Many applications executed by touch-screen-based computing devices, such as online financial website logins, may ask the user to enter his or her login information using a virtual touch user interface such as a virtual keyboard or virtual PIN pad. Kernel mode and user mode keyloggers and screen-scraping malware may read those keystrokes and thus steal the user's confidential input. For example, malware may attach a keylogger to read the user's confidential input. As another example, malware may collect a sequence of screen captures of the touch keyboard keystroke highlights using a desktop screen-scraping API or any other method of accessing the display buffers containing the touch keyboard image.
Previous solutions to protect input from the touch user interface have used a secure enclave (such as Intel® SGX technology) to translate touch coordinates received over a secure channel from a converged security and manageability engine (CSME) to a keypad button push. Other solutions have inserted a filter driver in the touch input driver stack to perform side channel communication with the application, without providing any malware resistance or other hardening.
Previous solutions to protect the display output of the touch user interface have cryptographically protected display data using Intel® SGX technology and a protected audio/video path (PAVP). Other solutions have protected display data using a manageability engine (ME) secure sprite (i.e., ME stolen memory and CSE) or by setting up a shared isolated memory region (IMR) protected memory buffer to display the keyboard.