公开(公告)号：EP1499976A4

公开(公告)日：2008-01-23

申请号：EP03724073

申请日：2003-04-16

Applicant: IBM

Inventor： EVANS EDWARD K ,  FOSTER ERIC M ,  FRANKLIN DENNIS E ,  HALL WILLIAM E

IPC: G06F21/24 ,  G06F12/14 ,  G06F13/36 ,  G06F21/00 ,  G06F11/30 ,  H04L9/32

CPC classification number: G06F21/6218 ,  G06F12/1483 ,  G06F21/78 ,  G06F21/85 ,  G06F2221/2129 ,  G06F2221/2141 ,  G06F2221/2143

Abstract: An access control function (440) for an integrated system (400) is provided which determines data access based on the master id of a requesting master (410) within the system (400) and the address of the data. The access control function (440) can be inserted, for example, into the data transfer path between bus control logic (430) and one or more slaves (420). In addition to determining whether to grant access to the data, the access control function (440) can further qualify the access by selectively implementing encryption and decryption (470) of data, again dependent on the data authorization level for the particular functional master (410) initiating the request for data.

公开(公告)号：EP1500225A4

公开(公告)日：2007-12-12

申请号：EP03719812

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F21/24 ,  G06F1/00 ,  G06F11/30 ,  G06F12/14 ,  G06F15/00 ,  G06F21/20 ,  G06F21/22 ,  G09C1/00 ,  H04L20060101 ,  H04L9/00 ,  H04L9/32

CPC classification number: G06F21/6218 ,  G06F21/575 ,  G06F2221/2149 ,  H04L9/0891 ,  H04L9/0894

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

公开(公告)号：JP2009032282A

公开(公告)日：2009-02-12

申请号：JP2008258322

申请日：2008-10-03

Applicant: Internatl Business Mach Corp ,  インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F21/22 ,  G06F21/24 ,  G06F1/00 ,  G06F11/30 ,  G06F12/14 ,  G06F15/00 ,  G06F21/20 ,  G09C1/00 ,  H04L20060101 ,  H04L9/00 ,  H04L9/32

CPC classification number: G06F21/6218 ,  G06F21/575 ,  G06F2221/2149 ,  H04L9/0891 ,  H04L9/0894

Abstract: PROBLEM TO BE SOLVED: To facilitate secure operation of an integrated system having multiple levels of software. SOLUTION: Techniques provided for initializing, maintaining, updating and recovering secure operation within an integrated system includes: (1) a step for starting system initialization by decrypting an initial code preserved after encrypting, and also for performing the decrypting by employing a data access control function within the integrated system; (2) a step for authenticating a next level of software among a plurality of levels of software before control of the integrated system is passed to the next level of software; and (3) a step for limiting an ability of the next level of software to modify an operational characteristic of the integrated system, and also for performing the limit in a hardware component of the data access control function within the integrated system. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：为了促进具有多级软件的集成系统的安全操作。 解决方案：提供用于初始化，维护，更新和恢复集成系统内的安全操作的技术包括：（1）通过解密加密之后保存的初始代码来启动系统初始化的步骤，并且还用于通过使用 集成系统内的数据访问控制功能; （2）在集成系统的控制传递到下一级软件之前，在多个级别的软件之间认证下一级软件的步骤; 以及（3）限制下一级软件的能力来修改集成系统的操作特性的步骤，以及用于在集成系统内的数据访问控制功能的硬件部件中执行限制的步骤。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：JP2006074780A

公开(公告)日：2006-03-16

申请号：JP2005251301

申请日：2005-08-31

Applicant: Internatl Business Mach Corp ,  インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation

Inventor： BEUKEMA BRUCE L ,  DREHMEL ROBERT A ,  HALL WILLIAM E ,  KUESEL JAMIE R ,  PIVONIA GILAD ,  SHEARER ROBERT A

IPC: H04L9/10

CPC classification number: G06F21/72 ,  H04L9/06 ,  H04L63/123 ,  H04L2209/125

Abstract: PROBLEM TO BE SOLVED: To provide a mechanism to minimize latency impact of data to be decrypted.
SOLUTION: Methods and apparatus for reducing the impact of latency associated with decrypting encrypted data are provided. Rather than wait until an entire packet of encrypted data is validated (e.g., by checking for data transfer errors), the encrypted data may be pipelined to a decryption engine as it is received, thus allowing decryption to begin prior to validation. In some cases, the decryption engine may be notified of data transfer errors detected during the validation process, in order to prevent reporting false security violations.
COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：提供一种最小化待解密数据的延迟影响的机制。 提供了用于减少与解密加密数据相关联的延迟的影响的方法和装置。 而不是等到整个加密数据包被验证（例如，通过检查数据传输错误），加密的数据可以在被接收时被流水线化到解密引擎，从而允许在验证之前开始解密。 在一些情况下，可以向解密引擎通知在验证过程期间检测到的数据传输错误，以防止报告错误的安全违规。 版权所有（C）2006，JPO＆NCIPI

公开(公告)号：WO03090402A8

公开(公告)日：2004-12-29

申请号：PCT/US0311907

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F21/24 ,  G06F1/00 ,  G06F11/30 ,  G06F12/14 ,  G06F15/00 ,  G06F21/20 ,  G06F21/22 ,  G09C1/00 ,  H04L20060101 ,  H04L9/00 ,  H04L9/32

CPC classification number: G06F21/6218 ,  G06F21/575 ,  G06F2221/2149 ,  H04L9/0891 ,  H04L9/0894

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

公开(公告)号：AU2003223671A1

公开(公告)日：2003-11-03

申请号：AU2003223671

申请日：2003-04-16

Applicant: IBM

Inventor： ROSU MARCEL-CATALIN ,  FOSTER ERIC M ,  HALL WILLIAM E

IPC: G06F21/24 ,  G06F1/00 ,  G06F11/30 ,  G06F12/14 ,  G06F15/00 ,  G06F21/20 ,  G06F21/22 ,  G09C1/00 ,  H04L20060101 ,  H04L9/00 ,  H04L9/32

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

公开(公告)号：CA2638979A1

公开(公告)日：2003-10-30

申请号：CA2638979

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  ROSU MARCEL-CATALIN ,  HALL WILLIAM E

IPC: G06F21/57

公开(公告)号：PL372374A1

公开(公告)日：2005-07-25

申请号：PL37237403

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F1/00 ,  G06F21/24 ,  G06F11/30 ,  G06F12/14 ,  G06F15/00 ,  G06F21/20 ,  G06F21/22 ,  G09C1/00 ,  H04L20060101 ,  H04L9/00 ,  H04L9/32

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.

公开(公告)号：CA2638955A1

公开(公告)日：2003-10-30

申请号：CA2638955

申请日：2003-04-16

Applicant: IBM

Inventor： ROSU MARCEL-CATALIN ,  FOSTER ERIC M ,  HALL WILLIAM E

IPC: G06F21/57 ,  G06F9/445 ,  H04L9/30

公开(公告)号：CA2638979C

公开(公告)日：2017-06-06

申请号：CA2638979

申请日：2003-04-16

Applicant: IBM

Inventor： FOSTER ERIC M ,  HALL WILLIAM E ,  ROSU MARCEL-CATALIN

IPC: G06F21/57

Abstract: Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.