公开(公告)号：CA2322686A1

公开(公告)日：1999-09-30

申请号：CA2322686

申请日：1998-11-12

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  OESTREICHER MARCUS

IPC: G06F9/54 ,  G06F9/44 ,  G06F9/445 ,  G06F9/50

Abstract: A Java runtime system is proposed which comprises a stack-based interpreter executing a program that comprises bytecodes and class structures. The system further comprises a modified constant pool with internal information of use only during linking and with external information to be preserved for late code binding. The internal information is removed from the modified constant pool after linking.

公开(公告)号：GB2523057B

公开(公告)日：2015-10-07

申请号：GB201510657

申请日：2013-11-26

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  GSCHWIND THOMAS ,  SCHADE ANDREAS

IPC: G06F21/57 ,  G06F9/44

公开(公告)号：DE112014000337T5

公开(公告)日：2015-09-10

申请号：DE112014000337

申请日：2014-03-14

Applicant: IBM

Inventor： BUHLER PETER ,  GARCES-ERICE LUIS ,  GSCHWIND THOMAS ,  HOERING FRANK ,  ROONEY JOHN G ,  SCOTTON PAOLO ,  BAENTSCH MICHAEL ,  KUYPER-HAMMOND MICHAEL PETER

IPC: G06F21/57 ,  G06F9/445

Abstract: Die vorliegende Erfindung bezieht sich insbesondere auf ein Verfahren zum Ausführen von Software-Modulen auf einem Computer, wobei das Verfahren aufweist: Ausführen (S4) eines Boot-Ladeprogramms (15, 16) zumindest teilweise (16) auf dem Computer (101); und bei Ausführung des Boot-Ladeprogramms: Zugreifen (S5) auf Anforderungen an einen Anfangssatz (IS) von Software-Modulen SMn; und Hardware-Spezifikationen des Computers; Ermitteln (S6) innerhalb des Anfangssatzes eines oder mehrerer Kandidatensätze (CS1, CS2) von Software-Modulen, die mit den Hardware-Spezifikationen kompatibel sind (S6a) und als RAM-Platte speicherbar sind (S6b); und Speichern (S9) der Software-Module eines Abschlusssatzes (FS) auf einer RAM-Platte (121), wobei es sich bei dem Abschlusssatz (FS) um einen des einen oder der mehreren Kandidatensätze handelt, und Anweisen, die auf der RAM-Platte gespeicherten Software-Module auszuführen, wobei sowohl der Anfangssatz als auch der Abschlusssatz von Software-Modulen Anwendungskomponenten und Betriebssystem-Abbildkomponenten aufweist und des Weiteren bevorzugt Hardware-Komponententreiber aufweist. Die vorliegende Erfindung bezieht sich des Weiteren auf ein Boot-Ladeprogramm, eine für Benutzer vertrauenswürdige Einheit und ein System.

公开(公告)号：GB2512376A

公开(公告)日：2014-10-01

申请号：GB201305727

申请日：2013-03-28

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  GARCES-ERICE LUIS ,  GSCHWIND THOMAS ,  HOERING FRANK ,  KUYPER-HAMMOND MICHAEL PETER ,  ROONEY JOHN G ,  SCOTTON PAOLO

IPC: G06F9/44 ,  G06F21/57

Abstract: Disclosed is a method of executing software modules on a computer. The method start by executing S4 a bootloader in the computer and then accessing S5 requirements as to an initial set of software modules and hardware specifications of the computer. Then determining S6 within the initial set, a candidate set CS1 of software modules that are compatible S6a with the hardware specifications and can S6b be stored as a RAM disk and storing S9 the software modules of a final set on a RAM disk , the final set being a candidate set. Executing the software modules stored on the RAM disk, wherein each of the initial set and the final set of software modules comprises application components and operating system image components and hardware component drivers. A trusted device such as a USB drive may hold the bootloader and the software modules.

公开(公告)号：DE112011103580T5

公开(公告)日：2013-11-21

申请号：DE112011103580

申请日：2011-10-18

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  DYKEMAN HAROLD DOUGLAS ,  OSBORNE MICHAEL CHARLES ,  WEIGOLD THOMAS D ,  HERMANN RETO JOSEF ,  KRAMP THORSTEN ,  KYPER-HAMMOND MICHAEL PETER

IPC: G06F21/60 ,  G06F21/62

Abstract: Die Erfindung bezieht sich konkret auf ein Verfahren, eine sichere Einheit, ein System und ein Computerprogrammprodukt für das sichere Verwalten des Benutzerzugriffs auf ein Dateisystem. Das Verfahren weist die Schritte auf des: – Bereitstellens (S100) einer sicheren Einheit (10), wobei diese entwurfsbedingt gegen bösartige Software oder Schadsoftware geschützt und so gestaltet ist, dass über ein Telekommunikationsnetzwerk eine Verbindung mit einem Server (40) hergestellt wird und dies vorzugsweise über einen Host (30) erfolgt, der mit dem Server (40) verbunden ist; – Herstellens (S300) einer Verbindung (91) zwischen der sicheren Einheit und dem Server (40); – Empfangens (S350) von Daten, die einem Dateisystem zugehörig sind, das Dateien identifiziert, die zumindest teilweise außerhalb der sicheren Einheit gespeichert sind, über die hergestellte Verbindung (91) in der sicheren Einheit; – Offenlegens (S600) des Dateisystems auf der sicheren Einheit gegenüber einem Benutzer auf der Grundlage der Daten, die von dem Server empfangen wurden, wobei das Dateisystem durch den Benutzer steuerbar ist.

公开(公告)号：GB2498139A

公开(公告)日：2013-07-03

申请号：GB201306126

申请日：2011-10-18

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  DYKEMAN HAROLD D ,  HERMANN RETO ,  KRAMP THORSTEN ,  KYPER-HAMMOND MICHAEL PETER ,  OSBORNE CHARLES ,  WEIGOLD THOMAS D

IPC: G06F21/62 ,  G06F21/00

Abstract: The invention is notably directed to a method, a secure device, a system and a computer program product for securely managing user access to a file system. The method comprises the steps of: - providing (S100) a secure device (10), the latter protected by design against malicious software or malware and adapted to establish a connection to a server (40 through a telecommunication network and this, preferably via a host (30) connected to the server (40); - establishing (S300) a connection (91) between the secure device and the server (40); - receiving (S350) at the secure device, through the established connection (91), data pertaining to a file system identifying files which are at least partly stored outside the secure device; - exposing (S600) at the secure device the file system to a user, based on the data received from the server, the file system navigable by the user.

公开(公告)号：CA2504843C

公开(公告)日：2011-02-22

申请号：CA2504843

申请日：2003-10-24

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HORING FRANK ,  KRAMP THORSTEN ,  OESTREICHER MARCUS ,  OSBORNE MICHAEL ,  WEIGOLD THOMAS D

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key and an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

公开(公告)号：AU2009294201A1

公开(公告)日：2010-03-25

申请号：AU2009294201

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: G06F21/34 ,  G06Q40/00

Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

公开(公告)号：AT336135T

公开(公告)日：2006-09-15

申请号：AT03751197

申请日：2003-10-24

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  KRAMP THORSTEN ,  OESTREICHER MARCUS ,  OSBORNE MICHAEL ,  WEIGOLD THOMAS D

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

公开(公告)号：CA2504843A1

公开(公告)日：2004-05-21

申请号：CA2504843

申请日：2003-10-24

Applicant: IBM

Inventor： KRAMP THORSTEN ,  WEIGOLD THOMAS D ,  BAENTSCH MICHAEL ,  EIRICH THOMAS ,  OESTREICHER MARCUS ,  HORING FRANK ,  OSBORNE MICHAEL ,  BUHLER PETER

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, i n the user device, storing an encryption key and an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in t he message to retrieve the key from storage. The set of access codes is encrypt ed using the retrieved key to produce an encrypted set. A message containing th e encrypted set is sent to the user device via the network. In the user device , the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.