PROVISIONING OF OPERATING SYSTEMS TO USER TERMINALS
    1.
    发明公开
    PROVISIONING OF OPERATING SYSTEMS TO USER TERMINALS 有权
    PROVISION的操作系统能够为用户终端的

    公开(公告)号:EP2761523A4

    公开(公告)日:2015-04-29

    申请号:EP12837063

    申请日:2012-07-04

    Applicant: IBM

    CPC classification number: G06F9/4416 G06F21/575

    Abstract: Methods and apparatus are provided for provisioning an operating system image from a server (2) to an untrusted user terminal (4) via a data communications network (3). A trusted device (5) such as a pocket USB device has tamper-resistant storage (9) containing bootloader logic, for controlling booting of a user terminal, and security data. On connection of the trusted device (5) to an untrusted user terminal (4), the user terminal is booted via the bootloader logic on the trusted device. Under control of the bootloader logic, a connection is established to the server (2) via the network (3) and the server is authenticated using the security data on the trusted device (5). An operating system boot image is received from the server (2) via this connection. The boot image is used to provision an operating system image from the server (2) to the user terminal (4) for execution of the operating system at the user terminal (4).

    INTRODUCING ENCRYPTION, AUTHENTICATION, AND AUTHORIZATION INTO A PUBLICATION AND SUBSCRIPTION ENGINE
    2.
    发明公开
    INTRODUCING ENCRYPTION, AUTHENTICATION, AND AUTHORIZATION INTO A PUBLICATION AND SUBSCRIPTION ENGINE 审中-公开
    迈入加密,身份验证和授权ONE发布和订阅机

    公开(公告)号:EP2396941A4

    公开(公告)日:2013-06-12

    申请号:EP09840152

    申请日:2009-04-30

    Applicant: IBM

    CPC classification number: H04L63/101 H04L63/0884 H04L63/166

    Abstract: A plurality of protocol stacks are deployed. Each of the protocol stacks includes a plurality of composable protocol modules, and each of the composable protocol modules implements common interfaces. It is detected that a first given one of a plurality of clients wishes to connect to a publication-subscription engine and it is determined whether the first given one of the plurality of clients is to be connected in a secure manner. Responsive to determining that the first given one of the plurality of clients is to be connected in the secure manner, an encrypted instance of a first appropriate one of the plurality of protocol stacks is instantiated to effectuate the secure connection. The first given one of the plurality of clients is authenticated and authorized.

    INDEX SERVER SUPPORT TO FILE SHARING APPLICATIONS
    3.
    发明申请
    INDEX SERVER SUPPORT TO FILE SHARING APPLICATIONS 审中-公开
    索引服务器支持文件共享应用程序

    公开(公告)号:WO2004051511A2

    公开(公告)日:2004-06-17

    申请号:PCT/IB0305137

    申请日:2003-11-12

    Applicant: IBM ROONEY JOHN G

    Inventor: ROONEY JOHN G

    CPC classification number: G06F17/30206

    Abstract: An index server support for file sharing applications is disclosed. A way of retrieving an index server includes sending a request for investigating a hierarchical structure of index servers in a network to a known index server, intercepting the investigation request by the first index server that becomes aware of the investigation request, notifying an originator of the investigation request of the intercepting index server identity, dropping the intercepted request is dropped by the intercepting index server. The originator of the investigation request then registers the intercepting index server as addressee for future file querying requests.

    Abstract translation: 公开了一种用于文件共享应用的索引服务器支持。 一种检索索引服务器的方法包括:将用于调查网络中的索引服务器的分层结构的请求发送到已知的索引服务器;通过第一索引服务器截获调查请求,该第一索引服务器知道调查请求,通知发起者 拦截索引服务器身份的调查请求,拦截索引服务器将拦截请求丢弃。 调查请求的发起者然后将拦截索引服务器注册为将来文件查询请求的收件人。

    4.
    发明专利
    未知

    公开(公告)号:DE602004006863D1

    公开(公告)日:2007-07-19

    申请号:DE602004006863

    申请日:2004-04-28

    Applicant: IBM

    Abstract: The present invention relates to a method for transmitting media data, especially voice data, via a network (7), wherein the media data are converted to a media data packet stream. The network has a number of data paths (P1, P2, P3) including a first and a second data path each capable of transmitting data packets of the media data packet stream. The data packet stream is transmitted via the first data path of the network, thereby the media data packet stream is stopped to be transmitted via the first data path and is started to be transmitted via the second data path when an information pause is detected.

    Bootloader for booting a computer into a second operating system that is hidden from a first host operating system

    公开(公告)号:GB2508895A

    公开(公告)日:2014-06-18

    申请号:GB201222584

    申请日:2012-12-14

    Applicant: IBM

    Abstract: A bootloader (16, fig. 2) detectable by a firmware 122 of a computer 101 comprises instructions for the firmware to load the bootloader into a memory 121 of the computer for subsequent execution. A storage medium 120 of the computer 101 stores a first host operating system 111-1 and a second host operating system 111-2 respectively on a first portion (120-1, fig. 5) and a second portion (120-2). Upon execution, the instructions interact with the firmware 122 to determine the second portion (120-2) of the storage medium 120. The second portion (120-2) is determined from partition information 111-1p, which acknowledges the first host operating system 111-1 but does not acknowledge the second host operating system 111-2. A part BI of the second host operating system 111-2 is located in the second portion (120-2), and said part is executed, whereby only the second host operating system can boot upon execution of the bootloader (16) at the computer 101. The bootloader (16) may be stored on a portable, secure tamper-proof device 10 with a connection interface (12) enabling connection with a computer 101.

    VERFOLGEN EINES PROTOKOLLVERLAUFS EINER ÄNDERUNGSDATENERFASSUNG

    公开(公告)号:DE102021125858A1

    公开(公告)日:2022-05-19

    申请号:DE102021125858

    申请日:2021-10-05

    Applicant: IBM

    Abstract: Ein Verfahren umfasst ein Erstellen einer ersten Momentaufnahme eines Quellensystems und ein Ableiten eines Satzes von Schlüssel-Wert-Paaren, die die erste Momentaufnahme widerspiegeln. Es wird eine Operation zur Spiegelung des Quellensystems durchgeführt, um CDC-Änderungsoperationen zu erstellen. Das Verfahren erstellt ein erstes CDC-Protokoll als eine erste Sequenz von Schlüssel-Wert-Paaren. Es wird eine zweite Momentaufnahme des Quellensystems erstellt und ein Satz von Schlüssel-Wert-Paaren abgeleitet, der die zweite Momentaufnahme widerspiegelt. Die erste Sequenz von Schlüssel-Wert-Paaren wird dann mit dem Satz von Schlüssel-Wert-Paaren verglichen, um korrigierende CDC-Operationen abzuleiten, die als ein Satz von Schlüssel-Wert-Paaren erfasst werden. Die korrigierenden CDC-Operationen stellen Korrekturen dar, die in Bezug auf die erste Sequenz von Schlüssel-Wert-Paaren durchzuführen sind. Ein zweites CDC-Protokoll wird in Form einer zweiten Sequenz von Schlüssel-Wert-Paaren erstellt. Die korrigierenden CDC-Operationen stellen sicher, dass die zweite Sequenz von Schlüssel-Wert-Paaren mit dem Satz von Schlüssel-Wert-Paaren kohärent ist.

    Sichere Ausführung von Software-Modulen auf einem Computer

    公开(公告)号:DE112014000337T5

    公开(公告)日:2015-09-10

    申请号:DE112014000337

    申请日:2014-03-14

    Applicant: IBM

    Abstract: Die vorliegende Erfindung bezieht sich insbesondere auf ein Verfahren zum Ausführen von Software-Modulen auf einem Computer, wobei das Verfahren aufweist: Ausführen (S4) eines Boot-Ladeprogramms (15, 16) zumindest teilweise (16) auf dem Computer (101); und bei Ausführung des Boot-Ladeprogramms: Zugreifen (S5) auf Anforderungen an einen Anfangssatz (IS) von Software-Modulen SMn; und Hardware-Spezifikationen des Computers; Ermitteln (S6) innerhalb des Anfangssatzes eines oder mehrerer Kandidatensätze (CS1, CS2) von Software-Modulen, die mit den Hardware-Spezifikationen kompatibel sind (S6a) und als RAM-Platte speicherbar sind (S6b); und Speichern (S9) der Software-Module eines Abschlusssatzes (FS) auf einer RAM-Platte (121), wobei es sich bei dem Abschlusssatz (FS) um einen des einen oder der mehreren Kandidatensätze handelt, und Anweisen, die auf der RAM-Platte gespeicherten Software-Module auszuführen, wobei sowohl der Anfangssatz als auch der Abschlusssatz von Software-Modulen Anwendungskomponenten und Betriebssystem-Abbildkomponenten aufweist und des Weiteren bevorzugt Hardware-Komponententreiber aufweist. Die vorliegende Erfindung bezieht sich des Weiteren auf ein Boot-Ladeprogramm, eine für Benutzer vertrauenswürdige Einheit und ein System.

    Secure execution of software modules on a computer

    公开(公告)号:GB2512376A

    公开(公告)日:2014-10-01

    申请号:GB201305727

    申请日:2013-03-28

    Applicant: IBM

    Abstract: Disclosed is a method of executing software modules on a computer. The method start by executing S4 a bootloader in the computer and then accessing S5 requirements as to an initial set of software modules and hardware specifications of the computer. Then determining S6 within the initial set, a candidate set CS1 of software modules that are compatible S6a with the hardware specifications and can S6b be stored as a RAM disk and storing S9 the software modules of a final set on a RAM disk , the final set being a candidate set. Executing the software modules stored on the RAM disk, wherein each of the initial set and the final set of software modules comprises application components and operating system image components and hardware component drivers. A trusted device such as a USB drive may hold the bootloader and the software modules.

    9.
    发明专利
    未知

    公开(公告)号:DE602004006863T2

    公开(公告)日:2008-02-14

    申请号:DE602004006863

    申请日:2004-04-28

    Applicant: IBM

    Abstract: The present invention relates to a method for transmitting media data, especially voice data, via a network (7), wherein the media data are converted to a media data packet stream. The network has a number of data paths (P1, P2, P3) including a first and a second data path each capable of transmitting data packets of the media data packet stream. The data packet stream is transmitted via the first data path of the network, thereby the media data packet stream is stopped to be transmitted via the first data path and is started to be transmitted via the second data path when an information pause is detected.

    INDEX SERVER SUPPORT TO FILE SHARING APPLICATIONS

    公开(公告)号:AU2003278521A1

    公开(公告)日:2004-06-23

    申请号:AU2003278521

    申请日:2003-11-12

    Applicant: IBM

    Inventor: ROONEY JOHN G

    Abstract: An index server support for file sharing applications is disclosed. A way of retrieving an index server includes sending a request for investigating a hierarchical structure of index servers in a network to a known index server, intercepting the investigation request by the first index server that becomes aware of the investigation request, notifying an originator of the investigation request of the intercepting index server identity, dropping the intercepted request is dropped by the intercepting index server. The originator of the investigation request then registers the intercepting index server as addressee for future file querying requests.

Patent Agency Ranking