公开(公告)号：CA2504843C

公开(公告)日：2011-02-22

申请号：CA2504843

申请日：2003-10-24

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HORING FRANK ,  KRAMP THORSTEN ,  OESTREICHER MARCUS ,  OSBORNE MICHAEL ,  WEIGOLD THOMAS D

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key and an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

公开(公告)号：AU2009294201A1

公开(公告)日：2010-03-25

申请号：AU2009294201

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: G06F21/34 ,  G06Q40/00

Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

公开(公告)号：AT336135T

公开(公告)日：2006-09-15

申请号：AT03751197

申请日：2003-10-24

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  KRAMP THORSTEN ,  OESTREICHER MARCUS ,  OSBORNE MICHAEL ,  WEIGOLD THOMAS D

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

公开(公告)号：CA2504843A1

公开(公告)日：2004-05-21

申请号：CA2504843

申请日：2003-10-24

Applicant: IBM

Inventor： KRAMP THORSTEN ,  WEIGOLD THOMAS D ,  BAENTSCH MICHAEL ,  EIRICH THOMAS ,  OESTREICHER MARCUS ,  HORING FRANK ,  OSBORNE MICHAEL ,  BUHLER PETER

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, i n the user device, storing an encryption key and an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in t he message to retrieve the key from storage. The set of access codes is encrypt ed using the retrieved key to produce an encrypted set. A message containing th e encrypted set is sent to the user device via the network. In the user device , the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.

公开(公告)号：CA2465333A1

公开(公告)日：2003-05-22

申请号：CA2465333

申请日：2002-11-05

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  OESTREICHER MARCUS ,  WEIGOLD THOMAS D

IPC: G06F21/76 ,  G06F1/00 ,  G06F21/60 ,  G06K19/073 ,  H04L9/10 ,  H04L9/28 ,  H04L9/32 ,  H04L29/06 ,  G06F12/14

Abstract: The invention is directed to a data-processing system comprising a processor and first encrypted information in a first persistent memory whose level of information leakage is higher than that of a second persistent memory. In the second persistent memory is stored a first cryptographic key for decrypting the first encrypted information, thereby generating therefrom first unencrypted information that is usable by the processor for executing an operation. The same cryptographic key may also be used for encrypting the first unencrypted information, thereby generating the first encrypted information. It is also directed to a method of processing such a data-processing system with an operating system, comprising a writing step for writing first unencrypted information into the first persistent memory, an encryption step for encrypting the first unencrypted information under use of the first cryptographic key, creating therefrom first encrypted information in the first persistent memory, and an access-limitation step for setting the data-processing system to a state in which writing into the first persistent memory is controlled by the operating system. It also relates to a method of executing an operation on such a data-processing system comprising a decryption step for decrypting the first encrypted information under use of the first cryptographic key, thereby generating therefrom first unencrypted information and an execution step for executing an operation by the processor, using the first unencrypted information.