公开(公告)号：ZA202106316B

公开(公告)日：2023-03-29

申请号：ZA202106316

申请日：2021-08-30

Applicant: IBM

Inventor： BUENDGEN REINHARD ,  VISEGRADY TAMAS ,  FRANZKI INGO

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

公开(公告)号：SG11202105613PA

公开(公告)日：2021-06-29

申请号：SG11202105613P

申请日：2020-02-27

Applicant: IBM

Inventor： BUENDGEN REINHARD ,  VISEGRADY TAMAS ,  FRANZKI INGO

IPC: G06F21/44 ,  G06F21/64 ,  G06F21/71 ,  G06F21/86

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

公开(公告)号：AU2020234675A1

公开(公告)日：2021-06-10

申请号：AU2020234675

申请日：2020-02-27

Applicant: IBM

Inventor： BUENDGEN REINHARD ,  VISEGRADY TAMAS ,  FRANZKI INGO

IPC: G06F21/44 ,  G06F21/64 ,  G06F21/71 ,  G06F21/86

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control ("SC") obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

公开(公告)号：DE102013203126B4

公开(公告)日：2020-08-27

申请号：DE102013203126

申请日：2013-02-26

Applicant: IBM

Inventor： FRANZKI INGO ,  SCHMIDBAUER JÖRG

IPC: G06F21/62 ,  G06F16/00

Abstract: Verfahren zum Zugreifen auf verschlüsselte Dateien, aufweisend:ein Zugriffsprogrammmodul, das mit mindestens einem Dateisystem verbunden ist und eine Datenanforderung über das Zugreifen auf eine Klartextdatei mit physisch und aufeinanderfolgend auf einer Festplatte gespeicherten Daten abfängt, die eine vorbestimmte, von einem die Datenanforderung sendenden Programm erwartete Reihenfolge und Länge aufweisen, wobei die Klartextdatei einen Klartextdatensatz enthält, der ein Schlüsselfeld und ein Klartextdatenfeld aufweist;Ermitteln einer der Klartextdatei zugehörigen verschlüsselten Datei durch das Zugriffsprogrammmodul auf der Grundlage von einer Konfigurationsdatei und der Datenanforderung, wobei die Konfigurationsdatei die der Klartextdatei zugehörige verschlüsselte Datei angibt und die verschlüsselte Datei einen dem Klartextdatensatz zugehörigen verschlüsselten Datensatz enthält, und wobei der verschlüsselte Datensatz ein Kopfzeilenfeld, das Schlüsselfeld und ein dem Klartextdatenfeld zugehöriges verschlüsseltes Datenfeld enthält, wobei das Kopfzeilenfeld und das Schlüsselfeld unverschlüsselt in dem verschlüsselten Datensatz sind;Ermitteln einer oder mehrerer Verschlüsselungsschlüssel durch das Zugriffsprogrammmodul auf der Grundlage von der Konfigurationsdatei; undZugreifen auf das verschlüsselte Datenfeld durch das Zugriffsprogrammmodul auf der Grundlage von dem einen oder den mehreren Verschlüsselungsschlüsseln und dem Schlüsselfeld,wobei das Zugreifen auf das verschlüsselte Datenfeld durch das Zugriffsprogrammmodul auf der Grundlage von dem einen oder den mehreren Verschlüsselungsschlüsseln und dem Schlüsselfeld aufweist:Verwenden des Schlüsselfeldes zum Finden des verschlüsselten Datensatzes innerhalb der verschlüsselten Datei, Verwenden von Blockchiffrierungen und des einen oder der mehreren Verschlüsselungsschlüssel zum Entschlüsseln des verschlüsselten Datenfeldes des verschlüsselten Datensatzes, Umwandeln des Schlüsselfeldes und des verschlüsselten Datenfeldes in ein von dem Programm erwartetes Format der Klartextdatei und anschließendes Zurücksenden einer unverschlüsselten Version der Daten auf der Grundlage von der Datenanforderung; undVerwenden des Schlüsselfeldes zum Finden des Datensatzes innerhalb der verschlüsselten Datei, Verwenden von Blockchiffrierungen und des einen oder der mehreren Verschlüsselungsschlüssel zum Verschlüsseln des Klartextdatenfeldes und anschließendes Umwandeln des Klartextdatenfeldes in ein von dem Zugriffsprogrammmodul festgelegtes Format der verschlüsselten Datei und anschließendes Schreiben einer verschlüsselten Version von Daten in das verschlüsselte Datenfeld, die physisch und aufeinanderfolgend auf einer Festplatte gespeichert sind und eine vorbestimmte, von dem die Datenanforderung sendenden Programm erwartete Reihenfolge und Länge aufweisen.

公开(公告)号：MX2021010588A

公开(公告)日：2021-10-13

申请号：MX2021010588

申请日：2020-02-27

Applicant: IBM

Inventor： VISEGRADY TAMAS ,  BUENDGEN REINHARD ,  FRANZKI INGO

IPC: G06F21/44 ,  G06F21/64 ,  G06F21/71 ,  G06F21/86

Abstract: Un método, producto de programa informático, y un sistema donde un control de interfaz segura configura un módulo de seguridad de hardware para uso exclusivo por un invitado seguro. El control de interfaz segura ("SC") obtiene una solicitud de configuración (a través de un hipervisor) para configurar el módulo de seguridad de hardware (HSM), de un invitado dado de invitados gestionados por el hipervisor. El SC determina si el HSM ya está configurado a un invitado específico del uno o más invitados, pero con base en determinar que el HSM no está configurado al y es un invitado seguro del SC que excluye el establecimiento de una configuración del HSM por acceso limitado por los invitados al HSM exclusivamente al invitado dado. El SC registra el invitado dado en el HSM al utilizar un secreto del invitado dado. El SC obtiene, del HSM, un código de sesión y retiene el código de sesión.

公开(公告)号：CA3132747A1

公开(公告)日：2020-09-17

申请号：CA3132747

申请日：2020-02-27

Applicant: IBM

Inventor： BUENDGEN REINHARD ,  VISEGRADY TAMAS ,  FRANZKI INGO

IPC: G06F21/44 ,  G06F21/64 ,  G06F21/71 ,  G06F21/86

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control ("SC") obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

公开(公告)号：CA2327948A1

公开(公告)日：2001-08-25

申请号：CA2327948

申请日：2000-12-08

Applicant: IBM

Inventor： MILD WHILHELM ,  FRANZKI INGO

IPC: G06F17/30

Abstract: The present invention relates to a system and method for accessing non- relational data stored in records on a host system by a relational access method. The implementation o f a relational interface component allows data transformation and type conversion and gives a relational interface to non-relational data. An integrated mapping component is used to define the relational structure of non-relational records or data. This relational structure is used by the application program or data base request. The mapping component allows to define columns with their characteristic (i.e. byte offset, data type, length). The definitions can be grouped in maps equivalent with a relational table and views represents a subset of the columns defined in a map. It can be defined multiple different maps and views for one record. The information of the maps, columns and views are stored in one repository. The inventive interface component is using the definitions stored in the repository to access the non-relational data and splits the records. Preferably based on the SQL language non-relational data like VSAM data can be accessed from any program using the relational interface component. The original no- relational data remain unchanged and older programs works without changes. The present invention gives new possibilities for host based programs using non-relational access methods an d supports the integration transition or migration into relational environment.

公开(公告)号：AU2020234675B2

公开(公告)日：2022-11-24

申请号：AU2020234675

申请日：2020-02-27

Applicant: IBM

Inventor： BUENDGEN REINHARD ,  VISEGRADY TAMAS ,  FRANZKI INGO

IPC: G06F21/44 ,  G06F21/64 ,  G06F21/71 ,  G06F21/86

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control ("SC") obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

公开(公告)号：BR112021017439A2

公开(公告)日：2021-11-16

申请号：BR112021017439

申请日：2020-02-27

Applicant: IBM

Inventor： FRANZKI INGO ,  BUENDGEN REINHARD ,  VISEGRADY TAMAS

IPC: G06F21/44 ,  G06F21/64 ,  G06F21/71 ,  G06F21/86

Abstract: vinculação de chaves seguras de convidados seguros a um módulo de segurança de hardware. um método, produto de programa de computador, e um sistema onde um controle de interface seguro configuras um módulo de segurança de hardware para o uso exclusivo por um convidado seguro. o controle de interface seguro ("sc") obtém uma solicitação de configuração (através de um hipervisor) para configurar o módulo de segurança de hardware (hsm), a partir de um dado convidado de convidados gerenciados pelo hipervisor. o sc determina se o hsm já está configurado para um convidado específico dos um ou mais convidados, mas com base na determinação de que o hsm não está configurado para o e é um convidado seguro o sc executa o estabelecimento de uma configuração do hsm através da limitação dos acessos pelos convidados para o hsm exclusivamente para o dado convidado. o sc registra o dado convidado para o hsm utilizando um segredo do dado convidado. o sc obtém, a partir do hsm, um código de sessão e retém o código de sessão.

公开(公告)号：GB2511295A

公开(公告)日：2014-09-03

申请号：GB201302253

申请日：2013-02-08

Applicant: IBM

Inventor： SCHMIDBAUER JOERG ,  FRANZKI INGO

IPC: G06F21/60 ,  G06F17/30

Abstract: Legacy applications, which typically process sensitive information in plaintext form, have problems accessing encrypted non-relational data. The present invention provides an access program module 30A which allows legacy applications transparent real time access to encrypted non-relational data without the legacy applications having to be programmatically customized. The method of the invention involves the access program module 30A intercepting a data request to access a plaintext file, the plaintext file having a predetermined order and length expected by a legacy program that sends the request, the plaintext file including a key field and a plaintext data field. The access program module determines an encrypted file, associated with the plaintext file, based on the data request and an indication in a configuration file, wherein the encrypted file includes a header field, the key field and an encrypted data field associated with the plaintext data field. The access program module 30A then determines one or more encryption keys based on the configuration file, and accesses the encrypted data field based on the one or more encryption keys and the key field. The configuration file may include an encryption algorithm for the access program to utilise for transforming the plaintext data field to the encrypted data field, and rules that require a sequential ordering of fields within the encrypted record of the encrypted file.