-
公开(公告)号:CA2926128C
公开(公告)日:2017-09-19
申请号:CA2926128
申请日:2009-09-17
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HERMANN RETO , HOERING FRANK , KRAMP THORSTEN , KUYPER MICHAEL P , WEIGOLD THOMAS D
Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually-authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.
-
Patent Agency Ranking
公开(公告)号:MX2011002423A
公开(公告)日:2011-04-05
申请号:MX2011002423
申请日:2009-09-17
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HERMANN RETO , HOERING FRANK , KRAMP THORSTEN , KUYPER MICHAEL P , WEIGOLD THOMAS D
Abstract: Se proporciona un dispositivo de autorización para autorizar las operaciones de un servidor remoto pedidas desde computadoras de usuario vía una red de comunicaciones de datos. El dispositivo tiene una interface computacional para conecta el dispositivo a una computadora local de usuario para la comunicación con el servidor remoto, y una interface de usuario para presentar la información a un usuario. La lógica de control del dispositivo se adapta para usar los datos de seguridad para establecer entre el dispositivo y el servidor, por medio de la computadora local de usuario, una conexión autenticada mutuamente para las comunicaciones encriptadas de extremo a extremo entre el dispositivo y el servidor. La lógica de control recopila del servidor, vía esta conexión, la información indicativa de cualquier operación pedida por las computadoras de usuario mediante otras conexiones al servidor y que requieren la autorización por parte de un usuario del dispositivo. Esta información es presentada a un usuario por medio de la interface de usuario para pedir la autorización del usuario. Las operaciones de servidor son controladas en conformidad con los datos de las reglas que definen las operaciones que requieren de autorización de uno ó más usuarios autorizadores. La lógica de control del aparato de control del servidor responde a una petición de operación de una computadora de usuario al determinar, a partir de los datos de las reglas, sí se requiere la autorización de por lo menos un usuario autorizador para esta operación. De ser así, la operación se difiere. Cuando una conexión autenticada mutuamente se establece con un dispositivo autorizador, el aparato de control puede suministrar la información indicativa de cualquier operación diferida pedida desde las computadoras de usuario y que requieren la autorización por parte del usuario del dispositivo. Una operación diferida sólo se lleva a cabo después de la recepción de la autorización de cada usuario autorizador cuya autorización se requiere para esta operación, proporcionando una autorización segura de múltiples partes en un ambiente de computación móvil.
-
公开(公告)号:CA2926128A1
公开(公告)日:2010-03-25
申请号:CA2926128
申请日:2009-09-17
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HERMANN RETO , HOERING FRANK , KRAMP THORSTEN , KUYPER MICHAEL P , WEIGOLD THOMAS D
Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually-authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.
-
公开(公告)号:DE60205485T2
公开(公告)日:2006-06-01
申请号:DE60205485
申请日:2002-04-11
Applicant: IBM
Inventor: BINDING CARL , DOLIVO FRANCOIS , HERMANN RETO , HUSEMANN DIRK , SCHADE ANDREAS
Abstract: A computing device comprises a processor, a memory connected to the processor, and an application program stored in the memory and executable by the processor for generating data for communication to a remote computer system via a network based on a symbolic control information. A communications protocol stack is stored in the memory and executed by the processor for effecting communication of the data from the mobile device to the remote system. The protocol stack has an application layer for receiving the data from the application program and locating the data received in an application layer protocol data unit, and a network layer for receiving the application layer protocol data unit from the application layer, locating the application layer protocol data unit in a network layer protocol data unit, locating the symbolic control information in the network layer protocol data unit separately from the application layer protocol data unit, and forwarding the network layer protocol data unit to the network for transmission to the remote system.
-
公开(公告)号:CA2337672A1
公开(公告)日:2001-10-26
申请号:CA2337672
申请日:2001-02-22
Applicant: IBM
Inventor: SCHADE ANDREAS , MOSER MICHAEL , HUSEMANN DIRK , HERMANN RETO
IPC: G06Q20/04 , G06Q20/12 , G06Q20/16 , G06Q20/24 , G06Q20/32 , G06Q20/42 , G06Q30/06 , H04L12/16 , H04Q7/20 , G06F17/60
Abstract: Method for enabling a customer, who has access to a customer system (40) and a mobile phone (43) with associated phone number, to order a deliverable (41) offered by a merchant system (45) at a certain price. The merchant system (45) is accessed through the custome r system (40) and a network (44). The deliverable (41) can be ordered using the customer system (40). An order confirmation for the deliverable (41) is sent to the mobile phone (43) using the phone number of this phone and the ordering of the deliverable (41) is confirmed by using th e mobile phone (43) to transmit a response to the merchant system (45) or to a carrier system (48). The phone bill (51) issued by the carrier system (48) for the mobile phone (43) is charged with the deliverable's price and the deliverable (41) is made available to the customer.
-
公开(公告)号:PL177486B1
公开(公告)日:1999-11-30
申请号:PL32590395
申请日:1995-08-14
Applicant: IBM
Inventor: ANTHIAS TEFCROS , DOLIVO FRANCOIS B , HERMANN RETO , PAPADOPOULOS CHRISTOS , WILLIAMSON ROBIN
Abstract: 1. The method is designed for transmitting a message from the first user to target users, while each user is ascribed to a mail server connected to the network in the manner, which ensures that the mail server is reached through the queue administrator. Unique characteristics: Addressing information is prepared for delivering a message from the mail server (20.1), ascribed to the first user (a1) in the network, to the mail servers (20.2, 20.5), ascribed to target users (b1, e1). The addressing information and the message are encapsulated in an MQ system message. A list of queues is created. It contains addresses of queue administrators (213, 21.7), through which the mail servers (20.2, 20.5) are reached. In the queue list, the set of administrators of queues of the next hops is determined and the correlated queue sub-lists are created. The route of the MQ system message to each queue administrator of the following hops is selected. The route is accompanied by a queue list, identical with the queue sublist correlated to a particular queue administrator of the following hops. As a result, the queue managers of the following hops become the operating queue administrators, each of which receive the names of local queues from the queue list and delivers the message to the queues if the queue administrator turns out to be the queue administrator from the queue list. The selection from the queue list and the selection of the route is repeated, until the message is introduced into all queues of the queue list. The MQ system messages and the addressing information from the queue of the queue list are retrieved. The addressing information is used to determine the set of target users, ascribed to mail servers, each of which delivers the message to the target user if the ascribed target user is a local user of a mail server. The previously described operations are repeated for the sub-set of target users, who are not local users, until the message is delivered to all target users.
-
-
-
-
-
Search Results
26
records
(took 0.019 seconds)
