公开(公告)号：GB2531770A

公开(公告)日：2016-05-04

申请号：GB201419282

申请日：2014-10-30

Applicant: IBM

Inventor： CEDRIC LICHTENAU ,  ANDREAS KOENIG ,  THOMAS PFLUEGER ,  WILLIAM E HALL ,  ELAINE R PALMER ,  PETER A SANDON

IPC: G06F21/62 ,  G06F11/07 ,  G06F11/14 ,  H04L29/06

Abstract: A public encryption key, associated with a private decryption key, is provided 102 to a security engine of a computer system. The security engine may be separate from the computer systems processor. An extraction key, not accessible outside the security engine, is generated 104. The extraction key is encrypted 106 with the public encryption key, thereby obtaining an encrypted extraction key. State information of the computer system is collected 108, encrypted 110 with the extraction key and stored 112, preferably at a remote storage system. Access is requested 114 by a server to the stored, encrypted, collected state information by requesting the extraction key. In response to the server receiving 116 the extraction key, the stored, encrypted, collected state information is decrypted 118 with the extraction key. Multiple sets of encrypted state information, each having its own extraction key, may be collected and stored, the information perhaps originating from multiple or multi-tenant computer systems. The computer system may be a virtual machine (VM) having an identifier, the collected state information perhaps referring to the hardware system underlying the VM and with each of multiple sets of information comprising information relating only to one VM identifier.

公开(公告)号：GB2604982A

公开(公告)日：2022-09-21

申请号：GB202117420

申请日：2021-12-02

Applicant: IBM

Inventor： GUERNEY D H HUNT ,  DIMITRIOS PENDARAKIS ,  KENNETH ALAN GOLDMAN ,  ELAINE R PALMER ,  RAMACHANDRA PAI

IPC: G06F21/53 ,  G06F21/57

Abstract: A method, system and apparatus for generating a computation such that it will execute in a target trusted execution environment (TEE), including selecting the target TEE, generating an authorization that is satisfied by a TEE, associating the authorization with the computation that executes in the TEE that is authorized, and generating the computation with the associated authorization.

公开(公告)号：GB2531586A

公开(公告)日：2016-04-27

申请号：GB201418870

申请日：2014-10-23

Applicant: IBM

Inventor： MICHAEL CHARLES OSBORNE ,  ELAINE R PALMER ,  TAMAS VISEGRADY

IPC: G06F9/48

Abstract: A computer-implemented method for starting a module of a computerized system comprises: receiving graph data of a direct acyclic graph, DAG, describing the module by way of nodes connected by edges, where at least some nodes are submodule nodes SN, corresponding to submodules of the module, connected via one or more edges reflecting a data dependency between the corresponding submodules, each of which is a hardware module or a software submodule capable of producing and/or consuming data; starting asynchronous execution of two submodules corresponding to two submodule nodes located in independent branches of the DAG, such as one of SN0, SN1, and SN2 together with SN3; determining a third submodule node SN5 that is a descendant of each of the two submodule nodes, according to an outcome of the execution of one or each of the corresponding two submodules, and starting execution of a third submodule corresponding to the third submodule node determined, in view of completing the starting of the module. The DAG may further comprise control nodes VN. Asynchronously executing the submodules may exploit parallelism, to save time at start up. A computer-implemented method for creating graph data of a direct acyclic graph is also provided.