recognizing comprises;
  
  (1) identifying secure data within the media stream; and
  
  (2) detecting mode of encryption applied to the streaming media;
  
  dynamically allocating protected source segments within system memory or video memory for, at least temporarily, writing the secure data received within the streaming media;
  
  associating the one of the protected source segments with the media stream using the detected mode of encryption;
  
  identifying a standard of output protection of the media stream that is supported by a presentation device selected for receiving the media stream;
  
  dynamically allocating protected target segments within system memory for, at least temporarily, writing streaming media pushed from the protected source segments;
  
  associating one of the protected target segments with the presentation device using the standard of output protection that is applied by the protected target segments;
  
  determining that the mode of encryption corresponds with the standard of output protection when a license attached to the mode of encryption is satisfied by a level of security attached to the standard of output protection;
  
  mapping the associated protected source segment to the associated protected target segment when the mode of encryption of the associated protected source segment corresponds with the standard of the output protection of the associated protected target segment;
  
  pushing the secure data from the associated protected source segment to the associated protected target segment in accordance with the mapping; and
  
  evicting the media stream from the associated protected target segment to the presentation device such that the secure data is rendered thereby.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
MacDonald, Donald Scott, Pronovost, Steve, Schnell, Patrik
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Rahman, Mahfuzur

Application Number

US12/124,899
Publication Number

US 20090290709A1
Time in Patent Office

1,749 Days
Field of Search

726/30
US Class Current

726/30
CPC Class Codes

G11B 20/00086   Circuits for prevention of ...

G11B 20/0021   involving encryption or dec...

G11B 20/00507   wherein consecutive physica...

G11B 20/10527   Audio or video recording; D...

G11B 2020/1062   Data buffering arrangements...

G11B 2220/61   wherein solid state memory ...

H04N 21/4325   by playing back content fro...

H04N 21/4405   involving video stream decr...

H04N 21/835   Generation of protective da...

Hardware-based output protection of multiple video streams

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware-based output protection of multiple video streams

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links