公开(公告)号：WO2009144602A1

公开(公告)日：2009-12-03

申请号：PCT/IB2009/051682

申请日：2009-04-24

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  CARBONE, Martim ,  JANSEN, Bernhard ,  RAMASAMY, HariGovind V. ,  SCHUNTER, Matthias ,  TANNER, Axel ,  ZAMBONI, Diego

Inventor： CARBONE, Martim ,  JANSEN, Bernhard ,  RAMASAMY, HariGovind V. ,  SCHUNTER, Matthias ,  TANNER, Axel ,  ZAMBONI, Diego

IPC: G06F21/00

CPC classification number: G06F21/53 ,  G06F9/45541 ,  G06F9/45558 ,  G06F2009/45587

Abstract: Avirtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least one ofa memory module and a storage module of thecomputer system. At least one ofread access and write access to at least one portion of theat least one of a memory module and a storage moduleis controlled, with thevirtualization layer. The insertion ofthe virtualization layer is accomplished in an on-the-fly manner (that is, without rebooting the computer system). An additional aspect includes controlling installation of a security program from the virtualization layer.

Abstract translation: 虚拟化层插入在（i）计算机系统的操作系统之间，和（ii）计算机系统的存储器模块和存储模块中的至少一个。 存储模块和存储模块中的至少一个的至少一部分的至少一个访问和写入访问与虚拟化层一起被控制。 虚拟化层的插入是以动态方式实现的（即，不重新启动计算机系统）。 另一方面包括控制来自虚拟化层的安全程序的安装。

公开(公告)号：WO2010103466A3

公开(公告)日：2010-11-04

申请号：PCT/IB2010051027

申请日：2010-03-10

Applicant: IBM ,  HERMANN RETO JOSEF ,  JULISCH KLAUS ,  SCHUNTER MATTHIAS

Inventor： HERMANN RETO JOSEF ,  JULISCH KLAUS ,  SCHUNTER MATTHIAS

IPC: G06F21/00

CPC classification number: G06F21/57

Abstract: A peripheral device includes an interface configured to communicate with a computer, the peripheral device; logic configured to perform an integrity verification of an operating system of the computer; and a display configured to display a result of the integrity verification. A method for integrity verification of a computer using a peripheral device includes connecting the peripheral device to the computer; sending a challenge from the device to the computer; computing attestation data using the challenge and information stored in the computer, retrieving the attestation data from the computer by a client program running on the computer; sending the attestation data to the peripheral device; and verifying the attestation data by the peripheral device.

Abstract translation: 外围设备包括被配置为与计算机通信的接口，外围设备; 经配置以执行所述计算机的操作系统的完整性验证的逻辑; 以及被配置为显示完整性验证的结果的显示器。 一种使用外围设备对计算机进行完整性验证的方法，包括：将外围设备连接到计算机; 从设备向计算机发送挑战; 使用存储在计算机中的询问和信息来计算证明数据，通过在计算机上运行的客户端程序从计算机检索证明数据; 将证明数据发送到外围设备; 并通过外围设备验证证明数据。

公开(公告)号：WO2010103466A2

公开(公告)日：2010-09-16

申请号：PCT/IB2010/051027

申请日：2010-03-10

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  HERMANN, Reto Josef ,  JULISCH, Klaus ,  SCHUNTER, Matthias

Inventor： HERMANN, Reto Josef ,  JULISCH, Klaus ,  SCHUNTER, Matthias

IPC: G06F21/00

CPC classification number: G06F21/57

Abstract: A peripheral device includes an interface configured to communicate with a computer, the peripheral device; logic configured to perform an integrity verification of an operating system of the computer; and a display configured to display a result of the integrity verification. A method for integrity verification of a computer using a peripheral device includes connecting the peripheral device to the computer; sending a challenge from the device to the computer; computing attestation data using the challenge and information stored in the computer, retrieving the attestation data from the computer by a client program running on the computer; sending the attestation data to the peripheral device; and verifying the attestation data by the peripheral device.

Abstract translation: 外围设备包括被配置为与计算机通信的接口，所述外围设备; 被配置为执行计算机的操作系统的完整性验证的逻辑; 以及配置为显示完整性验证的结果的显示器。 使用外围设备对计算机进行完整性验证的方法包括将外围设备连接到计算机; 从设备向计算机发送挑战; 使用存储在计算机中的挑战和信息来计算认证数据，通过在计算机上运行的客户端程序从计算机检索认证数据; 将认证数据发送到外围设备; 并验证外围设备的认证数据。

公开(公告)号：WO2005017720A1

公开(公告)日：2005-02-24

申请号：PCT/EP2004/051803

申请日：2004-08-16

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  IBM UNITED KINGDOM LIMITED ,  BETZ, Linda ,  DAYKA, John ,  FARRELL, Walter ,  GUSKI, Richard ,  KARJOTH, Guenter ,  NELSON, Mark ,  PFITZMANN, Birgit ,  SCHUNTER, Matthias ,  WAIDNER, Michael

Inventor： BETZ, Linda ,  DAYKA, John ,  FARRELL, Walter ,  GUSKI, Richard ,  KARJOTH, Guenter ,  NELSON, Mark ,  PFITZMANN, Birgit ,  SCHUNTER, Matthias ,  WAIDNER, Michael

IPC: G06F1/00

CPC classification number: G06F21/629 ,  G06F21/6245 ,  G06F2221/2101 ,  G06F2221/2113 ,  G06F2221/2141 ,  G06F2221/2149

Abstract: A data access control facility is implemented by assigning personally identifying information (PH) classification labels to PH data objects, with each PH data object having one PH classification label assigned thereto. The control facility further includes at least one PH purpose serving function set (PSFS) comprising a list of application functions that read or write PH data objects. Each PH PSFS is also assigned a PH classification label. A PH data object is accessible via an application function of a PTI PSFS having a PH classification label that is identical to or dominant of the PH classification label of the PH object. A user of the control facility is assigned a PH clearance set which contains a list of at least one PH classification label, which is employed in determining whether the user is entitled to access a particular function.

Abstract translation: 通过将个人识别信息（PH）分类标签分配给PH数据对象来实现数据访问控制设施，每个PH数据对象分配一个PH分类标签。 控制设备还包括至少一个PH目的服务功能集（PSFS），其包括读取或写入PH数据对象的应用功能列表。 每个PH PSFS也分配了一个PH分类标签。 PH数据对象可通过具有与PH对象的PH分类标签相同或占优的PH分类标签的PTI PSFS的应用功能来访问。 为控制设施的用户分配一个PH间隙集合，其包含至少一个PH分类标签的列表，该列表用于确定用户是否有权访问特定功能。