摘要:
A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.
摘要:
A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.
摘要:
Protecting user credentials from a computing device includes establishing a secure session between a computing device and an identity provider (e.g., a Web service). Parameters of the secure session are communicated to a credential service, which renegotiates or resumes the secure session to establish a new secure session between the credential service and the identity provider. User credentials are passed from the credential service to the identity provider via the new secure session, but the computing device does not have the parameters of the new secure session and thus does not have access to the passed user credentials. The credential service then renegotiates or resumes the secure session again to establish an additional secure session between the credential service and the identity provider. Parameters of the additional secure session are communicated to the computing device to allow the computing device to continue communicating securely with the identity provider.
摘要:
A password may be provided along with a validation code, which can help prevent the password from being sent to the wrong recipient. When a password is created, a validation code may be created based on (a) the password, and (b) the identity of the target of authentication (TA) to which the password is intended to be sent. When a user is requested to provide a password, validation component intercepts the request and asks the user to enter both the password and validation code. The validation component then re-calculates the validation code based on the entered password and on the TA that is requesting the password. If the re-calculated validation code matches the validation code entered by the user, then the password is released to the user agent that the user uses to communicate with the TA, and the user agent sends the password to the requesting TA.
摘要:
In a video-type computer system and the like, an improved memory circuit is provided for adapting the system to CRT screens having different resolutions. The memory circuit includes a bit-mapped RAM unit or chip having sufficient cells to accommodate any CRT screen sought to be used, and also a serial shift register having taps at a plurality of different locations corresponding to different columns of cells in the RAM unit. When the RAM unit is in serial mode, a row of data is transferred into the serial shift register. Then the column address applied to the RAM unit is used to instruct and actuate a suitable decoder circuit to select the tap appropriate to unload the portion of the serial shift register containing the data bits of interest.
摘要:
The graphics data processor of the present invention offers as a single instruction in its instruction set a draw and advance operation. A first data register stores a set of X and Y coordinates. In a first embodiment, a predetermined color code is stored at the pixel address of a bit mapped display memory indicated by the X and Y coordinates the first data register upon execution of the the draw and advance instruction. The X and Y coordinates stored in the first data register are then advanced by addition of X and Y coordinates stored in a second data register. A second embodiment is similar except that the color code stored at the X and Y coordinates of the first date register is recalled for combining with the predetermined color code and the combined result stored at that pixel location. The predetermined color code is preferrably stored in another data register. By proper selection of the X and Y coordinate data stored in the second data register either the X or the Y coordinate may be altered alone or both may be simultaneously changed. Provision of signed X and Y coordinate values in the second register enables either the X or Y coordinate to be incremented of decremented. This instruction serves to enhance the speed at which a line or computed curve may by drawn in the bit mapped display.
摘要:
Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.
摘要:
Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.
摘要:
The graphics processing apparatus of the present invention utilizes individual registers of a register file to store the X and Y coordinates of pixels. These X and Y coordinates though formed into a single data word are separable by, for example, having the most significant bits specifying the Y coordinate and the least significant bits specifying the Y coordinate. The graphics processing apparatus supports instructions which provide separate and independent data manipulation of these X and Y coordinates. These X Y coordinate manipulation instructions can provide for separate X Y arithmetic operations on two data words, separate X and Y compare operations, separate X and Y data move operations and a conversion between the X Y address form to the linear address form. This technique is highly useful for manipulation of X Y address coordinates in a visual display system employing bit mapped graphics.
摘要:
A graphics data processor which includes the capability of determining whether a defined pixel location in a graphics display is within a window in an X Y coordinate system. The respective X and Y coordinates of the selected pixel are separately compared with the window limits. The window limits are preferable expressed as the X and Y coordinates of two diagonally opposite vertexes of a rectangular window. The results of this comparison are preferably available in two forms. In a first embodiment a single data processing instruction enables the generation of a digital data word which indicates the relation of the pixel to the window. This digital word includes a separate indication of the relationship of the pixel to the vertical and horizontal window limits. This indication can be used to generate a "trivial rejection" in determining whether a line or line segment passes through the window by ANDing the results for two points on the line. In a second embodiment the window compare capability is employed to determine whether or not a destination pixel is within the window. This is useful in array move instructions in which an entire array of pixels is moved to a location in the display. The array move may be aborted if a window violation is found or the move may be modified to plot to the display only those pixels within the window. This capability enables saving a great deal of time in graphics applications in which windows are employed by reducing the overhead needed for window determinations.