公开(公告)号：EP1499976A4

公开(公告)日：2008-01-23

申请号：EP03724073

申请日：2003-04-16

Applicant: IBM

Inventor： EVANS EDWARD K ,  FOSTER ERIC M ,  FRANKLIN DENNIS E ,  HALL WILLIAM E

IPC: G06F21/24 ,  G06F12/14 ,  G06F13/36 ,  G06F21/00 ,  G06F11/30 ,  H04L9/32

CPC classification number: G06F21/6218 ,  G06F12/1483 ,  G06F21/78 ,  G06F21/85 ,  G06F2221/2129 ,  G06F2221/2141 ,  G06F2221/2143

Abstract: An access control function (440) for an integrated system (400) is provided which determines data access based on the master id of a requesting master (410) within the system (400) and the address of the data. The access control function (440) can be inserted, for example, into the data transfer path between bus control logic (430) and one or more slaves (420). In addition to determining whether to grant access to the data, the access control function (440) can further qualify the access by selectively implementing encryption and decryption (470) of data, again dependent on the data authorization level for the particular functional master (410) initiating the request for data.

公开(公告)号：EP1500225A4

公开(公告)日：2007-12-12

申请号：EP03719812

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F21/24 ,  G06F1/00 ,  G06F11/30 ,  G06F12/14 ,  G06F15/00 ,  G06F21/20 ,  G06F21/22 ,  G09C1/00 ,  H04L20060101 ,  H04L9/00 ,  H04L9/32

CPC classification number: G06F21/6218 ,  G06F21/575 ,  G06F2221/2149 ,  H04L9/0891 ,  H04L9/0894

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

公开(公告)号：JP2009032282A

公开(公告)日：2009-02-12

申请号：JP2008258322

申请日：2008-10-03

Applicant: Internatl Business Mach Corp ,  インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F21/22 ,  G06F21/24 ,  G06F1/00 ,  G06F11/30 ,  G06F12/14 ,  G06F15/00 ,  G06F21/20 ,  G09C1/00 ,  H04L20060101 ,  H04L9/00 ,  H04L9/32

CPC classification number: G06F21/6218 ,  G06F21/575 ,  G06F2221/2149 ,  H04L9/0891 ,  H04L9/0894

Abstract: PROBLEM TO BE SOLVED: To facilitate secure operation of an integrated system having multiple levels of software. SOLUTION: Techniques provided for initializing, maintaining, updating and recovering secure operation within an integrated system includes: (1) a step for starting system initialization by decrypting an initial code preserved after encrypting, and also for performing the decrypting by employing a data access control function within the integrated system; (2) a step for authenticating a next level of software among a plurality of levels of software before control of the integrated system is passed to the next level of software; and (3) a step for limiting an ability of the next level of software to modify an operational characteristic of the integrated system, and also for performing the limit in a hardware component of the data access control function within the integrated system. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：为了促进具有多级软件的集成系统的安全操作。 解决方案：提供用于初始化，维护，更新和恢复集成系统内的安全操作的技术包括：（1）通过解密加密之后保存的初始代码来启动系统初始化的步骤，并且还用于通过使用 集成系统内的数据访问控制功能; （2）在集成系统的控制传递到下一级软件之前，在多个级别的软件之间认证下一级软件的步骤; 以及（3）限制下一级软件的能力来修改集成系统的操作特性的步骤，以及用于在集成系统内的数据访问控制功能的硬件部件中执行限制的步骤。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：WO03090402A8

公开(公告)日：2004-12-29

申请号：PCT/US0311907

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F21/24 ,  G06F1/00 ,  G06F11/30 ,  G06F12/14 ,  G06F15/00 ,  G06F21/20 ,  G06F21/22 ,  G09C1/00 ,  H04L20060101 ,  H04L9/00 ,  H04L9/32

CPC classification number: G06F21/6218 ,  G06F21/575 ,  G06F2221/2149 ,  H04L9/0891 ,  H04L9/0894

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

公开(公告)号：PL372374A1

公开(公告)日：2005-07-25

申请号：PL37237403

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F1/00 ,  G06F21/24 ,  G06F11/30 ,  G06F12/14 ,  G06F15/00 ,  G06F21/20 ,  G06F21/22 ,  G09C1/00 ,  H04L20060101 ,  H04L9/00 ,  H04L9/32

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

公开(公告)号：CA2638955A1

公开(公告)日：2003-10-30

申请号：CA2638955

申请日：2003-04-16

Applicant: IBM

Inventor： ROSU MARCEL-CATALIN ,  FOSTER ERIC M ,  HALL WILLIAM E

IPC: G06F21/57 ,  G06F9/445 ,  H04L9/30

公开(公告)号：AU2003223671A1

公开(公告)日：2003-11-03

申请号：AU2003223671

申请日：2003-04-16

Applicant: IBM

Inventor： ROSU MARCEL-CATALIN ,  FOSTER ERIC M ,  HALL WILLIAM E

IPC: G06F21/24 ,  G06F1/00 ,  G06F11/30 ,  G06F12/14 ,  G06F15/00 ,  G06F21/20 ,  G06F21/22 ,  G09C1/00 ,  H04L20060101 ,  H04L9/00 ,  H04L9/32

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

公开(公告)号：CA2638979A1

公开(公告)日：2003-10-30

申请号：CA2638979

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  ROSU MARCEL-CATALIN ,  HALL WILLIAM E

IPC: G06F21/57

公开(公告)号：CA2638979C

公开(公告)日：2017-06-06

申请号：CA2638979

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F21/57

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

公开(公告)号：CA2638955C

公开(公告)日：2012-06-05

申请号：CA2638955

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F21/57 ,  G06F9/445 ,  H04L9/30

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.