-
公开(公告)号:DE112014000337T5
公开(公告)日:2015-09-10
申请号:DE112014000337
申请日:2014-03-14
Applicant: IBM
Inventor: BUHLER PETER , GARCES-ERICE LUIS , GSCHWIND THOMAS , HOERING FRANK , ROONEY JOHN G , SCOTTON PAOLO , BAENTSCH MICHAEL , KUYPER-HAMMOND MICHAEL PETER
Abstract: Die vorliegende Erfindung bezieht sich insbesondere auf ein Verfahren zum Ausführen von Software-Modulen auf einem Computer, wobei das Verfahren aufweist: Ausführen (S4) eines Boot-Ladeprogramms (15, 16) zumindest teilweise (16) auf dem Computer (101); und bei Ausführung des Boot-Ladeprogramms: Zugreifen (S5) auf Anforderungen an einen Anfangssatz (IS) von Software-Modulen SMn; und Hardware-Spezifikationen des Computers; Ermitteln (S6) innerhalb des Anfangssatzes eines oder mehrerer Kandidatensätze (CS1, CS2) von Software-Modulen, die mit den Hardware-Spezifikationen kompatibel sind (S6a) und als RAM-Platte speicherbar sind (S6b); und Speichern (S9) der Software-Module eines Abschlusssatzes (FS) auf einer RAM-Platte (121), wobei es sich bei dem Abschlusssatz (FS) um einen des einen oder der mehreren Kandidatensätze handelt, und Anweisen, die auf der RAM-Platte gespeicherten Software-Module auszuführen, wobei sowohl der Anfangssatz als auch der Abschlusssatz von Software-Modulen Anwendungskomponenten und Betriebssystem-Abbildkomponenten aufweist und des Weiteren bevorzugt Hardware-Komponententreiber aufweist. Die vorliegende Erfindung bezieht sich des Weiteren auf ein Boot-Ladeprogramm, eine für Benutzer vertrauenswürdige Einheit und ein System.
-
公开(公告)号:GB2512376A
公开(公告)日:2014-10-01
申请号:GB201305727
申请日:2013-03-28
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , GARCES-ERICE LUIS , GSCHWIND THOMAS , HOERING FRANK , KUYPER-HAMMOND MICHAEL PETER , ROONEY JOHN G , SCOTTON PAOLO
Abstract: Disclosed is a method of executing software modules on a computer. The method start by executing S4 a bootloader in the computer and then accessing S5 requirements as to an initial set of software modules and hardware specifications of the computer. Then determining S6 within the initial set, a candidate set CS1 of software modules that are compatible S6a with the hardware specifications and can S6b be stored as a RAM disk and storing S9 the software modules of a final set on a RAM disk , the final set being a candidate set. Executing the software modules stored on the RAM disk, wherein each of the initial set and the final set of software modules comprises application components and operating system image components and hardware component drivers. A trusted device such as a USB drive may hold the bootloader and the software modules.
-
公开(公告)号:AU2009294201A1
公开(公告)日:2010-03-25
申请号:AU2009294201
申请日:2009-09-17
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HERMANN RETO , HOERING FRANK , KRAMP THORSTEN , KUYPER MICHAEL P , WEIGOLD THOMAS D
Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.
-
公开(公告)号:AT336135T
公开(公告)日:2006-09-15
申请号:AT03751197
申请日:2003-10-24
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HOERING FRANK , KRAMP THORSTEN , OESTREICHER MARCUS , OSBORNE MICHAEL , WEIGOLD THOMAS D
IPC: H04L29/06
Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.
-
公开(公告)号:CA2465333A1
公开(公告)日:2003-05-22
申请号:CA2465333
申请日:2002-11-05
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HOERING FRANK , OESTREICHER MARCUS , WEIGOLD THOMAS D
IPC: G06F21/76 , G06F1/00 , G06F21/60 , G06K19/073 , H04L9/10 , H04L9/28 , H04L9/32 , H04L29/06 , G06F12/14
Abstract: The invention is directed to a data-processing system comprising a processor and first encrypted information in a first persistent memory whose level of information leakage is higher than that of a second persistent memory. In the second persistent memory is stored a first cryptographic key for decrypting the first encrypted information, thereby generating therefrom first unencrypted information that is usable by the processor for executing an operation. The same cryptographic key may also be used for encrypting the first unencrypted information, thereby generating the first encrypted information. It is also directed to a method of processing such a data-processing system with an operating system, comprising a writing step for writing first unencrypted information into the first persistent memory, an encryption step for encrypting the first unencrypted information under use of the first cryptographic key, creating therefrom first encrypted information in the first persistent memory, and an access-limitation step for setting the data-processing system to a state in which writing into the first persistent memory is controlled by the operating system. It also relates to a method of executing an operation on such a data-processing system comprising a decryption step for decrypting the first encrypted information under use of the first cryptographic key, thereby generating therefrom first unencrypted information and an execution step for executing an operation by the processor, using the first unencrypted information.
-
Patent Agency Ranking
公开(公告)号:BRPI0919158A2
公开(公告)日:2016-08-09
申请号:BRPI0919158
申请日:2009-09-17
Applicant: IBM
Inventor: HOERING FRANK , BAENTSCH MICHAEL , KUYPER MICHAEL P , BUHLER PETER , HERMANN RETO , WEIGOLD THOMAS D , EIRICH THOMAS , KRAMP THORSTEN
-
公开(公告)号:CA2736582A1
公开(公告)日:2010-03-25
申请号:CA2736582
申请日:2009-09-17
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HERMANN RETO , HOERING FRANK , KRAMP THORSTEN , KUYPER MICHAEL P , WEIGOLD THOMAS D
Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually- authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.
-
公开(公告)号:DE69817333T2
公开(公告)日:2004-06-09
申请号:DE69817333
申请日:1998-06-05
Applicant: IBM
Inventor: BAENTSCH MICHAEL , HOERING FRANK , BUHLER PETER , OESTREICHER MARCUS , EIRICH THOMAS
IPC: G06F9/445 , G06K19/073 , G07F7/10
Abstract: A method for loading instruction codes to a first memory and linking said instruction codes is proposed, whereby at least one instruction code has as parameter an address which during a loading step is not determined. This address-parametered instruction code has assigned thereto an address place. A relocation information is loaded which during a linking step effects that the address becomes determined using a starting address and a relative address offset. The then determined address is put at the address place. During the loading step, directly after loading each address-parametered instruction code with its address place, the relocation information is loaded and the address is determined in the linking step.
-
公开(公告)号:DE69903496T2
公开(公告)日:2003-12-04
申请号:DE69903496
申请日:1999-04-22
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HOERING FRANK , OESTREICHER MARCUS
IPC: G06F12/02
Abstract: Scheme for the distinguishing of reachable objects and non-reachable objects used by an object-based application in a system with volatile memory of limited size. The object-based application operates on n objects whereby Z objects thereof are root objects. The following steps are carried out for each root object: (a) traversing from said root object to any other object that can be reached from said root object; (b) marking all objects that were reached from said root object and storing, while marking, in said volatile memory a description of the path from said root object to the currently visited object; if the marking phase reaches an object and the respective path does not fit into said volatile memory, then this object is not marked but identified as an object which has to be processed later; and continuing the marking phase until all root objects identified as objects which have to be processed later are processed.
-
公开(公告)号:DE69817333D1
公开(公告)日:2003-09-25
申请号:DE69817333
申请日:1998-06-05
Applicant: IBM
Inventor: BAENTSCH MICHAEL , HOERING FRANK , BUHLER PETER , OESTREICHER MARCUS , EIRICH THOMAS
IPC: G06F9/445 , G06K19/073 , G07F7/10
Abstract: A method for loading instruction codes to a first memory and linking said instruction codes is proposed, whereby at least one instruction code has as parameter an address which during a loading step is not determined. This address-parametered instruction code has assigned thereto an address place. A relocation information is loaded which during a linking step effects that the address becomes determined using a starting address and a relative address offset. The then determined address is put at the address place. During the loading step, directly after loading each address-parametered instruction code with its address place, the relocation information is loaded and the address is determined in the linking step.
-
-
-
-
-
-
-
-
-
Search Results
28
records
(took 0.02 seconds)
