公开(公告)号：DE112010004930B4

公开(公告)日：2019-05-16

申请号：DE112010004930

申请日：2010-12-14

Applicant: IBM

Inventor： SHANKAR RAVI ,  BANERJEE DWIP ,  PUNADIKAR SACHIN CHANDRAKANT ,  PATIL SANDEEP RAMESH

IPC: H04L9/32 ,  G06F12/14 ,  G06F16/00 ,  G06F21/62 ,  G09C1/00 ,  H04L29/06

Abstract: Verfahren zum Sichern des Zugriffs auf ein verschlüsseltes Dateisystem, wobei das Verfahren die folgenden Schritte umfasst:auf einem Dateiserver das Empfangen einer Anforderung von einem Client, der zufolge der Client ein Dateisystem mounten möchte, das sich auf dem Dateiserver befindet;auf dem Dateiserver das Feststellen, dass das angeforderte Dateisystem verschlüsselt ist;Senden einer Nachricht vom Dateiserver an den Client, die den Client darüber informiert, dass das angeforderte Dateisystem verschlüsselt ist;Empfangen eines Sitzungstickets vom Client, das eine Mount-Auswahl des Sicherheitsprotokolls enthält;auf dem Dateiserver das Entschlüsseln eines verschlüsselten privaten Schlüssels, der einem Benutzer entspricht, wobei die Entschlüsselung einen privaten Schlüssel ergibt;auf dem Dateiserver das Entschlüsseln des Dateisystems unter Verwendung des privaten Schlüssels; undSenden des entschlüsselten Dateisystems vom Dateiserver an den Client über einen sicheren Kanal, der der Mount-Auswahl des Sicherheitsprotokolls entspricht.

公开(公告)号：DE112010004930T5

公开(公告)日：2012-11-08

申请号：DE112010004930

申请日：2010-12-14

Applicant: IBM

Inventor： SHANKAR RAVI ,  PUNADIKAR SACHIN CHANDRAKANT ,  PATIL SANDEEP RAMESH ,  BANERJEE DWIP

IPC: H04L29/06 ,  G06F17/30

Abstract: Ein Dateiserver empfängt eine Anforderung von einem Client, ein verschlüsseltes Dateisystem zu mounten. Der Dateiserver informiert den Client darüber, dass das angeforderte Dateisystem verschlüsselt ist, und der Dateiserver wiederum empfängt vom Client ein Sitzungsticket, das die Mount-Auswahl des Sicherheitsprotokolls enthält. Der Dateiserver entschlüsselt den verschlüsselten privaten Schlüssel des Client-Benutzers und entschlüsselt anschließend unter Verwendung des privaten Schlüssels das angeforderte verschlüsselte Dateisystem. Daraufhin sendet der Dateiserver das entschlüsselte Dateisystem an den Client über einen sicheren Kanal, der auf der Mount-Auswahl des Sicherheitsprotokolls beruht. Bei einer Ausführungsform empfängt der Server eines Schlüsselverteilungszentrums von dem Client eine Anforderung auf Zugriff auf das auf dem Dateiserver befindliche verschlüsselte Dateisystem. Der Server des Schlüsselverteilungszentrums ruft einen Zwischenschlüssel ab; bindet den Zwischenschlüssel in ein Sitzungsticket ein; und sendet das Sitzungsticket an den Client.

公开(公告)号：GB2485716B

公开(公告)日：2012-10-24

申请号：GB201203413

申请日：2010-12-14

Applicant: IBM

Inventor： SHANKAR RAVI ,  BANERJEE DWIP ,  PUNADIKAR SACHIN CHANDRAKANT ,  PATIL SANDEEP RAMESH

IPC: G06F21/00 ,  H04L29/06

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

公开(公告)号：AU2010338446B2

公开(公告)日：2014-04-24

申请号：AU2010338446

申请日：2010-12-14

Applicant: IBM

Inventor： SHANKAR RAVI ,  BANERJEE DWIP ,  PUNADIKAR SACHIN CHANDRAKANT ,  PATIL SANDEEP RAMESH

IPC: H04L29/06 ,  G06F17/30

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

公开(公告)号：AU2010338446A1

公开(公告)日：2012-06-28

申请号：AU2010338446

申请日：2010-12-14

Applicant: IBM

Inventor： SHANKAR RAVI ,  BANERJEE DWIP ,  PUNADIKAR SACHIN CHANDRAKANT ,  PATIL SANDEEP RAMESH

IPC: H04L29/06 ,  G06F17/30

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

公开(公告)号：GB2485716A

公开(公告)日：2012-05-23

申请号：GB201203413

申请日：2010-12-14

Applicant: IBM

Inventor： SHANKAR RAVI ,  BANERJEE DWIP ,  PUNADIKAR SACHIN CHANDRAKANT ,  PATIL SANDEEP RAMESH

IPC: G06F21/00 ,  H04L29/06

Abstract: A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.

公开(公告)号：AU2003206860A1

公开(公告)日：2003-09-02

申请号：AU2003206860

申请日：2003-01-07

Applicant: IBM

Inventor： VALLABHANENI VASU ,  BROWN DEANNA ,  BANERJEE DWIP

IPC: G06F15/177 ,  G06F9/46 ,  G06F9/52 ,  H04L29/12

Abstract: A method, system and apparatus for allowing a single network adapter to be used by a plurality of partitions of a logically partitioned computer system (LPAR) are provided. Each partition assigns a different IP address to the network adapater. The different IP addresses are stored in a table. The table cross-references each IP address with its partition. When a piece of data is received by the computer system, the data is examined to find out the IP address associated with the data. Once done, the table is consulted to determine to which one of the plurality of partitions the data is to be forwarded. The data is then forwarded to the partition.