Hardware-based output protection of multiple video streams
First Claim
1. One or more computer-storage memory having computer-executable instructions embodied thereon that, when executed, perform a method for providing hardware-based output protection of multiple video streams, the method comprising:
- receiving streaming media from one or more media-reading devices;
identifying portions of the streaming media as secure data;
detecting a mode of encryption applied to the secure data;
dynamically allocating a first region of memory to provide one or more protected source segments, wherein the one or more protected source segments are associated with streaming media from the one or more media-reading devices, respectively;
identifying a protected source segment of the one or more protected source segments using the mode of encryption applied to the secure data;
temporarily writing the secure data to the identified protected source segment;
detecting one or more presentation devices;
dynamically allocating a second region of memory to provide one or more protected target segments, wherein the one or more protected target segments are associated with the one or more presentation devices, respectively;
identifying a protected target segment of the one or more protected target segments that uses a standard of output protection associated with a particular type of the one or more presentation devices;
determining whether the mode of encryption and the standard of the output protection correspond based on, in part, whether a license attached to the mode of encryption is satisfied by a level of security attached to the standard of output protection;
when the mode of encryption and the standard of the output protection are determined to correspond, mapping the identified protected source segment to the identified protected target segment via a hardware mapping scheme, wherein the hardware mapping scheme enables mapping the one or more protected source segments to the one or more protected target segments, respectively, according to whether modes of encryption associated with the one or more protected source segments correspond with standards of output protection associated with the one or more protected target segments;
pushing the secure data from the identified protected source segment to the identified protected target segment according to the hardware mapping scheme; and
evicting the secure data from the identified protected target segment to one or more presentation devices that are of the particular type.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer-readable media, computerized methods, and computer systems for managing dynamic allocation of one or more protected memory segments for storing content of secure data are provided. Initially, the secure data is recognized as being carried by a media stream being communicated from a media-reading device. One or more protected target segments and protected target segments are instantiated, where these protected memory segments are protected from illicit access by hardware-based rules. Regions of hardware memory are dynamically allocated to hold these protected memory segments and the secure data is iteratively written thereto. The protected source segments are associating with the media stream based on a license attached thereto, while the protected target segments are associating with presentation devices based on a standard of output protection supported thereby. Accordingly, the protected source segments are mapped to the protected target segments according to whether the license encompasses the standard of the output protection.
41 Citations
19 Claims
-
1. One or more computer-storage memory having computer-executable instructions embodied thereon that, when executed, perform a method for providing hardware-based output protection of multiple video streams, the method comprising:
-
receiving streaming media from one or more media-reading devices; identifying portions of the streaming media as secure data; detecting a mode of encryption applied to the secure data; dynamically allocating a first region of memory to provide one or more protected source segments, wherein the one or more protected source segments are associated with streaming media from the one or more media-reading devices, respectively; identifying a protected source segment of the one or more protected source segments using the mode of encryption applied to the secure data; temporarily writing the secure data to the identified protected source segment; detecting one or more presentation devices; dynamically allocating a second region of memory to provide one or more protected target segments, wherein the one or more protected target segments are associated with the one or more presentation devices, respectively; identifying a protected target segment of the one or more protected target segments that uses a standard of output protection associated with a particular type of the one or more presentation devices; determining whether the mode of encryption and the standard of the output protection correspond based on, in part, whether a license attached to the mode of encryption is satisfied by a level of security attached to the standard of output protection; when the mode of encryption and the standard of the output protection are determined to correspond, mapping the identified protected source segment to the identified protected target segment via a hardware mapping scheme, wherein the hardware mapping scheme enables mapping the one or more protected source segments to the one or more protected target segments, respectively, according to whether modes of encryption associated with the one or more protected source segments correspond with standards of output protection associated with the one or more protected target segments; pushing the secure data from the identified protected source segment to the identified protected target segment according to the hardware mapping scheme; and evicting the secure data from the identified protected target segment to one or more presentation devices that are of the particular type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer system for managing a mapping between a plurality of protected source segments and a plurality of protected target segments, the system comprising:
-
an application to receive media streaming from media-reading devices and to identify secure data within the streaming media; a memory manager component to dynamically allocate protected source segments within system memory or video memory for, at least temporarily, writing the secure data received within the streaming media and to dynamically allocate protected target segments within system memory or video memory for, at least temporarily, writing the secure data pushed from the protected source segments; one or more presentation devices to render the streaming media; a policy manager component to manage the streaming media from the protected source segments to the protected target segments, wherein said policy manager is configured to associate the protected source segments with the streaming media based on detected modes of encryption applied to the streaming media, and associating the protected target segments with the one or more presentation devices based on standards of output protection that are supported by the one or more presentation devices, wherein said policy manger is further configured to map the protected source segments to the protected target segments according to whether the modes of encryption associated with the protected source segments correspond with the standards of the output protection associated with the protected target segments; and a mapping interface component for at least temporarily maintaining the mapped protected source segments to the protected target segments on a hardware mapping scheme accessible to a graphics processing unit (GPU), wherein the mapping scheme is employed to select one of the protected target segments to receive the secure data being pushed from a particular protected source segment of the protected source segments, and wherein the mapping scheme represents a coupling that ties the particular protected source segment to the selected one of the protected target segments, wherein the coupling between the particular source segment and the selected protected target segment is formed within the mapping scheme when a license attached to the mode of encryption is satisfied by a level of security attached to the standard of output protection. - View Dependent Claims (16, 17, 18)
-
-
19. A computerized method for managing dynamic allocation of one or more protected memory segments for content of secure data, the method comprising:
-
recognizing a media stream being communicated from a media-reading device, wherein recognizing comprises; (1) identifying secure data within the media stream; and (2) detecting mode of encryption applied to the streaming media; dynamically allocating protected source segments within system memory or video memory for, at least temporarily, writing the secure data received within the streaming media; associating the one of the protected source segments with the media stream using the detected mode of encryption; identifying a standard of output protection of the media stream that is supported by a presentation device selected for receiving the media stream; dynamically allocating protected target segments within system memory for, at least temporarily, writing streaming media pushed from the protected source segments; associating one of the protected target segments with the presentation device using the standard of output protection that is applied by the protected target segments; determining that the mode of encryption corresponds with the standard of output protection when a license attached to the mode of encryption is satisfied by a level of security attached to the standard of output protection; mapping the associated protected source segment to the associated protected target segment when the mode of encryption of the associated protected source segment corresponds with the standard of the output protection of the associated protected target segment; pushing the secure data from the associated protected source segment to the associated protected target segment in accordance with the mapping; and evicting the media stream from the associated protected target segment to the presentation device such that the secure data is rendered thereby.
-
Specification