RU2004110622A

RU2004110622A - METHODS AND SYSTEMS FOR Cryptographic Protection of Protected Content

Info

Publication number: RU2004110622A
Application number: RU2004110622/09A
Authority: RU
Inventors: Пол ИНГЛЭНД (US); Пол ИНГЛЭНД; Маркус ПЕЙНАДО (US); Маркус ПЕЙНАДО; Николас П. УИЛТ (US); Николас П. УИЛТ
Original assignee: Майкрософт Корпорейшн (Us); Майкрософт Корпорейшн
Priority date: 2001-12-04
Filing date: 2002-12-03
Publication date: 2005-09-10
Also published as: RU2308077C2; BRPI0205818B1; BR0205818A

Claims

1. A method of cryptographic protection of protected content in connection with a reliable graphics system of a computing device, wherein this reliable graphics system has video memory, at least one graphic processing unit (BGO) and a cryptographic processing device connected to communicate with at least one BGO, containing a request for a graphic system by a software application or device to perform processing or visualization of protected content, while the said request in includes the transfer of the session key by said software application or device to the graphics system and the transfer of said protected content to at least one encrypted part of the video memory; deciphering the contents of said at least one encrypted part of the video memory with said at least one BGO when communicating with a cryptographic processing device; performing at least processing or visualization of said decrypted content with at least one BGO and removing said content from at least one BGO.

2. The method according to claim 1, in which if the output at said output differs from the protected content at said request configured for any processing performed with respect to said protected content by said at least one BGO, then said software application or device is warned about this difference.

3. The method according to claim 1, wherein said transfer includes transmitting said protected content to at least one encrypted surface that overlaps at least one primary surface of said video memory.

4. The method according to claim 1, in which said decryption of the contents of said at least one encrypted part of the video memory includes decoding the geometric part of the primary surface, while pixels other than the geometric part are not decrypted.

5. The method according to claim 1, in which the cryptographic processor is constantly connected to the graphics adapter by either (A) adding this cryptographic processor to an existing chip, or (B) adding this cryptographic processor as a separate chip to the graphics adapter, while the physical the connection between the cryptographic processor and the rest of the graphics adapter is not available and is not shown.

6. The method according to claim 3, wherein said decryption includes decrypting said at least one encrypted overlapping surface by a decryption mechanism of said BGO connected to communicate with said cryptographic processing device.

7. The method of claim 3, wherein said decryption includes either (A) decrypting said at least one encrypted overlapping surface during the digital-to-analog conversion (DAC) apparatus in the graphics system as the contents are output according to said derivation or (B) decrypting said at least one encrypted overlapping surface at run time, just before the contents reach the DAC equipment in the graphics system .

8. The method according to claim 3, wherein said decryption includes decrypting said at least one encrypted overlapping surface before the contents reach the DAC equipment in the graphics system, a component that does not have a return channel to the main computer system.

9. The method according to claim 1, further comprising re-encrypting said content with said at least one BGO while communicating with a cryptographic processing device before said output; decrypting said re-encrypted content with at least a second cryptographic processing device in an external computing device.

10. The method according to claim 1, in which the content is transmitted digitally to an external device having a second cryptographic processing device, and said decryption takes place in said external device.

11. The method according to claim 9, in which said external computing device is either (A) a monitor, or (B) a set top box, or (C) a digital signal processing (DSP) visualization device.

12. The method of claim 3, wherein said transfer includes transferring said protected content to either (A) a first encrypted confidential overlay for basic visualization of the protected content and (B) a second encrypted secure overlay specifically designed for existing sensitive user interfaces , or (C) to the first encrypted area of the primary surface for basic visualization of the protected content and (D) to the second encrypted area of the primary surface, Designed for existing sensitive user interfaces.

13. The method according to claim 1, wherein said decryption includes calculating a cryptographic digest of the decrypted data, and said method further comprises transmitting said cryptographic digest to a software application or device to ensure that the displayed pixels are pixels transmitted in connection with said requesting from a software application or device.

14. The method of claim 12, wherein said second encrypted secure overlay is always upstairs and does not close, and in which the contents of the second encrypted secure overlay are checked by the at least one BGO.

15. The method of claim 12, wherein said decryption includes either (A) decrypting the contents of the first encrypted confidential overlay by the first decryption component of the stream cipher, or (B) decrypting the contents of the second encrypted secure overlay by the second decryption component of the stream cipher, or (C ) decrypting the contents of the first encrypted area of the primary surface by the first decryption component of the stream cipher, or (D) decrypting the contents of the second encrypted The primary surface domain is the second component of stream cipher decryption.

16. The method according to clause 15, in which at least one bit of each pixel in the primary surface is used to determine membership in a virtual protected surface for that pixel, and the graphics adapter selects a suitable decryption key for the pixel based on the at least one bit.

17. The method according to clause 16, in which, if said at least one bit contains a zero value, then the virtual protected surface associated with said at least one bit is interpreted as a region that cannot be decrypted.

18. The method according to clause 15, further comprising, when the decrypted pixel values are available, selecting a pixel selection component in said at least one BGO pixel value either (A) a second encrypted secure overlay or (B) a first encrypted confidential overlay, or ( 3) the primary surface.

19. The method of claim 12, wherein said request includes at least (A) a bounding source or destination frame of said at least one encrypted overlapping surface, (B) a target color code of said at least one encrypted overlapping surface , (C) in the case of the first encrypted confidential overlay, a description of the key pointer to encrypt the contents of the overlay reverse buffer to which the data should be reflected, (D) in the case of the second encrypted secure of the overlay, a description of the memory cell where at least one of the cyclic redundancy code (CEC) is written, integrity measures and digest values of the decrypted overlay contents, (E) the border of the source or destination frame of at least one encrypted primary surface, and (F ) the target color code of said at least one encrypted primary surface.

20. The method according to claim 19, in which the software application or device calculates at least one of a cyclic redundancy code (CEC), integrity measures and digest values, if the said software application or device is related to the integrity of the content.

21. The method according to claim 1, in which at least one command buffer sent to the video decoder block of at least one BGO inherent in said request is encrypted by said software application or device and decrypted by said video decoder block when communicating with said block cryptographic processing.

22. The method according to item 21, further comprising detecting unauthorized access to the at least one command buffer, either (A) using two passes before using at least one command buffer, or (B) after the command buffer is used.

23. At least one of an operating system, a computer-readable storage medium with a plurality of computer-executable instructions stored thereon, a coprocessor device, a computing device, and a modulated data signal carrying computer-executable instructions for performing the method of claim 1.

24. A method of cryptographic protection of protected content in connection with a reliable graphics system of a computing device, wherein this reliable graphics system has video memory, at least one graphic processing unit (BGO) and a cryptographic processing device connected to communicate with at least one BGO, containing requesting the graphic system by a software application or device to perform processing or visualization of protected content, while the above-mentioned request This turns the transmission of the session key by said application software or device in the graphics system to verify the cryptographic processing device and transmitting said protected content to at least one encrypted portion of video memory; decrypting the contents of said at least one encrypted part of the video memory by the decryption mechanism of the input unit in said at least one BGO, said decryption mechanism communicating with said cryptographic processing device; performing at least processing or visualization of said decrypted content with at least one BGO; encryption of said content by the encryption-decryption mechanism of the output unit in at least one BGO and deriving said encrypted content from at least one BGO.

25. The method according to paragraph 24, wherein said input unit is a texture conversion unit, and said output unit is an alpha channel unit, and wherein said at least one encrypted portion of said video memory is an encrypted texture surface.

26. The method according to paragraph 24, in which the aforementioned protected content is either texture data, or plain text, or video macroblocks.

27. The method according to paragraph 24, in which said encryption and decryption include, respectively, encryption and decryption using block ciphers.

28. The method according A.25, in which the decryption mechanism of the texture conversion unit decrypts the filling of the cache line, and in which the encryption-decryption mechanism of the alpha channel block encrypts before recording.

29. The method according A.25, further comprising decrypting by the encryption-decryption mechanism of the alpha channel block when reading the cache line from the color buffer in the video memory.

30. The method according to paragraph 24, further comprising reflecting said encrypted output content from an encrypted rear primary surface into an encrypted front primary surface of said video memory; a second decryption of said encrypted output content by a second decryption mechanism of said at least one BGO in communication with said cryptographic processing device; and a second output of said output content.

31. The method according to paragraph 24, wherein said output includes outputting the encrypted content to a chain reflecting the confidential overlay, and the method further includes reflecting said encrypted output content from the encrypted back confidential surface to the encrypted front confidential surface, wherein said encryption is referred to encryption-decryption mechanism includes encryption using encryption stream cipher; second decryption of said encrypted output content by a decryption mechanism of a stream cipher in said at least one BGO in communication with said cryptographic processing device.

32. The method of claim 31, further comprising, before said encryption, encoding the location in the content; after said second decryption, decoding this location in the content, wherein said location is inaccessible from the outside, preserving the integrity of the conversion of plaintext to encrypted text.

33. The method according to paragraph 24, wherein if the output at said output differs from the protected content at said request configured for any processing performed with respect to said protected content by said at least one BGO, said software application or device is warned about this difference.

34. The method according to paragraph 24, further comprising re-encrypting said content with said at least one BGO when communicating with a cryptographic processing device before said output; decrypting said re-encrypted content with at least a second cryptographic processing device in an external computing device.

35. The method according to clause 34, wherein said external computing device is either (A) a monitor, or (B) a set top box, or (C) a digital signal processing (DSP) visualization device.

36. The method according to paragraph 24, in which the encrypted textures and the encrypted off-screen surfaces delivered by said software application or device are encoded in block ciphers, and said software application or device mixes these block ciphers with a predefined mixing format that converts the location (x, s) in the contents in a shift at least for YUV, RGB, YUY2 and packed planar formats.

37. The method according to paragraph 24, in which at least one command buffer sent to the block of the video decoder of at least one BGO according to said request is encrypted by said software application or device and decrypted by said block of video decoder when communicating with said block of cryptographic processing.

38. The method according to paragraph 24, further comprising detecting unauthorized access to the at least one command buffer, either (A) with two passes before using at least one command buffer, or (B) after the command buffer is used.

39. At least one of an operating system, a computer-readable storage medium with a plurality of computer-executable instructions stored on it, a coprocessor device, a computing device, and a modulated data signal carrying computer-executable instructions for performing the method of claim 24.

40. At least one computer-readable storage medium containing computer-executable modules, including computer-executable instructions for cryptographic protection of protected content in connection with a reliable graphics system of a computing device, wherein this reliable graphics system has video memory, at least one graphic processing unit (BGO) and a cryptographic processing device coupled to communicate with said at least one BGO, while being executed by a computer mod The streets contain means for requesting a graphic system by a software application or device to process or visualize protected content, while said requesting means includes means for transmitting a session key by said software application, or a device to a graphic system and means for transmitting said protected content via at least one encrypted portion of the video memory; means for decrypting the contents of said at least one encrypted portion of the video memory by said at least one BGO in communication with said cryptographic processing device; means for performing at least processing or visualization of said decrypted content with at least one BGO; means for removing said content from at least one BGO.

41. At least one machine-readable storage medium according to claim 40, wherein if the output of said output means is different from the protected content in said requesting means configured for any processing performed on said protected content by said at least one BGO, then said software application or device is warned of this difference.

42. At least one computer-readable storage medium according to claim 40, wherein said transmission means includes means for transmitting said protected content to at least one encrypted surface that overlaps at least one primary surface of said video memory.

43. At least one computer-readable storage medium according to claim 40, wherein said means for decrypting the contents of said at least one encrypted part of the video memory includes means for decrypting the geometric part of the primary surface, the pixels being different from the geometric part, not decrypted.

44. At least one machine-readable storage medium according to claim 40, wherein the cryptographic processor is permanently connected to the graphics adapter either (A) adding this cryptographic processor to an existing microcircuit, or (B) adding this cryptographic processor as a separate microcircuit to the graphic adapter so that the physical connection between the cryptographic processor and the rest of the graphics adapter is unavailable and not shown.

45. At least one machine-readable storage medium according to claim 42, wherein said decryption means includes means for decrypting said at least one encrypted overlapping surface by an decryption mechanism of said BGO connected to communicate with said cryptographic processing device.

46. At least one machine-readable storage medium according to claim 42, wherein said decryption means includes either (A) means for decrypting said at least one encrypted overlapping surface during the digital-to-analog conversion (DAC) in the graphics system , as the content is output according to said output, or (B) means for decrypting said at least one encrypted overlapping surface during execution of just before the contents reach the DAC hardware in the graphics system.

47. At least one machine-readable storage medium according to paragraph 42, wherein said decryption means includes means for decrypting said at least one encrypted overlapping surface before the contents reach the DAC equipment in a graphics system, a component that does not have return channel to the main computer system.

48. At least one machine-readable storage medium according to claim 40, further comprising means for re-encrypting said contents with said at least one BGO when communicating with a cryptographic processing device before said output with said output means; means for decrypting said re-encrypted content with at least a second cryptographic processing device in an external computing device.

49. At least one computer-readable storage medium according to claim 40, wherein the content is transmitted digitally to an external device having a second cryptographic processing device, and said decryption of said decryption means is carried out in said external device.

50. At least one machine-readable storage medium according to claim 48, wherein said external computing device is either (A) a monitor, or (B) a set-top box, or (C) a digital signal processing (DSP) visualization device.

51. At least one machine-readable storage medium according to claim 42, wherein said transmission means includes means for transmitting said protected content, or (A) to a first encrypted confidential overlay for basic visualization of protected content and (B) to a second encrypted a secure overlay specially designed for existing sensitive user interfaces, or (C) to the first encrypted area of the primary surface for basic visualization of the protected content press and (D) to the second encrypted area of the primary surface, specially designed for existing sensitive user interfaces.

52. At least one machine-readable storage medium according to claim 40, wherein said decryption means includes means for calculating a cryptographic digest of the decrypted data, and said computer-executable modules further comprise means for transmitting said cryptographic digest to a software application or device, to ensure that the displayed pixels are pixels transmitted in connection with said request from a software application or device Erez said means for requesting.

53. At least one machine-readable storage medium according to § 51, wherein said second encrypted secure overlay is always upstairs and does not close, and the contents of the second encrypted secure overlay are checked by the at least one BGO.

54. At least one machine-readable storage medium according to paragraph 51, wherein said decryption means includes either (A) means for decrypting the contents of the first encrypted confidential overlay by the first decryption component of the stream cipher, or (B) means for decrypting the contents of the second the encrypted secure overlay by the second decryption component of the stream cipher, or (C) means for decrypting the contents of the first encrypted area of the primary surface by the first component by decrypting the stream cipher, or (D) means for decrypting the contents of the second encrypted area of the primary surface with the second decryption component of the stream cipher.

55. At least one machine-readable storage medium according to item 54, in which at least one bit of each pixel in the primary surface is used to determine membership in a virtual protected surface for that pixel, and the graphics adapter selects a suitable decryption key for the pixel based on the above at least one bit.

56. At least one machine-readable storage medium according to § 55, wherein if said at least one bit contains a null value, then the virtual protected surface associated with said at least one bit is interpreted as being non-decryptable.

57. At least one machine-readable storage medium according to claim 54, further comprising means for selecting, when the decoded pixel values are available, a pixel selection component in said at least one BGO pixel value, either (A) a second encrypted secure overlay, or (B ) the first encrypted confidential overlay, or (3) the primary surface.

58. At least one machine-readable storage medium according to paragraph 51, wherein said requesting said means for requesting includes at least (A) a bounding source or destination frame of said at least one encrypted overlapping surface, (B) a target color code of said at least one encrypted overlapping surface, (C) in the case of a first encrypted confidential overlay, a description of a key pointer to encrypt the contents of the overlay reverse The measure in which the data should be reflected, (D) in the case of the second encrypted secure overlay, a description of the memory cell where at least one of the cyclic redundancy code (CEC) is written, integrity measures and digest values of the decrypted overlay content, (E) the limiting source or a destination frame of at least one encrypted primary surface, and (F) a target color code of said at least one encrypted primary surface.

59. At least one machine-readable storage medium according to claim 58, wherein the software application or device calculates at least one of a cyclic redundancy code (CEC), integrity measures, and digest values, if said software application or device relates to the integrity of the content.

60. At least one machine-readable storage medium according to claim 40, wherein at least one instruction buffer transmitted to the video decoder block of the at least one BGO according to said request is encrypted by said software application or device and decrypted by said video decoder block when communicating with said cryptographic processing unit.

61. At least one machine-readable storage medium according to claim 60, further comprising means for detecting unauthorized access to said at least one command buffer, either (A) with two passes before using at least one command buffer, or (B) after the command buffer is used.

62. At least one of an operating system, a computer-readable storage medium with a plurality of computer-executable instructions stored on it, a coprocessor device, a computing device and a modulated data signal carrying computer-executable modules of at least one computer-readable storage medium according to claim 40.

63. At least one computer-readable storage medium containing computer-executable modules, including computer-executable instructions for cryptographic protection of protected content in connection with a reliable graphics system of a computing device, wherein this reliable graphics system has video memory, at least one graphic processing unit (BGO) and a cryptographic processing device coupled to communicate with said at least one BGO, while being executed by a computer mod The streets contain means for requesting a graphic system by a software application or device to process or visualize protected content, while said requesting means includes means for transmitting a session key by said software application or device to a graphic system for checking the cryptographic processing device and for transmitting said protected contents of at least one encrypted portion of the video memory; means for decrypting the contents of said at least one encrypted part of the video memory by a decryption mechanism of an input unit in said at least one BGO, said decryption mechanism communicating with said cryptographic processing device; means for performing at least processing or visualization of said decrypted content with at least one BGO; means for encrypting said content with an encryption-decryption mechanism of the output unit in at least one BGO; means for deriving said encrypted content from at least one BGO.

64. At least one machine-readable storage medium according to claim 63, wherein said input unit is a texture display unit and said output unit is an alpha channel unit, and wherein said at least one encrypted portion of said video memory is an encrypted texture surface .

65. At least one machine-readable storage medium according to claim 63, wherein said protected content is either texture data, or plain text, or video macroblocks.

66. At least one machine-readable storage medium according to item 63, in which said means for encryption and means for decryption include, respectively, means for encryption and means for decryption using block ciphers.

67. At least one machine-readable storage medium according to item 63, wherein said decoding mechanism of the texture display unit decrypts the cache line filling, and the encryption-decryption mechanism of the alpha channel block performs encryption before recording.

68. At least one machine-readable storage medium according to item 64, further comprises means for decrypting by the encryption-decryption mechanism of the alpha channel block when reading the cache line from the color buffer in the video memory.

69. At least one machine-readable storage medium according to item 63, further comprising means for reflecting said encrypted output content from an encrypted rear primary surface into an encrypted front primary surface of said video memory; second means for decrypting said encrypted output content by a second decryption mechanism of said at least one BGO in communication with said cryptographic processing device; second means for outputting said output content.

70. At least one machine-readable storage medium according to item 63, wherein said output means includes means for outputting encrypted content to a chain reflecting a confidential overlay, and computer-executable modules further include means for reflecting said encrypted output content from the encrypted back confidential surface to the encrypted front confidential surface, whereby said encryption by said cipher mechanism vanilla decryption includes an encryption tool using stream encryption; second means for decrypting said encrypted output content by a decryption mechanism of a stream cipher in said at least one BGO when communicating with said cryptographic device processing.

71. At least one computer-readable storage medium according to item 70, further comprising means for encoding a location in the contents of said encryption means before said encryption; means for decoding this location in the contents after said second decryption by said second decryption means, wherein said location is inaccessible from the outside while maintaining the integrity of the conversion of plaintext to encrypted text.

72. At least one machine-readable storage medium according to claim 63, wherein, if the output of said output means differs from the protected content of said request means configured for any processing performed on said protected content by said at least one BGO, then said software application or device is warned of this difference.

73. At least one computer-readable storage medium according to claim 63, further comprising means for re-encrypting said contents with said at least one BGO when communicating with a cryptographic processing device before said output with said output means; means for decrypting said re-encrypted content with at least a second cryptographic processing device in an external computing device.

74. At least one machine-readable storage medium according to claim 73, wherein said external computing device is either (A) a monitor, or (B) a set-top box, or (C) a digital signal processing (DSP) visualization device.

75. At least one machine-readable storage medium according to claim 63, wherein the encrypted textures and encrypted off-screen surfaces delivered by said software application or device are encoded in block ciphers, and said software application or device mixes these block ciphers with a predetermined mixing format, which converts the location (x, y) in the content into a shift for at least YUV, RGB, YUY2 and packed planar formats.

76. At least one machine-readable storage medium according to claim 63, wherein the at least one instruction buffer transmitted to the video decoder unit of the at least one BHO according to said request by said requesting means is encrypted by said software application or device and decrypted by said a video decoder unit in communication with said cryptographic processing unit.

77. At least one machine-readable storage medium according to claim 63, further comprising means for detecting unauthorized access to said at least one command buffer, either (A) using two passes before using at least one command buffer, or (B) after the command buffer is used.

78. At least one of an operating system, a computer-readable data carrier with a plurality of computer-executable instructions stored on it, a coprocessor device, a computing device, and a modulated data signal carrying computer-executable instructions for executing the method of claim 63.

79. A computing device containing means for cryptographic protection of protected content in connection with a reliable graphic system of a computing device, this reliable graphic system having video memory, at least one graphic processing unit (BGO) and a cryptographic processing device connected to communicate with said at least one BGO containing a means for requesting a graphics system by a software application or device to perform processing or visas alizatsiyu protected content, wherein said means for requesting includes means for transmitting said session key software application or device in the graphics system and means for transmitting said protected content to at least one encrypted portion of video memory; means for decrypting the contents of said at least one encrypted portion of the video memory by said at least one BGO in communication with said cryptographic processing device; means for performing at least processing or visualization of said decrypted content with at least one BGO; means for removing said content from at least one BGO.

80. The computing device according to claim 79, wherein if the output of said output means differs from the protected content in said requesting means configured for any processing performed on said protected content by said at least one BGO, then said software application or the device is warned of this difference.

81. The computing device of claim 79, wherein said transmitting means includes means for transmitting said protected content to at least one encrypted surface that overlaps at least one primary surface of said video memory.

82. The computing device of claim 79, wherein said means for decrypting the contents of said at least one encrypted portion of the video memory includes means for decrypting the geometric part of the primary surface, so that pixels other than the geometric part are not decrypted.

83. The computing device of claim 79, wherein the cryptographic processor is permanently connected to the graphics adapter either (A) adding this cryptographic processor to an existing chip, or (B) adding this cryptographic processor as a separate chip to the graphics adapter, with the physical connection between the cryptographic processor and the rest of the graphics adapter is inaccessible and not shown.

84. The computing device of claim 81, wherein said decrypting means includes means for decrypting said at least one encrypted overlapping surface by a decryption mechanism of said BGO connected to communicate with said cryptographic processing device.

85. The computing device of claim 81, wherein said decryption tool includes either (A) a tool for decrypting said at least one encrypted overlapping surface during the digital-to-analog conversion (DAC) apparatus in the graphics system, as the contents are output according to said derivation, or (B) means for decrypting said at least one encrypted overlapping surface at run time immediately before the contents will reach the DAC hardware in the graphics system.

86. The computing device of claim 81, wherein said decryption means includes means for decrypting said at least one encrypted overlapping surface before the contents reach the DAC equipment in the graphics system, a component that does not have a return channel to the main computer system.

87. The computing device according to claim 79, further comprising means for re-encrypting said contents with said at least one BGO when communicating with a cryptographic processing device before said output with said output means; means for decrypting said re-encrypted content with at least a second cryptographic processing device in an external computing device.

88. The computing device of claim 79, wherein the content is digitally transmitted to an external device having a second cryptographic processing device, and said decryption of said decryption means is carried out in said external device.

89. The computing device of claim 87, wherein said external computing device is either (A) a monitor, or (B) a set top box, or (C) a digital signal processing (DSP) visualization device.

90. The computing device of claim 81, wherein said transmission means includes means for transmitting said protected content, either (A) to a first encrypted confidential overlay for basic visualization of protected contents and (B) to a second encrypted secure overlay specially designed for existing sensitive user interfaces, either (C) to the first encrypted area of the primary surface for basic visualization of the protected content and (D) to the second back Rowan Primary surface, specially designed for current sensing user interfaces.

91. The computing device of claim 79, wherein said decryption means includes means for calculating a cryptographic digest of the decrypted data, and said computer-executable modules further comprise means for transmitting said cryptographic digest to a software application or device to ensure that the displayed pixels are pixels transmitted in connection with said request from a software application or device through said means for requesting.

92. The computing device of claim 90, wherein said second encrypted secure overlay is always upstairs and does not close, and the contents of the second encrypted secure overlay are checked by said at least one BGO.

93. The computing device of claim 90, wherein said decrypting means includes either (A) means for decrypting the contents of the first encrypted confidential overlay by the first decryption component of the stream cipher, or (B) means for decrypting the contents of the second encrypted secure overlay by the second component decrypting the stream cipher, or (C) means for decrypting the contents of the first encrypted area of the primary surface by the first decryption component of the stream ovogo cipher, or (D) means for decrypting the encrypted content of the second primary surface region of the second stream cipher decryption component.

94. The computing device according to p, in which at least one bit of each pixel in the primary surface is used to determine membership in a virtual protected surface for that pixel, and the graphics adapter selects a suitable decryption key for the pixel based on the at least one bit .

95. The computing device according to clause 94, wherein if said at least one bit contains a null value, then the virtual protected surface associated with said at least one bit is interpreted as a region not to be decrypted.

96. The computing device of claim 93, further comprising means for selecting, when the decoded pixel values are available, the pixel selection component of said at least one BGO pixel value, either (A) a second encrypted secure overlay or (B) a first encrypted confidential overlay , or (3) the primary surface.

97. The computing device of claim 90, wherein said requesting of said means for requesting includes at least (A) a source or destination bounding box of said at least one encrypted overlapping surface, (B) a target color code of said at least at least one encrypted overlapping surface, (C) in the case of the first encrypted confidential overlay, a description of the key pointer to encrypt the contents of the overlay reverse buffer, into which data, (D) in the case of the second encrypted secure overlay, a description of the memory cell where at least one of the cyclic redundancy code (CEC) is written, integrity measures and digest values of the decrypted overlay content, (E) the frame that limits the source or destination at least one encrypted primary surface, and (F) a target color code of said at least one encrypted primary surface.

98. The computing device of claim 97, wherein the software application or device calculates at least one of a cyclic redundancy code (CEC), integrity measures, and digest values, if said software application or device relates to content integrity.

99. The computing device of claim 79, wherein the at least one instruction buffer transmitted to the video decoder block of the at least one BHO according to said request is encrypted by said software application or device and decrypted by said video decoder block when communicating with said block cryptographic processing.

100. The computing device of claim 99, further comprising means for detecting unauthorized access to said at least one command buffer, either (A) using two passes before using at least one command buffer, or (B) after the command buffer used.

101. A computing device containing computer-executable modules, including computer-executable instructions for cryptographic protection of protected content in connection with a reliable graphics system of a computing device, wherein this reliable graphics system has video memory, at least one graphic processing unit (BGO) and a device cryptographic processing connected to communicate with the at least one BGO, containing means for requesting a graphical system about to perform processing or visualization of the protected content with a software application or device, wherein said requesting tool includes means for transmitting a session key by said software application or device to a graphics system for checking by a cryptographic processing device and for transmitting said protected content to at least one encrypted part of the video memory; means for decrypting the contents of said at least one encrypted portion of the video memory by a decryption mechanism of an input unit in said at least one BGO, said decryption mechanism communicating with said cryptographic processing device; means for performing at least processing or visualization of said decrypted content with at least one BGO; means for encrypting said content with an encryption-decryption mechanism of the output unit in at least one BGO; means for deriving said encrypted content from at least one BGO.

102. The computing device of claim 101, wherein said input unit is a texture display unit, and said output unit is an alpha channel unit, and wherein said at least one encrypted portion of said video memory is an encrypted texture surface.

103. The computing device according to p. 101, in which the aforementioned protected content is either texture data, or plain text, or video macroblocks.

104. The computing device according to p. 101, in which the said means for encryption and means for decryption include, respectively, means for encryption and means for decryption using block ciphers.

105. The computing device of claim 102, wherein said decoding mechanism of the texture mapping unit decrypts the cache line filling, and the encryption-decryption mechanism of the alpha channel block encrypts before recording.

106. The computing device of claim 102, further comprising means for decrypting by an encryption-decryption mechanism an alpha channel block when reading a cache line from a color buffer in video memory.

107. The computing device according to p. 101, further comprising means for reflecting said encrypted output content from an encrypted rear primary surface into an encrypted front primary surface of said video memory; second means for decrypting said encrypted output content by a second decryption mechanism of said at least one BGO in communication with said cryptographic processing device; second means for outputting said output content.

108. The computing device according to p. 101, wherein said output means includes means for outputting encrypted content to a chain reflecting a confidential overlay, and computer-executable modules further include means for reflecting said encrypted output content from an encrypted back confidential surface into the encrypted front confidential surface, whereby said encryption by said encryption-decryption mechanism VK yuchaet an encryption tool that uses encryption stream cipher; second means for decrypting said encrypted output content by a decryption mechanism of the stream cipher in said at least one BGO when communicating with said cryptographic processing device.

109. The computing device of claim 108, further comprising means for encoding a location in the contents of said encryption means before said encryption; means for decoding this location in the contents after said second decryption by said second decryption means, whereby said location is inaccessible from the outside, while maintaining the integrity of the conversion of plaintext to encrypted text.

110. The computing device according to p. 101, in which, if the output of said withdrawal means is different from the protected content of said request means configured for any processing performed on said protected content by said at least one BGO, then said software application or device warned of this difference.

111. The computing device of claim 101, wherein the computer-executable modules further include means for re-encrypting said contents with said at least one BGO when communicating with a cryptographic processing device before said output with said output means; means for decrypting said re-encrypted content with at least a second cryptographic processing device in an external computing device.

112. The computing device of claim 111, wherein said external computing device is either (A) a monitor, or (B) a set-top box, or (C) a digital signal processing (DSP) visualization device.

113. The computing device of claim 101, wherein the encrypted textures and encrypted off-screen surfaces delivered by said software application or device are encoded in block ciphers, and said software application or device mixes these block ciphers with a predetermined mixing format that converts the location (x , y) in the content in the shift at least for YUV, RGB, YUY2 and packed planar formats.

114. The computing device according to p. 101, in which at least one instruction buffer transmitted to the video decoder block of at least one BGO according to said request by said requesting means is encrypted by said software application or device and decrypted by said video decoder block when performing communication with said cryptographic processing unit.

115. The computing device of claim 101, wherein the computer-executable modules further comprise means for detecting unauthorized access to said at least one command buffer, either (A) with two passes before using at least one command buffer, or (B) after of how the command buffer is used.