Methods and systems for cryptographically protecting secure content
First Claim
1. A method for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
- requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said requesting includes transmitting by said one of an application and device a session key to the graphics system and transmitting said secure content to at least one encrypted portion of the video memory;
decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device;
performing said one of processing and rendering on said decrypted content by said at least one GPU; and
outputting said content from the at least one GPU.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for cryptographically protecting secure content in connection with a graphics subsystem of a computing device. Techniques are implemented to encrypt the contents of video memory so that unauthorized software cannot gain meaningful access to it, thereby maintaining confidentiality. Moreover, a mechanism for tamper detection is provided so that there is awareness when data has been altered in some fashion, thereby maintaining integrity. In various embodiments, the contents of overlay surfaces and/or command buffers are encrypted, and/or the GPU is able to operate on encrypted content while preventing its availability to untrusted parties, devices or software.
93 Citations
115 Claims
-
1. A method for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
-
requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said requesting includes transmitting by said one of an application and device a session key to the graphics system and transmitting said secure content to at least one encrypted portion of the video memory;
decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device;
performing said one of processing and rendering on said decrypted content by said at least one GPU; and
outputting said content from the at least one GPU. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
-
requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said requesting includes transmitting by said one of an application and device a session key to the graphics system for verification by the cryptographic processing device and transmitting said secure content to at least one encrypted portion of the video memory;
decrypting the content of said at least one encrypted portion of video memory by a decryption mechanism of an input unit of said at least one GPU, wherein said decryption mechanism is in communication with said cryptographic processing device;
performing said one of processing and rendering on said decrypted content by said at least one GPU;
encrypting said content with an encryption/decryption mechanism of an output unit of the at least one GPU; and
outputting said encrypted content from the at least one GPU. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. At least one computer readable medium comprising computer executable modules including computer executable instructions for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, the computer executable modules comprising:
-
means for requesting by one of an application and device the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system and means for transmitting said secure content to at least one encrypted portion of the video memory;
means for decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device;
means for performing said one of processing and rendering on said decrypted content by said at least one GPU; and
means for outputting said content from the at least one GPU. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
-
-
63. At least one computer readable medium comprising computer executable modules including computer executable instructions for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, the computer executable modules comprising:
-
means for requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system for verification by the cryptographic processing device and transmitting said secure content to at least one encrypted portion of the video memory;
means for decrypting the content of said at least one encrypted portion of video memory by a decryption mechanism of an input unit of said at least one GPU, wherein said decryption mechanism is in communication with said cryptographic processing device;
means for performing said one of processing and rendering on said decrypted content by said at least one GPU;
means for encrypting said content with an encryption/decryption mechanism of an output unit of the at least one GPU; and
means for outputting said encrypted content from the at least one GPU. - View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78)
-
-
79. A computing device comprising means for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
-
means for requesting by one of an application and device the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system and means for transmitting said secure content to at least one encrypted portion of the video memory;
means for decrypting the content of said at least one encrypted portion of video memory by said at least one GPU in communication with said cryptographic processing device;
means for performing said one of processing and rendering on said decrypted content by said at least one GPU; and
means for outputting said content from the at least one GPU. - View Dependent Claims (80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100)
-
-
101. A computing device comprising computer executable modules including computer executable instructions for cryptographically protecting secure content in connection with a trusted graphics system of a computing device, the trusted graphics system having video memory, at least one graphics processing unit (GPU) and a cryptographic processing device communicatively coupled to said at least one GPU, comprising:
-
means for requesting, by one of an application and device, the graphics system to perform one of processing and rendering of secure content, wherein said means for requesting includes means for transmitting by said one of an application and device a session key to the graphics system for verification by the cryptographic processing device and transmitting said secure content to at least one encrypted portion of the video memory;
means for decrypting the content of said at least one encrypted portion of video memory by a decryption mechanism of an input unit of said at least one GPU, wherein said decryption mechanism is in communication with said cryptographic processing device;
means for performing said one of processing and rendering on said decrypted content by said at least one GPU;
means for encrypting said content with an encryption/decryption mechanism of an output unit of the at least one GPU; and
means for outputting said encrypted content from the at least one GPU. - View Dependent Claims (102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115)
-
Specification