-
公开(公告)号:CA1313411C
公开(公告)日:1993-02-02
申请号:CA600676
申请日:1989-05-25
Applicant: IBM
Inventor: MATYAS STEPHEN M , ABRAHAM DENNIS G , JOHNSON DONALD B , KARNE RAMESH K , LE AN V , PRYMAK ROSTISLAW , THOMAS JULIAN , WILKINS JOHN D , YEH PHIL C , SMITH RONALD M
Abstract: PERSONAL IDENTIFICATION NUMBER PROCESSING USING CONTROL VECTORS Cryptographic PIN processing is achieved in an improved manner by associating control vectors with the PIN generating (verification) keys and PIN encrypting keys which provide authorization for the uses of the keys intended by the originator of the keys. The originator may be the local cryptographic facility (CF) and a utility program under the control of a security administrator, or the originator may be another network node. Among the uses specified by the control vector are limitations on the authority to use the associated key with certain PIN processing instructions, such as PIN generation, verification, translation and PIN block creation. Furthermore, the control vector may limit the authority of certain instructions to process clear PIN inputs (such as in PIN verification). The control vector may contain information identifying and, possibly restricting, PIN processing to a particular PIN format or particular processing algorithm. The control vector implementation provides a flexible method for coupling format, usage, and processing authorization to keys. The system administrator can exercise flexibility in changing the implementation of his security policy by selecting appropriate control vectors in accordance with the invention. Furthermore, a method is provided for the security administrator to restrict certain PIN format translations. MA9-88-013
-
公开(公告)号:CA792929A
公开(公告)日:1968-08-20
申请号:CA792929D
Applicant: IBM
Inventor: BEAUSOLEIL WILLIAM F , ROHDE RICHARD S , SMITH RONALD M , ZEIGER HENRY
-
公开(公告)号:DE68926005D1
公开(公告)日:1996-04-25
申请号:DE68926005
申请日:1989-08-09
Applicant: IBM
Inventor: MATYAS STEPHEN M , ABRAHAM DENNIS G , JOHNSON DONALD B , KARNE RAMESH K , LE AN V , PRYMAK ROSTISLAW , THOMAS JULIAN , WILKINS JOHN D , YEH PHIL C , SMITH RONALD M , WHITE STEVE R , ARNOLD WILLIAM C
Abstract: Arrangements are disclosed for validating that key management functions requested for a cryptographic key by the program have been authorised by the originator of the key. The invention includes a cryptographic facility characterised by a secure boundary through which passes an input path for receiving the cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto. There can be included within the boundary a cryptographic instruction storage coupled to the input path, a control vector checking unit and a cryptographic processing unit coupled to the instruction storage, and a master key storage coupled to the processing means, for providing a secure location for executing key management functions in response to the received service requests. The cryptographic instruction storage receives over the input path a cryptographic service request for performing a key management function on a cryptographic key. The control vector checking unit has an input coupled to the input path for receiving a control vector associated with the cryptographic key and an input connected to the cryptographic instruction storage, for receiving control signals to initiate checking that the control vector authorises the key management function which is requested by the cryptographic service request. The control vector checking unit has an authorisation output connected to an input of the cryptographic processing means, for signalling that the key management function is authorised, the receipt of which by the cryptographic processing unit initiates the performance of the requested key management function with the cryptographic key. The invention enables the flexible control of many cryptographic key management functions in the generation, distribution and use of cryptographic keys, while maintaining a high security standard.
-
公开(公告)号:CA1256216A
公开(公告)日:1989-06-20
申请号:CA506750
申请日:1986-04-15
Applicant: IBM
Inventor: BUCHHOLZ WERNER , SMITH RONALD M
Abstract: PO9-55-003 PROGRAM SWITCHING WITH VECTOR REGISTERS The invention relates to vector registers (VRs) which have associated therewith a vector status register (VSR) that includes VR status information in the form of vector in-use and change bits for saving and restoring (the contents of) the VRs. When the vector in-use bit for a VR is zero, the saving and subsequent restoring of the VR is eliminated because the VR is known to contain all zeros. This reduces program switching time. The vector change bit for a VR serves to reduce switching time still further by permitting the saving of a VR to be eliminated when its vector in-use bit is one but the vector change bit is zero. Although such a VR is in use, its content has not been changed since the last restore from the same save area in storage. The previously saved information is still valid. The vector change bits do not affect the restoring of vector registers and, therefore, do not reduce the restore time.
-
公开(公告)号:CA1242281A
公开(公告)日:1988-09-20
申请号:CA501738
申请日:1986-02-12
Applicant: IBM
Inventor: BUCHHOLZ WERNER , SMITH RONALD M , WEHRLY DAVID S
Abstract: VECTOR PROCESSING A vector processor is disclosed which processes vectors that can have more elements than a vector register can contain at one time. Vectors are processed in sections in which the section size is determined by the number of element locations in a vector register. A vector count register controls the number o' elements processed by each vector instruction. A vector interruption index points to the first or next element in a vector to be processed by a vector instruction either when it is first issued or when it is re-issued following an interruption of the vector instruction. A general purpose (length) register contains the entire length of the vector to be processed. A single instruction, which starts a vector sectioning loop, provides for the smaller of the section size or the content of the length register to be loaded into the vector count register. During the operation of the sectioning loop, the vector count register is repetitively subtracted from the content of the first general purpose register and the resulting residual vector length is placed back in the first general purpose register until all of the elements have been processed.
-
Patent Agency Ranking
公开(公告)号:CA1092719A
公开(公告)日:1980-12-30
申请号:CA292248
申请日:1977-12-02
Applicant: IBM
Inventor: GANNON PATRICK M , HELLER ANDREW R , SMITH RONALD M
Abstract: SYNONYM CONTROL MEANS FOR MULTIPLE VIRTUAL STORAGE SYSTEMS The embodiments relate to special controls in a processor which eliminate synonym entries in a translation lookaside buffer (DLAT) and their corresponding page duplication in main storage for a system which has DLAT entries that can concurrently translate virtual addresses in multiple address spaces into real main storage addresses. The controls provide a common space bit in any segment table entry (STE) or alternatively in any page table entry (PTE) in any private address space to indicate whether the segment or page, respectively, contains programs and data private to the address space or shared by all address spaces. Each DLAT entry contains a common/private storage indicator which is set to the state of the common space bit in the STE or PTE used in an address translation loaded into the DLAT entry. When the entry is read, the private/common storage indicator controls whether the DLAT can only be used by the address space identified in the DLAT, or by all address spaces.
-
公开(公告)号:CA773732A
公开(公告)日:1967-12-12
申请号:CA773732D
Applicant: IBM
Inventor: BEAUSOLEIL WILLIAM F , HILL PETER R , SMITH RONALD M , IV WILLIAM A CLARK
-
公开(公告)号:DE68926005T2
公开(公告)日:1996-10-17
申请号:DE68926005
申请日:1989-08-09
Applicant: IBM
Inventor: MATYAS STEPHEN M , ABRAHAM DENNIS G , JOHNSON DONALD B , KARNE RAMESH K , LE AN V , PRYMAK ROSTISLAW , THOMAS JULIAN , WILKINS JOHN D , YEH PHIL C , SMITH RONALD M , WHITE STEVE R , ARNOLD WILLIAM C
Abstract: Arrangements are disclosed for validating that key management functions requested for a cryptographic key by the program have been authorised by the originator of the key. The invention includes a cryptographic facility characterised by a secure boundary through which passes an input path for receiving the cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto. There can be included within the boundary a cryptographic instruction storage coupled to the input path, a control vector checking unit and a cryptographic processing unit coupled to the instruction storage, and a master key storage coupled to the processing means, for providing a secure location for executing key management functions in response to the received service requests. The cryptographic instruction storage receives over the input path a cryptographic service request for performing a key management function on a cryptographic key. The control vector checking unit has an input coupled to the input path for receiving a control vector associated with the cryptographic key and an input connected to the cryptographic instruction storage, for receiving control signals to initiate checking that the control vector authorises the key management function which is requested by the cryptographic service request. The control vector checking unit has an authorisation output connected to an input of the cryptographic processing means, for signalling that the key management function is authorised, the receipt of which by the cryptographic processing unit initiates the performance of the requested key management function with the cryptographic key. The invention enables the flexible control of many cryptographic key management functions in the generation, distribution and use of cryptographic keys, while maintaining a high security standard.
-
公开(公告)号:DE68922884D1
公开(公告)日:1995-07-06
申请号:DE68922884
申请日:1989-08-09
Applicant: IBM
Inventor: MATYAS STEPHEN M , JOHNSON DONALD B , ABRAHAM DENNIS G , KARNE RAMESH K , LE AN V , PRYMAK ROSTISLAW , THOMAS JULIAN , WILKINS JOHN D , YEH PHIL C , SMITH RONALD M
-
20.发明专利
公开(公告)号:CA1308202C
公开(公告)日:1992-09-29
申请号:CA584970
申请日:1988-12-05
Applicant: IBM
Inventor: BAUM RICHARD I , BORDEN TERRY L , BUTWELL JUSTIN R , CLARK CARL E , GANEK ALAN G , LUM JAMES , MALL MICHAEL G , PLAMBECK KENNETH E , SCALZI CASPER A , SCHMALZ RICHARD J , SMITH RONALD M , THOMAS JULIAN
Abstract: PO98/-004 ACCESS REGISTER TRANSLATION MEANS FOR ADDRESS GENERATING MECHANISM FOR MULTIPLE VIRTUAL SPACES A method and apparatus is provided to translate the contents of access registers into information for use in performing addressing functions for multiple virtual address spaces. The access registers represent the full addressing capability of the system but do not directly contain the addressing information. The system has a plurality of general purpose registers, a plurality of access registers associated with the general registers, an access list having access list entries which is addressed by the contents of the access register, memory storage for holding address space number second table entries (ASTE), where the contents of the access list entry locate the ASTE and where the ASTE contains the addressing information needed to translate a virtual address when combined with the contents of a general purpose register. Access register translation (ART) consists of the process of determining addressing information by using the access list entry and the ASTE. The results of the ART process are stored in an ART lookaside buffer (ALB) which stores the results of ART while valid for later use.
-
-
-
-
-
-
-
-
-
Search Results
22
records
(took 0.019 seconds)
