WO2023069111A1 - Encrypted graphics data - Google Patents

Encrypted graphics data Download PDF

Info

Publication number
WO2023069111A1
WO2023069111A1 PCT/US2021/056185 US2021056185W WO2023069111A1 WO 2023069111 A1 WO2023069111 A1 WO 2023069111A1 US 2021056185 W US2021056185 W US 2021056185W WO 2023069111 A1 WO2023069111 A1 WO 2023069111A1
Authority
WO
WIPO (PCT)
Prior art keywords
graphics
graphics data
encrypted
electronic device
data
Prior art date
Application number
PCT/US2021/056185
Other languages
French (fr)
Inventor
Erich Wolfgang Gerstacker MCMILLAN
Tevin Jaupaul RICHARDS
Thomas SWANN
Khoa HUYNH
Robert Craig
Mason Andrew Gunyuzlu
Original Assignee
Hewlett-Packard Development Company, L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company, L.P. filed Critical Hewlett-Packard Development Company, L.P.
Priority to PCT/US2021/056185 priority Critical patent/WO2023069111A1/en
Priority to TW111106402A priority patent/TW202318232A/en
Publication of WO2023069111A1 publication Critical patent/WO2023069111A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/84Protecting input, output or interconnection devices output devices, e.g. displays or monitors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes

Definitions

  • Fig. 1 is a block diagram of an electronic device to decrypt graphics data, according to an example.
  • FIG. 2 is a block diagram of another electronic device to decrypt graphics data, according to an example.
  • FIG. 3 is a block diagram of another electronic device to decrypt graphics data, according to an example.
  • Fig. 4A illustrates a desktop environment with an application window displaying decrypted graphics data, according to an example.
  • FIG. 4B illustrates a desktop environment with an application window displaying encrypted graphics data, according to an example.
  • Fig. 5 is a block diagram of an electronic device and a remote device to decrypt encrypted graphics data, according to an example.
  • FIG. 6 is a block diagram another electronic device and a remote device to decrypt encrypted graphics data, according to an example
  • electronic devices may process graphics data for display by a display device.
  • a display device may produce a visual representation of an image or text by operating light-emissive circuitry represented as a number of pixels based on processed image data.
  • a display device may provide a certain range of colors producible by the number of pixels.
  • a display device presents (e.g., displays) an image on a panel using color data (e.g., such as red, green, and blue (RGB) channel data) to determine a color to display for every pixel on the panel. Colors displayed by a panel may be dependent on the color characteristics of the display panel.
  • color data e.g., such as red, green, and blue (RGB) channel data
  • graphics data may include sensitive information.
  • graphics data may include financial information, trade secrets, proprietary information, or other information that a user or organization would like to keep secure.
  • endpoint-computing may be implemented to perform computing operations at a remote location.
  • an endpoint device may include a thin client.
  • a thin client may be an electronic device that runs from resources stored on a remote server instead of a localized hard drive. Thin clients work by connecting remotely to a server- based computing environment where applications, sensitive data, and memory, are stored.
  • Endpoint-computing provides data security because fewer programs run on an endpoint device, thus reducing the avenues for attack. However, if an endpoint device is compromised (e.g., via remote execution), then the attacker may view and interact with all services to which the endpoint device has access.
  • the examples provided in this specification provide for cryptographically securing graphics data. For example, graphics data for an application (also referred to as a program) may be encrypted from the point of transmission (e.g., a cloud service) to the display device of the endpoint. In these examples, remote attackers are prevented from viewing the contents of the encrypted graphics data, while enabling physically present users to view the graphical output.
  • Application graphical output may be secured such that the graphics data is unviewable except on an intended physical display device (e.g., a built-in display device or external monitor). Administrators may be able to remotely access an electronic device for service without being able to view private applications. Remote revocation of an electronic device’s privileges to display graphics data may be performed in the event of theft.
  • remote-desktop technologies may enable a user to view and interact with graphical programs from a remote server through a secure network connection.
  • the connection in a remote-desktop session is encrypted over the network
  • graphics data is locally unencrypted within the operating system of the endpoint device. Therefore if an attacker has gained full access the endpoint device, the attacker will be able to view the contents of the endpoint device and any remote-desktop connections that are currently active.
  • the described examples address these security issues by preventing remote attackers from being able to view these remote-desktop connections even if the attackers have fully compromised the endpoint operating system.
  • Making applications secure on an endpoint device is a goal of information technology (IT) administration.
  • Securing applications may include diligently applying security updates to the operating system and applications of an endpoint device, as well as running endpoint anti-virus programs.
  • sensitive data may still be exposed through sophisticated attacks or user negligence.
  • an attacker may use a phishing attack to install a remote viewer program that provides the attacker full control of the endpoint device and the ability to see what the user is doing on the endpoint device.
  • This security breach is particularly worrisome if the user is viewing secure documents such as intellectual property, private memoranda, or classified government information.
  • the examples described herein mitigate the risk of remote attacks on endpoint devices by preventing a remote attacker from being able to view application files or application graphical output.
  • the application may be run in a cloud service and graphics data may be forwarded to the endpoint device for viewing.
  • the graphics data may be encrypted from the cloud service to the endpoint device.
  • the decryption of the graphics data may occur via an independent device (referred to herein as a graphics decryption device) that is inserted between a graphics buffer (e.g., graphics card, graphics memory, etc.) and a display device (e.g., built-in display device or external display device).
  • a graphics buffer e.g., graphics card, graphics memory, etc.
  • a display device e.g., built-in display device or external display device.
  • the present specification describes an electronic device that includes a graphics decryption device to receive graphics data encrypted with a security key, and decrypt the graphics data with a private key.
  • the example electronic device also includes a display device interface to provide the decrypted graphics data from the graphics decryption device to a display device.
  • the present specification also describes an electronic device that includes a graphics buffer.
  • the example electronic device also includes a processor to receive encrypted graphics data from a cloud service, and to send the encrypted graphics data to the graphics buffer.
  • the example electronic device further includes a graphics decryption device to receive the encrypted graphics data from the graphics buffer, to decrypt the encrypted graphics data, and to output the decrypted graphics data to a display device.
  • the present specification also describes an electronic device that includes a graphics buffer.
  • the example, electronic device also includes a processor to send graphics data to the graphics buffer.
  • the graphics data includes a first portion comprising encrypted graphics data and a second portion comprising unencrypted graphics data.
  • the example electronic device further includes a graphics decryption device to receive the graphics data from the graphics buffer, and to decrypt the encrypted graphics data.
  • the example electronic device also includes a display device to display the graphics data with the decrypted graphics data received from the graphics decryption device.
  • processor may be a controller, an application-specific integrated circuit (ASIC), a semiconductor-based microprocessor, a central processing unit (CPU), and a field-programmable gate array (FPGA), and/or other hardware device.
  • ASIC application-specific integrated circuit
  • CPU central processing unit
  • FPGA field-programmable gate array
  • the memory may include a computer-readable storage medium, which computer-readable storage medium may contain, or store computer- usable program code for use by or in connection with an instruction execution system, apparatus, or device.
  • the memory may take many types of memory including volatile and non-volatile memory.
  • the memory may include Random Access Memory (RAM), Read Only Memory (ROM), optical memory disks, and magnetic disks, among others.
  • RAM Random Access Memory
  • ROM Read Only Memory
  • the executable code may, when executed by the respective component, cause the component to implement the functionality described herein.
  • Fig. 1 is a block diagram of an electronic device 102 to decrypt graphics data 104, according to an example.
  • Examples of an electronic device 102 include a tablet computer, laptop computer, desktop computer, thin client, internet-of-things device (e.g., sensor), gaming console, gaming controller, robot, or other device that receives and processes graphics data 104.
  • the electronic device 102 may receive graphics data 104.
  • the graphics data 104 may be received from an external source (e.g., a cloud service, remote server, etc.).
  • the graphics data 104 may be received from an internal source (e.g., generated by the operating system (OS) of the electronic device 102).
  • the electronic device 102 may include a processor to run the OS of the electronic device 102.
  • An application implemented by the OS may generate the graphics data 104.
  • the graphics data 104 may include graphical information for a given application that is running on the electronic device 102.
  • an application may be a program that outputs graphical information for display on a display device.
  • the application may be presented in a graphical user interface (GUI).
  • GUI graphical user interface
  • An example of a window of a GUI in which the graphics data 104 is presented includes a window that occupies a portion of an OS desktop.
  • the graphics data 104 may occupy the entire viewable area of the display device, such as when an application is operating in full-screen mode.
  • the application may output a graphical data stream provided by a remote device (e.g., cloud service).
  • the graphics data 104 may be encrypted. In some examples, the entire graphics data 104 generated by the OS may be encrypted. In some examples, a portion of the graphics data 104 may be encrypted and a portion of the graphics data 104 may be unencrypted.
  • the OS of the electronic device 102 may implement a GUI with a desktop environment in which graphical information for different applications are presented in different windows.
  • the graphics data 104 may include multiple portions, where a first portion includes encrypted graphics data and a second portion includes unencrypted graphics data.
  • the encrypted graphics data may include the graphics data for a given application, while the unencrypted graphics data may include graphics data for other applications or OS components.
  • the graphics data 104 may be encrypted with a security key.
  • the entire stream of graphics data 104 may be encoded according to the security key. This process may convert the original graphics data 104 to a ciphered (i.e. , encrypted) version.
  • the encrypted portion may be encoded according to the security key and the unencrypted portion of the graphics data 104 may be unmodified.
  • the security key includes a shared key used to perform cipher shifting.
  • the security key may include a public/private key pair used to encrypt and decrypt the graphics data 104.
  • the graphics data 104 may be received at a graphics decryption device 106.
  • the graphics decryption device 106 may be a hardware component that is separate from the processor executing the OS of the electronic device 102.
  • the graphics decryption device 106 includes a processor that is separate from the processor running the OS of the electronic device 102.
  • the graphics decryption device 106 may be an embedded processor separate from a graphics processing unit (GPU) of the electronic device 102.
  • the graphics decryption device 106 may be integrated into the GPU of the electronic device 102.
  • the OS may output the graphics data 104, including the encrypted graphics data, to a graphics buffer.
  • the graphics buffer includes memory to store the graphics data 104.
  • the processor implementing the OS may write the graphics data 104 directly to the graphics buffer or to a GPU, which then writes the graphics data 104 to the graphics buffer.
  • the graphics data 104 written to the graphics buffer may include the encrypted graphics data.
  • the graphics decryption device 106 may receive the graphics data 104 written to the graphics buffer. For example, the graphics decryption device 106 may intercept the graphics data 104 output by the graphics buffer before the graphics data 104 is sent to a display device.
  • the graphics decryption device 106 may decrypt the graphics data with a private key.
  • the graphics decryption device 106 may be equipped with the private key during manufacturing.
  • the graphics decryption device 106 may be provided the private key from the resource that sends the encrypted graphics data 104.
  • a cloud service that sends the encrypted graphics data 104 may also provide the private key to the graphics decryption device 106.
  • the electronic device 102 may include a network interface (e.g., cellular network interface, wired network interface, wireless network interface, etc.).
  • the private key may be sent to the graphics decryption device 106 using the network interface.
  • the private key may be sent to the graphics decryption device 106 during a boot process of the electronic device 102 via the network interface. For example, as part of the boot process, the electronic device 102 may contact a cloud service or other network resource to obtain the private key used to decrypt the graphics data 104.
  • the private key may be remotely revoked from the graphics decryption device 106.
  • the private key used by the graphics decryption device 106 to decrypt the graphics data 104 may be marked as invalid.
  • the cloud service that provides the encrypted graphics data 104 may switch to a different key to encrypt the data than the key used by the stolen electronic device 102.
  • the cloud service may refuse to issue a new private key, or the cloud service may revoke, disable, or render the graphics decryption device 106 unable to decrypt graphics data 104.
  • the graphics decryption device 106 may also disable output of decrypted graphics data 108 for a secured application or may disable all output of graphics data 104.
  • the graphics decryption device 106 may output the decrypted graphics data 108 to a display device interface 110.
  • the display device interface 110 may include circuitry and protocols to communicate the decrypted graphics data 108 to a display device (not shown).
  • the display device interface 110 may be for an internal display device (e.g., a monitor for a laptop computer or a tablet computer). Examples of a display device interface 110 for an internal display device include embedded display port (eDP), low-voltage differential signaling (LVDS), and mobile industry processor interface display serial interface (MIPI DSI).
  • the display device interface 110 may be for an external display device. Examples of a display device interface 110 for an internal display device include display port (DP), digital visual interface (DVI), high-definition multimedia interface (HDMI) and video graphics array (VGA).
  • the decryption of the graphics data 104 occurs by the graphics decryption device 106 independent of the OS, the graphics data 104 remains encrypted to the OS of the electronic device 102.
  • the result of the OS screenshot would be random noise data due to the OS having access to the encrypted version of the graphics data 104.
  • a user viewing the display device would see the decrypted version of the graphics data 104.
  • the OS would present the attacker with the unintelligible encrypted version of the graphics data 104 because the graphics provided to the remote desktop session does not pass through the graphics decryption device 106.
  • an administrator of the electronic device 102 can remotely access the electronic device 102 to perform maintenance without the administrator gaining access the decrypted graphics data 108. In this manner, the graphics data 104 may be secured from those who do not have access to the display device for which the graphics decryption device 106 has decrypted the graphics data 104.
  • the use of encrypted graphics data 104 and the graphics decryption device 106 may provide application security, even from remote attackers who will not be able to view the application output without the graphics decryption device 106. Furthermore, users will not be able to take an OS screenshot of the decrypted graphics data 108.
  • an application’s private key may be revoked remotely (e.g., if the graphics decryption device 106 connects to a network resource) so that even if the electronic device 102 is stolen, the thief would not be able to view the application’s output.
  • Fig. 2 is a block diagram of another electronic device 202 to decrypt encrypted graphics data, according to an example.
  • the electronic device 202 may be implemented according to the electronic device 102 of Fig. 1.
  • the electronic device 202 may include a processor 214.
  • the processor 214 may be a CPU of the electronic device 202 that executes an OS for the electronic device 202.
  • the processor 214 may execute an application.
  • the application may send information to and receive information from a cloud service 212.
  • a user may initiate the application.
  • the application may open a connection to the cloud service 212.
  • the application may open a secure graphical application portal (SGAP), which connects to the cloud service 212. This connection may be encrypted and secured via hypertext transfer protocol secure (HTTPS) or other secure network protocols.
  • HTTPS hypertext transfer protocol secure
  • the cloud service 212 may receive user input (e.g., keyboard input, mouse input).
  • the cloud service 212 may send encrypted graphics data 204a to the processor 214 via the encrypted network connection.
  • the cloud service 212 may also sign the encrypted graphics data 204 with a digital certificate or other security key.
  • the processor 214 may send the encrypted graphics data 204b to the graphics buffer 216.
  • the processor 214 may write the still encrypted graphics data 204b directly to the graphics buffer 216 for display.
  • the graphics buffer 216 may be memory to store graphics data (e.g., encrypted graphics data 204b) before the graphics data is sent to the display device.
  • the graphics buffer 216 may be the GPU output.
  • the graphics decryption device 206 may intercept the encrypted graphics data 204c output by the graphics buffer 216 before the encrypted graphics data 204c is sent to the display device.
  • the electronic device 202 may include a display device interface coupled to the graphics buffer 216.
  • the graphics decryption device 206 may intercept graphics data output from the graphics buffer 216 on the display device interface.
  • the graphics decryption device 206 may receive the encrypted graphics data 204c from the graphics buffer 216.
  • the graphics decryption device 206 intercepts the encrypted graphics data 204c as graphics data is sent to the physical display device.
  • the graphics decryption device 206 may decrypt the encrypted graphics data 204c to output decrypted graphics data 208.
  • the graphics decryption device 206 may be provided with a private key.
  • the cloud service 212 may send the private key to the graphics decryption device 206 to enable the graphics decryption device 206 to decrypt the encrypted graphics data 204c.
  • the cloud service 212 may send the private key to the graphics decryption device 206 during boot of the electronic device 202.
  • the graphics decryption device 206 may verify the authenticity of the encrypted graphics data 204c. For example, the graphics decryption device 206 may authenticate the encrypted graphics data 204c based on the signature used by the cloud service 212 to sign the encrypted graphics data 204c.
  • the graphics decryption device 206 may decrypt the encrypted graphics data 204c using the private key.
  • the encrypted graphics data 204c may be cipher shifted by the cloud service 212 using a private key shared with the graphics decryption device 206.
  • the graphics decryption device 206 may unshift the encrypted graphics data 204c based on the private key. An example of this approach is described in Fig. 3.
  • the graphics decryption device 206 may output the decrypted graphics data 208 on the display device interface, which sends the decrypted graphics data 208 to the display device.
  • a user may view the true output of the application on the physical display device. Any OS screenshots or remote viewer sessions may result in random noise data (e.g., white noise) due to the OS having access to the encrypted graphics data 204a and not the decrypted graphics data 208 for the application.
  • Fig. 3 is a block diagram of another electronic device 302 to decrypt encrypted graphics data 304, according to an example.
  • the electronic device 302 may be implemented according to the electronic device 102 of Fig. 1 or the electronic device 202 of Fig. 2.
  • the graphics decryption device 306 may be provided a private key 303 from the cloud service 312.
  • the graphics decryption device 306 may contact the cloud service 312 via a network connection to obtain the private key 303.
  • the graphics decryption device 306 may contact the cloud service 312 during a boot process of the electronic device 302 to obtain a new private key 303.
  • the cloud service 312 may provide the private key 303 to the graphics decryption device 306 to enable the graphics decryption device 306 to decrypt encrypted graphics data 304.
  • the cloud service 312 may provide encrypted graphics data 304 for an application executed by the processor 314 of the electronic device 302.
  • the processor 314 may implement an OS for the electronic device 302.
  • the processor 314 may run an application within a desktop environment of the OS.
  • Fig. 4A illustrates an example of a desktop environment with an application window displaying decrypted graphics data 308.
  • Fig. 4B illustrates an example of a desktop environment with an application window displaying encrypted graphics data 304.
  • the graphics data 420 may include an application window 430 for a secured application.
  • the graphical information for the application window 430 may be encrypted by a cloud service.
  • the application window 430 is for a spreadsheet document.
  • the encrypted graphics data for the application window 430 may be decrypted by a graphics decryption device as described herein.
  • the application window 430 has been decrypted by a graphics decryption device.
  • the graphics decryption device outputs the decrypted graphics data 408 to a display device.
  • the graphics data 420 may also include unencrypted graphics data 432.
  • elements of the desktop environment outside the application window 430 may be unencrypted. This may include other application windows or GUI elements for the OS.
  • desktop icons, background, and bottom taskbar are unencrypted graphics data 432.
  • the graphics decryption device may allow the unencrypted graphics data 432 to pass through to the display device without attempting to decrypt the unencrypted graphics data 432.
  • the application window 430 may appear as random noise data in the desktop environment.
  • Fig. 4B illustrates an example of a view of the application window 430 if the graphics decryption device does not decrypt the encrypted graphics data 404.
  • the graphical output for the application window 430 may appear as the random noise data illustrated in Fig. 4B.
  • the application window 430 displayed on a display device may appear as the random noise data illustrated in Fig. 4B.
  • the processor 314 may combine the encrypted graphics data 304 with unencrypted graphics data.
  • the combined graphics data 320a may include a first portion with the encrypted graphics data 304 and a second portion that includes unencrypted graphics data.
  • the first portion may include an application window with the encrypted graphics data 304 and the second portion may include unsecured (e.g., unencrypted) application windows, OS desktop environment elements, or a combination thereof.
  • the processor 314 may send the combined graphics data 320b to a graphics buffer 316 either directly or via a GPU.
  • the electronic device 302 may include a display device 324.
  • the display device 324 may be integrated into the electronic device 302.
  • the electronic device 302 may use embedded display port (eDP) as the connector/protocol between the graphics buffer 316 (e.g., of the GPU) and the built-in display device 324.
  • eDP embedded display port
  • graphical encryption is applied to the electronic device 302 in terms of eDP.
  • other standards may be supported.
  • analog or non-packetized digital protocols such as VGA or HDMI
  • VGA virtualized graphics processing unit
  • HDMI graphics decryption
  • the display device 324 is integrated into the electronic device 302.
  • the display device 324 may be an external display device.
  • the display device 324 may be an external monitor, an augmented reality headset, a virtual reality headset, etc.
  • the graphics decryption device 306 may be located in the display device 324.
  • the electronic device 302 may output the combined graphics data 320b to the display device 324, where the graphics decryption device 306 of the display device 324 intercepts and decrypts the graphics data 320b as described herein.
  • the example of Fig. 3 describes the graphics decryption device 306 and display device 324 as separate components of the electronic device 302.
  • eDP is a packetized protocol.
  • packet types are defined as illustrated in Table 1.
  • the graphics decryption device 306 may sit between the graphics buffer 316 and the display device 324.
  • the graphics decryption device 306 may intercept and modify the physical packet data of the graphics data 320b output by the graphics buffer 316.
  • the graphics decryption device 306 may modify the visual channel data (e.g., video feed) being displayed to the user.
  • the graphics decryption device 306 may be implemented in the physical layer of the display port layering protocol. In this layering protocol, the graphics decryption device 306 may be located on the physical layer between the main-link components of the source (e.g., graphics buffer 316, GPU, etc.) and the sink (e.g., the display device 324). The graphics decryption device 306 may appear as a display port branch device, or as an invisible intermediary capable of modifying the graphics data 320b.
  • the graphics decryption device 306 may receive the graphics data 320b from the graphics buffer 316. The graphics decryption device 306 may then decrypt the encrypted portion of the graphics data 320b. In some examples, the decryption of the encrypted portion of the graphics data 320b may be performed using the private key 303 provided by the cloud service 312. [0061] In some examples, the graphics data provided by the cloud service 312 may be cipher shifted using the private key 303. This private key 303 may then allow the graphics decryption device 306 to unshift the encrypted portion of the graphics data 320b as the graphics data 320b is sent to the display device 324 from the graphics buffer 316. An example of cipher shifting is illustrated in Table 2.
  • the cipher shift may be far more complex due to ultra-spectrum alternatives to RGB that have billions of colors and, thus, billions of random cipher shifts.
  • the graphics decryption device 306 may unshift the cipher shift applied to the encrypted portion of the graphics data 320b to make the graphics data 320b appear in a correct form on the display device 324.
  • the first (i.e., encrypted) portion of the graphics data 320b may be an application window.
  • the processor 314 may send placement and size information 322 for the application window to the graphics decryption device 306.
  • the processor 314 may communicate the placement and size information 322 for the application window to the graphics decryption device 306 using a peripheral component interconnect express (PCIe) interface, other interface, or other side channel.
  • PCIe peripheral component interconnect express
  • the placement and size information 322 may indicate the location and size of the application window within the desktop environment.
  • the size information may include Htotal (defining the horizontal size of the encrypted graphics data) and Vtotal (defining the vertical size of the encrypted graphics data).
  • the location information may include Hstart (defining the horizontal start of the encrypted graphics data) and Vstart (defining the vertical start of the encrypted graphics data).
  • Hstart defining the horizontal start of the encrypted graphics data
  • Vstart defining the vertical start of the encrypted graphics data
  • the graphics decryption device 306 may decrypt the encrypted graphics data 304 of the application window based on the placement and size information 322. For example, the graphics decryption device 306 may look for a packet starting the horizontal and vertical feeds (e.g., Hstart, Vstart). The graphics decryption device 306 may then count the number of incoming packets until the encrypted application’s graphical contents were reached. At this point, the graphics decryption device 306 may unshift these ciphered bytes using the private key 303. The graphics decryption device 306 may then modify the packets outgoing to the display device 324 with the unciphered packet.
  • a packet starting the horizontal and vertical feeds e.g., Hstart, Vstart.
  • the graphics decryption device 306 may then count the number of incoming packets until the encrypted application’s graphical contents were reached. At this point, the graphics decryption device 306 may unshift these ciphered bytes using the private key 303.
  • the graphics decryption device 306 may use the private key 303 to verify the authenticity of the encrypted graphics data 304 included in the combined graphics data 320a.
  • the signature used by the cloud service 312 to sign the encrypted graphics data 304 may be extracted from the encrypted portion of the graphics data 320a by the processor 314. The signature may then be passed from the processor 314 to the graphics decryption device 306 (e.g., via a PCIe mailbox) so that the signature does not interfere with the graphics buffer size and format.
  • the processor 314 may communicate (e.g., via the PCIe or other interface) whether the application window with the encrypted graphics data 304 is visible. For example, in a desktop environment, an application window may be visible, hidden, or minimized. In the case that the application window is minimized or hidden by another element, the graphics decryption device 306 may avoid decrypting the encrypted graphics data 304. If the processor 314 indicates that the encrypted graphics data 304 is visible, then the graphics decryption device 306 may perform decryption of the encrypted graphics data 304. [0067] It should be noted that the decryption of encrypted graphics data 304 may also occur prior to the physical layer.
  • the GPU could uncipher the encrypted graphics data 304 prior to packetization and transmission to the display device.
  • the GPU may obscure the decrypted graphics data 308 to the operating system or GPU driver.
  • the decryption of encrypted graphics data 304 may be controlled via GPU hardware or firmware.
  • Fig. 5 is a block diagram of an electronic device 502 and a remote device 540 to decrypt encrypted graphics data 504, according to an example.
  • the remote device 540 is an electronic device.
  • the remote device 540 may include a graphics decryption device 506.
  • the graphics decryption device 506 may be implemented as described above.
  • the graphics decryption device 506 may be a hardware component that is separate from the processor executing the OS of the remote device 540.
  • Examples of the remote device 540 include a wearable viewing device (e.g., augmented reality glasses or a virtual reality headset), tablet device, smartphone, etc.
  • the processor 514 of the electronic device 502 may run a secured application that generates or receives encrypted graphics data 504.
  • the secured application may receive the encrypted graphics data 504 from a cloud service.
  • the encrypted graphics data 504 may be encrypted with a private key as described above.
  • the processor 514 may provide the encrypted graphics data 504 to the graphics buffer 516 of the electronic device 512.
  • the graphics buffer 516 outputs the encrypted graphics data 504 to a display device 524.
  • the display device 524 is an integrated monitor (e.g., a laptop computer monitor) or the display device 524 may be an external display device. It should be noted that because the encrypted graphics data 504 does not pass through a graphics decryption device of the electronic device 502, the image of the encrypted graphics data 504 displayed on the display device 524 may be random noise data.
  • the remote device 540 includes an image capture device 542 to observe the encrypted graphics data 504 displayed on the display device 524. Examples of an image capture device 542 include a camera. The image capture device 542 may capture images of the encrypted graphics data 504. The captured encrypted graphics data 504 is then provided to the graphics decryption device 506.
  • the graphics decryption device 506 may decrypt the encrypted graphics data 504 with a private key.
  • the graphics decryption device 506 may be equipped with the private key during manufacturing.
  • the graphics decryption device 506 may be provided the private key from the resource that sends the encrypted graphics data 504.
  • a cloud service that sends the encrypted graphics data 504 to the electronic device 502 may also provide the private key to the graphics decryption device 506 of the remote device 540.
  • the electronic device 502 hosting a secured application may provide the remote device 540 with the private key to decrypt the encrypted graphics data 504.
  • the graphics decryption device 506 of the remote device 540 may output decrypted graphics data 508.
  • the graphics decryption device 506 may decrypt the captured encrypted graphics data 504 as described above.
  • the electronic device 502 may include an encryption indicator to indicate the presence of the encrypted graphics data 504.
  • the encryption indicator may be included within a portion of a window displaying the encrypted graphics data 504.
  • the encryption indicator may include unique patterns (e.g., QR codes).
  • the encryption indicator may be displayed as a series of QR codes in a border of the window displaying the encrypted graphics data 504. The encryption indicator may be observed by the image capture device 542, allowing the remote device 540 to identify the encrypted regions and to determine which pixels in the desktop environment are to be decrypted based on information included in the encryption indicator.
  • the graphics decryption device 506 may determine that encrypted graphic data is present in response to detecting the encryption indicator.
  • the graphics decryption device 506 may determine which pixels to decrypt based on information included in the encryption indicator. This form of dynamic detection may allow the remote device 540 to synchronize if the end user changes the dimensions of the application window or switches to other applications that overlap the application window.
  • the encryption indicator may be encoded such that the graphics decryption device 506 decodes the information included in the encryption indicator using the private key.
  • the secured application running on the electronic device 502 may authenticate the remote device 540 and may initiate a secure session with the remote device 540.
  • One example of a method that could be adapted for establishing a secure session is TLS handshaking where the secured application is a server and the graphics decryption device 506 is a client. Once the session is secured, the session keys may be used to decrypt the encrypted graphics data 504.
  • the secured application may output encrypted graphics data 504 in a given region of a desktop environment.
  • the image capture device 542 of the remote device 540 may observe the encryption indicator (e.g., unique border patterns) displayed by the display device 524.
  • the graphics decryption device 506 of the remote device 540 may detect the encrypted region.
  • the graphics decryption device 506 may decrypt the region within the border with the private key, thus allowing an authenticated user to view decrypted graphics data 508.
  • the remote device 540 is a wearable viewing device (e.g., augmented reality glasses)
  • the wearable viewing device may provide a secure alternate to displaying graphics data on a display device that is observable by more than one user. In this scenario, the wearable viewing device may capture the encrypted graphics data 504 and feeds it to the graphics decryption device 506.
  • application data may be protected from remote attackers or other unintended recipients by granting access to authorized devices or users through a secure session.
  • the graphical output of an application may be secured such that the graphical output is unviewable except on intended devices with a graphics decryption device 506.
  • authenticated administrators may be provided with remote access to the application while still protecting data against external attackers.
  • the privileges of a remote device 540 may be protected in the event of theft by not granting session keys to a stolen remote device 540.
  • Fig. 6 is a block diagram an electronic device 602 and a remote device 640 to decrypt encrypted graphics data 604, according to an example.
  • the remote device 640 is an electronic device.
  • a remote device 640 may include a graphics decryption device 606b.
  • the graphics decryption device 606b may be implemented as described above.
  • the graphics decryption device 606b may be a hardware component that is separate from the processor executing the OS of the remote device 640.
  • Examples of the remote device 640 include a desktop computer, a laptop computer, tablet computer, wearable viewing device, etc.
  • the graphics decryption device 606a may of electronic device 602 may decrypt encrypted graphics data 604 to generate decrypted graphics data 608a for display on a display device 624a. This may be accomplished as described above.
  • the electronic device 602 may not display the encrypted graphics data 604.
  • the electronic device 602 may not include a graphics decryption device 606a, but may provide encrypted graphics data 604 to the remote device 640.
  • the electronic device 602 may establish a secure session with the remote device 640.
  • a method that could be adapted for establishing a secure session is TLS handshaking where the secured application is a server and the graphics decryption device 606b is a client.
  • the session keys may be used to decrypt the encrypted graphics data 604.
  • a private key may be provided to the graphics decryption device 606b for decrypting the encrypted graphics data 604.
  • the processor 614 of the electronic device 602 may provide encrypted graphics data 604 to the graphics decryption device 606b of the remote device 640.
  • the graphics decryption device 606b may decrypt the encrypted graphics data 604 to generate decrypted graphics data 608b.
  • the graphics decryption device 606b may provide the decrypted graphics data 608b to a display device 624b (e.g., an integrated monitor or external display device).
  • the processor 614 may add an encryption indicator (e.g., unique border patterns) that the graphics decryption device 606b may interpret to detect the presence and location of the encrypted graphics data 604.
  • the encryption indicator may include encoded information that is readable by the graphics decryption device 606b using a private key.
  • the remote device 640 may be used for a remote desktop session with the electronic device 602. Using the approach described herein, a secure remote desktop session may be provided. For example, graphics for the secure application in the remote desktop session may be sent encrypted. The graphics decryption device 606b of the remote device 640 may decrypt the encrypted graphics data 604 once a secure session is established. [0085]
  • the above specification, examples, and data provide a description of the devices, processes and methods of the disclosure. Because many examples can be made without departing from the spirit and scope of the disclosure, this specification sets forth some of the many possible example approaches and implementations.

Abstract

In one example in accordance with the present disclosure, an electronic device is described. The example electronic device includes a graphics decryption device to receive graphics data encrypted with a security key, and to decrypt the graphics data with a private key. The example electronic device also includes a display device interface to provide the decrypted graphics data from the graphics decryption device to a display device.

Description

ENCRYPTED GRAPHICS DATA
BACKGROUND
[0001] Electronic technology has advanced to become virtually ubiquitous in society and has been used to enhance many activities in society. For example, electronic devices are used to perform a variety of tasks, including work activities, communication, research, and entertainment. Different varieties of electronic circuits may be utilized to provide different varieties of electronic technology.
BRIEF DESCRIPTION OF THE DRAWINGS
[0002] The accompanying drawings illustrate various examples of the principles described herein and are part of the specification. The illustrated examples are given merely for illustration, and do not limit the scope of the claims.
[0003] Fig. 1 is a block diagram of an electronic device to decrypt graphics data, according to an example.
[0004] Fig. 2 is a block diagram of another electronic device to decrypt graphics data, according to an example.
[0005] Fig. 3 is a block diagram of another electronic device to decrypt graphics data, according to an example.
[0006] Fig. 4A illustrates a desktop environment with an application window displaying decrypted graphics data, according to an example.
[0007] Fig. 4B illustrates a desktop environment with an application window displaying encrypted graphics data, according to an example. [0008] Fig. 5 is a block diagram of an electronic device and a remote device to decrypt encrypted graphics data, according to an example.
[0009] Fig. 6 is a block diagram another electronic device and a remote device to decrypt encrypted graphics data, according to an example
[0010] Throughout the drawings, identical reference numbers designate similar, but not necessarily identical, elements. The figures are not necessarily to scale, and the size of some parts may be exaggerated to more clearly illustrate the example shown. Moreover, the drawings provide examples and/or implementations consistent with the description; however, the description is not limited to the examples and/or implementations provided in the drawings.
DETAILED DESCRIPTION
[0011] In some examples, electronic devices may process graphics data for display by a display device. For example, a display device may produce a visual representation of an image or text by operating light-emissive circuitry represented as a number of pixels based on processed image data. A display device may provide a certain range of colors producible by the number of pixels. A display device presents (e.g., displays) an image on a panel using color data (e.g., such as red, green, and blue (RGB) channel data) to determine a color to display for every pixel on the panel. Colors displayed by a panel may be dependent on the color characteristics of the display panel.
[0012] In some examples, graphics data may include sensitive information. For example, graphics data may include financial information, trade secrets, proprietary information, or other information that a user or organization would like to keep secure.
[0013] In some examples, endpoint-computing may be implemented to perform computing operations at a remote location. For example, an endpoint device may include a thin client. As used herein, a thin client may be an electronic device that runs from resources stored on a remote server instead of a localized hard drive. Thin clients work by connecting remotely to a server- based computing environment where applications, sensitive data, and memory, are stored.
[0014] Endpoint-computing provides data security because fewer programs run on an endpoint device, thus reducing the avenues for attack. However, if an endpoint device is compromised (e.g., via remote execution), then the attacker may view and interact with all services to which the endpoint device has access. [0015] The examples provided in this specification provide for cryptographically securing graphics data. For example, graphics data for an application (also referred to as a program) may be encrypted from the point of transmission (e.g., a cloud service) to the display device of the endpoint. In these examples, remote attackers are prevented from viewing the contents of the encrypted graphics data, while enabling physically present users to view the graphical output.
[0016] This specification provides examples of security for remote applications by addressing the following issues. Application graphical output may be secured such that the graphics data is unviewable except on an intended physical display device (e.g., a built-in display device or external monitor). Administrators may be able to remotely access an electronic device for service without being able to view private applications. Remote revocation of an electronic device’s privileges to display graphics data may be performed in the event of theft.
[0017] In some examples, remote-desktop technologies may enable a user to view and interact with graphical programs from a remote server through a secure network connection. However, while the connection in a remote-desktop session is encrypted over the network, graphics data is locally unencrypted within the operating system of the endpoint device. Therefore if an attacker has gained full access the endpoint device, the attacker will be able to view the contents of the endpoint device and any remote-desktop connections that are currently active. The described examples address these security issues by preventing remote attackers from being able to view these remote-desktop connections even if the attackers have fully compromised the endpoint operating system. [0018] Making applications secure on an endpoint device is a goal of information technology (IT) administration. Securing applications may include diligently applying security updates to the operating system and applications of an endpoint device, as well as running endpoint anti-virus programs. However, regardless of how well-secured the endpoint device is, sensitive data may still be exposed through sophisticated attacks or user negligence. For example, an attacker may use a phishing attack to install a remote viewer program that provides the attacker full control of the endpoint device and the ability to see what the user is doing on the endpoint device. This security breach is particularly worrisome if the user is viewing secure documents such as intellectual property, private memoranda, or classified government information. [0019] The examples described herein mitigate the risk of remote attacks on endpoint devices by preventing a remote attacker from being able to view application files or application graphical output. In some examples, to prevent an attacker from viewing application files, the application may be run in a cloud service and graphics data may be forwarded to the endpoint device for viewing. Furthermore, to prevent viewing of the application’s graphical output, the graphics data may be encrypted from the cloud service to the endpoint device. In some examples, the decryption of the graphics data may occur via an independent device (referred to herein as a graphics decryption device) that is inserted between a graphics buffer (e.g., graphics card, graphics memory, etc.) and a display device (e.g., built-in display device or external display device). Thus, any remote viewer will obtain what appears to be random noise data for the application’s graphical output. But a user that is physically present at the endpoint device will be able to view the decrypted graphics data for the application graphics as they are supposed to appear.
[0020] In some examples, the present specification describes an electronic device that includes a graphics decryption device to receive graphics data encrypted with a security key, and decrypt the graphics data with a private key. The example electronic device also includes a display device interface to provide the decrypted graphics data from the graphics decryption device to a display device. [0021] In another example, the present specification also describes an electronic device that includes a graphics buffer. The example electronic device also includes a processor to receive encrypted graphics data from a cloud service, and to send the encrypted graphics data to the graphics buffer. The example electronic device further includes a graphics decryption device to receive the encrypted graphics data from the graphics buffer, to decrypt the encrypted graphics data, and to output the decrypted graphics data to a display device.
[0022] In yet another example, the present specification also describes an electronic device that includes a graphics buffer. The example, electronic device also includes a processor to send graphics data to the graphics buffer. In some examples, the graphics data includes a first portion comprising encrypted graphics data and a second portion comprising unencrypted graphics data. The example electronic device further includes a graphics decryption device to receive the graphics data from the graphics buffer, and to decrypt the encrypted graphics data. The example electronic device also includes a display device to display the graphics data with the decrypted graphics data received from the graphics decryption device.
[0023] As used in the present specification and in the appended claims, the term, “processor” may be a controller, an application-specific integrated circuit (ASIC), a semiconductor-based microprocessor, a central processing unit (CPU), and a field-programmable gate array (FPGA), and/or other hardware device.
[0024] The memory may include a computer-readable storage medium, which computer-readable storage medium may contain, or store computer- usable program code for use by or in connection with an instruction execution system, apparatus, or device. The memory may take many types of memory including volatile and non-volatile memory. For example, the memory may include Random Access Memory (RAM), Read Only Memory (ROM), optical memory disks, and magnetic disks, among others. The executable code may, when executed by the respective component, cause the component to implement the functionality described herein. [0025] Turning now to the figures, Fig. 1 is a block diagram of an electronic device 102 to decrypt graphics data 104, according to an example. Examples of an electronic device 102 include a tablet computer, laptop computer, desktop computer, thin client, internet-of-things device (e.g., sensor), gaming console, gaming controller, robot, or other device that receives and processes graphics data 104.
[0026] In some examples, the electronic device 102 may receive graphics data 104. In some examples, the graphics data 104 may be received from an external source (e.g., a cloud service, remote server, etc.). In some examples, the graphics data 104 may be received from an internal source (e.g., generated by the operating system (OS) of the electronic device 102). For example, the electronic device 102 may include a processor to run the OS of the electronic device 102. An application implemented by the OS may generate the graphics data 104.
[0027] In some examples, the graphics data 104 may include graphical information for a given application that is running on the electronic device 102. For example, an application may be a program that outputs graphical information for display on a display device. In some examples, the application may be presented in a graphical user interface (GUI). An example of a window of a GUI in which the graphics data 104 is presented includes a window that occupies a portion of an OS desktop. In other examples, the graphics data 104 may occupy the entire viewable area of the display device, such as when an application is operating in full-screen mode. In some examples, the application may output a graphical data stream provided by a remote device (e.g., cloud service).
[0028] The graphics data 104 may be encrypted. In some examples, the entire graphics data 104 generated by the OS may be encrypted. In some examples, a portion of the graphics data 104 may be encrypted and a portion of the graphics data 104 may be unencrypted. For example, the OS of the electronic device 102 may implement a GUI with a desktop environment in which graphical information for different applications are presented in different windows. In this case, the graphics data 104 may include multiple portions, where a first portion includes encrypted graphics data and a second portion includes unencrypted graphics data. For example, the encrypted graphics data may include the graphics data for a given application, while the unencrypted graphics data may include graphics data for other applications or OS components.
[0029] In some examples, the graphics data 104 may be encrypted with a security key. For example, in the case that the entire graphics data 104 is encrypted, the entire stream of graphics data 104 may be encoded according to the security key. This process may convert the original graphics data 104 to a ciphered (i.e. , encrypted) version. In the case that a portion of the graphics data 104 is encrypted, then the encrypted portion may be encoded according to the security key and the unencrypted portion of the graphics data 104 may be unmodified.
[0030] In some examples, the security key includes a shared key used to perform cipher shifting. In some examples, the security key may include a public/private key pair used to encrypt and decrypt the graphics data 104. [0031] In some examples, the graphics data 104 may be received at a graphics decryption device 106. The graphics decryption device 106 may be a hardware component that is separate from the processor executing the OS of the electronic device 102. For example, the graphics decryption device 106 includes a processor that is separate from the processor running the OS of the electronic device 102. In some examples, the graphics decryption device 106 may be an embedded processor separate from a graphics processing unit (GPU) of the electronic device 102. In some examples, the graphics decryption device 106 may be integrated into the GPU of the electronic device 102.
[0032] In an example, the OS may output the graphics data 104, including the encrypted graphics data, to a graphics buffer. In some examples, the graphics buffer includes memory to store the graphics data 104. The processor implementing the OS may write the graphics data 104 directly to the graphics buffer or to a GPU, which then writes the graphics data 104 to the graphics buffer. In this case, the graphics data 104 written to the graphics buffer may include the encrypted graphics data. [0033] The graphics decryption device 106 may receive the graphics data 104 written to the graphics buffer. For example, the graphics decryption device 106 may intercept the graphics data 104 output by the graphics buffer before the graphics data 104 is sent to a display device.
[0034] The graphics decryption device 106 may decrypt the graphics data with a private key. In some examples, the graphics decryption device 106 may be equipped with the private key during manufacturing. In some examples, the graphics decryption device 106 may be provided the private key from the resource that sends the encrypted graphics data 104. For example, a cloud service that sends the encrypted graphics data 104 may also provide the private key to the graphics decryption device 106.
[0035] In some examples, the electronic device 102 may include a network interface (e.g., cellular network interface, wired network interface, wireless network interface, etc.). The private key may be sent to the graphics decryption device 106 using the network interface. In some examples, the private key may be sent to the graphics decryption device 106 during a boot process of the electronic device 102 via the network interface. For example, as part of the boot process, the electronic device 102 may contact a cloud service or other network resource to obtain the private key used to decrypt the graphics data 104.
[0036] In some examples, the private key may be remotely revoked from the graphics decryption device 106. For example, in the event that the electronic device 102 is stolen, the private key used by the graphics decryption device 106 to decrypt the graphics data 104 may be marked as invalid. In some examples, the cloud service that provides the encrypted graphics data 104, may switch to a different key to encrypt the data than the key used by the stolen electronic device 102. In some examples, if the electronic device 102 is identified as stolen, then during a boot process, the cloud service may refuse to issue a new private key, or the cloud service may revoke, disable, or render the graphics decryption device 106 unable to decrypt graphics data 104. In some examples, the graphics decryption device 106 may also disable output of decrypted graphics data 108 for a secured application or may disable all output of graphics data 104. [0037] The graphics decryption device 106 may output the decrypted graphics data 108 to a display device interface 110. The display device interface 110 may include circuitry and protocols to communicate the decrypted graphics data 108 to a display device (not shown). In some examples, the display device interface 110 may be for an internal display device (e.g., a monitor for a laptop computer or a tablet computer). Examples of a display device interface 110 for an internal display device include embedded display port (eDP), low-voltage differential signaling (LVDS), and mobile industry processor interface display serial interface (MIPI DSI). In some examples, the display device interface 110 may be for an external display device. Examples of a display device interface 110 for an internal display device include display port (DP), digital visual interface (DVI), high-definition multimedia interface (HDMI) and video graphics array (VGA).
[0038] It should be noted that because the decryption of the graphics data 104 occurs by the graphics decryption device 106 independent of the OS, the graphics data 104 remains encrypted to the OS of the electronic device 102. For example, if a user were to take a screenshot of the OS desktop or of the secured application, the result of the OS screenshot would be random noise data due to the OS having access to the encrypted version of the graphics data 104. However, a user viewing the display device would see the decrypted version of the graphics data 104. In another example, if an attacker were to access the electronic device 102 via remote desktop session, the OS would present the attacker with the unintelligible encrypted version of the graphics data 104 because the graphics provided to the remote desktop session does not pass through the graphics decryption device 106. In yet another example, an administrator of the electronic device 102 can remotely access the electronic device 102 to perform maintenance without the administrator gaining access the decrypted graphics data 108. In this manner, the graphics data 104 may be secured from those who do not have access to the display device for which the graphics decryption device 106 has decrypted the graphics data 104.
[0039] As seen by these examples, the use of encrypted graphics data 104 and the graphics decryption device 106 may provide application security, even from remote attackers who will not be able to view the application output without the graphics decryption device 106. Furthermore, users will not be able to take an OS screenshot of the decrypted graphics data 108. In some examples, an application’s private key may be revoked remotely (e.g., if the graphics decryption device 106 connects to a network resource) so that even if the electronic device 102 is stolen, the thief would not be able to view the application’s output.
[0040] Fig. 2 is a block diagram of another electronic device 202 to decrypt encrypted graphics data, according to an example. In some examples, the electronic device 202 may be implemented according to the electronic device 102 of Fig. 1.
[0041] In some examples, the electronic device 202 may include a processor 214. For example, the processor 214 may be a CPU of the electronic device 202 that executes an OS for the electronic device 202. In some examples, the processor 214 may execute an application. For example, the application may send information to and receive information from a cloud service 212. In some examples, a user may initiate the application. The application may open a connection to the cloud service 212. In some examples, the application may open a secure graphical application portal (SGAP), which connects to the cloud service 212. This connection may be encrypted and secured via hypertext transfer protocol secure (HTTPS) or other secure network protocols. The cloud service 212 may receive user input (e.g., keyboard input, mouse input). The cloud service 212 may send encrypted graphics data 204a to the processor 214 via the encrypted network connection. In some examples, the cloud service 212 may also sign the encrypted graphics data 204 with a digital certificate or other security key.
[0042] Upon receiving the encrypted graphics data 204a, the processor 214 may send the encrypted graphics data 204b to the graphics buffer 216. For example, the processor 214 may write the still encrypted graphics data 204b directly to the graphics buffer 216 for display. In some examples, the graphics buffer 216 may be memory to store graphics data (e.g., encrypted graphics data 204b) before the graphics data is sent to the display device. In some examples, the graphics buffer 216 may be the GPU output.
[0043] The graphics decryption device 206 may intercept the encrypted graphics data 204c output by the graphics buffer 216 before the encrypted graphics data 204c is sent to the display device. For example, the electronic device 202 may include a display device interface coupled to the graphics buffer 216. The graphics decryption device 206 may intercept graphics data output from the graphics buffer 216 on the display device interface. Thus, the graphics decryption device 206 may receive the encrypted graphics data 204c from the graphics buffer 216. In other words, as graphics data is sent to the physical display device, the graphics decryption device 206 (which is spliced between the graphics buffer 216 and the display device) intercepts the encrypted graphics data 204c.
[0044] The graphics decryption device 206 may decrypt the encrypted graphics data 204c to output decrypted graphics data 208. For example, the graphics decryption device 206 may be provided with a private key. In some examples, the cloud service 212 may send the private key to the graphics decryption device 206 to enable the graphics decryption device 206 to decrypt the encrypted graphics data 204c. In some examples, the cloud service 212 may send the private key to the graphics decryption device 206 during boot of the electronic device 202.
[0045] In some examples, the graphics decryption device 206 may verify the authenticity of the encrypted graphics data 204c. For example, the graphics decryption device 206 may authenticate the encrypted graphics data 204c based on the signature used by the cloud service 212 to sign the encrypted graphics data 204c.
[0046] Upon verifying the authenticity of the encrypted graphics data 204c, the graphics decryption device 206 may decrypt the encrypted graphics data 204c using the private key. In some examples, the encrypted graphics data 204c may be cipher shifted by the cloud service 212 using a private key shared with the graphics decryption device 206. In this case, the graphics decryption device 206 may unshift the encrypted graphics data 204c based on the private key. An example of this approach is described in Fig. 3.
[0047] Upon decrypting the encrypted graphics data 204c, the graphics decryption device 206 may output the decrypted graphics data 208 on the display device interface, which sends the decrypted graphics data 208 to the display device. Thus, a user may view the true output of the application on the physical display device. Any OS screenshots or remote viewer sessions may result in random noise data (e.g., white noise) due to the OS having access to the encrypted graphics data 204a and not the decrypted graphics data 208 for the application.
[0048] Fig. 3 is a block diagram of another electronic device 302 to decrypt encrypted graphics data 304, according to an example. In some examples, the electronic device 302 may be implemented according to the electronic device 102 of Fig. 1 or the electronic device 202 of Fig. 2.
[0049] In this example, the graphics decryption device 306 may be provided a private key 303 from the cloud service 312. In some examples, the graphics decryption device 306 may contact the cloud service 312 via a network connection to obtain the private key 303. In some examples, the graphics decryption device 306 may contact the cloud service 312 during a boot process of the electronic device 302 to obtain a new private key 303. In some examples, the cloud service 312 may provide the private key 303 to the graphics decryption device 306 to enable the graphics decryption device 306 to decrypt encrypted graphics data 304.
[0050] As described above, the cloud service 312 may provide encrypted graphics data 304 for an application executed by the processor 314 of the electronic device 302. In some examples, the processor 314 may implement an OS for the electronic device 302. The processor 314 may run an application within a desktop environment of the OS. Fig. 4A illustrates an example of a desktop environment with an application window displaying decrypted graphics data 308. Fig. 4B illustrates an example of a desktop environment with an application window displaying encrypted graphics data 304. [0051] Referring briefly to Fig. 4A, the graphics data 420 may include an application window 430 for a secured application. For example, the graphical information for the application window 430 may be encrypted by a cloud service. In this example, the application window 430 is for a spreadsheet document. The encrypted graphics data for the application window 430 may be decrypted by a graphics decryption device as described herein. In this example, the application window 430 has been decrypted by a graphics decryption device. The graphics decryption device outputs the decrypted graphics data 408 to a display device. [0052] The graphics data 420 may also include unencrypted graphics data 432. For example, elements of the desktop environment outside the application window 430 may be unencrypted. This may include other application windows or GUI elements for the OS. In this example, desktop icons, background, and bottom taskbar are unencrypted graphics data 432. In this case, the graphics decryption device may allow the unencrypted graphics data 432 to pass through to the display device without attempting to decrypt the unencrypted graphics data 432.
[0053] As illustrated in Fig. 4B, if the graphics decryption device does not decrypt the encrypted graphics data 404 for the application window 430, then the application window 430 may appear as random noise data in the desktop environment. For example, Fig. 4B illustrates an example of a view of the application window 430 if the graphics decryption device does not decrypt the encrypted graphics data 404. Thus, in the case of an OS screenshot or remote desktop connection where the encrypted graphics data 404 does not pass through the graphics decryption device, the graphical output for the application window 430 may appear as the random noise data illustrated in Fig. 4B. In some examples, if the encrypted graphics data 404 is sent to an electronic device that lacks a graphics decryption device or lacks the correct private key to decrypt the encrypted graphics data 404, then the application window 430 displayed on a display device may appear as the random noise data illustrated in Fig. 4B.
[0054] Referring again to Fig. 3, the processor 314 may combine the encrypted graphics data 304 with unencrypted graphics data. For example, the combined graphics data 320a may include a first portion with the encrypted graphics data 304 and a second portion that includes unencrypted graphics data. For example, the first portion may include an application window with the encrypted graphics data 304 and the second portion may include unsecured (e.g., unencrypted) application windows, OS desktop environment elements, or a combination thereof. The processor 314 may send the combined graphics data 320b to a graphics buffer 316 either directly or via a GPU.
[0055] In an example, the electronic device 302 may include a display device 324. For example, in the case of a laptop computer, the display device 324 may be integrated into the electronic device 302. In this case, the electronic device 302 may use embedded display port (eDP) as the connector/protocol between the graphics buffer 316 (e.g., of the GPU) and the built-in display device 324. In this example, graphical encryption is applied to the electronic device 302 in terms of eDP. However, in some examples, other standards may be supported. For example analog or non-packetized digital protocols (such as VGA or HDMI) use different specific implementations, but the graphical decryption may still occur at a physical layer with a graphics decryption device 306 between the graphics buffer 316 and the display device 324.
[0056] In the above example, the display device 324 is integrated into the electronic device 302. In other examples, the display device 324 may be an external display device. For example, the display device 324 may be an external monitor, an augmented reality headset, a virtual reality headset, etc. In some examples, the graphics decryption device 306 may be located in the display device 324. For example, the electronic device 302 may output the combined graphics data 320b to the display device 324, where the graphics decryption device 306 of the display device 324 intercepts and decrypts the graphics data 320b as described herein. However, for the sake of discussion, the example of Fig. 3 describes the graphics decryption device 306 and display device 324 as separate components of the electronic device 302.
[0057] In the example where eDP is used to communicate graphics data, eDP is a packetized protocol. Several packet types are defined as illustrated in Table 1.
Figure imgf000016_0001
Table 1
[0058] In this example, the graphics decryption device 306 may sit between the graphics buffer 316 and the display device 324. The graphics decryption device 306 may intercept and modify the physical packet data of the graphics data 320b output by the graphics buffer 316. Thus, the graphics decryption device 306 may modify the visual channel data (e.g., video feed) being displayed to the user.
[0059] In some examples, the graphics decryption device 306 may be implemented in the physical layer of the display port layering protocol. In this layering protocol, the graphics decryption device 306 may be located on the physical layer between the main-link components of the source (e.g., graphics buffer 316, GPU, etc.) and the sink (e.g., the display device 324). The graphics decryption device 306 may appear as a display port branch device, or as an invisible intermediary capable of modifying the graphics data 320b.
[0060] The graphics decryption device 306 may receive the graphics data 320b from the graphics buffer 316. The graphics decryption device 306 may then decrypt the encrypted portion of the graphics data 320b. In some examples, the decryption of the encrypted portion of the graphics data 320b may be performed using the private key 303 provided by the cloud service 312. [0061] In some examples, the graphics data provided by the cloud service 312 may be cipher shifted using the private key 303. This private key 303 may then allow the graphics decryption device 306 to unshift the encrypted portion of the graphics data 320b as the graphics data 320b is sent to the display device 324 from the graphics buffer 316. An example of cipher shifting is illustrated in Table 2.
Figure imgf000017_0001
Table 2
[0062] While Table 2 provides a simple approach to cipher shifting, in some examples, the cipher shift may be far more complex due to ultra-spectrum alternatives to RGB that have billions of colors and, thus, billions of random cipher shifts. The graphics decryption device 306 may unshift the cipher shift applied to the encrypted portion of the graphics data 320b to make the graphics data 320b appear in a correct form on the display device 324.
[0063] As described above, the first (i.e., encrypted) portion of the graphics data 320b may be an application window. In some examples, the processor 314 may send placement and size information 322 for the application window to the graphics decryption device 306. For example, the processor 314 may communicate the placement and size information 322 for the application window to the graphics decryption device 306 using a peripheral component interconnect express (PCIe) interface, other interface, or other side channel. The placement and size information 322 may indicate the location and size of the application window within the desktop environment. In the example of Table 1 , the size information may include Htotal (defining the horizontal size of the encrypted graphics data) and Vtotal (defining the vertical size of the encrypted graphics data). Also in the example of Table 1 , the location information may include Hstart (defining the horizontal start of the encrypted graphics data) and Vstart (defining the vertical start of the encrypted graphics data). Thus, the graphics decryption device 306 may know where the encrypted application is to appear on the display device 324 through the PCIe interface or other side channel port.
[0064] The graphics decryption device 306 may decrypt the encrypted graphics data 304 of the application window based on the placement and size information 322. For example, the graphics decryption device 306 may look for a packet starting the horizontal and vertical feeds (e.g., Hstart, Vstart). The graphics decryption device 306 may then count the number of incoming packets until the encrypted application’s graphical contents were reached. At this point, the graphics decryption device 306 may unshift these ciphered bytes using the private key 303. The graphics decryption device 306 may then modify the packets outgoing to the display device 324 with the unciphered packet.
[0065] In some examples, the graphics decryption device 306 may use the private key 303 to verify the authenticity of the encrypted graphics data 304 included in the combined graphics data 320a. In this example, the signature used by the cloud service 312 to sign the encrypted graphics data 304 may be extracted from the encrypted portion of the graphics data 320a by the processor 314. The signature may then be passed from the processor 314 to the graphics decryption device 306 (e.g., via a PCIe mailbox) so that the signature does not interfere with the graphics buffer size and format.
[0066] In some examples, the processor 314 may communicate (e.g., via the PCIe or other interface) whether the application window with the encrypted graphics data 304 is visible. For example, in a desktop environment, an application window may be visible, hidden, or minimized. In the case that the application window is minimized or hidden by another element, the graphics decryption device 306 may avoid decrypting the encrypted graphics data 304. If the processor 314 indicates that the encrypted graphics data 304 is visible, then the graphics decryption device 306 may perform decryption of the encrypted graphics data 304. [0067] It should be noted that the decryption of encrypted graphics data 304 may also occur prior to the physical layer. For example, the GPU could uncipher the encrypted graphics data 304 prior to packetization and transmission to the display device. In this approach, the GPU may obscure the decrypted graphics data 308 to the operating system or GPU driver. Thus, in this approach, the decryption of encrypted graphics data 304 may be controlled via GPU hardware or firmware.
[0068] Fig. 5 is a block diagram of an electronic device 502 and a remote device 540 to decrypt encrypted graphics data 504, according to an example. The remote device 540 is an electronic device. In this example, the remote device 540 may include a graphics decryption device 506. In some examples, the graphics decryption device 506 may be implemented as described above. For instance, the graphics decryption device 506 may be a hardware component that is separate from the processor executing the OS of the remote device 540. Examples of the remote device 540 include a wearable viewing device (e.g., augmented reality glasses or a virtual reality headset), tablet device, smartphone, etc.
[0069] In some examples, the processor 514 of the electronic device 502 may run a secured application that generates or receives encrypted graphics data 504. For example, the secured application may receive the encrypted graphics data 504 from a cloud service. The encrypted graphics data 504 may be encrypted with a private key as described above.
[0070] The processor 514 may provide the encrypted graphics data 504 to the graphics buffer 516 of the electronic device 512. In this example, the graphics buffer 516 outputs the encrypted graphics data 504 to a display device 524. In some examples, the display device 524 is an integrated monitor (e.g., a laptop computer monitor) or the display device 524 may be an external display device. It should be noted that because the encrypted graphics data 504 does not pass through a graphics decryption device of the electronic device 502, the image of the encrypted graphics data 504 displayed on the display device 524 may be random noise data. [0071] In some examples, the remote device 540 includes an image capture device 542 to observe the encrypted graphics data 504 displayed on the display device 524. Examples of an image capture device 542 include a camera. The image capture device 542 may capture images of the encrypted graphics data 504. The captured encrypted graphics data 504 is then provided to the graphics decryption device 506.
[0072] In some examples, the graphics decryption device 506 may decrypt the encrypted graphics data 504 with a private key. In some examples, the graphics decryption device 506 may be equipped with the private key during manufacturing. In some examples, the graphics decryption device 506 may be provided the private key from the resource that sends the encrypted graphics data 504. For example, a cloud service that sends the encrypted graphics data 504 to the electronic device 502 may also provide the private key to the graphics decryption device 506 of the remote device 540. In some examples, the electronic device 502 hosting a secured application may provide the remote device 540 with the private key to decrypt the encrypted graphics data 504. [0073] The graphics decryption device 506 of the remote device 540 may output decrypted graphics data 508. For example, the graphics decryption device 506 may decrypt the captured encrypted graphics data 504 as described above.
[0074] In some examples, to achieve remote functionality, the electronic device 502 may include an encryption indicator to indicate the presence of the encrypted graphics data 504. For example, the encryption indicator may be included within a portion of a window displaying the encrypted graphics data 504. In some examples, the encryption indicator may include unique patterns (e.g., QR codes). In some examples, the encryption indicator may be displayed as a series of QR codes in a border of the window displaying the encrypted graphics data 504. The encryption indicator may be observed by the image capture device 542, allowing the remote device 540 to identify the encrypted regions and to determine which pixels in the desktop environment are to be decrypted based on information included in the encryption indicator. Thus, the graphics decryption device 506 may determine that encrypted graphic data is present in response to detecting the encryption indicator. The graphics decryption device 506 may determine which pixels to decrypt based on information included in the encryption indicator. This form of dynamic detection may allow the remote device 540 to synchronize if the end user changes the dimensions of the application window or switches to other applications that overlap the application window. The encryption indicator may be encoded such that the graphics decryption device 506 decodes the information included in the encryption indicator using the private key.
[0075] In an example, the secured application running on the electronic device 502 may authenticate the remote device 540 and may initiate a secure session with the remote device 540. One example of a method that could be adapted for establishing a secure session is TLS handshaking where the secured application is a server and the graphics decryption device 506 is a client. Once the session is secured, the session keys may be used to decrypt the encrypted graphics data 504.
[0076] The secured application may output encrypted graphics data 504 in a given region of a desktop environment. The image capture device 542 of the remote device 540 may observe the encryption indicator (e.g., unique border patterns) displayed by the display device 524. The graphics decryption device 506 of the remote device 540 may detect the encrypted region. The graphics decryption device 506 may decrypt the region within the border with the private key, thus allowing an authenticated user to view decrypted graphics data 508. [0077] In an example where the remote device 540 is a wearable viewing device (e.g., augmented reality glasses), the wearable viewing device may provide a secure alternate to displaying graphics data on a display device that is observable by more than one user. In this scenario, the wearable viewing device may capture the encrypted graphics data 504 and feeds it to the graphics decryption device 506.
[0078] In this example, application data may be protected from remote attackers or other unintended recipients by granting access to authorized devices or users through a secure session. For example, the graphical output of an application may be secured such that the graphical output is unviewable except on intended devices with a graphics decryption device 506. Furthermore, authenticated administrators may be provided with remote access to the application while still protecting data against external attackers. The privileges of a remote device 540 may be protected in the event of theft by not granting session keys to a stolen remote device 540.
[0079] Fig. 6 is a block diagram an electronic device 602 and a remote device 640 to decrypt encrypted graphics data 604, according to an example. The remote device 640 is an electronic device. In this example, a remote device 640 may include a graphics decryption device 606b. In some examples, the graphics decryption device 606b may be implemented as described above. For instance, the graphics decryption device 606b may be a hardware component that is separate from the processor executing the OS of the remote device 640. Examples of the remote device 640 include a desktop computer, a laptop computer, tablet computer, wearable viewing device, etc.
[0080] In this example, the graphics decryption device 606a may of electronic device 602 may decrypt encrypted graphics data 604 to generate decrypted graphics data 608a for display on a display device 624a. This may be accomplished as described above. In some examples, the electronic device 602 may not display the encrypted graphics data 604. In some examples, the electronic device 602 may not include a graphics decryption device 606a, but may provide encrypted graphics data 604 to the remote device 640.
[0081] The electronic device 602 may establish a secure session with the remote device 640. For example, a method that could be adapted for establishing a secure session is TLS handshaking where the secured application is a server and the graphics decryption device 606b is a client. Once the session is secured, the session keys may be used to decrypt the encrypted graphics data 604. In other examples, a private key may be provided to the graphics decryption device 606b for decrypting the encrypted graphics data 604.
[0082] In some examples, the processor 614 of the electronic device 602 may provide encrypted graphics data 604 to the graphics decryption device 606b of the remote device 640. The graphics decryption device 606b may decrypt the encrypted graphics data 604 to generate decrypted graphics data 608b. The graphics decryption device 606b may provide the decrypted graphics data 608b to a display device 624b (e.g., an integrated monitor or external display device).
[0083] As described in Fig. 5, the processor 614 may add an encryption indicator (e.g., unique border patterns) that the graphics decryption device 606b may interpret to detect the presence and location of the encrypted graphics data 604. In some examples, the encryption indicator may include encoded information that is readable by the graphics decryption device 606b using a private key.
[0084] In an example, the remote device 640 may be used for a remote desktop session with the electronic device 602. Using the approach described herein, a secure remote desktop session may be provided. For example, graphics for the secure application in the remote desktop session may be sent encrypted. The graphics decryption device 606b of the remote device 640 may decrypt the encrypted graphics data 604 once a secure session is established. [0085] The above specification, examples, and data provide a description of the devices, processes and methods of the disclosure. Because many examples can be made without departing from the spirit and scope of the disclosure, this specification sets forth some of the many possible example approaches and implementations.

Claims

CLAIMS What is claimed is:
1 . An electronic device, comprising: a graphics decryption device to: receive graphics data encrypted with a security key; and decrypt the graphics data with a private key; and a display device interface to provide the decrypted graphics data from the graphics decryption device to a display device.
2. The electronic device of claim 1 , further comprising a processor to run an operating system of the electronic device, wherein the graphics decryption device is separate from the processor.
3. The electronic device of claim 2, wherein the graphics data to remain encrypted to the operating system of the electronic device.
4. The electronic device of claim 1 , wherein the graphics decryption device comprises an embedded processor separate from a graphics processing unit of the electronic device.
5. The electronic device of claim 1 , wherein the graphics decryption device comprises a graphics processing unit of the electronic device.
6. The electronic device of claim 1 , wherein the graphics decryption device is to: detect an encryption indicator included in the encrypted graphics data; determine that encrypted graphic data is present in response to detecting the encryption indicator; and determine which pixels to decrypt based on information included in the encryption indicator.
23
7. The electronic device of claim 1 , further comprising an image capture device to observe the encrypted graphics data displayed on a display device, wherein the graphics decryption device to decrypt the captured encrypted graphics data.
8. An electronic device, comprising: a graphics buffer; a processor to: receive encrypted graphics data from a cloud service; and send the encrypted graphics data to the graphics buffer; and a graphics decryption device to: receive the encrypted graphics data from the graphics buffer; decrypt the encrypted graphics data; and output the decrypted graphics data to a display device.
9. The electronic device of claim 8, wherein the encrypted graphics data is cipher shifted by the cloud service using a private key shared with the graphics decryption device.
10. The electronic device of claim 8, wherein the graphics decryption device is to verify the encrypted graphics data based on a signature of the cloud service used to sign the encrypted graphics data.
11 . The electronic device of claim 8, further comprising a display device interface coupled to the graphics buffer, wherein the graphics decryption device is to intercept graphics data output from the graphics buffer on the display device interface.
12. An electronic device, comprising: a graphics buffer; a processor to: send graphics data to the graphics buffer, the graphics data comprising a first portion comprising encrypted graphics data and a second portion comprising unencrypted graphics data; a graphics decryption device to: receive the graphics data from the graphics buffer; and decrypt the encrypted graphics data; and a display device to display the graphics data with the decrypted graphics data received from the graphics decryption device.
13. The electronic device of claim 12, wherein the first portion comprises an application window.
14. The electronic device of claim 13, wherein the processor is to send placement and size information for the application window to the graphics decryption device.
15. The electronic device of claim 12, wherein an operating system screenshot or remote viewer session is to output random noise data for the first portion comprising the encrypted graphics data.
PCT/US2021/056185 2021-10-22 2021-10-22 Encrypted graphics data WO2023069111A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/US2021/056185 WO2023069111A1 (en) 2021-10-22 2021-10-22 Encrypted graphics data
TW111106402A TW202318232A (en) 2021-10-22 2022-02-22 Encrypted graphics data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2021/056185 WO2023069111A1 (en) 2021-10-22 2021-10-22 Encrypted graphics data

Publications (1)

Publication Number Publication Date
WO2023069111A1 true WO2023069111A1 (en) 2023-04-27

Family

ID=86058487

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2021/056185 WO2023069111A1 (en) 2021-10-22 2021-10-22 Encrypted graphics data

Country Status (2)

Country Link
TW (1) TW202318232A (en)
WO (1) WO2023069111A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040111627A1 (en) * 2002-12-09 2004-06-10 Evans Glenn F. Methods and systems for maintaining an encrypted video memory subsystem
JP3942607B2 (en) * 2004-06-09 2007-07-11 シャープ株式会社 Image processing method and image processing apparatus
CN102131023A (en) * 2010-01-12 2011-07-20 株式会社东芝 Image forming apparatus and image formation processing method
US20110202770A1 (en) * 2003-06-02 2011-08-18 Seiko Epson Corporation Security of data over a network
US8571212B2 (en) * 2007-05-30 2013-10-29 Fujitsu Limited Image encrypting device, image decrypting device and method
US20190229919A1 (en) * 2018-01-19 2019-07-25 Qed-It Systems Ltd. Proof chaining and decomposition

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040111627A1 (en) * 2002-12-09 2004-06-10 Evans Glenn F. Methods and systems for maintaining an encrypted video memory subsystem
US20110202770A1 (en) * 2003-06-02 2011-08-18 Seiko Epson Corporation Security of data over a network
JP3942607B2 (en) * 2004-06-09 2007-07-11 シャープ株式会社 Image processing method and image processing apparatus
US8571212B2 (en) * 2007-05-30 2013-10-29 Fujitsu Limited Image encrypting device, image decrypting device and method
CN102131023A (en) * 2010-01-12 2011-07-20 株式会社东芝 Image forming apparatus and image formation processing method
US20190229919A1 (en) * 2018-01-19 2019-07-25 Qed-It Systems Ltd. Proof chaining and decomposition

Also Published As

Publication number Publication date
TW202318232A (en) 2023-05-01

Similar Documents

Publication Publication Date Title
JP5628831B2 (en) Digital video guard
JP4522645B2 (en) Method and system for cryptographically protecting secure content
JP4807925B2 (en) Graphic system component authentication method and system
US7206940B2 (en) Methods and systems providing per pixel security and functionality
US9245154B2 (en) System and method for securing input signals when using touch-screens and other input interfaces
JP2004062885A (en) System and method for protecting video card output
US20090252323A1 (en) Methods, techniques and system for maintaining security on computer systems
JP5889436B2 (en) Prevention of pattern recognition in electronic codebook encryption
AU2022100184A4 (en) System for and method of authenticating a component of an electronic device
US9111123B2 (en) Firmware for protecting data from software threats
WO2023069111A1 (en) Encrypted graphics data
KR20040000348A (en) Systems and methods for securing video card output
Burg et al. End-to-display encryption: A pixel-domain encryption with security benefit
Cook et al. Remotely Keyed Cryptographics

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21961600

Country of ref document: EP

Kind code of ref document: A1