Typically, content that resides on a computer can come under attack by individuals who wish to steal or modify the content. As an example, consider the case of a content author, such as a movie studio or a user publishing content on the web. Typically these individuals will publish video content that has restrictions on how users can view it. This content can typically be viewed or rendered on a computer such as a personal computer. A great deal of time, effort and money is spent each year by unscrupulous individuals and organizations trying to steal or otherwise inappropriately obtain such video content. Additionally, consider the case of eCommerce software that enables individuals to transact, for example, banking transactions. The data that is displayed on a display monitor for the user to review and manipulate can come under attack by rogue software applications executing on the user's computer. That is, rogue programs or devices can and often do try to inappropriately obtain content once it has been received on a computer, such as a personal computer.
One solution for content security can include various software-based digital rights management (DRM) solutions. The problem here is that no matter how good the software-based, tamper-resistant, “hard-to-observe” DRM system that does the software rendering is—ultimately, the bits get written out to a video card where they can be “seen” or even copied by other software. This presents a sphere of vulnerability. Thus, the video card that processes the video content can be the subject of software attacks.
FIG. 1 shows an exemplary video (or graphics) card 100 that includes a bus connector 102 that inserts into a port on a typical computer. Video card 100 also includes a monitor connector 104 (e.g. a 15-pin plug) that receives a cable that connects to a monitor. Video card 100 can include a digital video-out socket 106 that can be used for sending video images to LCD and flat panel monitors and the like.
The modern video card consists of four main components: the graphics processor unit (GPU) 108, the video memory 110, the random access memory digital-to-analog converter (RAMDAC) 112, and the driver software which can be included in the Video BIOS 114.
GPU 108 is a dedicated graphics processing chip that controls all aspects of resolution, color depth, and all elements associated with rendering images on the monitor screen. The computer's central processing unit or CPU (not shown) sends a set of drawing instructions and data, which are interpreted by the graphics card's proprietary driver and executed by the card's GPU 108. GPU 108 performs such operations as bitmap transfers and painting, window resizing and repositioning, line drawing, font scaling and polygon drawing. The GPU 108 is designed to handle these tasks in hardware at far greater speeds than the software running on the system's CPU. The GPU then writes the frame data to the frame buffer (or on-board video memory 110). The GPU greatly reduces the workload of the system's CPU.
The memory that holds the video image is also referred to as the frame buffer and is usually implemented on the video card itself. In this example, the frame buffer is implemented on the video card in the form of memory 110. Early systems implemented video memory in standard DRAM. However, this requires continual refreshing of the data to prevent it from being lost and cannot be modified during this refresh process. The consequence, particularly at the very fast clock speeds demanded by modern graphics cards, is that performance is badly degraded.
An advantage of implementing video memory on the video card itself is that it can be customized for its specific task and, indeed, this has resulted in a proliferation of new memory technologies:                Video RAM (VRAM): a special type of dual-ported DRAM, which can be written to and read from at the same time. It also requires far less frequent refreshing than ordinary DRAM and consequently performs much better;        Windows RAM (WRAM): as used by the Matrox Millennium card, is also dual-ported and can run slightly faster than conventional VRAM;        EDO DRAM: which provides a higher bandwidth than DRAM, can be clocked higher than normal DRAM and manages the read/write cycles more efficiently;        SDRAM: Similar to EDO RAM except the memory and graphics chips run on a common clock used to latch data, allowing SDRAM to run faster than regular EDO RAM;        SGRAM: Same as SDRAM but also supports block writes and write-per-bit, which yield better performance on graphics chips that support these enhanced features; and        DRDRAM: Direct RDRAM is a totally new, general-purpose memory architecture which promises a 20-fold performance improvement over conventional DRAM.        
Some designs integrate the graphics circuitry into the motherboard itself and use a portion of the system's RAM for the frame buffer. This is called “unified memory architecture” and is used for reasons of cost reduction only and can lead to inferior graphics performance.
The information in the video memory frame buffer is an image of what appears on the screen, stored as a digital bitmap. But while the video memory contains digital information its output medium—the monitor—may use analog signals. The analog signals require more than just an “on” or “off” signal, as it is used to determine where, when and with what intensity the electron guns should be fired as they scan across and down the front of the monitor. This is where RAMDAC 112 comes into play as described below. Some RAMDACs also support digital video interface (DVI) outputs for digital displays such as LCD monitors. In such configurations, the RAMDAC converts the internal digital representation into a form understandable by the digital display.
The RAMDAC plays the roll of a “display converter” since it converts the internal digital data into a form that is understood by the display.
Even though the total amount of video memory installed on the video card may not be needed for a particular resolution, the extra memory is often used for caching information for the GPU 108. For example, the caching of commonly used graphical items—such as text fonts and icons or images—avoids the need for the graphics subsystem to load these each time a new letter is written or an icon is moved and thereby improves performance. Cached images can be used to queue up sequences of images to be presented by the GPU, thereby freeing up the CPU to perform other tasks.
Many times per second, RAMDAC 112 reads the contents of the video memory, converts it into a signal, and sends it over the video cable to the monitor. For analog displays, there is typically one Digital-to-Analog Converter (DAC) for each of the three primary colors the CRT uses to create a complete spectrum of colors. For digital displays, the RAMDAC outputs a single RGB data stream to be interpreted and displayed by the output device. The intended result is the right mix needed to create the color of a single pixel. The rate at which RAMDAC 112 can convert the information, and the design of GPU 108 itself, dictates the range of refresh rates that the graphics card can support. The RAMDAC 112 also dictates the number of colors available in a given resolution, depending on its internal architecture.
The bus connector 102 can support one or more busses that are used to connect with the video card. For example, an Accelerated Graphics Port (AGP) bus can enable the video card to directly access system memory. Direct memory access helps to make the peak bandwidth many times higher than the Peripheral Component Interconnect (PCI) bus. This can allow the system's CPU to do other tasks while the GPU on the video card accesses system memory.
During operation, the data contained in the on-board video memory can be provided into the computer's system memory and can be managed as if it were part of the system's memory. This includes such things as virtual memory management techniques that the computer's memory manager employs. Further, when the data contained in the system's memory is needed for a graphics operation on the video card, the data can be sent over a bus (such as a PCI or AGP bus) to the video card and stored in the on-board video memory 110. There, the data can be accessed and manipulated by GPU 108 as described above.
This invention arose out of concerns associated with providing methods and systems for protecting data. In particular, the invention arose out of concerns associated with providing methods and systems that are resistant to software attacks, particularly those attacks that are waged by a rogue application executing on a user's machine.