公开(公告)号：CA2926128A1

公开(公告)日：2010-03-25

申请号：CA2926128

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: H04L9/32 ,  G06F21/34

Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually-authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.

公开(公告)号：DE60307498T2

公开(公告)日：2007-09-13

申请号：DE60307498

申请日：2003-10-24

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  KRAMP THORSTEN ,  OESTREICHER MARCUS ,  OSBORNE MICHAEL ,  WEIGOLD D

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

公开(公告)号：AU3591501A

公开(公告)日：2001-10-03

申请号：AU3591501

申请日：2001-03-09

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  OESTREICHER MARCUS

IPC: G06F12/02

Abstract: The invention is directed to a method for distinguishing reachable objects and non-reachable objects in an object-based application in a system with a volatile memory and a non-volatile memory. The object-based application operates in the non-volatile memory on the objects, whereof at least one is a root object. Each root object is processed by writing for each object that is reachable from the root object, a positive reachability information into the volatile memory and marking those objects in the non-volatile memory as reusable memory, for which no positive reachability information is present in the volatile memory.

公开(公告)号：CA2322686A1

公开(公告)日：1999-09-30

申请号：CA2322686

申请日：1998-11-12

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  OESTREICHER MARCUS

IPC: G06F9/54 ,  G06F9/44 ,  G06F9/445 ,  G06F9/50

Abstract: A Java runtime system is proposed which comprises a stack-based interpreter executing a program that comprises bytecodes and class structures. The system further comprises a modified constant pool with internal information of use only during linking and with external information to be preserved for late code binding. The internal information is removed from the modified constant pool after linking.

公开(公告)号：BRPI0919158A2

公开(公告)日：2016-08-09

申请号：BRPI0919158

申请日：2009-09-17

Applicant: IBM

Inventor： HOERING FRANK ,  BAENTSCH MICHAEL ,  KUYPER MICHAEL P ,  BUHLER PETER ,  HERMANN RETO ,  WEIGOLD THOMAS D ,  EIRICH THOMAS ,  KRAMP THORSTEN

IPC: G06F21/00 ,  G06F21/34 ,  G06Q40/00

公开(公告)号：CA2736582A1

公开(公告)日：2010-03-25

申请号：CA2736582

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: G06F21/34 ,  G06Q40/00

Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually- authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.

公开(公告)号：PL193009B1

公开(公告)日：2007-01-31

申请号：PL34299498

申请日：1998-11-12

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  OESTREICHER MARCUS

IPC: G06F9/445 ,  G06F9/54 ,  G06F9/44 ,  G06F9/50

公开(公告)号：DE69817333T2

公开(公告)日：2004-06-09

申请号：DE69817333

申请日：1998-06-05

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  HOERING FRANK ,  BUHLER PETER ,  OESTREICHER MARCUS ,  EIRICH THOMAS

IPC: G06F9/445 ,  G06K19/073 ,  G07F7/10

Abstract: A method for loading instruction codes to a first memory and linking said instruction codes is proposed, whereby at least one instruction code has as parameter an address which during a loading step is not determined. This address-parametered instruction code has assigned thereto an address place. A relocation information is loaded which during a linking step effects that the address becomes determined using a starting address and a relative address offset. The then determined address is put at the address place. During the loading step, directly after loading each address-parametered instruction code with its address place, the relocation information is loaded and the address is determined in the linking step.

公开(公告)号：DE69814174T2

公开(公告)日：2004-03-04

申请号：DE69814174

申请日：1998-11-12

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  OESTREICHER MARCUS

IPC: G06F9/54 ,  G06F9/44 ,  G06F9/445 ,  G06F9/50 ,  F16D55/225

Abstract: A Java runtime system is proposed which comprises a stack-based interpreter executing a program that comprises bytecodes and class structures. The system further comprises a modified constant pool with internal information of use only during linking and with external information to be preserved for late code binding. The internal information is removed from the modified constant pool after linking.

公开(公告)号：DE69903496T2

公开(公告)日：2003-12-04

申请号：DE69903496

申请日：1999-04-22

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  OESTREICHER MARCUS

IPC: G06F12/02

Abstract: Scheme for the distinguishing of reachable objects and non-reachable objects used by an object-based application in a system with volatile memory of limited size. The object-based application operates on n objects whereby Z objects thereof are root objects. The following steps are carried out for each root object: (a) traversing from said root object to any other object that can be reached from said root object; (b) marking all objects that were reached from said root object and storing, while marking, in said volatile memory a description of the path from said root object to the currently visited object; if the marking phase reaches an object and the respective path does not fit into said volatile memory, then this object is not marked but identified as an object which has to be processed later; and continuing the marking phase until all root objects identified as objects which have to be processed later are processed.