公开(公告)号：GB2522512A

公开(公告)日：2015-07-29

申请号：GB201420718

申请日：2014-11-21

Applicant: IBM

Inventor： IOANNOU NIKOLAS ,  KOLTSIDAS IOANNIS ,  PLETKA ROMAN ,  TOMIC SASA ,  WEIGOLD THOMAS D

IPC: G06F12/02

Abstract: A method for managing a memory by a memory controller which delays a unit (block) of memory, such as flash memory, from being considered for reclamation (garbage collection) using a second pool (2) of blocks which are not considered for garbage collection and a first pool (1) of blocks which is available for garbage collection. The memory comprises a set of blocks; each block comprising a set of pages. Data updates are performed by writing data updates out-of-­place, and invalidating the page containing the outdated data. The method moves a block from the first pool (1) to the second pool (2) in response to invalidating a first one of the pages contained in this unit. This unit is returned from the second pool (2) to the first pool (1) after a defined number of blocks of the set have been written; preferably the second pool comprises a single queue, a circular buffer (21) of queues with index pointer (22), or first-in, first-out (FIFO) buffer. A block is selected out of the first pool (1) for reclamation by the block reclaiming process.

公开(公告)号：AT544114T

公开(公告)日：2012-02-15

申请号：AT07826951

申请日：2007-11-02

Applicant: IBM

Inventor： KRAMP THORSTEN ,  BUHLER PETER ,  BAENTSCH MICHAEL ,  HOERING FRANK ,  WEIGOLD THOMAS D

IPC: G06F11/14 ,  G06F17/30

Abstract: A method for transactional writing of data into a persistent memory comprising memory cells includes a transactional writing step and a transaction recovery step. The transactional writing step comprises one or more memory cell writing steps comprising the sub-steps of writing in a transaction buffer as transaction buffer entry the current data value and the corresponding address of the respective memory cell, writing a first valid marker for the memory cell in the transaction buffer, and writing a new data value to the memory cell. The transaction recovery step is performed in case of an abortion of the transactional writing step for restoring the current data values of the aborted transaction in the persistent memory, the transaction recovery step comprising the sub-step of writing a transaction recovery marker to the transaction buffer indicating the start of the transaction recovery.

公开(公告)号：MX2011002423A

公开(公告)日：2011-04-05

申请号：MX2011002423

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: G06F21/34 ,  G06Q40/00

Abstract: Se proporciona un dispositivo de autorización para autorizar las operaciones de un servidor remoto pedidas desde computadoras de usuario vía una red de comunicaciones de datos. El dispositivo tiene una interface computacional para conecta el dispositivo a una computadora local de usuario para la comunicación con el servidor remoto, y una interface de usuario para presentar la información a un usuario. La lógica de control del dispositivo se adapta para usar los datos de seguridad para establecer entre el dispositivo y el servidor, por medio de la computadora local de usuario, una conexión autenticada mutuamente para las comunicaciones encriptadas de extremo a extremo entre el dispositivo y el servidor. La lógica de control recopila del servidor, vía esta conexión, la información indicativa de cualquier operación pedida por las computadoras de usuario mediante otras conexiones al servidor y que requieren la autorización por parte de un usuario del dispositivo. Esta información es presentada a un usuario por medio de la interface de usuario para pedir la autorización del usuario. Las operaciones de servidor son controladas en conformidad con los datos de las reglas que definen las operaciones que requieren de autorización de uno ó más usuarios autorizadores. La lógica de control del aparato de control del servidor responde a una petición de operación de una computadora de usuario al determinar, a partir de los datos de las reglas, sí se requiere la autorización de por lo menos un usuario autorizador para esta operación. De ser así, la operación se difiere. Cuando una conexión autenticada mutuamente se establece con un dispositivo autorizador, el aparato de control puede suministrar la información indicativa de cualquier operación diferida pedida desde las computadoras de usuario y que requieren la autorización por parte del usuario del dispositivo. Una operación diferida sólo se lleva a cabo después de la recepción de la autorización de cada usuario autorizador cuya autorización se requiere para esta operación, proporcionando una autorización segura de múltiples partes en un ambiente de computación móvil.

公开(公告)号：CA2926128A1

公开(公告)日：2010-03-25

申请号：CA2926128

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: H04L9/32 ,  G06F21/34

Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually-authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.

公开(公告)号：DE112011103580T5

公开(公告)日：2013-11-21

申请号：DE112011103580

申请日：2011-10-18

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  DYKEMAN HAROLD DOUGLAS ,  OSBORNE MICHAEL CHARLES ,  WEIGOLD THOMAS D ,  HERMANN RETO JOSEF ,  KRAMP THORSTEN ,  KYPER-HAMMOND MICHAEL PETER

IPC: G06F21/60 ,  G06F21/62

Abstract: Die Erfindung bezieht sich konkret auf ein Verfahren, eine sichere Einheit, ein System und ein Computerprogrammprodukt für das sichere Verwalten des Benutzerzugriffs auf ein Dateisystem. Das Verfahren weist die Schritte auf des: – Bereitstellens (S100) einer sicheren Einheit (10), wobei diese entwurfsbedingt gegen bösartige Software oder Schadsoftware geschützt und so gestaltet ist, dass über ein Telekommunikationsnetzwerk eine Verbindung mit einem Server (40) hergestellt wird und dies vorzugsweise über einen Host (30) erfolgt, der mit dem Server (40) verbunden ist; – Herstellens (S300) einer Verbindung (91) zwischen der sicheren Einheit und dem Server (40); – Empfangens (S350) von Daten, die einem Dateisystem zugehörig sind, das Dateien identifiziert, die zumindest teilweise außerhalb der sicheren Einheit gespeichert sind, über die hergestellte Verbindung (91) in der sicheren Einheit; – Offenlegens (S600) des Dateisystems auf der sicheren Einheit gegenüber einem Benutzer auf der Grundlage der Daten, die von dem Server empfangen wurden, wobei das Dateisystem durch den Benutzer steuerbar ist.

公开(公告)号：GB2498139A

公开(公告)日：2013-07-03

申请号：GB201306126

申请日：2011-10-18

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  DYKEMAN HAROLD D ,  HERMANN RETO ,  KRAMP THORSTEN ,  KYPER-HAMMOND MICHAEL PETER ,  OSBORNE CHARLES ,  WEIGOLD THOMAS D

IPC: G06F21/62 ,  G06F21/00

Abstract: The invention is notably directed to a method, a secure device, a system and a computer program product for securely managing user access to a file system. The method comprises the steps of: - providing (S100) a secure device (10), the latter protected by design against malicious software or malware and adapted to establish a connection to a server (40 through a telecommunication network and this, preferably via a host (30) connected to the server (40); - establishing (S300) a connection (91) between the secure device and the server (40); - receiving (S350) at the secure device, through the established connection (91), data pertaining to a file system identifying files which are at least partly stored outside the secure device; - exposing (S600) at the secure device the file system to a user, based on the data received from the server, the file system navigable by the user.

公开(公告)号：CA2504843C

公开(公告)日：2011-02-22

申请号：CA2504843

申请日：2003-10-24

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HORING FRANK ,  KRAMP THORSTEN ,  OESTREICHER MARCUS ,  OSBORNE MICHAEL ,  WEIGOLD THOMAS D

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key and an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

公开(公告)号：AU2009294201A1

公开(公告)日：2010-03-25

申请号：AU2009294201

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: G06F21/34 ,  G06Q40/00

Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

公开(公告)号：AT336135T

公开(公告)日：2006-09-15

申请号：AT03751197

申请日：2003-10-24

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  KRAMP THORSTEN ,  OESTREICHER MARCUS ,  OSBORNE MICHAEL ,  WEIGOLD THOMAS D

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

公开(公告)号：CA2504843A1

公开(公告)日：2004-05-21

申请号：CA2504843

申请日：2003-10-24

Applicant: IBM

Inventor： KRAMP THORSTEN ,  WEIGOLD THOMAS D ,  BAENTSCH MICHAEL ,  EIRICH THOMAS ,  OESTREICHER MARCUS ,  HORING FRANK ,  OSBORNE MICHAEL ,  BUHLER PETER

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, i n the user device, storing an encryption key and an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in t he message to retrieve the key from storage. The set of access codes is encrypt ed using the retrieved key to produce an encrypted set. A message containing th e encrypted set is sent to the user device via the network. In the user device , the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.