公开(公告)号：US20120297455A1

公开(公告)日：2012-11-22

申请号：US13109530

申请日：2011-05-17

申请人： Mark F. Novak ,  Karanbir Singh ,  David M. McPherson ,  Andrey Popov ,  Ming Tang

发明人： Mark F. Novak ,  Karanbir Singh ,  David M. McPherson ,  Andrey Popov ,  Ming Tang

IPC分类号： G06F17/00

CPC分类号： G06F21/6218 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L63/10 ,  H04L63/20

摘要： A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.

摘要翻译： 在控制对资源的访问的目标系统上构建主体的上下文，独立于请求访问资源的主体。 在目标系统处将授权策略应用于上下文以确定主体是否被允许访问资源，并且提供主体是否允许访问资源的指示（例如，给管理员）。 可以对上下文进行修改，并且重新应用授权以确定具有修改的上下文的主体是否被允许访问资源。

公开(公告)号：US08561152B2

公开(公告)日：2013-10-15

申请号：US13109530

申请日：2011-05-17

申请人： Mark F. Novak ,  Karanbir Singh ,  David M. McPherson ,  Andrey Popov ,  Ming Tang

发明人： Mark F. Novak ,  Karanbir Singh ,  David M. McPherson ,  Andrey Popov ,  Ming Tang

IPC分类号： G06F21/00

CPC分类号： G06F21/6218 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L63/10 ,  H04L63/20

摘要： A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.

摘要翻译： 在控制对资源的访问的目标系统上构建主体的上下文，独立于请求访问资源的主体。 在目标系统处将授权策略应用于上下文以确定主体是否被允许访问资源，并且提供主体是否允许访问资源的指示（例如，给管理员）。 可以对上下文进行修改，并且重新应用授权以确定具有修改的上下文的主体是否被允许访问资源。

公开(公告)号：US20130205360A1

公开(公告)日：2013-08-08

申请号：US13368731

申请日：2012-02-08

申请人： Mark F. Novak ,  Andrew J. Layman

发明人： Mark F. Novak ,  Andrew J. Layman

IPC分类号： G06F21/00

CPC分类号： H04L63/102 ,  H04L63/0815 ,  H04L63/083 ,  H04L63/0853 ,  H04L63/0884 ,  H04L2463/102

摘要： Protecting user credentials from a computing device includes establishing a secure session between a computing device and an identity provider (e.g., a Web service). Parameters of the secure session are communicated to a credential service, which renegotiates or resumes the secure session to establish a new secure session between the credential service and the identity provider. User credentials are passed from the credential service to the identity provider via the new secure session, but the computing device does not have the parameters of the new secure session and thus does not have access to the passed user credentials. The credential service then renegotiates or resumes the secure session again to establish an additional secure session between the credential service and the identity provider. Parameters of the additional secure session are communicated to the computing device to allow the computing device to continue communicating securely with the identity provider.

摘要翻译： 保护来自计算设备的用户凭证包括在计算设备和身份提供商（例如，Web服务）之间建立安全会话。 安全会话的参数被传送到凭证服务，该凭证服务重新协商或恢复安全会话以在证书服务和身份提供者之间建立新的安全会话。 用户凭证通过新的安全会话从凭证服务传递给身份提供者，但计算设备不具有新安全会话的参数，因此无法访问所传递的用户凭据。 然后，凭证服务再次重新协商或恢复安全会话，以在凭证服务和身份提供商之间建立额外的安全会话。 附加安全会话的参数被传送到计算设备以允许计算设备继续与身份提供商通信。

公开(公告)号：US08365264B2

公开(公告)日：2013-01-29

申请号：US12577711

申请日：2009-10-12

申请人： Mark F. Novak

发明人： Mark F. Novak

IPC分类号： H04L29/06

CPC分类号： H04L63/1441 ,  G06F21/31 ,  G06F21/55 ,  H04L63/083 ,  H04L63/0869

摘要： A password may be provided along with a validation code, which can help prevent the password from being sent to the wrong recipient. When a password is created, a validation code may be created based on (a) the password, and (b) the identity of the target of authentication (TA) to which the password is intended to be sent. When a user is requested to provide a password, validation component intercepts the request and asks the user to enter both the password and validation code. The validation component then re-calculates the validation code based on the entered password and on the TA that is requesting the password. If the re-calculated validation code matches the validation code entered by the user, then the password is released to the user agent that the user uses to communicate with the TA, and the user agent sends the password to the requesting TA.

摘要翻译： 可以提供密码以及验证码，这有助于防止将密码发送到错误的接收者。 当创建密码时，可以基于（a）密码和（b）要发送密码的认证目标（TA）的身份来创建验证码。 当请求用户提供密码时，验证组件拦截请求，并要求用户输入密码和验证码。 验证组件然后根据输入的密码和正在请求密码的TA重新计算验证码。 如果重新计算的验证码与用户输入的验证码匹配，则将密码释放给用户与TA通信的用户代理，并且用户代理将密码发送到请求的TA。

公开(公告)号：US5434969A

公开(公告)日：1995-07-18

申请号：US926721

申请日：1992-08-06

申请人： Andrew L. Heilveil ,  Jerry R. VanAken ,  Karl M. Guttag ,  Donald J. Redwine ,  Raymond Pinkham ,  Mark F. Novak

发明人： Andrew L. Heilveil ,  Jerry R. VanAken ,  Karl M. Guttag ,  Donald J. Redwine ,  Raymond Pinkham ,  Mark F. Novak

IPC分类号： G11C7/10 ,  H04N5/907 ,  G06F12/06

CPC分类号： G11C7/1075 ,  H04N5/907

摘要： In a video-type computer system and the like, an improved memory circuit is provided for adapting the system to CRT screens having different resolutions. The memory circuit includes a bit-mapped RAM unit or chip having sufficient cells to accommodate any CRT screen sought to be used, and also a serial shift register having taps at a plurality of different locations corresponding to different columns of cells in the RAM unit. When the RAM unit is in serial mode, a row of data is transferred into the serial shift register. Then the column address applied to the RAM unit is used to instruct and actuate a suitable decoder circuit to select the tap appropriate to unload the portion of the serial shift register containing the data bits of interest.

摘要翻译： 在视频型计算机系统等中，提供了一种改进的存储器电路，用于使系统适应具有不同分辨率的CRT屏幕。 存储器电路包括具有足够的单元以适应任何想要使用的CRT屏幕的位映射RAM单元或芯片，以及具有对应于RAM单元中的不同列单元的多个不同位置的抽头的串行移位寄存器。 当RAM单元处于串行模式时，一行数据被传送到串行移位寄存器。 然后，应用于RAM单元的列地址用于指示和启动适当的解码器电路以选择适于卸载包含感兴趣的数据位的串行移位寄存器的部分的抽头。

公开(公告)号：US5162784A

公开(公告)日：1992-11-10

申请号：US522409

申请日：1990-05-10

申请人： Karl M. Guttag ,  Mark F. Novak ,  Michael D. Asal ,  Neil Tebbutt ,  Jerry R. Van Aken

发明人： Karl M. Guttag ,  Mark F. Novak ,  Michael D. Asal ,  Neil Tebbutt ,  Jerry R. Van Aken

IPC分类号： G06T1/20 ,  G09G5/393

CPC分类号： G06T1/20 ,  G09G5/393 ,  G09G2340/10

摘要： The graphics data processor of the present invention offers as a single instruction in its instruction set a draw and advance operation. A first data register stores a set of X and Y coordinates. In a first embodiment, a predetermined color code is stored at the pixel address of a bit mapped display memory indicated by the X and Y coordinates the first data register upon execution of the the draw and advance instruction. The X and Y coordinates stored in the first data register are then advanced by addition of X and Y coordinates stored in a second data register. A second embodiment is similar except that the color code stored at the X and Y coordinates of the first date register is recalled for combining with the predetermined color code and the combined result stored at that pixel location. The predetermined color code is preferrably stored in another data register. By proper selection of the X and Y coordinate data stored in the second data register either the X or the Y coordinate may be altered alone or both may be simultaneously changed. Provision of signed X and Y coordinate values in the second register enables either the X or Y coordinate to be incremented of decremented. This instruction serves to enhance the speed at which a line or computed curve may by drawn in the bit mapped display.

摘要翻译： 本发明的图形数据处理器在其指令集中作为单个指令提供绘图和提前操作。 第一数据寄存器存储一组X和Y坐标。 在第一实施例中，在由X和Y指示的位映射显示存储器的像素地址处存储预定色码，并且在执行绘图和提前指令时对第一数据寄存器进行坐标。 然后通过加上存储在第二数据寄存器中的X和Y坐标来提前存储在第一数据寄存器中的X和Y坐标。 第二实施例是类似的，除了存储在第一日期寄存器的X和Y坐标处的颜色代码被调用以与预定颜色代码组合，并且存储在该像素位置处的组合结果。 预定的颜色代码优选地存储在另一个数据寄存器中。 通过对存储在第二数据寄存器中的X和Y坐标数据的适当选择，可以单独改变X或Y坐标，或者可以同时改变两者。 在第二个寄存器中提供有符号的X和Y坐标值可以使X或Y坐标递增递减。 该指令用于提高在位映射显示中绘制线或计算曲线的速度。

公开(公告)号：US08954965B2

公开(公告)日：2015-02-10

申请号：US13566250

申请日：2012-08-03

申请人： Mark F. Novak ,  Andrew John Layman ,  Magnus Nyström ,  Stefan Thom

发明人： Mark F. Novak ,  Andrew John Layman ,  Magnus Nyström ,  Stefan Thom

IPC分类号： G06F9/455

CPC分类号： G06F21/53

摘要： Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.

摘要翻译： 克隆具有可信执行环境的虚拟机，例如基于软件的可信平台模块。 为了克隆虚拟机，将复制源虚拟机的虚拟机状态以制定与目标虚拟机相关联的目标虚拟机状态。 目标虚拟机是源虚拟机状态的克隆，因此受信任执行环境的存储层次结构对于源虚拟机状态和目标虚拟机状态中的受信任执行环境可能相同。 然而，由于目标虚拟机的身份与源虚拟机的身份不同，所以目标虚拟机状态的认可层级被改变，使得其基于目标虚拟机的身份而不是源虚拟机 机。

公开(公告)号：US20110307711A1

公开(公告)日：2011-12-15

申请号：US12813955

申请日：2010-06-11

申请人： Mark F. Novak ,  Robert Karl Spiger ,  Stefan Thom ,  David J. Linsley ,  Scott A. Field ,  Anil Francis Thomas

发明人： Mark F. Novak ,  Robert Karl Spiger ,  Stefan Thom ,  David J. Linsley ,  Scott A. Field ,  Anil Francis Thomas

IPC分类号： G06F21/00 ,  G06F12/14 ,  G06F15/177

CPC分类号： G06F21/575

摘要： Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.

摘要翻译： 启动计算设备包括执行一个或多个固件组件，后跟引导加载程序组件。 在执行引导加载程序组件之后，识别并执行诸如反恶意软件程序之类的计算设备的保护组件作为初始组件。 还执行一个或多个引导组件，这些一个或多个引导组件仅包括被保护组件批准的引导组件。 先前已被保护组件批准的引导组件列表也可以以防篡改的方式进行维护。

公开(公告)号：US5333261A

公开(公告)日：1994-07-26

申请号：US59006

申请日：1993-05-07

申请人： Karl M. Guttag ,  Michael D. Asal ,  Neil Tebbutt ,  Mark F. Novak

发明人： Karl M. Guttag ,  Michael D. Asal ,  Neil Tebbutt ,  Mark F. Novak

IPC分类号： G06F9/345 ,  G06F9/38 ,  G06F15/78 ,  G06T1/20 ,  G06F15/20

CPC分类号： G06F9/345 ,  G06F15/7857 ,  G06F9/3885 ,  G06T1/20

摘要： The graphics processing apparatus of the present invention utilizes individual registers of a register file to store the X and Y coordinates of pixels. These X and Y coordinates though formed into a single data word are separable by, for example, having the most significant bits specifying the Y coordinate and the least significant bits specifying the Y coordinate. The graphics processing apparatus supports instructions which provide separate and independent data manipulation of these X and Y coordinates. These X Y coordinate manipulation instructions can provide for separate X Y arithmetic operations on two data words, separate X and Y compare operations, separate X and Y data move operations and a conversion between the X Y address form to the linear address form. This technique is highly useful for manipulation of X Y address coordinates in a visual display system employing bit mapped graphics.

摘要翻译： 本发明的图形处理装置利用寄存器文件的各个寄存器来存储像素的X和Y坐标。 这些X和Y坐标虽然形成单个数据字，但是可以通过例如具有指定Y坐标的最高有效位和指定Y坐标的最低有效位来分离。 图形处理装置支持提供对这些X和Y坐标的单独且独立的数据操纵的指令。 这些X Y坐标操作指令可以为两个数据字提供单独的X Y算术运算，分别进行X和Y比较运算，单独的X和Y数据移动操作以及X Y地址格式与线性地址格式之间的转换。 该技术对于使用位映射图形的可视显示系统中的X Y地址坐标的操纵非常有用。

公开(公告)号：US5077678A

公开(公告)日：1991-12-31

申请号：US631744

申请日：1990-12-20

申请人： Karl W. Guttag ,  Michael D. Asal ,  Mark F. Novak

发明人： Karl W. Guttag ,  Michael D. Asal ,  Mark F. Novak

IPC分类号： G09G5/14

CPC分类号： G09G5/14

摘要： A graphics data processor which includes the capability of determining whether a defined pixel location in a graphics display is within a window in an X Y coordinate system. The respective X and Y coordinates of the selected pixel are separately compared with the window limits. The window limits are preferable expressed as the X and Y coordinates of two diagonally opposite vertexes of a rectangular window. The results of this comparison are preferably available in two forms. In a first embodiment a single data processing instruction enables the generation of a digital data word which indicates the relation of the pixel to the window. This digital word includes a separate indication of the relationship of the pixel to the vertical and horizontal window limits. This indication can be used to generate a "trivial rejection" in determining whether a line or line segment passes through the window by ANDing the results for two points on the line. In a second embodiment the window compare capability is employed to determine whether or not a destination pixel is within the window. This is useful in array move instructions in which an entire array of pixels is moved to a location in the display. The array move may be aborted if a window violation is found or the move may be modified to plot to the display only those pixels within the window. This capability enables saving a great deal of time in graphics applications in which windows are employed by reducing the overhead needed for window determinations.

摘要翻译： 一种图形数据处理器，其包括确定图形显示器中定义的像素位置是否在X Y坐标系统的窗口内的能力。 所选像素的相应X和Y坐标与窗口限制分开比较。 窗口极限优选表示为矩形窗口的两个对角线相对顶点的X和Y坐标。 该比较的结果优选以两种形式提供。 在第一实施例中，单个数据处理指令使得能够生成指示像素与窗口的关系的数字数据字。 该数字字包括像素与垂直和水平窗口限制的关系的单独指示。 该指示可以用于在确定线或线段是否通过窗口通过对行上的两个点的结果进行AND运算来产生“微不足道的拒绝”。 在第二实施例中，使用窗口比较能力来确定目标像素是否在窗口内。 这在阵列移动指令中非常有用，其中整个像素数组移动到显示中的某个位置。 如果发现窗口违例，或者移动可能被修改以绘制仅显示窗口中的那些像素，则阵列移动可能会中止。 该功能可以通过减少窗口确定所需的开销，在使用Windows的图形应用程序中节省大量时间。