| Patent application number | Description | Published |
|---|
| 20090006690 | PROVIDING UNIVERSAL SERIAL BUS DEVICE VIRTUALIZATION WITH A SCHEDULE MERGE FROM MULTIPLE VIRTUAL MACHINES - An apparatus, system, and method are disclosed. In one embodiment, the apparatus includes a virtualization engine on a computer platform. The virtualization engine can intercept multiple data transfer schedules from multiple virtual machines fetched from a memory by a physical Universal Serial Bus (USB) host controller on the computer platform. The virtualization engine also can merge the multiple fetched data transfer schedules into a merged data transfer schedule. The virtualization engine also can send the merged data transfer schedule to the physical USB host controller. | 01-01-2009 |
| 20090006702 | SHARING UNIVERSAL SERIAL BUS ISOCHRONOUS BANDWIDTH BETWEEN MULTIPLE VIRTUAL MACHINES - A method and computer readable medium are disclosed. In one embodiment, the method includes enumerating multiple Universal Serial Bus (USB) devices on a computer platform running a multiple virtual machines (VMs). The method also includes assigning each of the USB devices to a VM, wherein each USB device may be assigned to a different VM. The method also includes making each USB device visible only to the VM it is assigned to. The method also includes limiting the bandwidth each of the VMs can schedule its assigned devices within a USB data transfer frame. This will allow all of the VMs to have access to the bandwidth of the frame by avoiding the problem of over-subscription when the schedule is merged. | 01-01-2009 |
| 20090172331 | Securing content for playback - A graphics engine may include a decryption device, a renderer, and a sprite or overlay engine, all connected to a display. A memory may have a protected and non-protected portions in one embodiment. An application may store encrypted content on the non-protected portion of said memory. The decryption device may access the encrypted material, decrypt the material, and provide it to the renderer engine of a graphics engine. The graphics engine may then process the decrypted material using the protected portion of the memory. Only graphics devices can access the protected portion of the memory in at least one mode, preventing access by outside sources. In addition, the protected memory may be stolen memory that is not identified to the operating system, making that stolen memory inaccessible to applications running on the operating system. | 07-02-2009 |
| 20090245521 | METHOD AND APPARATUS FOR PROVIDING A SECURE DISPLAY WINDOW INSIDE THE PRIMARY DISPLAY - In some embodiments, the invention involves securing sensitive data from mal-ware on a computing platform and, more specifically, to utilizing virtualization technology and protected audio video path technologies to prohibit a user environment from directly accessing unencrypted sensitive data. In an embodiment a service operating system (SOS) accesses sensitive data requested by an application running in a user environment virtual machine, or a capability operating system (COS). The SOS application encrypts the sensitive data before passing the data to the COS. The COS makes requests directly to a graphics engine which decrypts the data before displaying the sensitive data on a display monitor. Other embodiments are described and claimed. | 10-01-2009 |
| 20100027790 | METHODS FOR AUTHENTICATING A HARDWARE DEVICE AND PROVIDING A SECURE CHANNEL TO DELIVER DATA - A method for delivering audio/video data through a hardware device using a software application comprises, at the hardware end, receiving an encrypted application key, an encrypted random session key, and encrypted audio/video data from the software. The hardware then decrypts the encrypted application key using a secret encryption key, decrypts the encrypted random session key using the application key, and decrypts the encrypted audio/video data using the random session key. The hardware may then deliver the unencrypted audio/video data by way of a display and speakers. The secret encryption key is securely embedded within the hardware device at an earlier point in time. | 02-04-2010 |
| 20100332852 | Creating Secure Communication Channels Between Processing Elements - Two processing elements in a single platform may communicate securely to allow the platform to take advantage of the certain cryptographic functionality in one processing element. A first processing element, such as a bridge, may use its cryptographic functionality to request a key exchange with a second processing element, such as a graphics engine. Each processing element may include a global key which is common to the two processing elements and a unique key which is unique to each processing element. A key exchange may be established during the boot process the first time the system boots and, failing any hardware change, the same key may be used throughout the lifetime of the two processing elements. Once a secure channel is set up, any application wishing to authenticate a processing element without public-private cryptographic function may perform the authentication with the other processing element which shares a secure channel with the first processing element. | 12-30-2010 |
| 20110037770 | Memory Address Re-mapping of Graphics Data - A method and apparatus for creating, updating, and using guest physical address (GPA) to host physical address (HPA) shadow translation tables for translating GPAs of graphics data direct memory access (DMA) requests of a computing environment implementing a virtual machine monitor to support virtual machines. The requests may be sent through a render or display path of the computing environment from one or more virtual machines, transparently with respect to the virtual machine monitor. The creating, updating, and using may be performed by a memory controller detecting entries sent to existing global and page directory tables, forking off shadow table entries from the detected entries, and translating GPAs to HPAs for the shadow table entries. | 02-17-2011 |
| 20110274414 | BOUNDARY DETECTION IN MEDIA STREAMS - Encoded data decoding techniques. A data decoding agent determines a data segment size for a packet that includes a header and a data segment. The data decoding agent determines a segment end location based, at least in part, on the data segment size. The data decoding agent processes subblocks of data from the data segment. The data decoding agent compares a current location to the segment end location to determine if a current subblock of data from the data segments contains the segment end location. The data decoding agent triggers an exception handler if the current subblock contains the segment end location. | 11-10-2011 |
