公开(公告)号：AU2003269415A1

公开(公告)日：2004-06-07

申请号：AU2003269415

申请日：2003-10-24

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HORING FRANK ,  KRAMP THORSTEN ,  OESTREICHER MARCUS ,  OSBORNE MICHAEL ,  WEIGOLD THOMAS D

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

公开(公告)号：CA2736582C

公开(公告)日：2018-07-24

申请号：CA2736582

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: G06F21/34 ,  H04L9/32

Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually- authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.

公开(公告)号：GB2525409A

公开(公告)日：2015-10-28

申请号：GB201407187

申请日：2014-04-24

Applicant: IBM

Inventor： BUHLER PETER ,  GSCHWIND THOMAS ,  SCOTTON PAOLO

IPC: G06F21/57 ,  G06F21/78

Abstract: An external device 20 comprises a boot loader 24 for an external operating system (OS) and partitioning information 22 of an expected location of a partition in data storage 11 of a computer 10 to which it can be connected. Preferably the external device also includes second encrypted data units of reference partition table data 220 for the data storage. The data storage 11 comprises a partition 122 and first encrypted data units of partition table data 120. Allowing the external OS to access the encrypted data, upon connection of the external device to the computer, by instructing to boot the computer from the boot loader; and during or after booting of the computer: comparing the partition information of the first and second encrypted data units; and if they match, allowing the external OS (112) to access, based on the partitioning information, the data storage. The comparison may be of hashes of the partition table data and the method allows users to bring your own device (BYOD).

公开(公告)号：AT465448T

公开(公告)日：2010-05-15

申请号：AT01908057

申请日：2001-03-09

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  OESTREICHER MARCUS

IPC: G06F12/02

Abstract: The invention is directed to a method for distinguishing reachable objects and non-reachable objects in an object-based application in a system with a volatile memory and a non-volatile memory. The object-based application operates in the non-volatile memory on the objects, whereof at least one is a root object. Each root object is processed by writing for each object that is reachable from the root object, a positive reachability information into the volatile memory and marking those objects in the non-volatile memory as reusable memory, for which no positive reachability information is present in the volatile memory.

公开(公告)号：MY124662A

公开(公告)日：2006-06-30

申请号：MYPI9900623

申请日：1999-02-23

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  OESTREICHER MARCUS

IPC: G06F9/44 ,  G06F9/54 ,  G06F9/445 ,  G06F9/50

Abstract: A JAVA RUNTIRNE SYSTEM IS PROPOSED WHICH COMPRISES A STACK-BASED INTERPRETER EXECUTING A PROGRAM THAT COMPRISES BYTECODES AND CLASS STRUCTURES. THE SYSTEM FURTHER COMPRISES A MODIFIED CONSTANT POOL WITH IHTERNAL INFORMATION OF USE ONLY DURING LINKING AND WITH EXTERNAL INFORMATION TO BE PRESERVED TO LATE CODE BINDING, THE INTERNAL INFORMATION IS REMOVED FROM THE MODIFIED CONSTANT POOL AFTER LINKING.(FIG.3)

公开(公告)号：CZ20003437A3

公开(公告)日：2001-11-14

申请号：CZ20003437

申请日：1998-11-12

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  OESTREICHER MARCUS

IPC: G06F9/54 ,  G06F9/44 ,  G06F9/445 ,  G06F9/50

Abstract: A Java runtime system is proposed which comprises a stack-based interpreter executing a program that comprises bytecodes and class structures. The system further comprises a modified constant pool with internal information of use only during linking and with external information to be preserved for late code binding. The internal information is removed from the modified constant pool after linking.

公开(公告)号：HU0101368A2

公开(公告)日：2001-08-28

申请号：HU0101368

申请日：1998-11-12

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  OESTREICHER MARCUS

IPC: G06F9/54 ,  G06F9/44 ,  G06F9/445 ,  G06F9/50

Abstract: A Java runtime system is proposed which comprises a stack-based interpreter executing a program that comprises bytecodes and class structures. The system further comprises a modified constant pool with internal information of use only during linking and with external information to be preserved for late code binding. The internal information is removed from the modified constant pool after linking.

公开(公告)号：CA2926128C

公开(公告)日：2017-09-19

申请号：CA2926128

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: H04L9/32 ,  G06F21/34

Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually-authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.

公开(公告)号：AT544114T

公开(公告)日：2012-02-15

申请号：AT07826951

申请日：2007-11-02

Applicant: IBM

Inventor： KRAMP THORSTEN ,  BUHLER PETER ,  BAENTSCH MICHAEL ,  HOERING FRANK ,  WEIGOLD THOMAS D

IPC: G06F11/14 ,  G06F17/30

Abstract: A method for transactional writing of data into a persistent memory comprising memory cells includes a transactional writing step and a transaction recovery step. The transactional writing step comprises one or more memory cell writing steps comprising the sub-steps of writing in a transaction buffer as transaction buffer entry the current data value and the corresponding address of the respective memory cell, writing a first valid marker for the memory cell in the transaction buffer, and writing a new data value to the memory cell. The transaction recovery step is performed in case of an abortion of the transactional writing step for restoring the current data values of the aborted transaction in the persistent memory, the transaction recovery step comprising the sub-step of writing a transaction recovery marker to the transaction buffer indicating the start of the transaction recovery.

公开(公告)号：MX2011002423A

公开(公告)日：2011-04-05

申请号：MX2011002423

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: G06F21/34 ,  G06Q40/00

Abstract: Se proporciona un dispositivo de autorización para autorizar las operaciones de un servidor remoto pedidas desde computadoras de usuario vía una red de comunicaciones de datos. El dispositivo tiene una interface computacional para conecta el dispositivo a una computadora local de usuario para la comunicación con el servidor remoto, y una interface de usuario para presentar la información a un usuario. La lógica de control del dispositivo se adapta para usar los datos de seguridad para establecer entre el dispositivo y el servidor, por medio de la computadora local de usuario, una conexión autenticada mutuamente para las comunicaciones encriptadas de extremo a extremo entre el dispositivo y el servidor. La lógica de control recopila del servidor, vía esta conexión, la información indicativa de cualquier operación pedida por las computadoras de usuario mediante otras conexiones al servidor y que requieren la autorización por parte de un usuario del dispositivo. Esta información es presentada a un usuario por medio de la interface de usuario para pedir la autorización del usuario. Las operaciones de servidor son controladas en conformidad con los datos de las reglas que definen las operaciones que requieren de autorización de uno ó más usuarios autorizadores. La lógica de control del aparato de control del servidor responde a una petición de operación de una computadora de usuario al determinar, a partir de los datos de las reglas, sí se requiere la autorización de por lo menos un usuario autorizador para esta operación. De ser así, la operación se difiere. Cuando una conexión autenticada mutuamente se establece con un dispositivo autorizador, el aparato de control puede suministrar la información indicativa de cualquier operación diferida pedida desde las computadoras de usuario y que requieren la autorización por parte del usuario del dispositivo. Una operación diferida sólo se lleva a cabo después de la recepción de la autorización de cada usuario autorizador cuya autorización se requiere para esta operación, proporcionando una autorización segura de múltiples partes en un ambiente de computación móvil.