Consumer electronic devices, such as mobile communication devices and portable computing devices, are becoming very powerful in terms of functionality and computing ability. Thanks to such increasing power, current devices are now able to execute applications that perform a variety of different functions. For example, in addition to the conventional communication related functions they normally perform, many devices include applications that render multimedia to the user, such as video and audio, thereby enhancing a user's enjoyment of the device.
The ability to render audio and video also allows content providers to take advantage of a growing revenue stream. For example, content providers can now make premium multimedia content available to user for consumption on their personal devices. In some cases, that content may be provided in High Definition (HD) to a device that is capable of rendering such content. However, there are problems associated with existing methods of rendering multimedia content. Particularly, there are situations where the processes required to render the multimedia content do not completely protect the content from malicious applications. Thus, the content remains vulnerable to eavesdropping, and to being stolen for later rendering by unauthorized devices.
In more detail, a plurality of processes typically execute on a single user device whenever a user launches an application, such as an application that renders video and/or audio, for example. These processes are not the higher-level “user applications” that the user can actively launch and control, but rather, are the associated “lower-level” processes that launch and perform their intended operations on the content or data without any direct user involvement or knowledge. These processes may be directly associated with the user application, or may be part of the operating system (OS) on which the user applications run. By way of example, some low-level processes associated with audio/video applications will perform well-known data decryption and rendering functions to render the content to the user. Although the user may not be aware that the processes are executing, they do so nonetheless so that the user can enjoy the content.
Generally, while performing their intended functions, such low-level processes communicate with each other using well-known inter-process communication (IPC) mechanisms to pass the data and other information in messages. Although the processes may not explicitly open the data being passed to the outside world, there are still many opportunities for malicious applications to eavesdrop on the communicated messages and record the data. Once recorded, the malicious applications store the data to some other memory where it can then be retrieved and rendered without the user's or the owner's knowledge or consent. Additionally, the messages communicated between the low-level processes are vulnerable to replay attacks, or being modified without user's or owner's knowledge.
The data communicated between low-level processes associated with multimedia applications is not the only type of data that is vulnerable to such malicious eavesdropping attacks. In fact, any type of data communicated between two or more low-level processes is vulnerable to such attacks. By way of example, many users access financial or other protected information on network servers from their user devices. Although the messages communicated between the user device and the server may be secure, the messages communicated between the low-level processes associated with the user-level applications may not be secure from malicious applications executing on the user's device.
There are many different types of solutions that attempt to prevent such malicious applications from ever being installed on a user device in the first place. However, there is no solution that completely prevents all such unwanted installations. Further, many times, a user is not aware that a malicious application is currently executing on the device and stealing content. This is troublesome for content providers, who may not release premium content without increased and more stringent security measures, as well as for anyone who wishes to keep certain data secret.