Developer Guide

  • 04/03/2019
  • Public Content
Contents

Secure Display

This page provides an overview of the Secure Display feature. For guidelines on how to work with this feature, see Secure Display Security Guidelines.
When it comes to deploying an Internet or Intranet based service, the online service provider has little assurance that some malware on the user’s PC has not modified what the user sees. There is also no assurance that the service provider is interacting with a real human.
To plug these security gaps, service providers depend heavily on the user to be security-savvy. This also creates situations in which a user can dispute a transaction i.e. the service provider gets no non-repudiation assurance. Secure Display technology addresses these gaps in today’s online services deployment environment. When Secure Display is used, an online service provider receives the following assurances:
  1. Malware cannot steal sensitive data that was viewed and authorized by the user on his/her display.
  2. Security-sensitive inputs expected from a user e.g. PIN, password etc. were actually presented by a human and not replayed by some malware bot.
  3. That the real-service user cannot deny that their PC was involved in authorizing a transaction and that, in fact, a real human did the authorization.
In short, Secure Display is intended to provide assurances about transaction integrity, user presence, and non-repudiation. Lastly, since Secure Display has been designed with the assumption that users are not security savvy, it helps improve security and remove the guessing game for service provider and users.
Secure Display makes use of existing encryption capability of Intel® integrated graphics to prevent the scraping of the content displayed to the user, thereby creating an “Encrypted Display Window”. Since this Encrypted Display Window is displayed under the control of the operating system window manager, the operating system is able to draw mouse movements and accept touch inputs over the window thus creating a mechanism for a user to interact via clickable (and touchable) elements in the Encrypted Display Window.
Additionally, by randomizing the placement of clickable (and touchable) elements, the interaction of the user with these elements in the Encrypted Display Window (Secure Display window) cannot be replayed by host malware. All security-sensitive data is generated by and interpreted only within isolated environments and by the user.
The net effect is that a non-spoofable trusted path for user input and display output is created, without the user having to make any decisions about the trustworthiness of any window.
Supported from API Level 2

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804