Security provision for a subject image displayed in a non-secure domain

US 8,707,056 B2
Filed: 09/21/2011
Issued: 04/22/2014
Est. Priority Date: 10/21/2010
Status: Active Grant

First Claim

Patent Images

1. Apparatus for processing data comprising:

processing circuitry configured to operate in a selectable one of a secure domain and a non-secure domain;

a memory coupled to said processing circuitry and configured to store secure data within a secure region of said memory and to store non-secure data within a non-secure region of said memory, said secure data being accessible to said processing circuitry when operating in said secure domain and being non-accessible to said processing circuitry when operating in said non-secure domain, and said non-secure data being accessible to said processing circuitry when operating in said secure domain and being accessible to said processing circuitry when operating in said non-secure domain;

a user input device coupled to said processing circuitry and configured to receive user input data; and

a display coupled to said processing circuitry and configured to display a display image in dependence upon a frame of image data read from a frame buffer stored within said non-secure region;

whereinsaid processing circuitry is configured to operate in said secure domain to store a subject image comprising at least a portion of said frame of image data within a validated display area of said frame buffer and to store within said secure region validation data dependent upon said subject image; and

said processing circuitry is configured to operate in said secure domain to receive a user input from said user input device and, upon receipt of said user input, to read displayed data stored within said validated display area and to compare check data dependent upon said displayed data with said validation data to confirm said displayed data matches said subject image.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing device is provided with a processor core 8 that can operate in either a secure domain or a non-secure domain. Data stored within a secure region 34 of a memory 10 can only be accessed when the processor core 8 is executing in the secure domain. A frame buffer 36 for storing a display image 20 to be displayed is stored within a non-secure region of memory which can be accessed by the processor core 8 irrespective of whether it is in the secure domain or the non-secure domain as well as a display controller 12. When a subject image 22 is written to the frame buffer 36, validation data for the subject image 22 is stored within the secure region 34. When a user input is received the displayed data stored at a validated display area to which the subject image was written is read back and used to generate check data with is compared with the validation data before the user input is authenticated.

65 Citations

View as Search Results

23 Claims

1. Apparatus for processing data comprising:
- processing circuitry configured to operate in a selectable one of a secure domain and a non-secure domain;
  
  a memory coupled to said processing circuitry and configured to store secure data within a secure region of said memory and to store non-secure data within a non-secure region of said memory, said secure data being accessible to said processing circuitry when operating in said secure domain and being non-accessible to said processing circuitry when operating in said non-secure domain, and said non-secure data being accessible to said processing circuitry when operating in said secure domain and being accessible to said processing circuitry when operating in said non-secure domain;
  
  a user input device coupled to said processing circuitry and configured to receive user input data; and
  
  a display coupled to said processing circuitry and configured to display a display image in dependence upon a frame of image data read from a frame buffer stored within said non-secure region;
  
  whereinsaid processing circuitry is configured to operate in said secure domain to store a subject image comprising at least a portion of said frame of image data within a validated display area of said frame buffer and to store within said secure region validation data dependent upon said subject image; and
  
  said processing circuitry is configured to operate in said secure domain to receive a user input from said user input device and, upon receipt of said user input, to read displayed data stored within said validated display area and to compare check data dependent upon said displayed data with said validation data to confirm said displayed data matches said subject image.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. Apparatus as claimed in claim 1, wherein said user input device is configured such that when a user generates a user input, if said processing circuitry is operating in said non-secure domain, then said processing circuitry is switched to operate in said secure domain.
  - 3. Apparatus as claimed in claim 1, wherein when said processing circuitry is operating in said secure domain, said processing circuitry polls said user input device to determine if any user input has been received.
  - 4. Apparatus as claimed in claims 1, wherein said validation data is a validation hash value generated by a hash algorithm operating upon said subject image and said check data is check hash value generated by said hash algorithm operating upon said displayed data.
  - 5. Apparatus as claimed in claim 1, wherein said validation data is said subject image and said check data is said displayed data.
  - 6. Apparatus as claimed in claim 1, comprising a display controller coupled to said display and to said memory and configured to read said frame of image data from said memory and to control said display to display said display image in dependence upon said frame of image data, wherein said display controller is configured by display configuration data specifying at least a storage location within said memory of said frame buffer.
  - 7. Apparatus as claimed in claim 6, wherein said processing circuitry is configured, upon said receipt of said user input, to read said display configuration data to confirm said storage location has not changed in an unacceptable manner since said subject image was stored within said validated display area.
  - 8. Apparatus as claimed in claim 7, wherein said display configuration data also specifies size parameters of said display image and said processing circuitry is configured, upon said receipt of said user input, to read said display configuration data to confirm said size parameters have not changed in an unacceptable manner since said subject image was stored within said validated display area.
  - 9. Apparatus as claimed in claim 7, wherein said memory stores a plurality of frame buffers and said display configuration data also specifies composition parameters of said display image controlling how said display image is composed from data stored within said plurality of frame buffers and said processing circuitry is configured, upon said receipt of said user input, to read said display configuration data to confirm said composition parameters have not changed in an unacceptable manner since said subject image was stored within said validated display area.
  - 10. Apparatus as claimed in claim 1, wherein said apparatus is connected via a data network to a remote processing apparatus and said subject image is dependent upon subject image defining data received from said remote processing apparatus.
  - 11. Apparatus as claimed in claim 10, wherein, when operating in said secure domain, said processing circuitry transforms said subject image defining data received from said remote processing apparatus to generate said subject image in a form matched to said display.
  - 12. Apparatus as claimed in claim 10, wherein if said comparison of said check data with said validation data indicates said displayed data does match said subject image, then said processing circuitry returns a match confirmation indication to said remote processing apparatus via said data network.
  - 13. Apparatus as claimed in claim 1, wherein said subject image is dependent upon subject image defining data stored within said apparatus and verified as unmodified by said processing circuitry operating in said secure domain.
  - 14. Apparatus as claimed in claim 1, wherein said user input device is a key-operated user input device configured to capture keystrokes entered by a user and said processing circuitry is configured upon capture of each keystroke entered by said user to read said displayed data stored within said validated display area, to generate said check data dependent upon said displayed data and to compare said check data with said validation data to confirm said displayed data matches said subject image.
  - 15. Apparatus as claimed in claim 14, wherein said key-operated user input device is configured to generate an interrupt signal upon capture of a keystrokes, said interrupt signal triggering execution of an interrupt handling routine by said processing circuitry operating within said secure domain, said interrupt handling routine at least triggering said processing circuitry to generate said check data dependent upon said displayed data and to compare said check data with said validation data to confirm said displayed data matches said subject image.
  - 16. Apparatus as claimed in claim 1, wherein, if said comparison of said check data with said validation data indicates said displayed data does not match said subject image, then said processing circuitry triggers a security violation response and if said comparison of said check data with said validation data indicates said displayed data does match said subject image, then said processing circuitry permits a continuation of a secure processing operation.
  - 17. Apparatus as claimed in claim 1, comprising a plurality of frame buffers each storing a frame of image data, at least one of said frames of image data including said subject image, wherein said display image is dependent upon said plurality of frames of image data.
  - 18. Apparatus as claimed in claim 1, wherein said subject image indicates one or more transaction parameters of a transaction to be authenticated and said user input is an authentication input for authenticating said transaction.
  - 19. Apparatus as claimed in claim 18, wherein said authentication input is one of a personal identification number and a password.
  - 20. Apparatus as claimed in claim 1, wherein said apparatus is one of a mobile data processing apparatus and a set top box configured to receive television signals.
  - 21. Apparatus as claimed in claim 1, wherein said subject image fills said validated display area.

22. Apparatus for processing data comprising:
- processing means for performing processing in a selectable one of a secure domain and a non-secure domain;
  
  memory means for storing data, said memory means being coupled to said processing circuitry and configured to store secure data within a secure region of said memory and to store non-secure data within a non-secure region of said memory means, said secure data being accessible to said processing means when operating in said secure domain and being non-accessible to said processing means when operating in said non-secure domain, and said non-secure data being accessible to said processing means when operating in said secure domain and being accessible to said processing means when operating in said non-secure domain;
  
  user input means for receiving a user input data, said user input means being coupled to said processing means; and
  
  display means for displaying a display image, said display means being coupled to said processing means and configured to display said display image in dependence upon a frame of image data read from a frame buffer stored within said non-secure region;
  
  whereinsaid processing means is configured to operate in said secure domain to store a subject image comprising at least a portion of said frame of image data within a validated display area of said frame buffer and to store within said secure region validation data dependent upon said subject image; and
  
  said processing means is configured to operate in said secure domain to receive a user input from said user input means and, upon receipt of said user input, to read displayed data stored within said validated display area and to compare check data dependent upon said displayed data with said validation data to confirm said displayed data matches said subject image.

23. A method of processing data comprising the steps of:
- operating processing circuitry in a selectable one of a secure domain and a non-secure domain;
  
  storing secure data within a secure region of a memory and storing non-secure data within a non-secure region of said memory, said secure data being accessible to said processing circuitry when operating in said secure domain and being non-accessible to said processing circuitry when operating in said non-secure domain, and said non-secure data being accessible to said processing circuitry when operating in said secure domain and being accessible to said processing circuitry when operating in said non-secure domain;
  
  receiving user input data; and
  
  displaying a display image in dependence upon a frame of image data read from a frame buffer stored within said non-secure region;
  
  whereinwhen said processing circuitry is operating in said secure domain, storing a subject image comprising at least a portion of said frame of image data within a validated display area of said frame buffer and storing within said secure region validation data dependent upon said subject image; and
  
  when said processing circuitry is operating in said secure domain, receiving a user input from said user input device and, upon receipt of said user input, reading displayed data stored within said validated display area and comparing check data dependent upon said displayed data with said validation data to confirm said displayed data matches said subject image.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arm Limited (SoftBank Group Corp.)
Original Assignee
Arm Limited (SoftBank Group Corp.)
Inventors
Felton, Donald
Primary Examiner(s)
HENNING, MATTHEW T

Application Number

US13/137,904
Publication Number

US 20120102557A1
Time in Patent Office

944 Days
Field of Search

None
US Class Current

713/193
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/64   Protecting data integrity, ...

G06F 21/74   operating in dual or compar...

G06Q 20/0425   the cheque being electronic...

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/02   Banking, e.g. interest calc...

Security provision for a subject image displayed in a non-secure domain

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

65 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Security provision for a subject image displayed in a non-secure domain

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links