WO2012154996A1 - Apparatus and method for hardware-based secure data processing using buffer memory address range rules - Google Patents

Apparatus and method for hardware-based secure data processing using buffer memory address range rules Download PDF

Info

Publication number
WO2012154996A1
WO2012154996A1 PCT/US2012/037389 US2012037389W WO2012154996A1 WO 2012154996 A1 WO2012154996 A1 WO 2012154996A1 US 2012037389 W US2012037389 W US 2012037389W WO 2012154996 A1 WO2012154996 A1 WO 2012154996A1
Authority
WO
WIPO (PCT)
Prior art keywords
address range
secure
insecure
buffer memory
data
Prior art date
Application number
PCT/US2012/037389
Other languages
French (fr)
Inventor
Sudeep Ravi Kottilingal
Jayanth Mandayam
Ron Keidar
Original Assignee
Qualcomm Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Incorporated filed Critical Qualcomm Incorporated
Priority to KR1020137032531A priority Critical patent/KR101618940B1/en
Priority to EP12722254.5A priority patent/EP2707831B1/en
Priority to CN201280022429.XA priority patent/CN103518206B/en
Priority to BR112013028501A priority patent/BR112013028501A2/en
Priority to CA2835000A priority patent/CA2835000C/en
Priority to JP2014510477A priority patent/JP6049702B2/en
Priority to RU2013154544/08A priority patent/RU2573215C2/en
Publication of WO2012154996A1 publication Critical patent/WO2012154996A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control

Definitions

  • FIG. 2 is a block diagram of an apparatus including a buffer memory and a processor having a protection unit, according to the present invention.
  • FIG. 7 is a block diagram of flows of data though hardware having protected buffers.
  • the apparatus 200 may be a remote station comprising a computer 300 that includes a processor 310, such as processor 210, a storage medium 320, such as memory 220 and disk drives, a display 340, an input device, such as a keyboard 350, a microphone, speaker(s), a camera, and the like.
  • the station may include an interface, for example, an antenna and/or modem and/or transceiver, for use with a wireless connection 360.
  • the station may further comprise a secure module 330.
  • the secure module 330 may be used in some embodiments to implement the protection unit 230 and/or the SAR register 270 separate from the processor 310.
  • video hardware 755 may operate on data from an unprotected buffer 710 and/or a protected buffer 730, and place output data in an unprotected buffer 710 or in a protected buffer 730, in accordance with the security rules of FIG. 1.
  • video processor unit (VPU) hardware 760 may operate on data from an unprotected buffer 710 and/or a protected buffer 730, and place output data in an unprotected buffer 710 or in a protected buffer 730, in accordance with the security rules of FIG. 1.
  • a graphics processing unit (GPU) 765 may operate only on data from an unprotected buffer 710, and may place output data only in an unprotected buffer 710.
  • a wireless remote station (RS) 402 (such as apparatus

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Disclosed is a processor for processing data from a buffer memory. The processor, implemented in hardware, may allow writing of output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range. Further, the processor may block writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory.

Description

APPARATUS AND METHOD FOR HARDWARE-BASED SECURE DATA PROCESSING USING BUFFER MEMORY ADDRESS RANGE RULES
CROSS-REFERENCE TO RELATED APPLICATION
[0001] This application claims the benefit of U.S. Provisional Application No.
61/484,575, filed May 10, 2011, which is hereby incorporated herein by reference in its entirety.
BACKGROUND
Field
[0002] The present invention relates generally to secure data processing in an apparatus such as a computer or remote station.
Background
[0003] An apparatus may use an operating system that may have an open-source kernel and/or highly- accessible low-level software. Unfortunately, security implementations in the kernel can be changed for the purpose of extracting protected content, such as multimedia content protected using DRM (Digital Rights Management).
[0004] There is therefore a need for an effective technique for secure data processing.
SUMMARY
[0005] An aspect of the present invention may reside in a processor, implemented in hardware, for processing data from a buffer memory. The processor includes a protection unit. The protection unit is configured to allow writing of output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range. The protection unit is further configured to block writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory
[0006] In more detailed aspects of the invention, protection unit may be further configured to allow writing of output data, processed based on input data from at least one insecure location associated with the insecure address range, to one or more insecure locations associated with the insecure address range. The addresses for the secure address range may comprise virtual addresses. The secure address range may comprise a page of the buffer memory. The virtual addresses may be mapped to physical addresses in the buffer memory by a page table. Alternatively, the addresses for the secure address range may comprise physical addresses.
[0007] In other more detailed aspects of the invention, the input data may be based on data extracted from protected content from a protected source. The output data may be for reading from the buffer memory by a display hardware for display.
[0008] Another aspect of the invention may reside in an apparatus for processing data from a buffer memory, comprising: means for allowing writing of output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range; and means for blocking writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory.
[0009] Another aspect of the invention may reside in a computer program product, comprising a computer-readable medium, comprising code for causing a computer to allow writing of output data, processed based on input data from at least one secure location associated with a secure address range of a buffer memory, to one or more secure locations associated with the secure address range; and code for causing a computer to block writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory.
[0010] Another aspect of the invention may reside in a method for processing data from a buffer memory. The method may include allowing a processor implemented in hardware to write output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range. The method further may include blocking the processor from writing output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory. Another aspect of the invention may reside in an apparatus including a buffer memory and a processor. The buffer memory has a plurality of addressable locations comprising secure locations associated with a secure address range, and insecure locations associated with an insecure address range. The processor is implemented in hardware for processing data from the secure locations and from the insecure locations. The processor is configured to allow writing of output data, processed based on input data from at least one of the secure locations associated with the secure address range, to one or more of the secure locations associated with the secure address range. The processor is also configured to block writing of output data, processed based on input data from at least one of the secure locations associated with the secure address range, to one or more of the insecure locations associated with the insecure address range.
BRIEF DESCRIPTION OF THE DRAWINGS
[0012] FIG. 1 is a flow diagram of a method for processing data from a buffer memory having a plurality of addressable locations comprising locations associated with a secure address range and locations associated with an insecure address range, according to the present invention.
[0013] FIG. 2 is a block diagram of an apparatus including a buffer memory and a processor having a protection unit, according to the present invention.
[0014] FIG. 3 is a block diagram of a computer including a processor and a memory.
[0015] FIG. 4 is a block diagram of an example of a wireless communication system.
[0016] FIG. 5 is a block diagram of a flow of data though an apparatus having a protected zone.
[0017] FIG. 6 is a block diagram of flow(s) of data though an apparatus having a protected zone.
[0018] FIG. 7 is a block diagram of flows of data though hardware having protected buffers.
DETAILED DESCRIPTION
[0019] The word "exemplary" is used herein to mean "serving as an example, instance, or illustration." Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
[0020] With reference to FIGS. 1 and 2, an aspect of the present invention may reside in a processor 210, implemented in hardware, for processing data from a buffer memory 220. The processor 210 includes a protection unit 230. The processor 210 reads pre- processed data from memory locations 240 in the buffer memory 220 over a data bus 245. After further processing, the processor 210 writes processed data back to memory locations in the buffer memory 220. The data stored in the buffer memory 220 may have been extracted from protected content, such as multimedia content protected using DRM, or the like. It is advantageous to keep such data secure as it is processed and "flows" through the buffer memory 220. Accordingly, the data extracted from protected content is stored in location(s) 240 associated with a secure address range 250 of the buffer memory 220. The protection unit 230 provides hardware protection of data flows though the buffer memory 220, in some embodiments, without having to keep track of the data flows and associated sessions, and privileges for the sessions. [0021] According to the security rules shown in FIG. 1, the protection unit 230 is configured to allow writing of output data to one or more secure locations 240 associated with the secure address range 250 when the output data was processed based on input data from at least one secure location 240 associated with a secure address range 250 of the buffer memory 220. The protection unit 230 is further configured to block writing of output data to one or more insecure locations 240 associated with an insecure address range 260 of the buffer memory 220 when the output data was processed based on input data from at least one secure location 240 associated with the secure address range 250.
[0022] In more detailed aspects of the invention, protection unit 230 may be further configured to allow writing of output data, processed based on input data from at least one insecure location associated with the insecure address range 260, to one or more insecure locations associated with the insecure address range 260. Thus, unprotected content may be processed without affecting the security of the securely stored protected content.
[0023] The addresses for the secure address range 250 may comprise virtual addresses.
Alternatively, the addresses for the secure address range may comprise physical addresses. In a protected memory scheme, physical addresses of memory locations 240 in the buffer memory 220 may be mapped to virtual addresses by, for example, a page table, to allow sharing of the physical memory by different processes and/or sessions using respective independent virtual address spaces. Generally, physical addresses are mapped as 4 kilobyte pages, although other page sizes may be used. Thus, the secure address range 250 of the protected buffer memory 730 (illustrated in FIG. 7) may comprise a page of memory locations. In one embodiment, the processor 210 implements the security rules of FIG. 1 by requiring writing of the output data to the same page as the input data. In such embodiment, the processor 210 blocks writing of the output data to another page. If the secure address range 250 comprises multiple pages, the pages may or may not be contiguous in the buffer memory 220.
[0024] The memory locations 240 may be grouped in other configurations including blocks, segments, portions, and the like. The secure address range 250 of buffer memory 220 may encompass such blocks, segments, portions, etc.
[0025] A data store such as a secure address range (SAR) register 270 may store the secure address range 250. The register 270 may be in a securely protected zone to prevent alteration or hacking by malicious software. When the input data is read, the secure address range register 270 may be checked by the protection unit 230 to determine whether the input data is from a secure location. Similarly, when output data is to be written, the secure address range register 270 may be checked by the protection unit 230 to determine whether the output data is to be written to a secure location.
[0026] Another aspect of the invention may reside in an apparatus 200 for processing data from a buffer memory 220, comprising: means (230) for allowing writing of output data, processed based on input data from at least one secure location 240 associated with a secure address range 250 of the buffer memory 220, to one or more secure locations 240 associated with the secure address range 250; and means (230) for blocking writing of output data, processed based on input data from at least one secure location associated with the secure address range 250, to one or more insecure locations associated with an insecure address range 260 of the buffer memory 220.
[0027] Another aspect of the invention may reside in a computer program product, comprising a computer-readable medium 320 (FIG. 3), comprising code for causing a computer 300 to allow writing of output data, processed based on input data from at least one secure location 240 associated with a secure address range 250 of a buffer memory 220, to one or more secure locations associated with the secure address range 250; and code for causing a computer to block writing of output data, processed based on input data from at least one secure location associated with the secure address range 250, to one or more insecure locations associated with an insecure address range 260 of the buffer memory 220.
[0028] Another aspect of the invention may reside in a method 100 for processing data from a buffer memory 220. The method 100 may include allowing a processor 210 implemented in hardware to write output data, processed based on input data from at least one secure location 240 associated with a secure address range 250 of the buffer memory 220 (step 110), to one or more secure locations associated with the secure address range 250 (steps 120 and 130). The method 100 further may include blocking the processor 210 from writing output data, processed based on input data from at least one secure location associated with the secure address range 250, to one or more insecure locations associated with an insecure address range 260 of the buffer memory 220 (step 140). The method 100 may further include allowing the processor 210 to write output data, processed based on input data from at least one insecure location associated with the insecure address range 260, to one or more insecure locations associated with the insecure address range 260 (step 150).
[0029] Another aspect of the invention may reside in an apparatus 200 including a buffer memory 220 and a processor 210. The buffer memory 220 has a plurality of addressable locations 240 comprising secure locations associated with a secure address range 250, and insecure locations associated with an insecure address range 260. The processor 210 is implemented in hardware for processing data from the secure locations and from the insecure locations. The processor 210 is configured to allow writing of output data, processed based on input data from at least one of the secure locations associated with the secure address range 250, to one or more of the secure locations associated with the secure address range 250. The processor 210 is also configured to block writing of output data, processed based on input data from at least one of the secure location associated with the secure address range 250, to one or more of the insecure locations associated with the insecure address range 260.
[0030] The apparatus 200 may be a remote station comprising a computer 300 that includes a processor 310, such as processor 210, a storage medium 320, such as memory 220 and disk drives, a display 340, an input device, such as a keyboard 350, a microphone, speaker(s), a camera, and the like. The station may include an interface, for example, an antenna and/or modem and/or transceiver, for use with a wireless connection 360. In some embodiments, the station may further comprise a secure module 330. The secure module 330 may be used in some embodiments to implement the protection unit 230 and/or the SAR register 270 separate from the processor 310. In other embodiments, the secure module 330 may implement other security and/or write- pro tection functions. In some embodiments, the secure module 330 may be omitted. In one example embodiment where the protection unit 230 and the SAR register 270 are implemented in the processor 310, the secure module 330 is omitted. Further, the station may also include USB, Ethernet and/or similar interfaces.
[0031] With reference to FIG. 5, content such as video data may be input to the apparatus 200 from a variety of sources such as download, broadcast, http stream, DLNA (Digital Living Network Alliance), HDMI (High-Definition Multimedia Interface), USB AV (Universal Serial Bus Audio/Visual), and the like. Protected content (CAS (Conditional Access System), HDCP (High-bandwidth Digital Content Protection), DRM (Digital Rights Management), etc), is directed to a protected zone implemented by the apparatus. The higher level operating system (or kernel) is not able to directly access the protected zone. The apparatus provides processed output data (words) to addressable memory locations 240 associated with or within a secure address range 250 in accordance with security rules (FIG. 1). The output data may be protected content (DTCP+ (Digital Transmission. Content Protection Plus), HDCP, HDCP 2.0, etc) forwarded directly to a display 340. The output video data may be in accordance with Wireless HD (High-Definition), DLNA, HDMI out, USB AV, and the like.
[0032] The protected zone may be associated with an array of processing units for achieving one or more functions. The array of processing units may include a video decoder, mobile data processor, and the like.
[0033] With reference to FIG. 6, an apparatus 600— which may, for example, comprise an implementation of the apparatus 200, and/or the computer 300— may have a content protection zone 610 and a higher level operation system (HLOS) content zone 620. In some embodiments, the protection zone 610 may comprise an implementation of the protected zone discussed above. The apparatus may have content sources 630, content transforms 640, and content sink(s) 650. The content sources may be non-content- protected filestreams 655, and protected content associated with a secure zone 660 (secure execution environment) and crypto-engine hardware 665. The protected content may be, for example, multimedia content protected using DRM. Data from protected content sources stays within the content protection zone 610, and data from the nonprotected content sources stays within the HLOS content zone 620. The content transforms may be accomplished by video codec hardware 670 and graphics processing unit (GPU) 675. The GPU may operate only on non-protected content, whereas the video codec hardware may operate on protected content and on non-protected content. The video codec hardware may include a protection unit 230 and a SAR register 270 for ensuring that decrypted and/or decoded data is only written to addressable memory locations 240 in accordance with the security rules shown in FIG. 1. The content sink 650 may include mobile display platform (MDP) hardware 680 for outputting the multimedia content to a device screen 685 or 340, or to an HDMI link 690, etc.
[0034] With reference to FIG. 7, a data flow through the buffer memory 220 from a plurality of content sources 630 to a plurality of content sinks 650 is shown in relation to a plurality of content transforms 640. An unprotected buffer 710 corresponds to the memory locations 240 associated with the insecure address range 260 of the buffer memory, and a protected buffer 730 corresponds to the memory locations 240 associated with the secure address range 250 of the buffer memory. To show the flow of data through the buffer memory, the unprotected and protected buffers, 710 and 730, are shown in several instances between the hardware elements. However, the several protected and unprotected buffers may be a unitary addressable memory space of the buffer memory 220 which is connected to the hardware elements by, for example, the bus 245. As examples of content sources, free content from an unprotected source 705 may be placed in memory locations of the unprotected buffer 710 associated with the insecure address range 260, whereas premium content from a protected source 715 may be input into a secure zone 720 (secure execution environment) and crypto-engine hardware 725, and then output to memory locations of the protected buffer 730 associated with the secure address range 250. Broadcast content 735 may be received, decrypted if necessary, and placed in the unprotected buffer 710 or in the protected buffer 730, by broadcast+crypto hardware 740, depending on whether the incoming broadcast signal is encrypted. Similarly, video signals 745 captured by video capture hardware 750 may be placed in the unprotected buffer 710 or in the protected buffer 730, depending on whether the incoming video signal is protected. For example, if HDCP is enabled on an HDMI input, then the content may be treated as protected. Also, if Macrovision®/CGMS-A (Copy Generation Management System - Analog) is detected on an analog input, the content may be treated as protected. For a digital (TTL) input, the content may be treated as protected as a default. As an example of a content transform, video hardware 755 may operate on data from an unprotected buffer 710 and/or a protected buffer 730, and place output data in an unprotected buffer 710 or in a protected buffer 730, in accordance with the security rules of FIG. 1. Similarly, video processor unit (VPU) hardware 760 may operate on data from an unprotected buffer 710 and/or a protected buffer 730, and place output data in an unprotected buffer 710 or in a protected buffer 730, in accordance with the security rules of FIG. 1. A graphics processing unit (GPU) 765 may operate only on data from an unprotected buffer 710, and may place output data only in an unprotected buffer 710. As, examples of content sinks, MDP hardware 770 may read and operate on data from an unprotected buffer 710 and/or a protected buffer 730, and output the data in the from of multimedia content to a device screen 780 or to an HDMI link 790, etc. [0035] A plurality of sessions and/or content streams may exist at the same time. Each session or stream may be associated with a common secure address range 250 or its own secure address range 250 or page of memory locations. For example, a first secure address range or page for a first session or stream may not be considered a secure address range for a second session or stream. The processor hardware may block writing output data associated with a second session or stream to the first secure address range or page, because the first secure address range or page may be considered as an insecure memory location with respect to the second session. If a common secure address range 250 is implemented, however, data protection may be simplified in some embodiments because different address ranges may not be individually tracked with respect to different sessions or streams, but rather a single address range may apply to all or certain protected content. In some embodiments, sessions or streams may be associated with different processors. Each of these processors may be associated with its own secure address range and/or memory buffer in some embodiments. In other embodiments, two or more of the processors may share a memory buffer or a secure address range of that memory buffer.
[0036] Embodiments described above may provide hardware protection of data flows though the buffer memory 220 without having to keep track of the data flows and associated sessions, and privileges for the sessions. Thus, protected content and unprotected content from different sources may be processed by content transform hardware without requiring tracking of the privileges of the associated sessions when writing the processed or transformed data to the buffer memory. When the security rules of FIG. 1 are implemented in hardware, malicious software is unable to redirect protected content to an unprotected memory location because the hardware blocks such malicious redirection.
[0037] With reference to FIG. 4, a wireless remote station (RS) 402 (such as apparatus
200) may communicate with one or more base stations (BS) 404 of a wireless communication system 400. The wireless communication system 400 may further include one or more base station controllers (BSC) 406, and a core network 408. Core network may be connected to an Internet 410 and/or a Public Switched Telephone Network (PSTN) 412 via suitable backhauls. A typical wireless remote station may include a mobile station such as a handheld phone, or a laptop computer. The wireless communication system 400 may employ any one of a number of multiple access techniques such as code division multiple access (CDMA), time division multiple access (TDMA), frequency division multiple access (FDMA), space division multiple access (SDMA), polarization division multiple access (PDMA), or other modulation techniques known in the art.
[0038] Those of skill in the art will understand that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
[0039] Those of skill will further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
[0040] The various illustrative logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. [0041] The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
[0042] In one or more exemplary embodiments, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software as a computer program product, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer- readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media. The computer-readable medium may be non-transitory such that it does not include a transitory, propagating signal.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
WHAT IS CLAIMED IS:

Claims

1. A processor, implemented in hardware, for processing data from a buffer memory, the processor comprising:
a protection unit configured to:
allow writing of output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range, and
block writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory.
2. A processor as defined in claim 1 , wherein the protection unit is further configured to allow writing of output data, processed based on input data from at least one insecure location associated with the insecure address range, to one or more insecure locations associated with the insecure address range.
3. A processor as defined in claim 1, wherein the addresses for the secure address range comprise virtual addresses.
4. A processor as defined in claim 3, wherein the secure address range comprises a page of the buffer memory.
5. A processor as defined in claim 4, wherein the virtual addresses are mapped to physical addresses in the buffer memory by a page table.
6. A processor as defined in claim 1, wherein the addresses for the secure address range comprise physical addresses.
7. A processor as defined in claim 1, wherein input data is based on data extracted from protected content from a protected source.
8. A processor as defined in claim 1, wherein the output data is for reading from the buffer memory by a display hardware.
9. An apparatus for processing data from a buffer memory, comprising:
means for allowing writing of output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range; and means for blocking writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory.
10. An apparatus as defined in claim 9, further comprising means for allowing writing of output data, processed based on input data from at least one insecure location associated with the insecure address range, to one or more insecure locations associated with the insecure address range.
11. An apparatus as defined in claim 9, wherein the addresses for the secure address range comprise virtual addresses.
12. An apparatus as defined in claim 11, wherein the secure address range comprises a page of the buffer memory.
13. An apparatus as defined in claim 12, wherein the virtual addresses are mapped to physical addresses in the buffer memory by a page table.
14. An apparatus as defined in claim 9, wherein the addresses for the secure address range comprise physical addresses.
15. An apparatus as defined in claim 9, wherein input data is based on data extracted from protected content from a protected source.
16. An apparatus as defined in claim 9, wherein the output data is for reading from the buffer memory by a display hardware.
17. A computer program product, comprising:
computer-readable medium, comprising:
code for causing a computer to allow writing of output data, processed based on input data from at least one secure location associated with a secure address range of a buffer memory, to one or more secure locations associated with the secure address range; and
code for causing a computer to block writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory.
18. A computer program product as defined in claim 17, wherein the computer readable medium further comprises:
code for causing a computer to allow writing of output data, processed based on input data from at least one insecure location associated with the insecure address range, to one or more insecure locations associated with the insecure address range.
19. A computer program product as defined in claim 17, wherein the addresses for the secure address range comprise virtual addresses.
20. A computer program product as defined in claim 19, wherein the secure address range comprises a page of the buffer memory.
21. A computer program product as defined in claim 20, wherein the virtual addresses are mapped to physical addresses in the buffer memory by a page table.
22. A computer program product as defined in claim 17, wherein the addresses for the secure address range comprise physical addresses.
23. A computer program product as defined in claim 17, wherein input data is based on data extracted from protected content from a protected source.
24. A computer program product as defined in claim 17, wherein the output data is for reading from the buffer memory for display.
25. A method for processing data from a buffer memory, comprising:
allowing a processor implemented in hardware to write output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range; and
blocking the processor from writing output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory.
26. A method as defined in claim 25, further comprising allowing the processor to write output data, processed based on input data from at least one insecure location associated with the insecure address range, to one or more insecure locations associated with the insecure address range.
27. A method as defined in claim 25, wherein the addresses for the secure address range comprise virtual addresses.
28. A method as defined in claim 27, wherein the secure address range comprises a page of the buffer memory.
29. A method as defined in claim 28, wherein the virtual addresses are mapped to physical addresses in the buffer memory by a page table.
30. A method as defined in claim 25, wherein the addresses for the secure address range comprise physical addresses.
31. A method as defined in claim 25, wherein input data is based on data extracted from protected content from a protected source.
32. A method as defined in claim 25, wherein the output data is for reading from the buffer memory for display.
33. An apparatus, comprising:
a buffer memory having a plurality of addressable locations comprising: secure locations associated with a secure address range, and insecure locations associated with an insecure address range; and a processor, implemented in hardware, for processing data from the secure locations and from the insecure locations, wherein the processor is configured to:
allow writing of output data, processed based on input data from at least one of the secure locations associated with the secure address range, to one or more of the secure locations associated with the secure address range, and block writing of output data, processed based on input data from at least one of the secure locations associated with the secure address range, to one or more of the insecure locations associated with the insecure address range.
34. An apparatus as defined in claim 33, wherein the processor is further configured to allow writing of output data, processed based on input data from at least one of the insecure locations associated with the insecure address range, to one or more of the insecure locations associated with the insecure address range.
PCT/US2012/037389 2011-05-10 2012-05-10 Apparatus and method for hardware-based secure data processing using buffer memory address range rules WO2012154996A1 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
KR1020137032531A KR101618940B1 (en) 2011-05-10 2012-05-10 Apparatus and method for hardware-based secure data processing using buffer memory address range rules
EP12722254.5A EP2707831B1 (en) 2011-05-10 2012-05-10 Apparatus and method for hardware-based secure data processing using buffer memory address range rules
CN201280022429.XA CN103518206B (en) 2011-05-10 2012-05-10 For the apparatus and method using the hardware based secure data of buffer memory address ambit rule to process
BR112013028501A BR112013028501A2 (en) 2011-05-10 2012-05-10 hardware-based secure data processing apparatus and method using temporary storage memory address range rules
CA2835000A CA2835000C (en) 2011-05-10 2012-05-10 Apparatus and method for hardware-based secure data processing using buffer memory address range rules
JP2014510477A JP6049702B2 (en) 2011-05-10 2012-05-10 Apparatus and method for hardware-based secure data processing using buffer memory address range rules
RU2013154544/08A RU2573215C2 (en) 2011-05-10 2012-05-10 Apparatus and method for hardware-based secure data processing using buffer memory address range rules

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201161484575P 2011-05-10 2011-05-10
US61/484,575 2011-05-10
US13/467,853 2012-05-09
US13/467,853 US8943330B2 (en) 2011-05-10 2012-05-09 Apparatus and method for hardware-based secure data processing using buffer memory address range rules

Publications (1)

Publication Number Publication Date
WO2012154996A1 true WO2012154996A1 (en) 2012-11-15

Family

ID=46125535

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2012/037389 WO2012154996A1 (en) 2011-05-10 2012-05-10 Apparatus and method for hardware-based secure data processing using buffer memory address range rules

Country Status (9)

Country Link
US (2) US8943330B2 (en)
EP (1) EP2707831B1 (en)
JP (1) JP6049702B2 (en)
KR (1) KR101618940B1 (en)
CN (1) CN103518206B (en)
BR (1) BR112013028501A2 (en)
CA (1) CA2835000C (en)
RU (1) RU2573215C2 (en)
WO (1) WO2012154996A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014126597A1 (en) * 2013-02-18 2014-08-21 Qualcomm Incorporated Hardware enforced content protection for graphics processing units
US9767320B2 (en) 2015-08-07 2017-09-19 Qualcomm Incorporated Hardware enforced content protection for graphics processing units
WO2018022256A1 (en) * 2016-07-29 2018-02-01 Qualcomm Incorporated Updating virtual memory addresses of target application functionalities for an updated version of application binary code
US10102391B2 (en) 2015-08-07 2018-10-16 Qualcomm Incorporated Hardware enforced content protection for graphics processing units

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8943330B2 (en) * 2011-05-10 2015-01-27 Qualcomm Incorporated Apparatus and method for hardware-based secure data processing using buffer memory address range rules
US9507961B2 (en) * 2013-07-01 2016-11-29 Qualcomm Incorporated System and method for providing secure access control to a graphics processing unit
US10824756B2 (en) 2013-09-20 2020-11-03 Open Text Sa Ulc Hosted application gateway architecture with multi-level security policy and rule promulgations
EP2851833B1 (en) 2013-09-20 2017-07-12 Open Text S.A. Application Gateway Architecture with Multi-Level Security Policy and Rule Promulgations
US10116697B2 (en) 2013-09-20 2018-10-30 Open Text Sa Ulc System and method for geofencing
GB2524561A (en) * 2014-03-27 2015-09-30 St Microelectronics Res & Dev Methods and apparatus for storing content
US10558584B2 (en) * 2014-06-23 2020-02-11 Intel Corporation Employing intermediary structures for facilitating access to secure memory
US9703720B2 (en) 2014-12-23 2017-07-11 Intel Corporation Method and apparatus to allow secure guest access to extended page tables
US9553721B2 (en) * 2015-01-30 2017-01-24 Qualcomm Incorporated Secure execution environment communication
US11593075B2 (en) 2015-11-03 2023-02-28 Open Text Sa Ulc Streamlined fast and efficient application building and customization systems and methods
KR102407917B1 (en) * 2015-11-12 2022-06-10 삼성전자주식회사 Multi-Processor System Including Memory Shared By Multi-Processor And Method there-of
US11388037B2 (en) 2016-02-25 2022-07-12 Open Text Sa Ulc Systems and methods for providing managed services
FR3050847B1 (en) * 2016-05-02 2019-04-05 Morpho METHOD OF OPTIMIZING MEMORY WRITINGS IN A DEVICE
CN107220189A (en) * 2017-03-14 2017-09-29 晨星半导体股份有限公司 Memory headroom is managed and memory access control method and device
US10715310B2 (en) * 2018-05-07 2020-07-14 Qualcomm Incorporated Method and apparatus for decrypting data blocks of a pattern-encrypted subsample

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4184201A (en) * 1978-04-26 1980-01-15 Sperry Rand Corporation Integrating processor element

Family Cites Families (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2666472B1 (en) * 1990-08-31 1992-10-16 Alcatel Nv TEMPORARY INFORMATION STORAGE SYSTEM INCLUDING A BUFFER MEMORY RECORDING DATA IN FIXED OR VARIABLE LENGTH DATA BLOCKS.
EP0510242A2 (en) * 1991-04-22 1992-10-28 Acer Incorporated System and method for managing the routing execution in a computer system
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
CN101359350B (en) * 1995-02-13 2012-10-03 英特特拉斯特技术公司 Methods for secure transaction management and electronic rights protection
US6643765B1 (en) 1995-08-16 2003-11-04 Microunity Systems Engineering, Inc. Programmable processor with group floating point operations
US6101170A (en) * 1996-09-27 2000-08-08 Cabletron Systems, Inc. Secure fast packet switch having improved memory utilization
US6992563B1 (en) * 1997-04-11 2006-01-31 Robert Bosch Gmbh Method for protecting devices, specially car radios, against theft
IL129947A (en) * 1999-05-13 2003-06-24 Tadiran Telecom Business Syste Method and apparatus for downloading software into an embedded system
DE19925693B4 (en) * 1999-06-04 2007-05-16 Phoenix Contact Gmbh & Co Circuit arrangement for secure data transmission in an annular bus system
US6397301B1 (en) 1999-12-29 2002-05-28 Intel Corporation Preventing access to secure area of a cache
JP2003521776A (en) * 2000-02-01 2003-07-15 シラス ロジック、インコーポレイテッド Method and circuit for selectively operating a system in a secure environment
TW519651B (en) * 2000-06-27 2003-02-01 Intel Corp Embedded security device within a nonvolatile memory device
US6782480B2 (en) * 2000-12-21 2004-08-24 Sun Microsystems, Inc. Method and apparatus for accessing system information
US7055038B2 (en) 2001-05-07 2006-05-30 Ati International Srl Method and apparatus for maintaining secure and nonsecure data in a shared memory system
US7007025B1 (en) 2001-06-08 2006-02-28 Xsides Corporation Method and system for maintaining secure data input and output
US7296125B2 (en) * 2001-11-29 2007-11-13 Emc Corporation Preserving a snapshot of selected data of a mass storage system
JP3881942B2 (en) * 2002-09-04 2007-02-14 松下電器産業株式会社 Semiconductor device having encryption unit
JP4347582B2 (en) * 2003-02-04 2009-10-21 パナソニック株式会社 Information processing device
US7865739B2 (en) * 2003-09-02 2011-01-04 Sony Ericsson Mobile Communications Ab Methods and devices for transferring security data between memories
GB2406403B (en) 2003-09-26 2006-06-07 Advanced Risc Mach Ltd Data processing apparatus and method for merging secure and non-secure data into an output data stream
US7363491B2 (en) 2004-03-31 2008-04-22 Intel Corporation Resource management in security enhanced processors
US8190914B2 (en) * 2006-02-28 2012-05-29 Red Hat, Inc. Method and system for designating and handling confidential memory allocations
WO2007130386A2 (en) * 2006-05-01 2007-11-15 Mediatek Inc. Method and apparatus for secure context switching in a system including a processor and cached virtual memory
JP2007310601A (en) * 2006-05-18 2007-11-29 Renesas Technology Corp Microcomputer and method for protecting its software
US7945789B2 (en) 2006-09-12 2011-05-17 International Business Machines Corporation System and method for securely restoring a program context from a shared memory
US7660769B2 (en) 2006-09-12 2010-02-09 International Business Machines Corporation System and method for digital content player with secure processing vault
TWI394437B (en) * 2006-09-28 2013-04-21 Casio Computer Co Ltd Imaging apparatus, recording medium for recording a computer program, and imaging control method
US20080086603A1 (en) * 2006-10-05 2008-04-10 Vesa Lahtinen Memory management method and system
US8108905B2 (en) 2006-10-26 2012-01-31 International Business Machines Corporation System and method for an isolated process to control address translation
KR20080067774A (en) * 2007-01-17 2008-07-22 삼성전자주식회사 Method and system device for protecting security domain from unauthorized memory access
US7907823B2 (en) * 2007-03-19 2011-03-15 At&T Intellectual Property I, L.P. System and method for storing user data
US7934063B2 (en) 2007-03-29 2011-04-26 International Business Machines Corporation Invoking externally assisted calls from an isolated environment
US20080284561A1 (en) * 2007-05-14 2008-11-20 Inventec Corporation Method for protecting data
JP4976991B2 (en) * 2007-11-22 2012-07-18 株式会社東芝 Information processing apparatus, program verification method, and program
US8001334B2 (en) * 2007-12-06 2011-08-16 Silicon Image, Inc. Bank sharing and refresh in a shared multi-port memory device
GB2460393B (en) * 2008-02-29 2012-03-28 Advanced Risc Mach Ltd A data processing apparatus and method for controlling access to secure memory by virtual machines executing on processing circuitry
GB2459097B (en) 2008-04-08 2012-03-28 Advanced Risc Mach Ltd A method and apparatus for processing and displaying secure and non-secure data
US9653004B2 (en) * 2008-10-16 2017-05-16 Cypress Semiconductor Corporation Systems and methods for downloading code and data into a secure non-volatile memory
US8452934B2 (en) * 2008-12-16 2013-05-28 Sandisk Technologies Inc. Controlled data access to non-volatile memory
TWI377468B (en) * 2009-02-05 2012-11-21 Nuvoton Technology Corp Integrated circuit and memory protection apparatus and methods thereof
BRPI1014461B1 (en) * 2009-05-03 2020-10-13 Logomotion, S.R.O payment terminal using a mobile communication device
US8108587B2 (en) * 2009-05-26 2012-01-31 Microsoft Corporation Free-space reduction in cached database pages
US9922063B2 (en) * 2009-12-29 2018-03-20 International Business Machines Corporation Secure storage of secret data in a dispersed storage network
US8424100B2 (en) * 2010-03-29 2013-04-16 Motorola Solutions, Inc. System and method of vetting data
US8943330B2 (en) * 2011-05-10 2015-01-27 Qualcomm Incorporated Apparatus and method for hardware-based secure data processing using buffer memory address range rules
US8352444B1 (en) * 2011-07-11 2013-01-08 Peter Hon-You Chang User-driven menu generation system with dynamic generation of target files with placeholders for persistent change or temporary security change over cloud computing virtual storage from template files
FR2980285B1 (en) * 2011-09-15 2013-11-15 Maxim Integrated Products SYSTEMS AND METHODS FOR MANAGING CRYPTOGRAPHIC KEYS IN A SECURE MICROCONTROLLER
US8751830B2 (en) * 2012-01-23 2014-06-10 International Business Machines Corporation Memory address translation-based data encryption/compression
US20130305388A1 (en) * 2012-05-10 2013-11-14 Qualcomm Incorporated Link status based content protection buffers
KR20130139604A (en) * 2012-06-13 2013-12-23 삼성전자주식회사 Memory device comprising a plurality of memory chips, authentication system and authentication method thereof

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4184201A (en) * 1978-04-26 1980-01-15 Sperry Rand Corporation Integrating processor element

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SANDHU ET AL: "Lattice-Based Access Control Models", COMPUTER, IEEE SERVICE CENTER, LOS ALAMITOS, CA, US, vol. 26, no. 11, 1 November 1993 (1993-11-01), pages 9 - 19, XP002353292, ISSN: 0018-9162, DOI: 10.1109/2.241422 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104981811A (en) * 2013-02-18 2015-10-14 高通股份有限公司 Hardware enforced content protection for graphics processing units
WO2014126597A1 (en) * 2013-02-18 2014-08-21 Qualcomm Incorporated Hardware enforced content protection for graphics processing units
US10102391B2 (en) 2015-08-07 2018-10-16 Qualcomm Incorporated Hardware enforced content protection for graphics processing units
US9767320B2 (en) 2015-08-07 2017-09-19 Qualcomm Incorporated Hardware enforced content protection for graphics processing units
WO2018022256A1 (en) * 2016-07-29 2018-02-01 Qualcomm Incorporated Updating virtual memory addresses of target application functionalities for an updated version of application binary code
WO2018022257A1 (en) * 2016-07-29 2018-02-01 Qualcomm Incorporated Kernel-based detection of target application functionality using offset-based virtual address mapping
WO2018022255A1 (en) * 2016-07-29 2018-02-01 Qualcomm Incorporated Kernel-based detection of target application functionality using virtual address mapping
CN109643343A (en) * 2016-07-29 2019-04-16 高通股份有限公司 The detection based on kernel to target application function is mapped using virtual address
US10289847B2 (en) 2016-07-29 2019-05-14 Qualcomm Incorporated Updating virtual memory addresses of target application functionalities for an updated version of application binary code
US10360383B2 (en) 2016-07-29 2019-07-23 Qualcomm Incorporated Kernel-based detection of target application functionality using offset-based virtual address mapping
US10380342B2 (en) 2016-07-29 2019-08-13 Qualcomm Incorporated Kernel-based detection of target application functionality using virtual address mapping
TWI696950B (en) * 2016-07-29 2020-06-21 美商高通公司 Method for detecting high-level functionality of application executing on computing device, and system and computer program thereof
CN109643343B (en) * 2016-07-29 2023-09-15 高通股份有限公司 Kernel-based detection of target application functions using virtual address mapping

Also Published As

Publication number Publication date
JP6049702B2 (en) 2016-12-21
US8943330B2 (en) 2015-01-27
US20150106630A1 (en) 2015-04-16
CN103518206A (en) 2014-01-15
EP2707831B1 (en) 2018-09-05
CA2835000A1 (en) 2012-11-15
KR20140016370A (en) 2014-02-07
US20130132735A1 (en) 2013-05-23
RU2573215C2 (en) 2016-01-20
CN103518206B (en) 2016-09-07
CA2835000C (en) 2017-06-27
EP2707831A1 (en) 2014-03-19
BR112013028501A2 (en) 2017-01-10
KR101618940B1 (en) 2016-05-09
JP2014519089A (en) 2014-08-07
RU2013154544A (en) 2015-06-20
US9836414B2 (en) 2017-12-05

Similar Documents

Publication Publication Date Title
US9836414B2 (en) Apparatus and method for hardware-based secure data processing using buffer memory address range rules
CN104040511B (en) Reduce the unwarranted access to data traffic
KR101954733B1 (en) System-on-chip processing secured contents and mobile device comprising the same
EP3103051B1 (en) System and process for monitoring malicious access of protected content
US8181038B2 (en) Systems and methods for executing encrypted programs
US20130166922A1 (en) Method and system for frame buffer protection
US10395013B2 (en) Method and device for enhancing the protection of a signal, in particular a multimedia signal, against a malicious attack
ES2600512T3 (en) Method to protect data contents
US10395051B2 (en) Image processing apparatus and control method thereof
EP3155821B1 (en) Video content tracking
KR20200106311A (en) Method and system for managing content using block chain
KR101776845B1 (en) Protection against key tampering
US20080271152A1 (en) Protected intra-system interconnect for digital rights management in electrical computers and digital data processing systems
US20160112379A1 (en) Apparatus for and method of playing back content
TWI502484B (en) Display system and display method
CN114003869A (en) System and method for improving processing efficiency of protecting multiple contents
KR20140129694A (en) Terminal apparatus and method for playing encrypted multimedia contents applied drm

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12722254

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2012722254

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2835000

Country of ref document: CA

ENP Entry into the national phase

Ref document number: 2014510477

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 20137032531

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2013154544

Country of ref document: RU

Kind code of ref document: A

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112013028501

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112013028501

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20131105