Method and apparatus for the secure processing of confidential content within a virtual machine of a processor

US 8,868,925 B2
Filed: 12/09/2008
Issued: 10/21/2014
Est. Priority Date: 12/09/2008
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

at least one processor;

at least one secure virtual machine of a first party implemented on the processor for processing a program of a second party; and

a computer readable medium storing the program of the second party for execution by the at least one secure virtual machine of the first party for processing content of a third party for output;

wherein the apparatus is operable such that the program of the second party is used within the at least one secure virtual machine of the first party by an application of the second party to decrypt the content of the third party, and wherein the content of the third party is received from the application for the decrypting of the content of the third party by the program of the second party within the at least one secure virtual machine of the first party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure virtual machine system, method, and computer program product implemented on a processor are provided for processing a third party'"'"'s content for output. At least one processor is provided. Additionally, at least one secure virtual machine implemented on the processor is provided for interpreting a second party'"'"'s program that processes and outputs a third party'"'"'s content. The virtual machine system abstracts the underlying processor hardware allowing implementation variations across products to execute the same program identically. Furthermore, the scope of the programmable operations, the types of input & output variables, and execution of programs within the processor, is deliberately constrained within the virtual machine environment, in order to mitigate potential security leaks by programs, and to ensure confidentiality of second party'"'"'s secrets, and third party'"'"'s content as managed by the second party'"'"'s program.

Citations

22 Claims

1. An apparatus, comprising:
- at least one processor;
  
  at least one secure virtual machine of a first party implemented on the processor for processing a program of a second party; and
  
  a computer readable medium storing the program of the second party for execution by the at least one secure virtual machine of the first party for processing content of a third party for output;
  
  wherein the apparatus is operable such that the program of the second party is used within the at least one secure virtual machine of the first party by an application of the second party to decrypt the content of the third party, and wherein the content of the third party is received from the application for the decrypting of the content of the third party by the program of the second party within the at least one secure virtual machine of the first party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The apparatus of claim 1, wherein residual confidential program information, information being processed, and ephemeral variables created by each of the at least one virtual machines is deleted after the processing.
  - 3. The apparatus of claim 1, wherein a plurality of secure virtual machines are implemented on the processor within individual contexts.
  - 4. The apparatus of claim 3, wherein sharing of information between the plurality of secure virtual machines is restricted.
  - 5. The apparatus of claim 4, wherein types of ephemeral information, and storage of information being processed by the plurality of secure virtual machines is restricted.
  - 6. The apparatus of claim 4, wherein the information includes keys and intermediate cryptographic values used in decryption of protected content.
  - 7. The apparatus of claim 1, wherein the program of the second party is a client provided program executed by the at least one virtual machine to process the content of the third party which is protected content.
  - 8. The apparatus of claim 7, wherein the client provided program is encrypted by the second party to ensure the confidentiality of algorithm details, secrets and keys used by the client provided program in processing the content of the third party.
  - 9. The apparatus of claim 8, wherein the client provided program is additionally signed by the second party to allow verification of an integrity of the client provided program and includes a certificate allowing an authenticity of a source of the client provided program to be verified.
  - 10. The apparatus of claim 8, wherein the content of the third party has been separately encrypted by the third party before being processed by the program of the second party within the at least one virtual machine.
  - 11. The apparatus of claim 10, wherein the client provided program, confidential algorithm, and the secrets are decrypted and authenticated by verifying an included signature and the certificate before allowing execution within the at least one virtual machine.
  - 12. The apparatus of claim 10, wherein processing the client provided program includes the decrypting the content of the third party.
  - 13. The apparatus of claim 12, wherein the processing further includes re-encrypting at least one of one or more portions of the content of the third party or streams within the content of the third party.
  - 14. The apparatus of claim 13, wherein the re-encryption occurs before the content of the third party exits from the at least one virtual machine.
  - 15. The apparatus of claim 13, wherein the re-encryption occurs after the content of the third party is output from the processor.
  - 16. The apparatus of claim 7, wherein the client provided program is received from the application, and the client provided program establishes a secure communication channel between the processor and the application.
  - 17. The apparatus of claim 16, wherein the communication channel between the processor and the application is secured utilizing cryptographic values derived in the processor, and at least one certificate.
  - 18. The apparatus of claim 1, wherein the at least one virtual machine serves as an interpreter of the program of the second party which is a protected content processing program provided by the application.
  - 19. The apparatus of claim 1, wherein the processor includes at least one security processor and is configured to provide the processed content of the third party to at least one of a graphics processor, a video processor, or an audio processor.
  - 20. The apparatus of claim 1, wherein the processor includes secure confidential storage for content keys unwrapped from a package and intermediate cryptographic values derived during program execution.
  - 21. The apparatus of claim 1, wherein the processing of the content of the third party by the program of the second party within the at least one virtual machine of the processor does not require the processor include licensed secrets, nor have previously implemented licensed algorithms.
  - 22. The apparatus of claim 1, wherein a design of the at least one virtual machine and the processing of the content of the third party by the program of the second party within the at least one virtual machine is reviewed by the second party with respect to license compliance and robustness rules, thereby allowing a determination of suitability for the content of the third party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NVIDIA Corporation
Original Assignee
NVIDIA Corporation
Inventors
Wyatt, David, Shi, Haixia, Tuckey, Jeffrey Scott
Primary Examiner(s)
Goodchild, William
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US12/331,295
Publication Number

US 20100146501A1
Time in Patent Office

2,142 Days
Field of Search

726/9, 726/26, 726/27, 726/28, 726/29, 713/189, 713/164, 713/188, 713/182, 725/204, 725/201, 725/220, 725/227, 718/1, 718/100, 718/FOR.157, 380/200, 380/201, 380/202, 380/293, 380/227
US Class Current

713/189
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/84   output devices, e.g. displa...

G06F 9/45533   Hypervisors; Virtual machin...

Method and apparatus for the secure processing of confidential content within a virtual machine of a processor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for the secure processing of confidential content within a virtual machine of a processor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links