公开(公告)号：CA2851199C

公开(公告)日：2020-11-03

申请号：CA2851199

申请日：2012-10-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  KRAMP THORSTEN ,  KUYPER-HAMMOND MICHAEL PETER ,  WEIGOLD THOMAS D

IPC: G06F3/048 ,  G06F3/041 ,  G06F3/0488

Abstract: The invention is notably directed to methods of communication between a mobile touch- generating device (10), a touchscreen (20) and a server (30), comprising: - generating (S30) one or more touch events via the mobile touch-generating device; - detecting (S40 - S45) the generated touch events at the touchscreen and sending data of touch events via the telecommunication network (32); - receiving (S50) at the server (30) the data of touch events or related data; - sending (S60) contents selected in accordance with the received data through a secure connection (C1, C1t) established with the touch- generating device; and - receiving said contents at the touch- generating device and displaying them via the visualization means (19). It further concerns a mobile touch- generating device and a touchscreen.

公开(公告)号：CA2926128C

公开(公告)日：2017-09-19

申请号：CA2926128

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: H04L9/32 ,  G06F21/34

Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually-authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.

公开(公告)号：GB2530703A

公开(公告)日：2016-03-30

申请号：GB201602311

申请日：2014-07-15

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  HERMANN RETO JOSEF ,  ORTIZ-YEPES DIEGO

IPC: G06F1/16

Abstract: The present invention is notably directed to a handheld companion device (10), comprising: a screen (19); rigid physical connection means (13), adapted for rigidly attaching the companion device to a mobile device (20); communication means (13, 13a, 14), adapted for setting up and supporting one or more communication links with one or more external computerized systems (20, 30); and a memory (16), storing computerized methods (162), which are adapted, upon execution at the companion device, for: cooperating (S28, S30) with said communication means to set up said one or more communication links and receive orientation data (α, γ) of the mobile device (20) and contents, from said one or more external computerized systems (20, 30), via said one or more communication links; and re-arranging and displaying (S70) said contents on said screen according to said orientation data (α, γ). The present invention is further directed to related systems and methods for automatically rotating contents displayed on such devices, when rigidly attached on a handheld mobile device.

公开(公告)号：DE112013005184T5

公开(公告)日：2015-07-16

申请号：DE112013005184

申请日：2013-11-26

Applicant: IBM

Inventor： GSCHWIND THOMAS ,  SCHADE ANDREAS ,  BAENTSCH MICHAEL

IPC: G06F9/445

Abstract: Die vorliegende Erfindung ist insbesondere auf ein Verfahren gerichtet, um einen Computer (101) zu befähigen, von einer für einen Benutzer vertrauenswürdigen Einheit (10) zu booten, wobei die für einen Benutzer vertrauenswürdige Einheit (10) eine Verbindungsschnittstelle (12) aufweist, die ein Herstellen einer Verbindung (S2) mit dem Computer (101) ermöglicht, wobei das Verfahren aufweist: Ermöglichen (S3), dass der Computer (101) ein Booten von der für einen Benutzer vertrauenswürdigen Einheit (10) beginnt bei Verbindung (S2) der für einen Benutzer vertrauenswürdigen Einheit mit dem Computer (101) über die Verbindungsschnittstelle (12); Anweisen eines Prozessors (105) des Computers (101), virtualisierungskritischen Code auszuführen (S7) und beim Beendigen des Ausführens Beendigungsdaten auszugeben, wobei die Beendigungsdaten von dem virtualisierungskritischen Code und seiner Ausführung durch den Prozessor (105) abhängen; Ermitteln (S9 bis S14) auf der Grundlage der Beendigungsdaten, ob das Ausführen nicht in einer virtualisierten Umgebung erfolgte, und Ermöglichen (S15), dass der Computer (101) ein Booten von der für einen Benutzer vertrauenswürdigen Einheit (10) ausführt, wenn festgestellt wird, dass das Ausführen nicht in einer virtualisierten Umgebung erfolgte. Die Erfindung ist des Weiteren auf eine für einen Benutzer vertrauenswürdige Einheit gerichtet, die dieses Verfahren und zugehörige Systeme ermöglicht.

公开(公告)号：AT544114T

公开(公告)日：2012-02-15

申请号：AT07826951

申请日：2007-11-02

Applicant: IBM

Inventor： KRAMP THORSTEN ,  BUHLER PETER ,  BAENTSCH MICHAEL ,  HOERING FRANK ,  WEIGOLD THOMAS D

IPC: G06F11/14 ,  G06F17/30

Abstract: A method for transactional writing of data into a persistent memory comprising memory cells includes a transactional writing step and a transaction recovery step. The transactional writing step comprises one or more memory cell writing steps comprising the sub-steps of writing in a transaction buffer as transaction buffer entry the current data value and the corresponding address of the respective memory cell, writing a first valid marker for the memory cell in the transaction buffer, and writing a new data value to the memory cell. The transaction recovery step is performed in case of an abortion of the transactional writing step for restoring the current data values of the aborted transaction in the persistent memory, the transaction recovery step comprising the sub-step of writing a transaction recovery marker to the transaction buffer indicating the start of the transaction recovery.

公开(公告)号：MX2011002423A

公开(公告)日：2011-04-05

申请号：MX2011002423

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: G06F21/34 ,  G06Q40/00

Abstract: Se proporciona un dispositivo de autorización para autorizar las operaciones de un servidor remoto pedidas desde computadoras de usuario vía una red de comunicaciones de datos. El dispositivo tiene una interface computacional para conecta el dispositivo a una computadora local de usuario para la comunicación con el servidor remoto, y una interface de usuario para presentar la información a un usuario. La lógica de control del dispositivo se adapta para usar los datos de seguridad para establecer entre el dispositivo y el servidor, por medio de la computadora local de usuario, una conexión autenticada mutuamente para las comunicaciones encriptadas de extremo a extremo entre el dispositivo y el servidor. La lógica de control recopila del servidor, vía esta conexión, la información indicativa de cualquier operación pedida por las computadoras de usuario mediante otras conexiones al servidor y que requieren la autorización por parte de un usuario del dispositivo. Esta información es presentada a un usuario por medio de la interface de usuario para pedir la autorización del usuario. Las operaciones de servidor son controladas en conformidad con los datos de las reglas que definen las operaciones que requieren de autorización de uno ó más usuarios autorizadores. La lógica de control del aparato de control del servidor responde a una petición de operación de una computadora de usuario al determinar, a partir de los datos de las reglas, sí se requiere la autorización de por lo menos un usuario autorizador para esta operación. De ser así, la operación se difiere. Cuando una conexión autenticada mutuamente se establece con un dispositivo autorizador, el aparato de control puede suministrar la información indicativa de cualquier operación diferida pedida desde las computadoras de usuario y que requieren la autorización por parte del usuario del dispositivo. Una operación diferida sólo se lleva a cabo después de la recepción de la autorización de cada usuario autorizador cuya autorización se requiere para esta operación, proporcionando una autorización segura de múltiples partes en un ambiente de computación móvil.

公开(公告)号：CA2926128A1

公开(公告)日：2010-03-25

申请号：CA2926128

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: H04L9/32 ,  G06F21/34

Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually-authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.

公开(公告)号：DE60307498T2

公开(公告)日：2007-09-13

申请号：DE60307498

申请日：2003-10-24

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  KRAMP THORSTEN ,  OESTREICHER MARCUS ,  OSBORNE MICHAEL ,  WEIGOLD D

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

公开(公告)号：DE69817543T2

公开(公告)日：2004-06-24

申请号：DE69817543

申请日：1998-06-08

Applicant: IBM

Inventor： BAENTSCH MICHAEL

IPC: G06F1/00 ,  G06F1/30 ,  G06K19/07 ,  G06K19/073 ,  G07F7/10

Abstract: Integrated circuit cards comprising a microprocessor, volatile memory (RAM), non-volatile memory (ROM,EEPROM), and power coupling means allowing external power to be supplied to the card. The Integrated circuit cards further comprise failure protection means maintaining power for a short period of time in case of a power supply failure, and a power-failure detector (16) sensing a power supply failure. This power-failure detectors triggers the transfer of information from the volatile memory to the non-volatile memory if a power supply failure is sensed. The failure protection means provide power for this transfer.

公开(公告)号：AU3591501A

公开(公告)日：2001-10-03

申请号：AU3591501

申请日：2001-03-09

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  OESTREICHER MARCUS

IPC: G06F12/02

Abstract: The invention is directed to a method for distinguishing reachable objects and non-reachable objects in an object-based application in a system with a volatile memory and a non-volatile memory. The object-based application operates in the non-volatile memory on the objects, whereof at least one is a root object. Each root object is processed by writing for each object that is reachable from the root object, a positive reachability information into the volatile memory and marking those objects in the non-volatile memory as reusable memory, for which no positive reachability information is present in the volatile memory.