Methods and systems for cryptographically protecting secure content

US 20030140241A1
Filed: 04/18/2002
Published: 07/24/2003
Est. Priority Date: 12/04/2001
Status: Active Grant

First Claim

Patent Images

1. A method for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:

requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said requesting includes transmitting by said one of an application and device a session key to the graphics system and transmitting said secure content to at least one encrypted portion of the video memory;

decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device;

performing said one of processing and rendering on said decrypted content by said at least one GPU; and

outputting said content from the at least one GPU.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for cryptographically protecting secure content in connection with a graphics subsystem of a computing device. Techniques are implemented to encrypt the contents of video memory so that unauthorized software cannot gain meaningful access to it, thereby maintaining confidentiality. Moreover, a mechanism for tamper detection is provided so that there is awareness when data has been altered in some fashion, thereby maintaining integrity. In various embodiments, the contents of overlay surfaces and/or command buffers are encrypted, and/or the GPU is able to operate on encrypted content while preventing its availability to untrusted parties, devices or software.

93 Citations

View as Search Results

115 Claims

1. A method for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
- requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said requesting includes transmitting by said one of an application and device a session key to the graphics system and transmitting said secure content to at least one encrypted portion of the video memory;
  
  decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device;
  
  performing said one of processing and rendering on said decrypted content by said at least one GPU; and
  
  outputting said content from the at least one GPU.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. A method according to claim 1, wherein if the output of said outputting is different than the secure content of said requesting adjusted for any processing performed on said secure content by said at least one GPU, said one of an application and device is alerted to the difference.
  - 3. A method according to claim 1, wherein said transmitting includes transmitting said secure content to at least one encrypted overlay surface, which overlays at least one primary surface of said video memory.
  - 4. A method according to claim 1, wherein said decrypting the content of said at least one encrypted portion of video memory includes decrypting a geometrical fraction of a primary surface, whereby pixels other than the geometrical fraction are not decrypted.
  - 5. A method according to claim 1, wherein the cryptographic processor is permanently attached to the graphics card, by one of (A) adding the cryptographic processor to an existing chip and (B) adding the cryptographic processor as a separate chip to the graphics card, whereby the physical connection between the cryptographic processor and the rest of the graphics card is not accessible and is not exposed.
  - 6. A method according to claim 3, wherein said decrypting includes decrypting said at least one encrypted overlay surface by a decryption mechanism of said GPU communicatively coupled to said cryptographic processing device
  - 7. A method according to claim 3, wherein said decrypting includes one of (A) decrypting said at least one encrypted overlay surface on the fly by digital to analog conversion (DAC) hardware of the graphics system as the content is output according to said outputting and (B) decrypting said at least one encrypted overlay surface on the fly just previous to the content reaching the DAC hardware of the graphics system.
  - 8. A method according to claim 3, wherein said decrypting includes decrypting said at least one encrypted overlay surface previous to the content reaching the DAC hardware of the graphics system by a component having no back channel to the host system.
  - 9. A method according to claim 1, further including:
    - re-encrypting said content by said at least one GPU in communication with said cryptographic processing device prior to said outputting; and
      
      decrypting said re-encrypted content by at least a second cryptographic processing device of an external computing device.
  - 10. A method according to claim 1, wherein the content is transmitted in digital form to an external device having a second cryptographic processing device and said decrypting occurs on said external device.
  - 11. A method according to claim 9, wherein said external computing device is one of (A) a monitor, (B) a set top box and (C) a digital signal processing (DSP) rendering device.
  - 12. A method according to claim 3, wherein said transmitting includes transmitting said secure content to one of (A) a first encrypted confidential overlay for basic rendering of secure content and (B) a second encrypted protected overlay specifically designed to present sensitive user interfaces, (C) a first encrypted region of a primary surface for basic rendering of secure content and (D) a second encrypted region of a primary surface specifically designed to present sensitive user interfaces.
  - 13. A method according to claim 1, wherein said decrypting includes calculating a cryptographic digest of the decrypted data, and said method further includes:
    - transmitting said cryptographic digest to the one of an application and device to ensure that the displayed pixels are the pixels sent in connection with said requesting by the one of an application and device.
  - 14. A method according to claim 12, wherein the second encrypted protected overlay is always-on-top and non-obscurable and wherein the contents of the second encrypted protected overlay are verified by said at least one GPU.
  - 15. A method according to claim 12, wherein said decrypting includes one of (A) decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, (B) decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay, (C) decrypting with a first stream cipher decryption component the contents of the first encrypted region of primary surface and (D) decrypting with a second stream cipher decryption component the contents of the second encrypted region of primary surface.
  - 16. A method according to claim 15, wherein at least one bit of each pixel in a primary surface is used to determine membership in a virtual protected surface for the pixel, wherein the graphics card selects an appropriate decryption key for the pixel based on said at least one bit.
  - 17. A method according to claim 16, wherein if said at least one bit contains a zero value, then the virtual protected surface associated with said at least one bit is interpreted as a region not to decrypt.
  - 18. A method according to claim 15, further including once the decrypted pixel values are available, selecting by a pixel select component of said at least one GPU the pixel value of one of (A) the second encrypted protected overlay, (B) the first encrypted confidential overlay and (3) a primary surface.
  - 19. A method according to claim 12, wherein said requesting includes at least one of (A) a source and destination bounding box of said at least one encrypted overlay surface, (B) a destination color key of said at least one encrypted overlay surface, (C) in the case of the first encrypted confidential overlay, a specification of an encryption key index of the contents of an overlay back buffer to which the data is to be flipped (D) in the case of the second encrypted protected overlay, a specification of a memory location where at least one of a cyclic redundancy code (CRC), an integrity measure and a digest value of the decrypted overlay contents are to be written, (E) a source and destination bounding box of at least one encrypted primary surface, and (F) a destination color key of said at least one encrypted primary surface.
  - 20. A method according to claim 19, wherein said one of an application and device calculates said at least one of the CRC, integrity measure and digest value if said one of an application and device is concerned with integrity of the content.
  - 21. A method according to claim 1, wherein at least one command buffer sent to a video decode unit of the at least one GPU incident to said requesting is encrypted by said at least one of an application and device and decrypted by said video decode unit in communication with said cryptographic processing unit.
  - 22. A method according to claim 21, further comprising tamper detecting said at least one command buffer one of (A) by using two passes before consumption of the at least one command buffer and (B) after the command buffer has been consumed.
  - 23. At least one of an operating system, a computer readable medium having stored thereon a plurality of computer-executable instructions, a co-processing device, a computing device and a modulated data signal carrying computer executable instructions for performing the method of claim 1.

24. A method for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
- requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said requesting includes transmitting by said one of an application and device a session key to the graphics system for verification by the cryptographic processing device and transmitting said secure content to at least one encrypted portion of the video memory;
  
  decrypting the content of said at least one encrypted portion of video memory by a decryption mechanism of an input unit of said at least one GPU, wherein said decryption mechanism is in communication with said cryptographic processing device;
  
  performing said one of processing and rendering on said decrypted content by said at least one GPU;
  
  encrypting said content with an encryption/decryption mechanism of an output unit of the at least one GPU; and
  
  outputting said encrypted content from the at least one GPU.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 25. A method according to claim 24, wherein said input unit is a texture mapping unit and said output unit is an alpha blending unit, and wherein said at least one encrypted portion of said video memory is an encrypted texture surface.
  - 26. A method according to claim 24, wherein said secure content is one of texture data, plaintext and video macroblocks.
  - 27. A method according to claim 24, wherein said encrypting and decrypting includes encrypting and decrypting using block ciphers, respectively.
  - 28. A method according to claim 25, wherein said decryption mechanism of the texture mapping unit decrypts on a cache line fill and wherein the encryption/decryption mechanism of the alpha blending unit encrypts before writing.
  - 29. A method according to claim 25, further including decrypting by the encryption/decryption mechanism of the alpha blending unit when reading a cache line from a color buffer in video memory.
  - 30. A method according to claim 24, further including:
    - flipping said encrypted output content from an encrypted back primary surface to an encrypted front primary surface of said video memory, second decrypting said encrypted output content by a second decryption mechanism of said at least one GPU in communication with said cryptographic processing device; and
      
      second outputting said output content.
  - 31. A method according to claim 24, wherein said outputting includes outputting the encrypted content to a confidential overlay flipping chain and the method further includes:
    - flipping said encrypted output content from an encrypted back confidential surface to an encrypted front confidential surface, whereby said encrypting by said encryption/decryption mechanism includes encrypting utilizing stream cipher encryption; and
      
      second decrypting said encrypted output content by a stream cipher decryption mechanism of said at least one GPU in communication with said cryptographic processing device.
  - 32. A method according to claim 31, further comprising:
    - prior to said encrypting, encoding a location within the content; and
      
      after said second decrypting, decoding the location within the content, whereby said location is externally unavailable preserving the integrity of a plaintext-ciphertext mapping.
  - 33. A method according to claim 24, wherein if the output of said outputting is different than the secure content of said requesting adjusted for any processing performed on said secure content by said at least one GPU, said one of an application and device is alerted to the difference.
  - 34. A method according to claim 24, further including:
    - re-encrypting said content by said at least one GPU in communication with said cryptographic processing device prior to said outputting; and
      
      decrypting said re-encrypted content by at least a second cryptographic processing device of an external computing device.
  - 35. A method according to claim 34, wherein said external computing device is one of (A) a monitor, (B) a set top box and (C) a digital signal processing (DSP) rendering device.
  - 36. A method according to claim 24, wherein encrypted textures and encrypted offscreen surfaces delivered by said one of an application and device are encoded with block ciphers, and said one of an application and device swizzles the block ciphers with a predefined swizzling format that converts an (x,y) location in the content to an offset for at least one of YUV, RGB, YUY2 and packed planar formats.
  - 37. A method according to claim 24, wherein at least one command buffer sent to a video decode unit of the at least one GPU incident to said requesting is encrypted by said at least one of an application and device and decrypted by said video decode unit in communication with said cryptographic processing unit.
  - 38. A method according to claim 24, further comprising tamper detecting said at least one command buffer one of (A) by using two passes before consumption of the at least one command buffer and (B) after the command buffer has been consumed.
  - 39. At least one of an operating system, a computer readable medium having stored thereon a plurality of computer-executable instructions, a co-processing device, a computing device and a modulated data signal carrying computer executable instructions for performing the method of claim 24.

40. At least one computer readable medium comprising computer executable modules including computer executable instructions for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, the computer executable modules comprising:
- means for requesting by one of an application and device the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system and means for transmitting said secure content to at least one encrypted portion of the video memory;
  
  means for decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device;
  
  means for performing said one of processing and rendering on said decrypted content by said at least one GPU; and
  
  means for outputting said content from the at least one GPU.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 41. At least one computer readable medium according to claim 40, wherein if the output of said means for outputting is different than the secure content of said means for requesting adjusted for any processing performed on said secure content by said at least one GPU, said one of an application and device is alerted to the difference.
  - 42. At least one computer readable medium according to claim 40, wherein said means for transmitting includes means for transmitting said secure content to at least one encrypted overlay surface, which overlays at least one primary surface of said video memory.
  - 43. At least one computer readable medium according to claim 40, wherein said means for decrypting the content of said at least one encrypted portion of video memory includes means for decrypting a geometrical fraction of a primary surface, whereby pixels other than the geometrical fraction are not decrypted.
  - 44. At least one computer readable medium according to claim 40, wherein the cryptographic processor is permanently attached to the graphics card, by one of (A) adding the cryptographic processor to an existing chip and (B) adding the cryptographic processor as a separate chip to the graphics card, whereby the physical connection between the cryptographic processor and the rest of the graphics card is not accessible and is not exposed.
  - 45. At least one computer readable medium according to claim 42, wherein said means for decrypting includes means for decrypting said at least one encrypted overlay surface by a decryption mechanism of said GPU communicatively coupled to said cryptographic processing device.
  - 46. At least one computer readable medium according to claim 42, wherein said means for decrypting includes one of (A) means for decrypting said at least one encrypted overlay surface on the fly by digital to analog conversion (DAC) hardware of the graphics system as the content is output according to said outputting of said means for outputting and (B) means for decrypting said at least one encrypted overlay surface on the fly just previous to the content reaching the DAC hardware of the graphics system.
  - 47. At least one computer readable medium according to claim 42, wherein said means for decrypting includes means for decrypting said at least one encrypted overlay surface previous to the content reaching the DAC hardware of the graphics system by a component having no back channel to the host system.
  - 48. At least one computer readable medium according to claim 40, further including:
    - means for re-encrypting said content by said at least one GPU in communication with said cryptographic processing device prior to said outputting by said means for outputting; and
      
      means for decrypting said re-encrypted content by at least a second cryptographic processing device of an external computing device.
  - 49. At least one computer readable medium according to claim 40, wherein the content is transmitted in digital form to an external device having a second cryptographic processing device and said decrypting of said means for decrypting occurs on said external device.
  - 50. At least one computer readable medium according to claim 48, wherein said external computing device is one of (A) a monitor, (B) a set top box and (C) a digital signal processing (DSP) rendering device.
  - 51. At least one computer readable medium according to claim 42, wherein said means for transmitting includes means for transmitting said secure content to one of (A) a first encrypted confidential overlay for basic rendering of secure content and (B) a second encrypted protected overlay specifically designed to present sensitive user interfaces, (C) a first encrypted region of a primary surface for basic rendering of secure content and (D) a second encrypted region of a primary surface specifically designed to present sensitive user interfaces.
  - 52. At least one computer readable medium according to claim 40, wherein said means for decrypting includes means for calculating a cryptographic digest of the decrypted data, and said computer executable modules further include:
    - means for transmitting said cryptographic digest to the one of an application and device to ensure that the displayed pixels are the pixels sent in connection with said requesting by the one of an application and device via said means for requesting.
  - 53. At least one computer readable medium according to claim 51, wherein the second encrypted protected overlay is always-on-top and non-obscurable and wherein the contents of the second encrypted protected overlay are verified by said at least one GPU.
  - 54. At least one computer readable medium according to claim 51, wherein said means for decrypting includes one of (A) means for decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, (B) means for decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay, (C) means for decrypting with a first stream cipher decryption component the contents of the first encrypted region of primary surface and (D) means for decrypting with a second stream cipher decryption component the contents of the second encrypted region of primary surface.
  - 55. At least one computer readable medium according to claim 54, wherein at least one bit of each pixel in a primary surface is used to determine membership in a virtual protected surface for the pixel, wherein the graphics card selects an appropriate decryption key for the pixel based on said at least one bit.
  - 56. At least one computer readable medium according to claim 55, wherein if said at least one bit contains a zero value, then the virtual protected surface associated with said at least one bit is interpreted as a region not to decrypt.
  - 57. At least one computer readable medium according to claim 54, the computer executable modules further including, means for selecting, once the decrypted pixel values are available, by a pixel select component of said at least one GPU the pixel value of one of (A) the second encrypted protected overlay, (B) the first encrypted confidential overlay and (3) a primary surface.
  - 58. At least one computer readable medium according to claim 51, wherein said requesting of said means for requesting includes at least one of (A) a source and destination bounding box of said at least one encrypted overlay surface, (B) a destination color key of said at least one encrypted overlay surface, (C) in the case of the first encrypted confidential overlay, a specification of an encryption key index of the contents of an overlay back buffer to which the data is to be flipped (D) in the case of the second encrypted protected overlay, a specification of a memory location where at least one of a cyclic redundancy code (CRC), an integrity measure and a digest value of the decrypted overlay contents are to be written, (E) a source and destination bounding box of at least one encrypted primary surface, and (F) a destination color key of said at least one encrypted primary surface.
  - 59. At least one computer readable medium according to claim 58, wherein said one of an application and device calculates said at least one of the CRC, integrity measure and digest value if said one of an application and device is concerned with integrity of the content.
  - 60. At least one computer readable medium according to claim 40, wherein at least one command buffer sent to a video decode unit of the at least one GPU incident to said requesting of said means for requesting is encrypted by said at least one of an application and device and decrypted by said video decode unit in communication with said cryptographic processing unit.
  - 61. At least one computer readable medium according to claim 60, the computer executable modules further comprising means for tamper detecting said at least one command buffer one of (A) by using two passes before consumption of the at least one command buffer and (B) after the command buffer has been consumed.
  - 62. At least one of an operating system, a co-processing device, a computing device and a modulated data signal carrying the computer executable instructions of the computer executable modules of the at least one computer readable medium of claim 40.

63. At least one computer readable medium comprising computer executable modules including computer executable instructions for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, the computer executable modules comprising:
- means for requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system for verification by the cryptographic processing device and transmitting said secure content to at least one encrypted portion of the video memory;
  
  means for decrypting the content of said at least one encrypted portion of video memory by a decryption mechanism of an input unit of said at least one GPU, wherein said decryption mechanism is in communication with said cryptographic processing device;
  
  means for performing said one of processing and rendering on said decrypted content by said at least one GPU;
  
  means for encrypting said content with an encryption/decryption mechanism of an output unit of the at least one GPU; and
  
  means for outputting said encrypted content from the at least one GPU.
- View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78)
- - 64. At least one computer readable medium according to claim 63, wherein said input unit is a texture mapping unit and said output unit is an alpha blending unit, and wherein said at least one encrypted portion of said video memory is an encrypted texture surface.
  - 65. At least one computer readable medium according to claim 63, wherein said secure content is one of texture data, plaintext and video macroblocks.
  - 66. At least one computer readable medium according to claim 63, wherein said means for encrypting and means for decrypting includes means for encrypting and means for decrypting using block ciphers, respectively.
  - 67. At least one computer readable medium according to claim 64, wherein said decryption mechanism of the texture mapping unit decrypts on a cache line fill and wherein the encryption/decryption mechanism of the alpha blending unit encrypts before writing.
  - 68. At least one computer readable medium according to claim 64, further including means for decrypting by the encryption/decryption mechanism of the alpha blending unit when reading a cache line from a color buffer in video memory.
  - 69. At least one computer readable medium according to claim 63, further including:
    - means for flipping said encrypted output content from an encrypted back primary surface to an encrypted front primary surface of said video memory;
      
      second means for decrypting said encrypted output content by a second decryption mechanism of said at least one GPU in communication with said cryptographic processing device; and
      
      second means for outputting said output content.
  - 70. At least one computer readable medium according to claim 63, wherein said means for outputting includes means for outputting the encrypted content to a confidential overlay flipping chain and the computer executable modules further include:
    - means for flipping said encrypted output content from an encrypted back confidential surface to an encrypted front confidential surface, whereby said encrypting by said encryption/decryption mechanism includes means for encrypting utilizing stream cipher encryption; and
      
      second means for decrypting said encrypted output content by a stream cipher decryption mechanism of said at least one GPU in communication with said cryptographic processing device.
  - 71. At least one computer readable medium according to claim 70, the computer executable modules further comprising:
    - means for encoding a location within the content prior to said encrypting by said means for encrypting; and
      
      means for decoding the location within the content after said decrypting by said second means for decrypting, whereby said location is externally unavailable preserving the integrity of a plaintext-ciphertext mapping.
  - 72. At least one computer readable medium according to claim 63, wherein if the output of said means for outputting is different than the secure content of said means for requesting adjusted for any processing performed on said secure content by said at least one GPU, said one of an application and device is alerted to the difference.
  - 73. At least one computer readable medium according to claim 63, the computer executable modules further including:
    - means for re-encrypting said content by said at least one GPU in communication with said cryptographic processing device prior to said outputting by said means for outputting; and
      
      means for decrypting said re-encrypted content by at least a second cryptographic processing device of an external computing device.
  - 74. At least one computer readable medium according to claim 73, wherein said external computing device is one of (A) a monitor, (B) a set top box and (C) a digital signal processing (DSP) rendering device.
  - 75. At least one computer readable medium according to claim 63, wherein encrypted textures and encrypted offscreen surfaces delivered by said one of an application and device are encoded with block ciphers, and said one of an application and device swizzles the block ciphers with a predefined swizzling format that converts an (x,y) location in the content to an offset for at least one of YUV, RGB, YUY2 and packed planar formats.
  - 76. At least one computer readable medium according to claim 63, wherein at least one command buffer sent to a video decode unit of the at least one GPU incident to said requesting of said means for requesting is encrypted by said at least one of an application and device and decrypted by said video decode unit in communication with said cryptographic processing unit.
  - 77. At least one computer readable medium according to claim 63, the computer executable modules further comprising means for tamper detecting said at least one command buffer one of (A) by using two passes before consumption of the at least one command buffer and (B) after the command buffer has been consumed.
  - 78. At least one of an operating system, a co-processing device, a computing device and a modulated data signal carrying the computer executable instructions of the computer executable modules of the at least one computer readable medium of claim 63.

79. A computing device comprising means for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
- means for requesting by one of an application and device the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system and means for transmitting said secure content to at least one encrypted portion of the video memory;
  
  means for decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device;
  
  means for performing said one of processing and rendering on said decrypted content by said at least one GPU; and
  
  means for outputting said content from the at least one GPU.
- View Dependent Claims (80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100)
- - 80. A computing device according to claim 79, wherein if the output of said means for outputting is different than the secure content of said means for requesting adjusted for any processing performed on said secure content by said at least one GPU, said one of an application and device is alerted to the difference.
  - 81. A computing device according to claim 79, wherein said means for transmitting includes means for transmitting said secure content to at least one encrypted overlay surface, which overlays at least one primary surface of said video memory.
  - 82. A computing device according to claim 79, wherein said means for decrypting the content of said at least one encrypted portion of video memory includes means for decrypting a geometrical fraction of a primary surface, whereby pixels other than the geometrical fraction are not decrypted.
  - 83. A computing device according to claim 79, wherein the cryptographic processor is permanently attached to the graphics card, by one of (A) adding the cryptographic processor to an existing chip and (B) adding the cryptographic processor as a separate chip to the graphics card, whereby the physical connection between the cryptographic processor and the rest of the graphics card is not accessible and is not exposed.
  - 84. A computing device according to claim 81, wherein said means for decrypting includes means for decrypting said at least one encrypted overlay surface by a decryption mechanism of said GPU communicatively coupled to said cryptographic processing device
  - 85. A computing device according to claim 81, wherein said means for decrypting includes one of (A) means for decrypting said at least one encrypted overlay surface on the fly by digital to analog conversion (DAC) hardware of the graphics system as the content is output according to said outputting of said means for outputting and (B) means for decrypting said at least one encrypted overlay surface on the fly just previous to the content reaching the DAC hardware of the graphics system.
  - 86. A computing device according to claim 81, wherein said means for decrypting includes means for decrypting said at least one encrypted overlay surface previous to the content reaching the DAC hardware of the graphics system by a component having no back channel to the host system.
  - 87. A computing device according to claim 79, further including:
    - means for re-encrypting said content by said at least one GPU in communication with said cryptographic processing device prior to said outputting by said means for outputting; and
      
      means for decrypting said re-encrypted content by at least a second cryptographic processing device of an external computing device.
  - 88. A computing device according to claim 79, wherein the content is transmitted in digital form to an external device having a second cryptographic processing device and said decrypting of said means for decrypting occurs on said external device.
  - 89. A computing device according to claim 87, wherein said external computing device is one of (A) a monitor, (B) a set top box and (C) a digital signal processing (DSP) rendering device.
  - 90. A computing device according to claim 81, wherein said means for transmitting includes means for transmitting said secure content to one of (A) a first encrypted confidential overlay for basic rendering of secure content and (B) a second encrypted protected overlay specifically designed to present sensitive user interfaces, (C) a first encrypted region of a primary surface for basic rendering of secure content and (D) a second encrypted region of a primary surface specifically designed to present sensitive user interfaces.
  - 91. A computing device according to claim 79, wherein said means for decrypting includes means for calculating a cryptographic digest of the decrypted data, and said computing device further includes:
    - means for transmitting said cryptographic digest to the one of an application and device to ensure that the displayed pixels are the pixels sent in connection with said requesting by the one of an application and device via said means for requesting.
  - 92. A computing device according to claim 90, wherein the second encrypted protected overlay is always-on-top and non-obscurable and wherein the contents of the second encrypted protected overlay are verified by said at least one GPU.
  - 93. A computing device according to claim 90, wherein said means for decrypting includes one of (A) means for decrypting with a first stream cipher decryption component the contents of the first encrypted confidential overlay, (B) means for decrypting with a second stream cipher decryption component the contents of the second encrypted protected overlay, (C) means for decrypting with a first stream cipher decryption component the contents of the first encrypted region of primary surface and (D) means for decrypting with a second stream cipher decryption component the contents of the second encrypted region of primary surface.
  - 94. A computing device according to claim 93, wherein at least one bit of each pixel in a primary surface is used to determine membership in a virtual protected surface for the pixel, wherein the graphics card selects an appropriate decryption key for the pixel based on said at least one bit.
  - 95. A computing device according to claim 94, wherein if said at least one bit contains a zero value, then the virtual protected surface associated with said at least one bit is interpreted as a region not to decrypt.
  - 96. A computing device according to claim 93, further including, means for selecting, once the decrypted pixel values are available, by a pixel select component of said at least one GPU the pixel value of one of (A) the second encrypted protected overlay, (B) the first encrypted confidential overlay and (3) a primary surface.
  - 97. A computing device according to claim 90, wherein said requesting of said means for requesting includes at least one of (A) a source and destination bounding box of said at least one encrypted overlay surface, (B) a destination color key of said at least one encrypted overlay surface, (C) in the case of the first encrypted confidential overlay, a specification of an encryption key index of the contents of an overlay back buffer to which the data is to be flipped (D) in the case of the second encrypted protected overlay, a specification of a memory location where at least one of a cyclic redundancy code (CRC), an integrity measure and a digest value of the decrypted overlay contents are to be written, (E) a source and destination bounding box of at least one encrypted primary surface, and (F) a destination color key of said at least one encrypted primary surface.
  - 98. A computing device according to claim 97, wherein said one of an application and device calculates said at least one of the CRC, integrity measure and digest value if said one of an application and device is concerned with integrity of the content.
  - 99. A computing device according to claim 79, wherein at least one command buffer sent to a video decode unit of the at least one GPU incident to said requesting of said means for requesting is encrypted by said at least one of an application and device and decrypted by said video decode unit in communication with said cryptographic processing unit.
  - 100. A computing device according to claim 99, further comprising means for tamper detecting said at least one command buffer one of (A) by using two passes before consumption of the at least one command buffer and (B) after the command buffer has been consumed.

101. A computing device comprising computer executable modules including computer executable instructions for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
- means for requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system for verification by the cryptographic processing device and transmitting said secure content to at least one encrypted portion of the video memory;
  
  means for decrypting the content of said at least one encrypted portion of video memory by a decryption mechanism of an input unit of said at least one GPU, wherein said decryption mechanism is in communication with said cryptographic processing device;
  
  means for performing said one of processing and rendering on said decrypted content by said at least one GPU;
  
  means for encrypting said content with an encryption/decryption mechanism of an output unit of the at least one GPU; and
  
  means for outputting said encrypted content from the at least one GPU.
- View Dependent Claims (102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115)
- - 102. A computing device according to claim 101, wherein said input unit is a texture mapping unit and said output unit is an alpha blending unit, and wherein said at least one encrypted portion of said video memory is an encrypted texture surface.
  - 103. A computing device according to claim 101, wherein said secure content is one of texture data, plaintext and video macroblocks.
  - 104. A computing device according to claim 101, wherein said means for encrypting and means for decrypting includes means for encrypting and means for decrypting using block ciphers, respectively.
  - 105. A computing device according to claim 102, wherein said decryption mechanism of the texture mapping unit decrypts on a cache line fill and wherein the encryption/decryption mechanism of the alpha blending unit encrypts before writing.
  - 106. A computing device according to claim 102, further including means for decrypting by the encryption/decryption mechanism of the alpha blending unit when reading a cache line from a color buffer in video memory.
  - 107. A computing device according to claim 101, further including:
    - means for flipping said encrypted output content from an encrypted back primary surface to an encrypted front primary surface of said video memory;
      
      second means for decrypting said encrypted output content by a second decryption mechanism of said at least one GPU in communication with said cryptographic processing device; and
      
      second means for outputting said output content.
  - 108. A computing device according to claim 101, wherein said means for outputting includes means for outputting the encrypted content to a confidential overlay flipping chain and the computer executable modules further include:
    - means for flipping said encrypted output content from an encrypted back confidential surface to an encrypted front confidential surface, whereby said encrypting by said encryption/decryption mechanism includes means for encrypting utilizing stream cipher encryption; and
      
      second means for decrypting said encrypted output content by a stream cipher decryption mechanism of said at least one GPU in communication with said cryptographic processing device.
  - 109. A computing device according to claim 108, further comprising:
    - means for encoding a location within the content prior to said encrypting by said means for encrypting; and
      
      means for decoding the location within the content after said decrypting by said second means for decrypting, whereby said location is externally unavailable preserving the integrity of a plaintext-ciphertext mapping.
  - 110. A computing device according to claim 101, wherein if the output of said means for outputting is different than the secure content of said means for requesting adjusted for any processing performed on said secure content by said at least one GPU, said one of an application and device is alerted to the difference.
  - 111. A computing device according to claim 101, the computer executable modules further including:
    - means for re-encrypting said content by said at least one GPU in communication with said cryptographic processing device prior to said outputting by said means for outputting; and
      
      means for decrypting said re-encrypted content by at least a second cryptographic processing device of an external computing device.
  - 112. A computing device according to claim 111, wherein said external computing device is one of (A) a monitor, (B) a set top box and (C) a digital signal processing (DSP) rendering device.
  - 113. A computing device according to claim 101, wherein encrypted textures and encrypted offscreen surfaces delivered by said one of an application and device are encoded with block ciphers, and said one of an application and device swizzles the block ciphers with a predefined swizzling format that converts an (x,y) location in the content to an offset for at least one of YUV, RGB, YUY2 and packed planar formats.
  - 114. A computing device according to claim 101, wherein at least one command buffer sent to a video decode unit of the at least one GPU incident to said requesting of said means for requesting is encrypted by said at least one of an application and device and decrypted by said video decode unit in communication with said cryptographic processing unit.
  - 115. A computing device according to claim 101, the computer executable modules further comprising means for tamper detecting said at least one command buffer one of (A) by using two passes before consumption of the at least one command buffer and (B) after the command buffer has been consumed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Peinado, Marcus, Wilt, Nicholas P.

Granted Patent

US 7,203,310 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/194
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06F 21/79   in semiconductor storage me...

G06F 21/83   input devices, e.g. keyboar...

Methods and systems for cryptographically protecting secure content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

115 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for cryptographically protecting secure content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

115 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links