When it comes to deploying an Internet or Intranet based service, the online service provider has little assurance that some malware on the user’s PC has not modified what the user sees. There is also no assurance that the service provider is interacting with a real human.
To plug these security gaps, service providers depend heavily on the user to be security-savvy. This also creates situations in which a user can dispute a transaction i.e. the service provider gets no non-repudiation assurance. Secure Display technology addresses these gaps in today’s online services deployment environment. When Secure Display is used, an online service provider receives the following assurances:
Malware cannot steal sensitive data that was viewed and authorized by the user on his/her display.
Security-sensitive inputs expected from a user e.g. PIN, password etc. were actually presented by a human and not replayed by some malware bot.
That the real-service user cannot deny that their PC was involved in authorizing a transaction and that, in fact, a real human did the authorization.
In short, Secure Display is intended to provide assurances about transaction integrity, user presence, and non-repudiation. Lastly, since Secure Display has been designed with the assumption that users are not security savvy, it helps improve security and remove the guessing game for service provider and users.
Secure Display makes use of existing encryption capability of Intel® integrated graphics to prevent the scraping of the content displayed to the user, thereby creating an “Encrypted Display Window”. Since this Encrypted Display Window is displayed under the control of the operating system window manager, the operating system is able to draw mouse movements and accept touch inputs over the window thus creating a mechanism for a user to interact via clickable (and touchable) elements in the Encrypted Display Window.
Additionally, by randomizing the placement of clickable (and touchable) elements, the interaction of the user with these elements in the Encrypted Display Window (Secure Display window) cannot be replayed by host malware. All security-sensitive data is generated by and interpreted only within isolated environments and by the user.
The net effect is that a non-spoofable trusted path for user input and display output is created, without the user having to make any decisions about the trustworthiness of any window.
Supported from API Level 2