Methods and systems for maintaining an encrypted video memory subsystem
    21.
    发明授权
    Methods and systems for maintaining an encrypted video memory subsystem 有权
    用于维护加密视频存储器子系统的方法和系统

    公开(公告)号:US07293178B2

    公开(公告)日:2007-11-06

    申请号:US10314896

    申请日:2002-12-09

    IPC分类号: G06F11/30 G06F12/14 H04L9/32

    摘要: Methods and systems protect digital content such as premium content like movies, programs, and other types of digital audio/visual content. In some embodiments, an architecture and related methods protect content by maintaining the content in encrypted form, whether the content resides in video card memory (referred to herein as “VRAM”), or some other local or remote memory subsystem. The methods and systems enable video card co-processors, such as the graphics processing unit (GPU) to manipulate the encrypted content or data. In various embodiments, the content is maintained in an encrypted format and is unencrypted only when the GPU operates upon the data. After the GPU operates upon the data, the resultant data is re-encrypted and written to memory.

    摘要翻译: 方法和系统保护诸如电影,节目和其他类型的数字音频/视频内容之类的优质内容的数字内容。 在一些实施例中,架构和相关方法通过以加密形式维护内容来保护内容,无论内容是驻留在视频卡存储器(本文称为“VRAM”)中,还是某些其他本地或远程存储器子系统。 所述方法和系统使视频卡协处理器(诸如图形处理单元(GPU))能够操纵加密的内容或数据。 在各种实施例中,内容被保持为加密格式,并且仅当GPU对数据进行操作时才被解密。 在GPU对数据进行操作之后,将所得数据重新加密并写入存储器。

    Transferring application secrets in a trusted operating system environment
    22.
    发明授权
    Transferring application secrets in a trusted operating system environment 有权
    在受信任的操作系统环境中传送应用程序秘密

    公开(公告)号:US07243230B2

    公开(公告)日:2007-07-10

    申请号:US09993340

    申请日:2001-11-16

    IPC分类号: H04L9/00

    CPC分类号: G06F21/57 G06F21/606

    摘要: Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

    摘要翻译: 在受信任的操作系统环境中传送应用程序秘密涉及接收将应用数据从源计算设备传送到目的地计算设备的请求。 检查应用数据是否可以传送到目的地计算设备,如果是,可以在用户或第三方的控制下传送应用数据。 如果这些检查成功,还要检查目的地计算设备是否是运行已知可靠软件的值得信赖的设备。 还从适当的用户或第三方接收输入以控制将应用数据传送到目的地计算设备。 此外,应用数据以便于确定是否可以传送应用数据的方式存储在源计算设备上,并且如果可以传送应用数据便于传送应用数据。

    Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client
    23.
    发明授权
    Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client 失效
    在数字版权管理客户端保护解密的压缩内容和解密的解密内容

    公开(公告)号:US07203313B2

    公开(公告)日:2007-04-10

    申请号:US11176661

    申请日:2005-07-07

    IPC分类号: H04N7/167 G06F21/00

    CPC分类号: G06F21/10

    摘要: Theft of decompressed digital content as the content is being rendered is prevented. A requested slow-down of the rendering of the content is detected. Transfers of relatively large amounts of data are detected. A re-compressor-based requested slow-down of the rendering of the content is detected. A re-compressor re-compressing the content is detected. In each situation, the detected activity is presumably initiated by a content thief attempting to steal the content. In each situation, the detected activity is responded to in a manner designed to frustrate the presumed attempt of the content thief to steal the content.

    摘要翻译: 防止正在呈现内容的解压缩数字内容的盗窃。 检测到请求的内容呈现的减慢。 检测到相对大量数据的传输。 检测到基于重新压缩的请求的内容呈现的减慢。 检测到重新压缩内容的再压缩。 在每种情况下,检测到的活动大概是由试图窃取内容的内容窃贼发起的。 在每种情况下,检测到的活动都以一种旨在阻止内容窃贼窃取内容的推定尝试的方式作出回应。

    Methods and systems for cryptographically protecting secure content
    24.
    发明授权
    Methods and systems for cryptographically protecting secure content 有权
    用于密码保护安全内容的方法和系统

    公开(公告)号:US07203310B2

    公开(公告)日:2007-04-10

    申请号:US10124922

    申请日:2002-04-18

    IPC分类号: H04N7/167

    CPC分类号: G06F21/83 G06F21/64 G06F21/79

    摘要: Methods and systems are provided for cryptographically protecting secure content in connection with a graphics subsystem of a computing device. Techniques are implemented to encrypt the contents of video memory so that unauthorized software cannot gain meaningful access to it, thereby maintaining confidentiality. Moreover, a mechanism for tamper detection is provided so that there is awareness when data has been altered in some fashion, thereby maintaining integrity. In various embodiments, the contents of overlay surfaces and/or command buffers are encrypted, and/or the GPU is able to operate on encrypted content while preventing its availability to untrusted parties, devices or software.

    摘要翻译: 提供了与计算设备的图形子系统相关联地加密地保护安全内容的方法和系统。 实现技术来加密视频存储器的内容,使得未经授权的软件不能获得对其的有意义的访问,从而保持机密性。 此外,提供用于篡改检测的机制,使得当数据以某种方式被改变时,意识到,从而保持完整性。 在各种实施例中,覆盖表面和/或命令缓冲器的内容被加密,和/或GPU能够对加密内容进行操作,同时防止其对不信任方,设备或软件的可用性。

    System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
    25.
    发明授权
    System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 有权
    将操作系统认证到中央处理单元的系统和方法,向CPU / OS提供安全存储,并将CPU / OS认证给第三方

    公开(公告)号:US07174457B1

    公开(公告)日:2007-02-06

    申请号:US09266207

    申请日:1999-03-10

    IPC分类号: H04L9/00

    摘要: A general-purpose processor (CPU) is configured with a new mechanism facilitating an authenticated boot sequence that provides building blocks for client-side rights management when the system is online, and provides continued protection of persistent data even when the system goes offline or is rebooted. The CPU includes a cryptographic key pair, and a manufacturer certificate testifying that the manufacturer built the CPU according to a known specification. The operating system (OS) includes a unique block of code, or “boot block” that can establish OS identity by extraction from a digitally signed boot block or by computing a hash digest of the boot block. During booting, the CPU executes a single opcode, followed by the boot block, as an atomic operation to set the identity of the OS into the software identity register. The subscriber unit then can establish a chain of trust to a content provider.

    摘要翻译: 通用处理器(CPU)配置有一种新的机制,便于经过身份验证的引导顺序,该系统在系统联机时为客户端权限管理提供构建块,并且即使在系统脱机时也提供持续数据的持续保护 重新启动 CPU包括加密密钥对和制造商证书,证明制造商根据已知规格构建CPU。 操作系统(OS)包括一个唯一的代码块或“引导块”,可以通过从数字签名的引导块中提取或通过计算引导块的散列摘要来建立OS标识。 在引导期间,CPU执行单个操作码,后跟引导块,作为将操作系统的身份设置为软件身份寄存器的原子操作。 订户单元然后可以建立到内容提供商的信任链。

    Enabling bits sealed to an enforceably-isolated environment

    公开(公告)号:US20060288238A1

    公开(公告)日:2006-12-21

    申请号:US11155071

    申请日:2005-06-16

    IPC分类号: G06F12/14

    摘要: Prevention of unpermitted use of enabling bits is achieved by sealing the enabling bits to an environment in such a way that the bits can only be unsealed by or from the environment, and by using an isolation mechanism to isolate the environment from other environments on the machine on which the environment operates. The environment is trusted not to use the enabling bits except in accordance with a set of rules governing the bits. The enabling bits may be a decryption key for DRM-protected content, and the rules may be a license governing the use of that content. Trust that the enabling bits will not be misused is established by trusting the environment not to use the enabling bits contrary to the rules, trusting the isolation mechanism to isolate the environment, and trusting the unsealing mechanism only to unseal the bits for the environment.

    Hierarchical trusted code for content protection in computers

    公开(公告)号:US06976175B2

    公开(公告)日:2005-12-13

    申请号:US11011457

    申请日:2004-12-13

    CPC分类号: G06Q10/10 G06F21/57

    摘要: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.

    System and method for transparent electronic data transfer using error correction to facilitate bandwidth-efficient data recovery

    公开(公告)号:US20050273644A1

    公开(公告)日:2005-12-08

    申请号:US11193267

    申请日:2005-07-30

    IPC分类号: H04L1/18 G06F11/00

    CPC分类号: H04L1/1812

    摘要: The invention disclosed herein includes a system and method for electronically transferring data through a communications connection in a transparent manner such that the data transfer does not interfere with other traffic sharing the connection. The invention transfers data using bandwidth of the connection that other traffic are not using. If other traffic desires to use the bandwidth currently being used by the invention, the invention relinquishes the bandwidth to the other traffic and retreats to avoid bandwidth contention. Although a retreat may cause gaps in the data transferred, a key aspect of the invention is that any missing data due to these gaps is recovered easily and in a bandwidth-efficient way using novel error correction and recovery.