Abstract: Described is maintaining cached hash values for files in association with state data for each file that represents the state of that file's contents at the time of hashing. For example, in a journaling file system, the state data may comprise the update sequence number of the file in the journal and a journal identifier for that journal instance. A request for a hash value for a file is processed by determining whether a cached hash value is maintained for that file. If so, and the associated maintained state data matches current state data for the file, the file contents are unchanged since the last hash computation, whereby the cached hash value is returned in response to the request. Otherwise, a new hash value is computed for the file and returned, and cached for future use. Multiple types of hashes may be cached for a given file.

Abstract: Security elevation techniques are described. In an implementation, a request is received for additional security access beyond that which is currently specified for a program. An identity that describes the program is checked with a plurality of conditions. The security level is automatically elevated to grant the additional security access when the identity corresponds to one of the conditions that indicates that the security level is to be automatically elevated.

Abstract: A computing device has a user desktop on which a relatively less-secure user application is executed and a secure desktop elevated from the user desktop on which a relatively more-secure secure application is executed upon a request thereto from the user application. To securely collect information from a user at the computer device with regard to the secure application at the secure desktop, an access interface is securely executed on the secure desktop and is visually presented in conjunction with the requesting user application of the user desktop such that the access interface is visually coupled to the requesting user application and is visually perceived by the user along with such requesting user application.

Abstract: Systems and/or methods are described that enable a credential interface. These systems and/or methods may build a credential user interface enabling a user to choose between multiple credentials and submit an authenticator for a chosen credential. These systems and/or methods may also gather information about arbitrary credentials and build a user interface for submission of authenticators for these arbitrary credentials.

Abstract: Systems and methods are described that control attempts made by an application to access data. In one embodiment, the application is associated with a security token that includes an application ID. In operation, the system receives a request, initiated by the application, for access to the data. The system is configured to evaluate the request for access based in part on comparison of the security token and a listing of approved application IDs associated with the data.

Abstract: Systems and methods are described that control attempts made by an application to access data. In one embodiment, the application is associated with a security token that includes an application ID. In operation, the system receives a request, initiated by the application, for access to the data. The system is configured to evaluate the request for access based in part on comparison of the security token and a listing of approved application IDs associated with the data.

Abstract: A system and method facilitating secure credential management is provided. An aspect of the present invention provides for a credential management system including a credential user interface component, a trusted proxy component and a secure user interface component. The system can facilitate the secure acquisition, storage and/or application of credential(s) for a user (e.g., when accessing a particular resource) through a secure, isolated environment. For example, the system can be a core building block for operating system component(s) and/or application(s) that handle credential(s) in a secure manner.

Abstract: Methods and apparatuses are provided for use with smartcards or other like shared computing resources. By selectively granting exclusive use to a requesting entity for a period of time, performance is improved by reducing unnecessary redundant overhead data, communication, storage and/or processing for an applicable series of transactions associated with a granted access request operation.

Abstract: Security elevation techniques are described. In an implementation, a request is received for additional security access beyond that which is currently specified for a program. An identity that describes the program is checked with a plurality of conditions. The security level is automatically elevated to grant the additional security access when the identity corresponds to one of the conditions that indicates that the security level is to be automatically elevated.

Abstract: An integrated circuit card includes a storage device to store one or more code files and one or more data files, and control logic. The control logic implements an ICC runtime environment that executes an applet in response to a command identifying both a code file and a data file received from a host system.

Abstract: Methods and apparatuses are provided for use with smartcards or other like shared computing resources. A global smartcard cache is maintained on one or more computers to reduce the burden on the smartcard. The global smartcard cache data is associated with a freshness indicator that is compared to the current freshness indicator from the smartcard to verify that the cached item data is current.

Abstract: A credential is translated with one of different credential provider modules each translating a corresponding different type of credential into a common protocol. The translated credential is communicated through an API to a logon UI module to an operating system (OS) of a local machine. An OS logon module is called by the logon UI module to authenticate the translated credential against a credential database. A user identified by the translated credential is logged on to access the local machine when the authentication is successful. The credential can also be used with a selection received from the logon UI module via a corresponding one of different pre-log access provider (PLAP) modules that each communicate with the API. The API establishes a network session with an access service specified by the selected PLAP module when the credential is authenticated with the credential database.

Abstract: An integrated circuit (IC) card is presented comprising an input/output (I/O) interface and a smart card development interface (SCDI), coupled to the I/O interface, to receive and identify debug frames interlaced within a normal communication flow between the IC card and a host system.

Abstract: Described is maintaining cached hash values for files in association with state data for each file that represents the state of that file's contents at the time of hashing. For example, in a journaling file system, the state data may comprise the update sequence number of the file in the journal and a journal identifier for that journal instance. A request for a hash value for a file is processed by determining whether a cached hash value is maintained for that file. If so, and the associated maintained state data matches current state data for the file, the file contents are unchanged since the last hash computation, whereby the cached hash value is returned in response to the request. Otherwise, a new hash value is computed for the file and returned, and cached for future use. Multiple types of hashes may be cached for a given file.

Abstract: An integrated circuit card includes a storage device to store one or more code files and one or more data files, and control logic. The control logic implements an ICC runtime environment that executes an applet in response to a command identifying both a code file and a data file received from a host system.

Abstract: A computing device has a user desktop on which a relatively less-secure user application is executed and a secure desktop elevated from the user desktop on which a relatively more-secure secure application is executed upon a request thereto from the user application. To securely collect information from a user at the computer device with regard to the secure application at the secure desktop, an access interface is securely executed on the secure desktop and is visually presented in conjunction with the requesting user application of the user desktop such that the access interface is visually coupled to the requesting user application and is visually perceived by the user along with such requesting user application.

Abstract: Apparatuses and methods are provided for interface logic that is configurable to operatively couple cryptography support logic and cryptography providing logic. The interface logic provides at least one management function to the cryptography providing logic. The management function includes at least one of the following four management functions: an identity management function, a file management function, a container management function, and a cryptography management function.

Abstract: An integrated circuit (IC) card is presented comprising an input/output (I/O) interface and a smart card development interface (SCDI), coupled to the I/O interface, to receive and identify debug frames interlaced within a normal communication flow between the IC card and a host system.

Abstract: An integrated circuit card is presented comprising a storage device having stored thereon one or more code files and one or more data files, and control logic. The control logic implements an ICC runtime environment that executes an applet in response to a command identifying both a code file and a data file received from a host system.

Abstract: An integrated circuit card includes a storage device to store one or more code files and one or more data files, and control logic. The control logic implements an ICC runtime environment that executes an applet in response to a command identifying both a code file and a data file received from a host system.