-
1.发明公开
公开(公告)号:EP2776912A4
公开(公告)日:2015-08-19
申请号:EP12848229
申请日:2012-10-17
Applicant: IBM
Inventor: BAENTSCH MICHAEL , KRAMP THORSTEN , KUYPER-HAMMOND MICHAEL PETER , WEIGOLD THOMAS D
IPC: G06F3/048 , G06F3/041 , G06F3/0488 , H04L29/06
CPC classification number: G06F3/0416 , G06F3/044 , G06F21/84 , H04L63/18
-
公开(公告)号:WO2009122360A2
公开(公告)日:2009-10-08
申请号:PCT/IB2009051357
申请日:2009-03-31
Applicant: IBM , BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HOERING FRANK , KRAMP THORSTEN , WEIGOLD THOMAS D
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HOERING FRANK , KRAMP THORSTEN , WEIGOLD THOMAS D
CPC classification number: G06Q20/3223 , G06F21/34 , G06Q20/10 , G06Q20/3226 , G06Q20/3674 , G06Q20/382 , G06Q20/3823 , G06Q40/02 , H04L63/0853 , H04L63/18
Abstract: A secure online banking transaction apparatus to communicate with a server over a non-secure connection is provided and includes a selector configured to allow for a selection of a mode of the apparatus, a processing unit coupled to the selector and including a secure communication unit, which is configured to set up a secure connection, along which a secure transaction occurs, with the server via the non-secure connection in accordance with the mode, an input unit coupled to the processing unit and configured to allow for a input of data into the apparatus, which is at least partly related to the secure transaction, and an interface coupled to the processing unit and configured to convey at least a status of the secure transaction and the contents of the inputted data.
Abstract translation: 提供了一种用于通过非安全连接与服务器进行通信的安全的网上银行交易装置,并且包括被配置为允许选择所述装置的模式的选择器,耦合到所述选择器并包括安全通信单元的处理单元, 其被配置为根据该模式经由非安全连接与服务器建立安全事务发生的安全连接,输入单元耦合到处理单元并被配置为允许数据输入 所述装置至少部分地与所述安全交易相关,以及耦合到所述处理单元并被配置为至少传送所述安全交易的状态和输入的数据的内容的接口。
-
公开(公告)号:WO2008078207A3
公开(公告)日:2008-11-20
申请号:PCT/IB2007054446
申请日:2007-11-02
Applicant: IBM , KRAMP THORSTEN , BUHLER PETER , BAENTSCH MICHAEL , HOERING FRANK , WEIGOLD THOMAS D
Inventor: KRAMP THORSTEN , BUHLER PETER , BAENTSCH MICHAEL , HOERING FRANK , WEIGOLD THOMAS D
CPC classification number: G06F11/1441 , G06F11/141
Abstract: The invention relates to a method for transactional writing of data into a persistent memory comprising memory cells, the method comprising a transactional writing step and a transaction recovery step, - the transactional writing step comprising one or more memory cell writing steps, the memory cell writing steps comprising the sub-steps of - writing in a transaction buffer as transaction buffer entry the current data value and the corresponding address of the respective memory cell, - writing a first valid marker for the memory cell in the transaction buffer, - writing a new data value to the memory cell; - the transaction recovery step being performed in case of an abortion of the transactional writing step and being provided for restoring the current data values of the aborted transaction in the persistent memory, the transaction recovery step comprising the sub- step of : - writing a transaction recovery marker to the transaction buffer indicating the start of the transaction recovery.
Abstract translation: 本发明涉及一种用于将数据事务写入包括存储器单元的持久存储器的方法,所述方法包括事务写入步骤和事务恢复步骤,所述事务写入步骤包括一个或多个存储器单元写入步骤,所述存储单元写入 包括以下子步骤的步骤:在事务缓冲器中写入事务缓冲器条目当前数据值和相应存储器单元的对应地址, - 为事务缓冲器中的存储器单元写入第一有效标记, - 写入新的 数据值到存储单元; - 所述交易恢复步骤在所述事务写入步骤的堕胎的情况下被执行并且被提供用于恢复所述持久性存储器中的被中止的事务的当前数据值,所述事务恢复步骤包括以下子步骤: - 写入事务 恢复标记到事务缓冲区,指示事务恢复的开始。
-
公开(公告)号:WO2009066217A2
公开(公告)日:2009-05-28
申请号:PCT/IB2008054782
申请日:2008-11-14
Applicant: IBM , BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HERMANN RETO JOSEF , KRAMP THORSTEN , VISEGRADY TAMAS , WEIGOLD THOMAS D
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HERMANN RETO JOSEF , KRAMP THORSTEN , VISEGRADY TAMAS , WEIGOLD THOMAS D
CPC classification number: H04L63/0869 , G06Q20/08 , G06Q20/42 , H04L63/0471 , H04L63/0823 , H04L63/0853 , H04L63/166 , H04L67/42 , H04L2463/102
Abstract: Performing secure electronic transactions The invention relates to a method for performing electronic transactions between a server computer (110) and a client computer (120), the method comprising the steps of: - running a first communication protocol with encrypted data transmission and mutual authentication between the server computer (110) and a hardware device (130) via a communication network (160), - performing a decryption of encrypted server responses received from the server computer (110) in the hardware device (130), - forwarding the decrypted server responses from the hardware device (130) to the client computer (120), - displaying the decrypted server responses on a client computer display (121) of the client computer (120), - receiving client requests to be send from the client computer (120) to the server computer (110) by the hardware device (130), - parsing the client requests for predefined transaction information by the hardware device (130), - encrypting and forwarding client requests that do not contain any predefined transaction information to the server computer (110) by the hardware device (130), - displaying the predefined transaction information upon detection in a client request on a hardware device display (210) of the hardware device (130), - forwarding and encrypting the client request containing the predefined transaction information to the server computer (110) if a user confirmation is received, - canceling the electronic transaction if no user confirmation is received.
Abstract translation: 执行安全的电子交易技术领域本发明涉及一种用于在服务器计算机(110)和客户端计算机(120)之间执行电子交易的方法,所述方法包括以下步骤: - 运行带有加密数据传输的第一通信协议和 服务器计算机(110)和经由通信网络(160)的硬件设备(130), - 执行从所述硬件设备(130)中从所述服务器计算机(110)接收的加密的服务器响应的解密, - 转发所述解密的服务器 从硬件设备(130)到客户端计算机(120)的响应, - 在客户端计算机(120)的客户端计算机显示器(121)上显示解密的服务器响应, - 接收客户端计算机发送的客户端请求 120)由所述硬件设备(130)发送到所述服务器计算机(110), - 通过所述硬件设备(130)解析所述客户端对于预定义事务信息的请求, - 加密和加密 通过硬件设备(130)向服务器计算机(110)不包含任何预定义的交易信息的订单客户端请求, - 在硬件设备的硬件设备显示器(210)上的客户机请求中检测到显示预定交易信息 (130),如果接收到用户确认,则将包含所述预定交易信息的所述客户端请求转发和加密到所述服务器计算机(110); - 如果没有接收到用户确认,则取消所述电子交易。
-
公开(公告)号:WO2008122923A3
公开(公告)日:2008-12-18
申请号:PCT/IB2008051216
申请日:2008-04-01
Applicant: IBM , BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , KRAMP THORSTEN , WEIGOLD THOMAS D
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , KRAMP THORSTEN , WEIGOLD THOMAS D
IPC: H04L9/08
CPC classification number: H04L9/0827 , H04L9/088 , H04L63/0435 , H04L63/062 , H04L63/18 , H04L2209/08 , H04L2209/56 , H04L2209/80
Abstract: The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user, wherein the credential user is provided with a user device, wherein a first channel and a second channel are provided for communication between the user device and the credential issuer, the method comprising the steps of: - distributing a shared key between the user device and the credential issuer by means of the second channel, - generating a binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution, - encrypting the binary representation of the set of credentials by means of the shared key, - distributing the encrypted set of credentials via the first channel from the credential issuer to the user device, - decrypting the encrypted set of credentials by the user device by means of the shared key.
Abstract translation: 本发明涉及一种用于从凭证发行者向凭证用户分发一组凭证的方法,其中凭证用户被提供有用户装置,其中提供第一信道和第二信道用于用户装置与 所述方法包括以下步骤:通过所述第二信道在所述用户设备和所述凭证发行者之间分配共享密钥;以预定义的最大偏差水平生成所述凭证组的二进制表示, - 通过所述共享密钥对所述一组证书的二进制表示进行加密, - 经由所述第一信道将所述加密的凭证集合从所述凭证发行者分发到所述用户装置, - 由所述用户对所述加密的凭证集合进行解密 设备通过共享密钥。
-
Patent Agency Ranking
公开(公告)号:CA2736582C
公开(公告)日:2018-07-24
申请号:CA2736582
申请日:2009-09-17
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HERMANN RETO , HOERING FRANK , KRAMP THORSTEN , KUYPER MICHAEL P , WEIGOLD THOMAS D
Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually- authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.
-
7.发明专利
公开(公告)号:MX2013008668A
公开(公告)日:2014-04-30
申请号:MX2013008668
申请日:2012-06-01
Applicant: IBM
Inventor: WEIGOLD THOMAS D , KUYPER-HAMMOND MICHAEL PETER , KRAMP THORSTEN , BAENTSCH MICHAEL
Abstract: La invención en forma notable se dirige a un dispositivo de generación táctil móvil (10) que tiene: una lógica (12); y un sistema generador táctil (15) que comprende uno o más elementos generadores táctiles (151 - 159), en donde el sistema generador táctil se acopla operativamente con la lógica para generar (S30) eventos táctiles mediante el uno o más elementos generadores táctiles, los eventos táctiles son detectables por una pantalla táctil, de preferencia una pantalla táctil de detección capacitiva. La invención además se refiere a un método de comunicación bidireccional entre un dispositivo generador táctil y un dispositivo de pantalla táctil.
-
公开(公告)号:AU2009294201B2
公开(公告)日:2014-03-27
申请号:AU2009294201
申请日:2009-09-17
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HERMANN RETO , HOERING FRANK , KRAMP THORSTEN , KUYPER MICHAEL P , WEIGOLD THOMAS D
Abstract: An authorization device (5) is provided for authorizing operations of a remote server (2) requested from user computers (3) via a data communications network (4). The device (5) has a computer interface (6) for connecting the device (5) to a local user computer (3) for communication with the remote server (2), and a user interface (7) for presenting information to a user. Control logic (11) of the device (5) is adapted to use security data to establish between the device (5) and server (2), via the local user computer (3), a mutually- authenticated connection for encrypted end-to-end communications between the device and server. The control logic (11) collects from the server (2) via this connection information indicative of any operations requested by user computers via other connections to the server (2) and requiring authorization by a user of the device (5). This information is presented to a user via the user interface (7) to prompt for authorization by the user. Server operations are controlled in accordance with rule data (18) defining operations requiring authorization by one or more authorizing users. Control logic (15) of the server control apparatus responds to an operation request from a user computer (3) by determining from the rule data (18) whether authorization by at least one authorizing user is required for that operation. If so, the operation is deferred. When a mutually-authenticated connection is established with an authorizing device (5), the control apparatus can supply information indicative of any deferred operations requested from user computers (3) and requiring authorization by the device user. A deferred operation is only performed on receipt of authorization from every authorizing user from whom authorization is required for that operation, providing secure multi-party authorization in a mobile computing environment.
-
公开(公告)号:DE60307498D1
公开(公告)日:2006-09-21
申请号:DE60307498
申请日:2003-10-24
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HOERING FRANK , KRAMP THORSTEN , OESTREICHER MARCUS , OSBORNE MICHAEL , WEIGOLD D
IPC: H04L29/06
Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.
-
公开(公告)号:AU2003269415A1
公开(公告)日:2004-06-07
申请号:AU2003269415
申请日:2003-10-24
Applicant: IBM
Inventor: BAENTSCH MICHAEL , BUHLER PETER , EIRICH THOMAS , HORING FRANK , KRAMP THORSTEN , OESTREICHER MARCUS , OSBORNE MICHAEL , WEIGOLD THOMAS D
IPC: H04L29/06
Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.
-
-
-
-
-
-
-
-
-
Search Results
31
records
(took 0.014 seconds)
