公开(公告)号：JP2000056982A

公开(公告)日：2000-02-25

申请号：JP12081299

申请日：1999-04-28

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BULER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  OESTREICHER MARCUS

IPC: G06F9/45 ,  G06F9/44 ,  G06F9/445 ,  G06F12/06

Abstract: PROBLEM TO BE SOLVED: To improve the flexibility of selecting an object type by obtaining a simple programming model for allocation to both a temporary object and a sustaining object and supporting the holding of the temporary object without using a sustaining memory. SOLUTION: In order to generate an object in the nonsustaining memory, a 1st instruction code 31 which executes a 1st function 41 is read out of an instruction code sequence 18 and a 2nd instruction code 32 which generates objects 56, 57, and 58 in the memory is read out. The 1st function 41 selects the discontinuous memory 51 as a memory. The 1st function 41 includes a bracket open type function. At least some of the objects 56, 57, and 58 in the nonsustaining memory are linked in the form of a chain starting at the 1st object 56 in the object 56, 57 and 58.

公开(公告)号：JP2002116838A

公开(公告)日：2002-04-19

申请号：JP2001195753

申请日：2001-06-28

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  WEIGOLD THOMAS

IPC: G06F12/14 ,  G06F1/00 ,  G06F8/658 ,  G06F9/44 ,  G06F9/445 ,  G06F12/00 ,  G06F13/00 ,  G06F21/10 ,  G06F21/12 ,  G06F21/51 ,  G09C1/00 ,  G06F15/00

Abstract: PROBLEM TO BE SOLVED: To provide a method for reducing the quantity of data to be transmitted, and simplifying the change of functionality, and holding the security characteristics of a signed code such as a Java code container. SOLUTION: In this method for a software provider, a software acquisition entity 20 is allowed to reach from an already existing first signed code piece 11 to a second signed code piece 12. The both code pieces are generated under the use of a generation instruction by using a first software archive generator 2 at the software provider side. The software provider provides a difference code 4 including a step necessary for allowing the software acquisition entity 20 to reach from the first signed code piece 11 to the second signed code piece 12 to the software acquisition entity 20.

公开(公告)号：WO03042799A2

公开(公告)日：2003-05-22

申请号：PCT/IB0204620

申请日：2002-11-05

Applicant: IBM ,  BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  OESTREICHER MARCUS ,  WEIGOLD THOMAS D

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  OESTREICHER MARCUS ,  WEIGOLD THOMAS D

IPC: G06F1/00 ,  G06F21/76 ,  G06K19/073 ,  H04L9/10 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L63/04 ,  G06F21/76 ,  H04L9/003 ,  H04L9/0625 ,  H04L2209/12

Abstract: The invention is directed to a data-processing system comprising a processor and first encrypted information in a first persistent memory whose level of information leakage is higher than that of a second persistent memory. In the second persistent memory is stored a first cryptographic key for decrypting the first encrypted information, thereby generating therefrom first unencrypted information that is usable by the processor for executing an operation. The same cryptographic key may also be used for encrypting the first unencrypted information, thereby generating the first encrypted information. It is also directed to a method of processing such a data-processing system with an operating system, comprising a writing step for writing first unencrypted information into the first persistent memory, an encryption step for encrypting the first unencrypted information under use of the first cryptographic key, creating therefrom first encrypted information in the first persistent memory, and an access-limitation step for setting the data-processing system to a state in which writing into the first persistent memory is controlled by the operating system. It also relates to a method of executing an operation on such a data-processing system comprising a decryption step for decrypting the first encrypted information under use of the first cryptographic key, thereby generating therefrom first unencrypted information and an execution step for executing an operation by the processor, using the first unencrypted information.

Abstract translation: 本发明涉及一种数据处理系统，包括处理器和第一持久存储器中的第一加密信息，其信息泄漏级别高于第二持久存储器。 在第二持久存储器中存储用于解密第一加密信息的第一密码密钥，由此产生处理器可用于执行操作的第一未加密信息。 相同的加密密钥也可以用于加密第一未加密信息，从而生成第一加密信息。 还涉及一种使用操作系统处理这种数据处理系统的方法，包括用于将第一未加密信息写入第一持久存储器的写入步骤，用于在使用第一密码的情况下加密第一未加密信息的加密步骤 密钥，从第一永久存储器中创建第一加密信息，以及访问限制步骤，用于将数据处理系统设置为由操作系统控制对第一永久存储器的写入的状态。 它还涉及对这种数据处理系统执行操作的方法，包括解密步骤，用于在使用第一加密密钥的情况下对第一加密信息进行解密，由此产生第一未加密信息，以及执行步骤，用于执行操作， 处理器，使用第一个未加密的信息。

公开(公告)号：WO2009122360A2

公开(公告)日：2009-10-08

申请号：PCT/IB2009051357

申请日：2009-03-31

Applicant: IBM ,  BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  KRAMP THORSTEN ,  WEIGOLD THOMAS D

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  KRAMP THORSTEN ,  WEIGOLD THOMAS D

IPC: H04L29/06 ,  G06F21/00 ,  G06Q30/00

CPC classification number: G06Q20/3223 ,  G06F21/34 ,  G06Q20/10 ,  G06Q20/3226 ,  G06Q20/3674 ,  G06Q20/382 ,  G06Q20/3823 ,  G06Q40/02 ,  H04L63/0853 ,  H04L63/18

Abstract: A secure online banking transaction apparatus to communicate with a server over a non-secure connection is provided and includes a selector configured to allow for a selection of a mode of the apparatus, a processing unit coupled to the selector and including a secure communication unit, which is configured to set up a secure connection, along which a secure transaction occurs, with the server via the non-secure connection in accordance with the mode, an input unit coupled to the processing unit and configured to allow for a input of data into the apparatus, which is at least partly related to the secure transaction, and an interface coupled to the processing unit and configured to convey at least a status of the secure transaction and the contents of the inputted data.

Abstract translation: 提供了一种用于通过非安全连接与服务器进行通信的安全的网上银行交易装置，并且包括被配置为允许选择所述装置的模式的选择器，耦合到所述选择器并包括安全通信单元的处理单元， 其被配置为根据该模式经由非安全连接与服务器建立安全事务发生的安全连接，输入单元耦合到处理单元并被配置为允许数据输入 所述装置至少部分地与所述安全交易相关，以及耦合到所述处理单元并被配置为至少传送所述安全交易的状态和输入的数据的内容的接口。

公开(公告)号：WO2008078207A3

公开(公告)日：2008-11-20

申请号：PCT/IB2007054446

申请日：2007-11-02

Applicant: IBM ,  KRAMP THORSTEN ,  BUHLER PETER ,  BAENTSCH MICHAEL ,  HOERING FRANK ,  WEIGOLD THOMAS D

Inventor： KRAMP THORSTEN ,  BUHLER PETER ,  BAENTSCH MICHAEL ,  HOERING FRANK ,  WEIGOLD THOMAS D

IPC: G06F11/14 ,  G06F17/30

CPC classification number: G06F11/1441 ,  G06F11/141

Abstract: The invention relates to a method for transactional writing of data into a persistent memory comprising memory cells, the method comprising a transactional writing step and a transaction recovery step, - the transactional writing step comprising one or more memory cell writing steps, the memory cell writing steps comprising the sub-steps of - writing in a transaction buffer as transaction buffer entry the current data value and the corresponding address of the respective memory cell, - writing a first valid marker for the memory cell in the transaction buffer, - writing a new data value to the memory cell; - the transaction recovery step being performed in case of an abortion of the transactional writing step and being provided for restoring the current data values of the aborted transaction in the persistent memory, the transaction recovery step comprising the sub- step of : - writing a transaction recovery marker to the transaction buffer indicating the start of the transaction recovery.

Abstract translation: 本发明涉及一种用于将数据事务写入包括存储器单元的持久存储器的方法，所述方法包括事务写入步骤和事务恢复步骤，所述事务写入步骤包括一个或多个存储器单元写入步骤，所述存储单元写入 包括以下子步骤的步骤：在事务缓冲器中写入事务缓冲器条目当前数据值和相应存储器单元的对应地址， - 为事务缓冲器中的存储器单元写入第一有效标记， - 写入新的 数据值到存储单元; - 所述交易恢复步骤在所述事务写入步骤的堕胎的情况下被执行并且被提供用于恢复所述持久性存储器中的被中止的事务的当前数据值，所述事务恢复步骤包括以下子步骤： - 写入事务 恢复标记到事务缓冲区，指示事务恢复的开始。

公开(公告)号：CA2736582C

公开(公告)日：2018-07-24

申请号：CA2736582

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: G06F21/34 ,  H04L9/32

Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually- authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.

公开(公告)号：AT465448T

公开(公告)日：2010-05-15

申请号：AT01908057

申请日：2001-03-09

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  OESTREICHER MARCUS

IPC: G06F12/02

Abstract: The invention is directed to a method for distinguishing reachable objects and non-reachable objects in an object-based application in a system with a volatile memory and a non-volatile memory. The object-based application operates in the non-volatile memory on the objects, whereof at least one is a root object. Each root object is processed by writing for each object that is reachable from the root object, a positive reachability information into the volatile memory and marking those objects in the non-volatile memory as reusable memory, for which no positive reachability information is present in the volatile memory.

公开(公告)号：AU2009294201B2

公开(公告)日：2014-03-27

申请号：AU2009294201

申请日：2009-09-17

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO ,  HOERING FRANK ,  KRAMP THORSTEN ,  KUYPER MICHAEL P ,  WEIGOLD THOMAS D

IPC: G06F21/34 ,  G06Q40/00

Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually- authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.

公开(公告)号：DE60141892D1

公开(公告)日：2010-06-02

申请号：DE60141892

申请日：2001-03-09

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  OESTREICHER MARCUS

IPC: G06F12/02

Abstract: The invention is directed to a method for distinguishing reachable objects and non-reachable objects in an object-based application in a system with a volatile memory and a non-volatile memory. The object-based application operates in the non-volatile memory on the objects, whereof at least one is a root object. Each root object is processed by writing for each object that is reachable from the root object, a positive reachability information into the volatile memory and marking those objects in the non-volatile memory as reusable memory, for which no positive reachability information is present in the volatile memory.

公开(公告)号：DE60307498D1

公开(公告)日：2006-09-21

申请号：DE60307498

申请日：2003-10-24

Applicant: IBM

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HOERING FRANK ,  KRAMP THORSTEN ,  OESTREICHER MARCUS ,  OSBORNE MICHAEL ,  WEIGOLD D

IPC: H04L29/06

Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.