公开(公告)号：US09501668B2

公开(公告)日：2016-11-22

申请号：US14036263

申请日：2013-09-25

申请人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  David M. Durham ,  Balaji Vembu ,  Xiaozhu Kang ,  Scott Janus ,  Jason Martin ,  Vincent R. Scarlata

发明人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  David M. Durham ,  Balaji Vembu ,  Xiaozhu Kang ,  Scott Janus ,  Jason Martin ,  Vincent R. Scarlata

IPC分类号： H04N7/167 ,  G06F21/82 ,  G06F21/84 ,  G06F21/85 ,  H04N21/41 ,  H04N21/4143 ,  H04N21/4367

CPC分类号： G06F21/82 ,  G06F21/84 ,  G06F21/85 ,  H04N21/4122 ,  H04N21/4143 ,  H04N21/4367

摘要： Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a processing core communicatively coupled to the architecturally protected memory, the processing core comprising a processing logic configured to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory; wherein the processing logic is further configured to provide a secure video output path by generating an output surface bitmap encrypted with a first encryption key and storing an encrypted first encryption key in an external memory, wherein the encrypted first encryption key is produced by encrypting the first encryption key with a second encryption key.

摘要翻译： 用于将输出表面位图安全传递到显示引擎的系统和方法。 一个示例处理系统包括：架构受保护的存储器; 以及处理核心，其通信地耦合到所述体系结构保护的存储器，所述处理核心包括处理逻辑，所述处理逻辑被配置为通过执行以下中的至少一个来实现架构保护的执行环境：执行驻留在所述体系结构保护的存储器中的指令， 建筑保护记忆; 其中所述处理逻辑还被配置为通过生成用第一加密密钥加密并将加密的第一加密密钥存储在外部存储器中的输出表面位图来提供安全视频输出路径，其中所述加密的第一加密密钥是通过加密所述第一加密密钥 具有第二加密密钥的加密密钥。

公开(公告)号：US20150086012A1

公开(公告)日：2015-03-26

申请号：US14036263

申请日：2013-09-25

申请人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  David M. Durham ,  Balaji Vembu ,  Xiaozhu Kang ,  Scott Janus ,  Jason Martin ,  Vincent R. Scarlata

发明人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  David M. Durham ,  Balaji Vembu ,  Xiaozhu Kang ,  Scott Janus ,  Jason Martin ,  Vincent R. Scarlata

IPC分类号： H04N7/167

CPC分类号： G06F21/82 ,  G06F21/84 ,  G06F21/85 ,  H04N21/4122 ,  H04N21/4143 ,  H04N21/4367

摘要： Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a processing core communicatively coupled to the architecturally protected memory, the processing core comprising a processing logic configured to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory; wherein the processing logic is further configured to provide a secure video output path by generating an output surface bitmap encrypted with a first encryption key and storing an encrypted first encryption key in an external memory, wherein the encrypted first encryption key is produced by encrypting the first encryption key with a second encryption key.

摘要翻译： 用于将输出表面位图安全传递到显示引擎的系统和方法。 一个示例处理系统包括：架构受保护的存储器; 以及处理核心，其通信地耦合到所述体系结构保护的存储器，所述处理核心包括处理逻辑，所述处理逻辑被配置为通过执行以下中的至少一个来实现架构保护的执行环境：执行驻留在架构保护的存储器中的指令， 建筑保护记忆; 其中所述处理逻辑还被配置为通过生成用第一加密密钥加密并将加密的第一加密密钥存储在外部存储器中的输出表面位图来提供安全视频输出路径，其中所述加密的第一加密密钥是通过加密所述第一加密密钥 具有第二加密密钥的加密密钥。

公开(公告)号：US20140157410A1

公开(公告)日：2014-06-05

申请号：US13690401

申请日：2012-11-30

申请人： Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Jason Martin ,  Michael Goldsmith ,  Ravi L. Sahita ,  Frank X McKeen ,  Carlos Rozas ,  Vembu Balaji ,  Scott Janus ,  Geoffrey S. Strongin ,  Xiaozhu Kang ,  Karanvir S. Grewal ,  Siddhartha Chhabra ,  Alpha T. Narendra Trivedi

发明人： Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Jason Martin ,  Michael Goldsmith ,  Ravi L. Sahita ,  Frank X McKeen ,  Carlos Rozas ,  Vembu Balaji ,  Scott Janus ,  Geoffrey S. Strongin ,  Xiaozhu Kang ,  Karanvir S. Grewal ,  Siddhartha Chhabra ,  Alpha T. Narendra Trivedi

IPC分类号： G06F21/64

CPC分类号： G06F21/64 ,  G06F21/53 ,  G06F21/56

摘要： In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.

摘要翻译： 根据一些实施例，可以为图形处理单元定义受保护的执行环境。 该框架不仅保护了图形处理单元上运行的恶意软件的工作负载，还保护了这些工作负载免受中央处理单元上运行的恶意软件。 此外，信任框架可以通过测量用于执行工作负载的代码和数据结构来促进安全执行的证明。 如果该框架或受保护的执行环境的可信计算基础的一部分受到损害，那么该部分可以被远程修补，并且在一些实施例中可以通过验证远程验证修补。

公开(公告)号：US20140096068A1

公开(公告)日：2014-04-03

申请号：US13631288

申请日：2012-09-28

申请人： Prashant Dewan ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Xiaoning Li ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Michael A. Goldsmith ,  Jason Martin

发明人： Prashant Dewan ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Xiaoning Li ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Michael A. Goldsmith ,  Jason Martin

IPC分类号： G06F3/0481 ,  G06F3/041

CPC分类号： G06F3/0481 ,  G06F3/041 ,  G06F3/04883 ,  G06F21/74 ,  G06F21/82

摘要： A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment.

摘要翻译： 用于在启用姿势的计算设备上安全地呈现内容的设备和方法包括在计算设备的处理器图形上初始化安全执行环境。 计算设备将视图呈现代码和相关联的状态数据传送到安全执行环境。 通过在安全执行环境中执行视图呈现代码来呈现内容的初始视图。 识别手势，并且响应于手势在安全执行环境中呈现内容的更新视图。 手势可以包括在触摸屏上识别的触摸手势，或者由相机识别的用户的身体手势。 在呈现内容的更新视图之后，计算设备的主处理器可以从安全执行环境接收更新的视图数据。

公开(公告)号：US20140337983A1

公开(公告)日：2014-11-13

申请号：US13891255

申请日：2013-05-10

申请人： Xiaozhu Kang ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham

发明人： Xiaozhu Kang ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham

IPC分类号： G06F21/60

CPC分类号： G06F21/53 ,  G06F12/14 ,  G06F21/50 ,  G06F21/60 ,  G06F21/78 ,  G06F2221/034

摘要： The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment.

摘要翻译： 入口/出口架构可能是保护框架的关键组成部分，使用协同处理器的安全的类似信任框架。 入口/出口架构描述了可用于将安全切换到受信任的执行环境（入口体系结构）并脱离可信执行环境（退出体系结构）的步骤，同时防止任何安全信息泄露到不受信任的环境中。

公开(公告)号：US20150180657A1

公开(公告)日：2015-06-25

申请号：US14369551

申请日：2013-12-23

申请人： Prashant Dewan ,  Uttam Sengupta ,  Uday R. Savagaonkar ,  Siddhartha Chhabra ,  David Durham ,  Xiaozhu Kang

发明人： Prashant Dewan ,  Uttam Sengupta ,  Uday R. Savagaonkar ,  Siddhartha Chhabra ,  David Durham ,  Xiaozhu Kang

IPC分类号： H04L9/08 ,  H04L9/30

CPC分类号： G09C5/00

摘要： Various embodiments are generally directed an apparatus and method for processing an encrypted graphic with a decryption key associated with a depth order policy including a depth position of a display scene, generating a graphic from the encrypted graphic when the encrypted graphic is successfully decrypted using the decryption key and assigning the graphic to a plane at the depth position of the display scene when the encrypted graphic is successfully decrypted.

摘要翻译： 各种实施例通常涉及一种用于使用与包括显示场景的深度位置的深度顺序策略相关联的解密密钥来处理加密图形的装置和方法，当使用解密成功解密加密图形时，从加密图形生成图形 并且当加密图形被成功解密时，将图形分配给显示场景的深度位置处的平面。

公开(公告)号：US20140230046A1

公开(公告)日：2014-08-14

申请号：US13976918

申请日：2011-12-27

申请人： Prashant Dewan ,  David M. Durham ,  Ling Huang ,  Karanvir S. Grewal ,  Xiaozhu Kang

发明人： Prashant Dewan ,  David M. Durham ,  Ling Huang ,  Karanvir S. Grewal ,  Xiaozhu Kang

IPC分类号： G06F21/32

CPC分类号： G06F21/32 ,  G06K9/00288 ,  G06K9/00899

摘要： A password-less method for authenticating a user includes capturing one or more images of a face of the user and comparing the one or more images with a previously collected face template. Randomly selected colored light and randomized blinking patterns are used to capture the images of the user. Such captured images are compared to previously collected face templates, thereby thwarting spoof attacks. A secret image, known only to the user and the device, is moved from one area of the display to another randomly selected area, using the movements of the user's head or face, thereby providing a Turing based challenge. Protected audio video path (PAVP) enabled devices and components are used to protect the challenge from malware attacks.

摘要翻译： 用于认证用户的无密码方法包括捕获用户的脸部的一个或多个图像并将一个或多个图像与先前收集的面部模板进行比较。 随机选择的彩色光和随机闪烁图案用于捕获用户的图像。 将这样的拍摄图像与先前收集的面部模板进行比较，从而阻止欺骗攻击。 使用用户和设备已知的秘密图像使用用户头部或脸部的移动从显示器的一个区域移动到另一个随机选择的区域，从而提供基于图灵的挑战。 受保护的音频视频路径（PAVP）启用的设备和组件用于保护挑战免受恶意软件攻击。

公开(公告)号：US08751809B2

公开(公告)日：2014-06-10

申请号：US13513047

申请日：2011-09-12

申请人： Prashant Dewan ,  David M. Durham ,  Xiaozhu Kang ,  Karanvir S. Grewal

发明人： Prashant Dewan ,  David M. Durham ,  Xiaozhu Kang ,  Karanvir S. Grewal

IPC分类号： G06F12/14 ,  H04L9/32 ,  G06F11/30

CPC分类号： H04L9/3231 ,  G06F21/32 ,  G06F21/6209 ,  G06F2221/2109 ,  H04L9/0825 ,  H04L63/045 ,  H04L63/0861

摘要： A method and device for securely sharing images across untrusted channels includes downloading an encrypted image from a remote server to a computing device. The encrypted image may be encrypted at the time of uploading by another user. The current user of the computing device is authenticated using a facial recognition procedure. If the current user is authenticated and is determined to be authorized to view the decrypted image, the encrypted image is decrypted and displayed to the user. If the user becomes unauthenticated (e.g., the user leaves the computing device or another user replaces the current user), the encrypted image is displayed in place of the decrypted image such that the decrypted image is displayed only for authorized persons physically present at the computing device.

摘要翻译： 一种用于在不信任信道上安全地共享图像的方法和设备包括将加密图像从远程服务器下载到计算设备。 加密图像可以在其他用户上传时被加密。 使用面部识别程序认证计算设备的当前用户。 如果当前用户被认证并被确定被授权以查看解密的图像，则加密的图像被解密并显示给用户。 如果用户变得未认证（例如，用户离开计算设备或另一用户替换当前用户），则加密图像被代替解密的图像被显示，使得解密的图像仅显示在计算机上物理存在的授权人员 设备。

公开(公告)号：US20130279690A1

公开(公告)日：2013-10-24

申请号：US13976298

申请日：2011-12-15

申请人： David M. Durham ,  Men Long ,  Karanvir S. Grewal ,  Prashant Dewan ,  Xiaozhu Kang

发明人： David M. Durham ,  Men Long ,  Karanvir S. Grewal ,  Prashant Dewan ,  Xiaozhu Kang

IPC分类号： H04L9/28

CPC分类号： H04L9/28 ,  G06F21/6263 ,  G06F2221/2107 ,  H04L9/065 ,  H04L63/0428 ,  H04N1/4486 ,  H04N21/2743 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/4788 ,  H04N21/8153

摘要： An apparatus and method for preserving image privacy when manipulated by cloud services includes middleware for receiving an original image, splitting the original image into two sub-images, where the RGB pixel values of the sub-images have a bit value that is less than RGB pixel values of the original image. The sub-images are encrypted by adding a keystream to the RGB pixel values of the sub-images. The sub-image data is transmitted to a cloud service such as a social network or photo-sharing site, which manipulate the images by resizing, cropping, filtering, or the like. The sub-image data is received by the middleware and is successfully decrypted irrespective of the manipulations performed by the cloud services. In an alternative embodiment, the blocks of the original image are permutated when encrypted, and then reverse-permutated when decrypted.

摘要翻译： 一种用于在由云服务操作时保护图像隐私的装置和方法包括用于接收原始图像的中间件，将原始图像分割成两个子图像，其中子图像的RGB像素值具有小于RGB的比特值 原始图像的像素值。 通过向子图像的RGB像素值添加密钥流来加密子图像。 子图像数据被发送到诸如社交网络或照片共享站点的云服务，其通过调整大小，裁剪，过滤等来操纵图像。 子图像数据由中间件接收，并且被成功解密，而与云服务执行的操作无关。 在替代实施例中，原始图像的块在加密时被置换，然后在被解密时反向排列。

公开(公告)号：US20130067228A1

公开(公告)日：2013-03-14

申请号：US13513047

申请日：2011-09-12

申请人： Prashant Dewan ,  David M. Durham ,  Xiaozhu Kang ,  Karanvir S. Grewal

发明人： Prashant Dewan ,  David M. Durham ,  Xiaozhu Kang ,  Karanvir S. Grewal

IPC分类号： H04L9/32

CPC分类号： H04L9/3231 ,  G06F21/32 ,  G06F21/6209 ,  G06F2221/2109 ,  H04L9/0825 ,  H04L63/045 ,  H04L63/0861

摘要： A method and device for securely sharing images across untrusted channels includes downloading an encrypted image from a remote server to a computing device. The encrypted image may be encrypted at the time of uploading by another user. The current user of the computing device is authenticated using a facial recognition procedure. If the current user is authenticated and is determined to be authorized to view the decrypted image, the encrypted image is decrypted and displayed to the user. If the user becomes unauthenticated (e.g., the user leaves the computing device or another user replaces the current user), the encrypted image is displayed in place of the encrypted image such that the decrypted image is displayed only for authorized persons physically present at the computing device.

摘要翻译： 一种用于在不信任信道上安全地共享图像的方法和设备包括将加密图像从远程服务器下载到计算设备。 加密图像可以在其他用户上传时被加密。 使用面部识别程序认证计算设备的当前用户。 如果当前用户被认证并被确定被授权以查看解密的图像，则加密的图像被解密并显示给用户。 如果用户变得未认证（例如，用户离开计算设备或另一用户替换当前用户），则加密图像被代替加密图像被显示，使得解密的图像仅对于在计算机中物理存在的授权人员显示 设备。