公开(公告)号：IL285112A

公开(公告)日：2021-09-30

申请号：IL28511221

申请日：2021-07-25

Applicant: IBM ,  REINHARD T BUENDGEN ,  TAMAS VISEGRADY ,  INGO FRANZKI

Inventor： REINHARD T BUENDGEN ,  TAMAS VISEGRADY ,  INGO FRANZKI

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

公开(公告)号：WO2012123833A1

公开(公告)日：2012-09-20

申请号：PCT/IB2012/050798

申请日：2012-02-22

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  IBM Japan, Ltd. ,  OSBORNE, Michael Charles ,  TAMAS, Visegrady

Inventor： OSBORNE, Michael Charles ,  TAMAS, Visegrady

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  H04L2209/38

Abstract: The invention is notably directed to methods and systems for enabling digital signature auditing (S41). The methods are implemented in a computerized system (1) comprising a server (10) communicating with applications (A, B, C), and comprising, at the server, steps of: - receiving (S13) one or more signature requests (a i, b i, c i ) issued by one or more of the applications; - forwarding (S14) first data corresponding to the received signature requests to one or more signing entities (Sig – 4 ) for subsequent signature of the first data; - storing (S16) an updated system state (s n+ ), computed (S15) using a function of: - a reference system state (s n ); and - second data (a i, b i, c i, A i, B i, C i ) corresponding to the received signature requests, whereby the reference system state and the updated system state attest to 1 the signature requests; and - repeating the above steps (S12 – S16), using the updated system state (s n+ ) as a new reference system state.

Abstract translation: 本发明特别涉及用于启用数字签名审核的方法和系统（S41）。 该方法在包括与应用（A，B，C）通信的服务器（10）的计算机系统（1）中实现，并且在服务器处包括以下步骤： - 接收（S13）一个或多个签名请求（ai ，bi，ci）由一个或多个申请发出; - 将与所接收的签名请求对应的第一数据转发（S14）给一个或多个签名实体（Sig-4），用于随后的第一数据签名; - 使用以下功能存储（S16）更新的系统状态（s n +），计算（S15）： - 参考系统状态（s n）; 对应于接收到的签名请求的第二数据（a i，b i，c i，A i，B i，C i），由此参考系统状态和更新的系统状态证明签名请求; 以及 - 使用更新的系统状态（s n +）作为新的参考系统状态来重复上述步骤（S12-S16）。

公开(公告)号：IL285112B2

公开(公告)日：2024-04-01

申请号：IL28511221

申请日：2021-07-25

Applicant: IBM ,  REINHARD T BUENDGEN ,  TAMAS VISEGRADY ,  INGO FRANZKI

Inventor： REINHARD T BUENDGEN ,  TAMAS VISEGRADY ,  INGO FRANZKI

IPC: G06F21/44 ,  G06F21/57 ,  G06F21/64 ,  G06F21/71 ,  G06F21/86

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

公开(公告)号：IL285112B1

公开(公告)日：2023-12-01

申请号：IL28511221

申请日：2021-07-25

Applicant: IBM ,  REINHARD T BUENDGEN ,  TAMAS VISEGRADY ,  INGO FRANZKI

Inventor： REINHARD T BUENDGEN ,  TAMAS VISEGRADY ,  INGO FRANZKI

IPC: G06F21/44 ,  G06F21/57 ,  G06F21/64 ,  G06F21/71 ,  G06F21/86

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

公开(公告)号：IL285112D0

公开(公告)日：2021-09-30

申请号：IL28511221

申请日：2021-07-25

Applicant: IBM ,  REINHARD T BUENDGEN ,  TAMAS VISEGRADY ,  INGO FRANZKI

Inventor： REINHARD T BUENDGEN ,  TAMAS VISEGRADY ,  INGO FRANZKI

IPC: G06F9/455 ,  G06F21/44 ,  G06F21/57 ,  G06F21/64 ,  G06F21/71 ,  G06F21/86 ,  H04L9/08

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

公开(公告)号：US09998288B2

公开(公告)日：2018-06-12

申请号：US13036445

申请日：2011-02-28

Applicant: Michael Baentsch ,  Harold D. Dykeman ,  Michael C. Osborne ,  Tamas Visegrady

Inventor： Michael Baentsch ,  Harold D. Dykeman ,  Michael C. Osborne ,  Tamas Visegrady

IPC: H04L9/32 ,  H04L9/26 ,  G06F21/44 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3273 ,  G06F21/445 ,  H04L9/0897 ,  H04L63/0428 ,  H04L63/0853 ,  H04L63/0884 ,  H04L2209/76

Abstract: A security device (6) is provided for facilitating management of secret data items such as cryptographic keys which are used by a remote server (2) to authenticate operations of the server (2). The device (6) has a user interface (13), control logic (16) and a computer interface (11) for connecting the device (6) to a local user computer (5) for communication with the remote server (2) via a data communications network (3). The control logic is adapted to establish via the user computer (5) a mutually-authenticated connection for encrypted end-to-end communications between the device (6) and server (2). In a backup operation, the secret data items are received from the server (2) via this connection. The control logic interacts with the user via the user interface (13) to obtain user authorization to backup secret data items and, in response, stores the secret data items in memory (10). To restore secret data items to the server, the control logic interacts with the user via the user interface (13) to obtain user authorization to restore secret data items and, in response, sends the secret data items to the server (2) via said connection.

公开(公告)号：US09251337B2

公开(公告)日：2016-02-02

申请号：US13095471

申请日：2011-04-27

Applicant: John C. Dayka ,  Michael J. Jordan ,  James W. Sweeny ,  Tamas Visegrady

Inventor： John C. Dayka ,  Michael J. Jordan ,  James W. Sweeny ,  Tamas Visegrady

IPC: G06F9/46 ,  G06F21/53

CPC classification number: G06F21/53

Abstract: A system for remapping subsets of host-centric application programming interfaces to commodity service providers includes a processor configured to receive a commodity service providers object, embed the commodity service providers object with a handle, transform the handle into a serialized object readable by a hardware security module, generate a virtualized handle from the transformed handle, select a target hardware security module based on characteristics of the serialized object and map the virtualized handle to the target hardware security module.

Abstract translation: 用于将以主机为中心的应用编程接口的子集重新映射到商品服务提供商的系统包括被配置为接收商品服务提供商对象的处理器，用手柄嵌入商品服务提供商对象，将该句柄转换成硬件安全性可读的串行化对象 模块，从变换的句柄生成虚拟化句柄，根据序列化对象的特征选择目标硬件安全模块，并将虚拟化句柄映射到目标硬件安全模块。

公开(公告)号：US08763906B2

公开(公告)日：2014-07-01

申请号：US13570829

申请日：2012-08-09

Applicant: Michael Peter Kuyper-Hammond ,  Michael Charles Osborne ,  Tamas Visegrady

Inventor： Michael Peter Kuyper-Hammond ,  Michael Charles Osborne ,  Tamas Visegrady

IPC: G06K7/10

CPC classification number: G06K19/06028

Abstract: A method of decoding a two-dimensional enhanced-density barcode. A first and a second barcode are encoded in the enhanced-density barcode. The enhanced-density barcode includes a set of blocks. Each block includes a predefined number of sub-pixels. The blocks of the enhanced-density barcode being arranged relatively to each other in a geometrical lattice having a first and a second lattice direction. The method includes the steps of distorting of the enhanced-density barcode in the first lattice direction, resulting in a first distorted barcode, distorting of the enhanced-density barcode in the second lattice direction, resulting in a second distorted barcode, reconstructing the first barcode by low-pass filtering the first distorted barcode, reconstructing the second barcode by low-pass filtering the second distorted barcode.

Abstract translation: 一种解码二维增强密度条形码的方法。 在增强密度条形码中编码第一和第二条形码。 增强密度条形码包括一组块。 每个块包括预定数量的子像素。 增强密度条形码的块在具有第一和第二格子方向的几何格子中彼此相对地布置。 该方法包括以下步骤：使加强密度条形码在第一格子方向上失真，导致第一失真条形码，第二格子方向上增强密度条形码的失真，导致第二失真条形码，重建第一条形码 通过对第一失真条形码进行低通滤波，通过对第二失真条形码进行低通滤波来重构第二条形码。

公开(公告)号：US08601256B2

公开(公告)日：2013-12-03

申请号：US12402772

申请日：2009-03-12

Applicant: Michael Baentsch ,  Reto Hermann ,  Thorsten Kramp ,  Thomas D. Weigold ,  Peter Buhler ,  Thomas Eirich ,  Tamas Visegrady

Inventor： Michael Baentsch ,  Reto Hermann ,  Thorsten Kramp ,  Thomas D. Weigold ,  Peter Buhler ,  Thomas Eirich ,  Tamas Visegrady

IPC: H04L29/06

CPC classification number: H04L63/0869 ,  G06Q20/08 ,  G06Q20/42 ,  H04L63/0471 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/166 ,  H04L67/42 ,  H04L2463/102

Abstract: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.

Abstract translation: 在服务器计算机和客户端计算机之间执行电子交易的系统和方法。 该方法通过网络实现具有加密数据传输和服务器与硬件设备之间的相互认证的通信协议，执行加密服务器响应的解密，将解密的服务器响应从硬件设备转发到客户端计算机，显示解密的服务器 在客户端显示器上的响应，接收从客户端计算机发送到服务器的请求，通过硬件设备解析客户端对预定义交易信息的请求，对客户端请求进行加密和转发，检测到显示预定义的事务信息，转发和加密 如果接收到用户确认，则将包含预定义交易信息的客户端请求发送到服务器，如果没有接收到用户确认，则取消该交易。

公开(公告)号：US20120278820A1

公开(公告)日：2012-11-01

申请号：US13095471

申请日：2011-04-27

Applicant: John C. Dayka ,  Michael J. Jordan ,  James W. Sweeny ,  Tamas Visegrady

Inventor： John C. Dayka ,  Michael J. Jordan ,  James W. Sweeny ,  Tamas Visegrady

IPC: G06F9/46

CPC classification number: G06F21/53

Abstract: A system for remapping subsets of host-centric application programming interfaces to commodity service providers includes a processor configured to receive a commodity service providers object, embed the commodity service providers object with a handle, transform the handle into a serialized object readable by a hardware security module, generate a virtualized handle from the transformed handle, select a target hardware security module based on characteristics of the serialized object and map the virtualized handle to the target hardware security module.

Abstract translation: 用于将以主机为中心的应用编程接口的子集重新映射到商品服务提供商的系统包括被配置为接收商品服务提供商对象的处理器，用手柄嵌入商品服务提供商对象，将该句柄转换成硬件安全性可读的串行化对象 模块，从变换的句柄生成虚拟化句柄，根据序列化对象的特征选择目标硬件安全模块，并将虚拟化句柄映射到目标硬件安全模块。