Typically, a content author, such as a movie studio or a user publishing content on the web, will publish video content that has restrictions on how users can view it. This content can typically be viewed or rendered on a computer such as a personal computer. A great deal of time, effort and money is spent each year by unscrupulous individuals and organizations trying to steal or otherwise inappropriately obtain such video content.
One of the points of attack can be the computer on which such video content is to be viewed or rendered. That is, rogue programs or devices can and often do try to inappropriately obtain video content once it has been received on a computer, such as a personal computer. Among other computer components, this attack can be waged against the video card that processes the video content and/or the bus that transports the video content to and from the video card.
FIG. 1 shows an exemplary video (or graphics) card 100 that includes a bus connector 102 that inserts into a port on a typical computer. Video card 100 also includes a monitor connector 104 (e.g. a 15-pin plug) that receives a cable that connects to a monitor. Video card 100 can include a digital video-out socket 106 that can be used for sending video images to LCD and flat panel monitors and the like.
The modern video card consists of four main components: the graphics processor unit (GPU) 108, the video memory 110, the random access memory digital-to-analog converter (RAMDAC) 112, and the driver software which can be included in the Video BIOS 114.
GPU 108 is a dedicated graphics processing chip that controls all aspects of resolution, color depth, and all elements associated with rendering images on the monitor screen. The computer's central processing unit or CPU (not shown) sends a set of drawing instructions and data, which are interpreted by the graphics card's proprietary driver and executed by the card's GPU 108. GPU 108 performs such operations as bitmap transfers and painting, window resizing and repositioning, line drawing, font scaling and polygon drawing. The GPU 108 is designed to handle these tasks in hardware at far greater speeds than the software running on the system's CPU. The GPU then writes the frame data to the frame buffer (or on-board video memory 110). The GPU greatly reduces the workload of the system's CPU.
The memory that holds the video image is also referred to as the frame buffer and is usually implemented on the video card itself. In this example, the frame buffer is implemented on the video card in the form of memory 110. Early systems implemented video memory in standard DRAM. However, this requires continual refreshing of the data to prevent it from being lost and cannot be modified during this refresh process. The consequence, particularly at the very fast clock speeds demanded by modern graphics cards, is that performance is badly degraded.
An advantage of implementing video memory on the video card itself is that it can be customized for its specific task and, indeed, this has resulted in a proliferation of new memory technologies:                Video RAM (VRAM): a special type of dual-ported DRAM, which can be written to and read from at the same time. It also requires far less frequent refreshing than ordinary DRAM and consequently performs much better;        Windows RAM (WRAM): as used by the Matrox Millennium card, is also dual-ported and can run slightly faster than conventional VRAM;        EDO DRAM: which provides a higher bandwidth than DRAM, can be clocked higher than normal DRAM and manages the read/write cycles more efficiently;        SDRAM: Similar to EDO RAM except the memory and graphics chips run on a common clock used to latch data, allowing SDRAM to run faster than regular EDO RAM;        SGRAM: Same as SDRAM but also supports block writes and write-per-bit, which yield better performance on graphics chips that support these enhanced features; and        DRDRAM: Direct RDRAM is a totally new, general-purpose memory architecture which promises a 20-fold performance improvement over conventional DRAM.        
Some designs integrate the graphics circuitry into the motherboard itself and use a portion of the system's RAM for the frame buffer. This is called “unified memory architecture” and is used for reasons of cost reduction only and can lead to inferior graphics performance.
The information in the video memory frame buffer is an image of what appears on the screen, stored as a digital bitmap. But while the video memory contains digital information its output medium—the monitor—may use analog signals. The analog signals require more than just an “on” or “off” signal, as it is used to determine where, when and with what intensity the electron guns should be fired as they scan across and down the front of the monitor. This is where RAMDAC 112 comes into play as described below. Some RAMDACs also support digital video interface (DVI) outputs for digital displays such as LCD monitors. In such configurations, the RAMDAC converts the internal digital representation into a form understandable by the digital display.
The RAMDAC plays the roll of a “display converter” since it converts the internal digital data into a form that is understood by the display.
Even though the total amount of video memory installed on the video card may not be needed for a particular resolution, the extra memory is often used for caching information for the GPU 108. For example, the caching of commonly used graphical items—such as text fonts and icons or images—avoids the need for the graphics subsystem to load these each time a new letter is written or an icon is moved and thereby improves performance. Cached images can be used to queue up sequences of images to be presented by the GPU, thereby freeing up the CPU to perform other tasks.
Many times per second, RAMDAC 112 reads the contents of the video memory, converts it into a signal, and sends it over the video cable to the monitor. For analog displays, there is typically one Digital-to-Analog Converter (DAC) for each of the three primary colors the CRT uses to create a complete spectrum of colors. For digital displays, the RAMDAC outputs a single RGB data stream to be interpreted and displayed by the output device. The intended result is the right mix needed to create the color of a single pixel. The rate at which RAMDAC 112 can convert the information, and the design of GPU 108 itself, dictates the range of refresh rates that the graphics card can support. The RAMDAC 112 also dictates the number of colors available in a given resolution, depending on its internal architecture.
The bus connector 102 can support one or more busses that are used to connect with the video card. For example, an Accelerated Graphics Port (AGP) bus can enable the video card to directly access system memory. Direct memory access helps to make the peak bandwidth many times higher than the Peripheral Component Interconnect (PCI) bus. This can allow the system's CPU to do other tasks while the GPU on the video card accesses system memory.
During operation, the data contained in the on-board video memory can be provided into the computer's system memory and can be managed as if it were part of the system's memory. This includes such things as virtual memory management techniques that the computer's memory manage employs. Further, when the data contained in the system's memory is needed for a graphics operation on the video card, the data can be sent over a bus (such as a PCI or AGP bus) to the video card and stored in the on-board video memory 110. There, the data can be accessed and manipulated by GPU 108 as described above.
When the data is transferred from the system memory to the video memory on the video card and vice versa, it is possible for PCI devices connected to the PCI bus to “listen” to the data as it is transferred. The PCI bus also makes the video memory “visible” to the rest of the system, as if it existed like system memory. As a result, it is possible for a PCI device to acquire the PCI bus and simply copy the contents of the video memory to another device. If the PCI device is synchronized with the incoming video, it could potentially capture all of the content.
There are two previous options to protect the content once it is in the video memory on the video card.
First, the video memory can remain accessible but the content is stored in a protected, encrypted form so that it is unreadable to rogue devices and applications. While this prevents the data from being read, it also requires that the data be continually maintained in an encrypted form. If the video card (i.e. the GPU) wishes to process the data, it must atomically decrypt on read, process and re-encrypt on every write back to the video memory. For video data, the decompressed data could require more than 300 mb per second just to display. Accordingly, the encryptor/decryptor would have to operate at these high data rates. Typically, several video streams will be processed into a single output stream. For example, picture-in-picture (PIP) or a multi-channel display would blend eight channels into a single display. This would require eight simultaneous decryptors and one encryptor running at 300 mb per second (a total of around 2.4 gigabytes per second). Thus, this approach is not very desirable due to the high computation requirements.
Second, the content or data in the video memory can simply be made inaccessible. This is typically not possible due to the design of the PCI and AGP buses, since the video memory is mapped into physical memory (i.e. it appears as if it is regular system memory). The video memory is thus accessible to any PCI device which can then acquire the PCI bus and perform the data transfer without the knowledge of the CPU. Thus, this approach is not very desirable since the memory controller (or GPU) cannot reliably determine who is accessing the memory.
Accordingly, this invention arose out of concerns associated with providing secure video processing systems and methods.