-
公开(公告)号:MX2021010588A
公开(公告)日:2021-10-13
申请号:MX2021010588
申请日:2020-02-27
Applicant: IBM
Inventor: VISEGRADY TAMAS , BUENDGEN REINHARD , FRANZKI INGO
Abstract: Un método, producto de programa informático, y un sistema donde un control de interfaz segura configura un módulo de seguridad de hardware para uso exclusivo por un invitado seguro. El control de interfaz segura ("SC") obtiene una solicitud de configuración (a través de un hipervisor) para configurar el módulo de seguridad de hardware (HSM), de un invitado dado de invitados gestionados por el hipervisor. El SC determina si el HSM ya está configurado a un invitado específico del uno o más invitados, pero con base en determinar que el HSM no está configurado al y es un invitado seguro del SC que excluye el establecimiento de una configuración del HSM por acceso limitado por los invitados al HSM exclusivamente al invitado dado. El SC registra el invitado dado en el HSM al utilizar un secreto del invitado dado. El SC obtiene, del HSM, un código de sesión y retiene el código de sesión.
-
公开(公告)号:SG11202105418YA
公开(公告)日:2021-06-29
申请号:SG11202105418Y
申请日:2020-02-26
Applicant: IBM
Inventor: HELLER LISA , BUSABA FADI , BRADBURY JONATHAN , BORNTRAEGER CHRISTIAN , BACHER UTZ , BUENDGEN REINHARD
Abstract: A method is provided. The method is implemented by a communication interface of a secure interface control executing between the secure interface control of a computer and hardware of the computer/In this regard, the communication interface receives an instruction and determines whether the instruction is a millicoded instruction. Further, the communication interface enters a millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface based on the instruction being the millicoded instruction. The millicode, then, executes the instruction
-
公开(公告)号:AU2020236629A1
公开(公告)日:2021-06-10
申请号:AU2020236629
申请日:2020-02-17
Applicant: IBM
Inventor: BUENDGEN REINHARD , BORNTRAEGER CHRISTIAN , BRADBURY JONATHAN , BUSABA FADI , HELLER LISA , MIHAJLOVSKI VIKTOR
Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.
-
公开(公告)号:AU2020233906A1
公开(公告)日:2021-06-10
申请号:AU2020233906
申请日:2020-02-27
Applicant: IBM
Inventor: BUENDGEN REINHARD , BRADBURY JONATHAN
Abstract: A method, computer program product, and a system where a secure interface control determines functionality of a secure guest based on metadata. The secure interface control ("SC") obtains metadata linked to an image of a secure guest to be started by an owner and managed by the hypervisor, where the metadata comprises control(s) that indicate whether a secure guest generated with the image is permitted to obtain a response to a particular request. The SC intercepts, from the secure guest generated with the image, during runtime, a request. The SC determines, based on the control(s), if the secure guest is permitted to obtain a response to the request. If permitted, the SC commences fulfillment of the request, within the computing system. If not permitted, the SC ignores the request.
-
公开(公告)号:LT3526927T
公开(公告)日:2021-03-25
申请号:LT17780697
申请日:2017-10-02
Applicant: IBM
-
Patent Agency Ranking
公开(公告)号:CA3132753A1
公开(公告)日:2020-09-17
申请号:CA3132753
申请日:2020-02-26
Applicant: IBM
Inventor: HELLER LISA , BUSABA FADI , BRADBURY JONATHAN , BORNTRAEGER CHRISTIAN , BACHER UTZ , BUENDGEN REINHARD
Abstract: A method is provided. The method is implemented by a communication interface of a secure interface control executing between the secure interface control of a computer and hardware of the computer/ In this regard, the communication interface receives an instruction and determines whether the instruction is a millicoded instruction. Further, the communication interface enters a millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface based on the instruction being the millicoded instruction. The millicode, then, executes the instruction
-
公开(公告)号:CA3132747A1
公开(公告)日:2020-09-17
申请号:CA3132747
申请日:2020-02-27
Applicant: IBM
Inventor: BUENDGEN REINHARD , VISEGRADY TAMAS , FRANZKI INGO
Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control ("SC") obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.
-
公开(公告)号:CA3132735A1
公开(公告)日:2020-09-17
申请号:CA3132735
申请日:2020-02-17
Applicant: IBM
Inventor: BUENDGEN REINHARD , BORNTRAEGER CHRISTIAN , BRADBURY JONATHAN , BUSABA FADI , HELLER LISA , MIHAJLOVSKI VIKTOR
Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.
-
29.发明专利
公开(公告)号:GB2472057B
公开(公告)日:2016-01-27
申请号:GB0912795
申请日:2009-07-23
Applicant: IBM
Inventor: BUENDGEN REINHARD , HOLZHEU MICHAEL , DENGLER HOLGER , SAMESKE VOLKER
IPC: G06F9/54
-
公开(公告)号:GB2508344A
公开(公告)日:2014-06-04
申请号:GB201221368
申请日:2012-11-28
Applicant: IBM
Inventor: SCHWEFLINGHAUS JOCHEN , MENCIAS ANGEL NUNEZ , SCHIRMER ALBERT , LANG JAKOB , HOLZHEU MICHAEL , BUENDGEN REINHARD , SCHWIDEFSKY MARTIN
Abstract: A method for creating an operating system dump comprises dividing a main memory of a computer system into at least three contiguous memory areas 102, comprising a primary memory area, a secondary memory area and a data memory area. Also comprises booting a first instance of an OS (operating system) into the main memory 104, loading a second instance of the OS into the secondary memory 106 area using the active first instance of the OS, stopping execution of the first active instance of the OS 108 if a critical execution error occurs and re-starting the computer using the loaded, second instance of the OS 110 which becomes the active instance of the OS. Method further comprises creating a dump of the primary memory area 112, and loading a third instance of the OS into the primary memory area 114. Thus the secondary instance continues regular operation of the primary instance, while dumping the crashed primary instance so it may be possible to minimize downtime after a crash.
-
-
-
-
-
-
-
-
-
Search Results
41
records
(took 0.02 seconds)
