Patent Grant
9069990
The present invention relates to the field of information security.
Electronic systems and circuits have made a significant contribution towards the advancement of modern society and are utilized in a number of applications to achieve advantageous results. Numerous electronic technologies such as digital computers, calculators, audio devices, video equipment, and telephone systems have facilitated increased productivity and reduced costs in analyzing and communicating data in most areas of business, science, education and entertainment. Electronic systems providing these advantageous results often include attempts at restricted or controlled presentation of proprietary information. However, controlling information presentation and effectively enforcing designated distribution conditions are often difficult and problematic.
One area of concern is proprietary information in the entertainment industry. Unprotected digital content can often be copied relatively easily without loss of quality. Traditional digital rights management attempt to enable authorized distribution of propriety content while preventing unauthorized utilization or copying. High bandwidth digital content protection (HDCP) is one exemplary digital rights management approach that has been developed to control access to content when it is distributed. HDCP is primarily directed at protecting content as it is communicated between devices, for example, communicated over a digital visual interface (DVI) or high definition multimedia interface (HDMI) connection (e.g., from a computer to a display monitor).
Conventionally, attempts at restricting distribution and/or presentation of information are often a relatively expensive, resource intensive activity that usually involves specialized components. Traditional HDCP protection approaches typically involve an encryption that utilizes a HDCP key. The HDCP standards dictate that the HDCP key be unique to each graphics processor and the key is not exposed to an end user of content protected by the key. One traditional approach for utilizing HDCP includes a dedicated secure read only memory (ROM) for storing the HDCP key. Dedicated secure ROMs consume precious board space and usually add more complexity and expense than other types of general unsecured memory types. However, information stored in unsecured memories is often subject to unauthorized interception.
Present invention information securing systems and methods are described. In one embodiment, a secure system and method facilitates secure storage of a security key and secure encryption of information. The secure system and method can also enable secure communication of proprietary content in a HDCP compliant configuration. In one embodiment, a high definition content protection key secure management method is utilized to enable efficient and secure storage of a HDCP key. A high definition content protection key value is received. The high definition content protection key is encrypted utilizing a secure key value, wherein the secure key value is not accessible via an external port. In one exemplary implementation, the secure key is stored in fuses included in a processing unit. The results of the encrypting are stored in a memory (e.g., a BIOS memory, flash memory, etc.).
The accompanying drawings, which are incorporated in and form a part of this specification, illustrate embodiments of the invention by way of example and not by way of limitation. The drawings referred to in this specification should be understood as not being drawn to scale except if specifically noted.
Reference will now be made in detail to the preferred embodiments of the invention, examples of which are illustrated in the accompanying drawings. While the invention will be described in conjunction with the preferred embodiments, it will be understood that they are not intended to limit the invention to these embodiments. On the contrary, the invention is intended to cover alternatives, modifications and equivalents, which may be included within the spirit and scope of the invention as defined by the appended claims. Furthermore, in the following detailed description of the present invention, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be obvious to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well known methods, procedures, components, and circuits have not been described in detail as not to unnecessarily obscure aspects of the present invention.
Some portions of the detailed descriptions which follow are presented in terms of procedures, logic blocks, processing, and other symbolic representations of operations on data bits within a computer memory. These descriptions and representations are the means generally used by those skilled in data processing arts to effectively convey the substance of their work to others skilled in the art. A procedure, logic block, process, etc., is here, and generally, conceived to be a self-consistent sequence of steps or instructions leading to a desired result. The steps include physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical, magnetic, optical, or quantum signals capable of being stored, transferred, combined, compared, and otherwise manipulated in a computer system. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.
It should be borne in mind, however, that all of these and similar terms are associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the following discussions, it is appreciated that throughout the present application, discussions utilizing terms such as “processing”, “computing”, “calculating”, “determining”, “displaying” or the like, refer to the action and processes of a computer system, or similar processing device (e.g., an electrical, optical, or quantum, computing device), that manipulates and transforms data represented as physical (e.g., electronic) quantities. The terms refer to actions and processes of the processing devices that manipulate or transform physical quantities within a computer system's component (e.g., registers, memories, other such information storage, transmission or display devices, etc.) into other data similarly represented as physical quantities within other components.
In one embodiment, the present invention contributes heightened security precautions for protecting information from unauthorized disclosure. In one exemplary implementation a secure key is utilized to encrypt information for storage or communication as secure information. The secure key is “loaded” under secure conditions and is not accessible through an external port of a device. The encryption utilizing the secure key provides protection from unauthorized access to the information. Embodiments of the present invention are readily adaptable to a variety of hierarchical levels of security.
The components of secure processing unit 110 cooperatively operate to secure information. Information processing component 111 performs unprotected information processing. Secure processing component 112 performs secure processing that secures the unencrypted information. The secure storage component 113 stores security control information that utilized by the secure processing component and is not accessible through external ports of the processor.
In one embodiment, the security control information is a secure key. The secure storage component includes programmed fuses that are utilized to store a secure key in one exemplary implementation. The secure key is not accessible to external ports and is utilized to encrypt a variety of unencrypted information. In one embodiment, the secure key is unique to the secure processing component. The secure key can be a private individual processing component identifier.
It is appreciated the secure key can be utilized in the encryption of data for a variety of use cases and can even be utilized encrypting different hierarchical levels of encryption information. In one embodiment a nomenclature distinction is made between different levels of hierarchical encryption. An encryption utilizing a secure key of the present invention (which is not accessible at an external communication port) is referred to as a secure encryption and the results are referred to as secure information. An encryption utilizing a protection key which may be accessible (either by legitimate means or nefarious means) is referred to as a protection encryption and the results referred to as protected information. The different nomenclature for purposes of associating different encryption operations with different levels of a hierarchical encryption architecture is for identification convenience. With respect to unauthorized access, information that is secure is also protected from unauthorized access and information that is protected is also secure from unauthorized access.
In one embodiment, a secure processing system is utilized to encrypt a HDCP key utilized in encrypting data for protected communication to other devices (e.g., a display monitor).
The components of secure graphics processing unit 120 cooperatively operate to process graphics information and securely encrypt the resulting information for communication in accordance with HDCP standards. Decoding component 121 receives encoded video information and decodes the information. It is appreciated the decoding can include decrypting. Pixel processing component 121 performs pixel processing (e.g., rasterizing, shading, texture adjustments, etc.) on the decrypted information. Secure processing component 123 performs a variety of security and protection related processing.
In one embodiment, secure processing component 123 retrieves a HDCP key that is pushed onto special HDCP register 125 in a secure environment. In one embodiment, the HDCP key is pushed onto special HDCP register 125 at a manufacturing facility under secured conditions (e.g., a testing stage). The secure storage component 124 stores a secure key or unique value (e.g., a private unique graphics unit identifier). In one exemplary implementation, the secure storage component 124 is a group of fuses configured (e.g., blown by a laser) in a pattern to coincide with the secure key unique value. The unique value is not available at the external ports of the graphics unit.
Secure processing component 123 utilizes the unique value from the secure storage component as a key to encrypt the HDCP key retrieved from the special HDCP register 125. The results are stored in BIOS ROM 131. Once encrypted and stored in the BIOS ROM 131 the HDCP key value can be removed from the special register 125. The results can be retrieved from BIOS ROM 131 and decrypted by encryption processing component 123 to obtain the unencrypted HDCP key. Secure processing component 123 can then utilize the retrieved HDCP key to encrypt proprietary information and forward the proprietary information in a protected format.
In one embodiment, the HDCP key can be forwarded to the secure graphics processing component 120 from a remote location that forwards HDCP keys. In one exemplary implementation, the HDCP key is encrypted using the secure key at a secure facility (e.g., the facility where the processing component was manufactured with the secure key pattern burned into fuses, producers main office, etc.) and communicated to the processor in the field. The secure key value implemented in the processor at manufacturing time can be utilized to decrypt the HDCP key communicated later over a network when the processor is in the field or with an end user. Since the HDCP key is encrypted with the secure key value and the secure key value is not accessible at an external port of the processor, an end user can not readily decrypt the information to ascertain the HDCP key. The high definition content protection (HDCP) key can also be received via a secure link (e.g., over a network).
The components of computer system 200 cooperatively operate to provide versatile functionality and performance. In one exemplary implementation, the components of computer system 200 cooperatively operate to provide predetermined types of functionality, even though some of the functional components included in computer system 200 may be defective. Communications bus 291, 292, 293, 294, 295 and 297 communicate information. Central processor 201 processes information. Main memory 202 stores information and instructions for the central processor 201. Removable data storage device 204 also stores information and instructions (e.g., functioning as a large information reservoir). Input device 206 provides a mechanism for inputting information and/or for pointing to or highlighting information on display 220. Signal communication port 208 provides a communication interface to exterior devices (e.g., an interface with a network). Display device 220 displays information in accordance with data stored in frame buffer 215. Graphics processor 211 processes graphics commands from central processor 201 and provides the resulting data to graphics buffers 215 for storage and retrieval by display monitor 220.
In one embodiment, a graphics processor 211 is similar to secure graphics processing unit 120 and graphics subsystem 110 includes a BIOS ROM memory. In one exemplary implementation, graphics processor 211 utilizes a secure key stored in a secure memory (e.g., fuses in graphics processor 211) to encrypt a HDCP key and the encrypted HDCP key results are stored in the BIOS ROM. When graphics subsystem 210 is going to forward information to display monitor, graphics processor 211 retrieves the encrypted HDCP key value from the BIOS ROM, decrypts the HDSCP key and utilizes the decrypted HDCP key value to encrypt the information being forwarded to the display.
It is appreciated that the present invention can be implemented in a variety of embodiments. In one exemplary implementation the present invention can be utilized in processing systems utilized to provide a variety of graphics applications including video games. For example, the present invention can be utilized to disable defective components in a game console, personal computer, personal digital assistant, cell phone or any number of platforms for implementing a video game. It is also appreciated that references to video game application implementations are exemplary and the present invention is not limited to these implementations.
In block 310, information is received. In one embodiment the information is received by a processing component (e.g., a CPU, a GPU, an integrated CPU, etc.). The received information can itself be a different level encryption key. For example, the received information can include a HDCP key.
In block 320, the information is encrypted with a secure key that is not accessible on an external port. In one embodiment, the secure key value is burned in fuses of a processing unit. In one exemplary implementation the secure value is unique to the processing chip.
In block 330 the encrypted information is forwarded for storage. In one embodiment the encrypted information is forwarded to a general memory.
It is appreciated that secure methods of the present invention can be utilized to secure various different information for a variety of different use cases.
In block 410, a high definition content protection key value is received. In one embodiment, the secure key is unique and is stored in a secure location that is not accessible via an external port. In one embodiment, the secure key is retrieved from fuses and confined to buses and operations that are not accessible at external ports.
In block 420, the high definition content protection key is encrypted utilizing a secure key value. In one embodiment, both the secure key is unique to a graphics processor and the high definition protection key is unique to the graphics processor.
In block 430, the results of the encrypting (e.g., a HDCP key value that is itself encrypted) are stored in a memory. It is appreciated the memory can include various different types of memory including a BIOS ROM memory, a flash memory, etc. In one exemplary implementation, the memory is not a dedicated secure memory and the HDCP key value is secure even if it is nefariously intercepted since the intercepted value is an encrypted version.
In block 440, the results are retrieved from the memory. In one embodiment, the encrypted HDCP key value is retrieved from the memory and forwarded to an encryption/decryption processing component.
In block 450, the results are decrypted to re-obtain the high definition content protection key. The unencrypted high definition content protection key value is also not available at an external port. In one exemplary implementation, the unencrypted high definition content protection key is limited to operations within an encryption component.
In block 460, the high definition content protection key is utilized to encrypt high definition content. The encrypted high definition content is protected from useful or understandable access by unauthorized devices that do not have the corresponding appropriate HDCP key to decrypt the information since the devices would not be able to readily decrypt the high definition content.
In block 470, the encrypted or protected high definition content is forwarded. In one embodiment, the encrypted high definition content is forwarded to a display with a corresponding HDCP key for decryption and presentation.
Thus, the present invention facilitates protection of information in a convenient and effective manner. The present security techniques can be utilized in a variety of applications including HDCP compatible applications. In one embodiment, the present security techniques enable secure storage of a HDCP key in an ordinary memory without utilizing a dedicated secure ROM.
The foregoing descriptions of specific embodiments of the present invention have been presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed, and obviously many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application, to thereby enable others skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the Claims appended hereto and their equivalents.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5457748 | Bergum et al. | Oct 1995 | A |
| 6073244 | Iwazaki | Jun 2000 | A |
| 6760441 | Ellison et al. | Jul 2004 | B1 |
| 7239709 | Yamada et al. | Jul 2007 | B1 |
| 7278016 | Detrick et al. | Oct 2007 | B1 |
| 7721096 | Chiasson et al. | May 2010 | B2 |
| 20010011347 | Narayanaswamy et al. | Aug 2001 | A1 |
| 20020085721 | Saneto et al. | Jul 2002 | A1 |
| 20030023822 | Scott et al. | Jan 2003 | A1 |
| 20030056107 | Cammack et al. | Mar 2003 | A1 |
| 20030084337 | Simionescu et al. | May 2003 | A1 |
| 20030115471 | Skeba | Jun 2003 | A1 |
| 20030177373 | Moyer et al. | Sep 2003 | A1 |
| 20040039927 | Hazama et al. | Feb 2004 | A1 |
| 20040080671 | Siemens et al. | Apr 2004 | A1 |
| 20040186991 | Kobayashi et al. | Sep 2004 | A1 |
| 20040193873 | England | Sep 2004 | A1 |
| 20040225875 | Huang et al. | Nov 2004 | A1 |
| 20050111664 | Ritz et al. | May 2005 | A1 |
| 20050114664 | Davin | May 2005 | A1 |
| 20050132229 | Zhang et al. | Jun 2005 | A1 |
| 20050138409 | Sheriff et al. | Jun 2005 | A1 |
| 20050283601 | Tahan | Dec 2005 | A1 |
| 20050289067 | Lampson et al. | Dec 2005 | A1 |
| 20060005237 | Kobata et al. | Jan 2006 | A1 |
| 20060090084 | Buer | Apr 2006 | A1 |
| 20060136748 | Bade et al. | Jun 2006 | A1 |
| 20060174109 | Flynn | Aug 2006 | A1 |
| 20060174240 | Flynn | Aug 2006 | A1 |
| 20060179302 | Hatakeyama | Aug 2006 | A1 |
| 20060179308 | Morgan et al. | Aug 2006 | A1 |
| 20060224878 | Datta et al. | Oct 2006 | A1 |
| 20060282901 | Li et al. | Dec 2006 | A1 |
| 20070022243 | Rudelic | Jan 2007 | A1 |
| 20070027988 | Lavin et al. | Feb 2007 | A1 |
| 20070055881 | Fuchs et al. | Mar 2007 | A1 |
| 20070074241 | Yeo | Mar 2007 | A1 |
| 20070083744 | Seok | Apr 2007 | A1 |
| 20070124409 | Sibert | May 2007 | A1 |
| 20070169098 | Kikuchi | Jul 2007 | A1 |
| 20070198851 | Goto | Aug 2007 | A1 |
| 20070217614 | Fujiwara et al. | Sep 2007 | A1 |
| 20070220242 | Suzuki et al. | Sep 2007 | A1 |
| 20070220500 | Saunier | Sep 2007 | A1 |
| 20070234130 | Sullivan et al. | Oct 2007 | A1 |
| 20070300207 | Booth et al. | Dec 2007 | A1 |
| 20080028235 | Smith et al. | Jan 2008 | A1 |
| 20080040598 | Lee et al. | Feb 2008 | A1 |
| 20080072333 | Chen | Mar 2008 | A1 |
| 20080077800 | Wang et al. | Mar 2008 | A1 |
| 20080077973 | Zimmer et al. | Mar 2008 | A1 |
| 20080082680 | Grewal et al. | Apr 2008 | A1 |
| 20080086630 | Rodgers et al. | Apr 2008 | A1 |
| 20080086652 | Krieger et al. | Apr 2008 | A1 |
| 20080114994 | Iyer et al. | May 2008 | A1 |
| 20080137848 | Kocher et al. | Jun 2008 | A1 |
| 20080165952 | Smith et al. | Jul 2008 | A1 |
| 20080256595 | Schunter et al. | Oct 2008 | A1 |
| 20080270805 | Kean | Oct 2008 | A1 |
| 20080282084 | Hatakeyama | Nov 2008 | A1 |
| 20090202069 | Cox et al. | Aug 2009 | A1 |
| 20100185845 | Takayama et al. | Jul 2010 | A1 |
| 20100189340 | Ueda | Jul 2010 | A1 |
| Number | Date | Country |
|---|---|---|
| 1421000 | May 2003 | CN |
| 0961193 | Dec 1999 | EP |
| 1845470 | Oct 2007 | EP |
| 2427720 | Jan 2007 | GB |
| 2004530235 | Sep 2004 | JP |
| 2005122733 | May 2005 | JP |
| 20050119416 | Dec 2005 | KR |
| 200306107 | Nov 2003 | TW |
| 0175563 | Oct 2001 | WO |
| WO0221763 | Mar 2002 | WO |
| 0237285 | May 2002 | WO |
| WO2008071572 | Jun 2008 | WO |
| Entry |
|---|
| Machine Translation of English Abstract for Korean Patent Application No. 1020040044502; Filed Jun. 16, 2004. |
| Yang Koshio, et al. Hardware-Dependent Software-Role of Firmware Study Bootloader from CPU Mechanism/Design of BIOS, Interface, Japan, CQ Publishing Co., Ltd., Jan. 1, 2008, vol. 34, No. 1, p. 95-104. |
| Yu Fajiang & Zhang Huanguo, Design and Implementation of a Bootstrap Trust Chain, Wuhan University Journal of Natural Sciences, 2006, pp. 1449-1452, vol. 11-No. 6, Article ID: 1007-1202 (2006) 06-1449-04, INSPEC association No. 9445762. |
| Number | Date | Country | |
|---|---|---|---|
| 20090136041 A1 | May 2009 | US |
