公开(公告)号：GB2500219A

公开(公告)日：2013-09-18

申请号：GB201204427

申请日：2012-03-14

Applicant: IBM

Inventor： WALKER JAMES WILLIAM ,  WALTON TRAVIS ,  SHERWOOD DAVID

IPC: H04L9/08 ,  G06F9/48 ,  H04L9/16 ,  H04L29/06

Abstract: A method and apparatus is disclosed for managing encryption keys in a computer system in which in response to the change 401 of a system key the old key and new key 403 are both maintained for subsequent use. In response to a request for a key e.g. for decryption operations, keys may be returned in a ranked fashion such that newer keys are attempted to be used first. Alternatively, all possible keys may be supplied. A maximum number of keys may be maintained with the oldest, or least used, keys being discarded when a new key is stored in a key history 404. The system key may be a domain key for a physical computer system or a virtual machine. Migration of a virtual machine to a target domain may be controlled and only allowed if a selected key is available in the target domain (Figure 5). In a further embodiment the keys may be ranked and the ranking of a selected key for a virtual machine is provided to a target domain for identification of the key in the target domain (Figure 6).

公开(公告)号：GB2501588B

公开(公告)日：2014-06-18

申请号：GB201302922

申请日：2013-02-20

Applicant: IBM

Inventor： WALKER JAMES WILLIAM ,  WALTON TRAVIS ,  SHERWOOD DAVID

IPC: H04L9/08 ,  G06F21/60

Abstract: A method and apparatus is disclosed for managing encryption keys in a computer system in which in response to the change of a system key the old key and new key are both maintained for subsequent use.

公开(公告)号：GB2502541A

公开(公告)日：2013-12-04

申请号：GB201209550

申请日：2012-05-30

Applicant: IBM

Inventor： WALKER JAMES WILLIAM ,  SHERWOOD DAVID ,  WALTON TRAVIS

IPC: G06F7/58

Abstract: When a request for random data is received, the level of randomness or entropy required is determined. If the request is associated with an event requiring a high level of entropy, the random data is obtained from a source with high entropy. Such an event may be the initialization of a secure operation. Otherwise the data may be obtained from a source with low entropy. Once a source with high entropy has been selected, the data continues to be supplied from a high entropy source. There may be more than two levels of entropy, which are associated with different events. The request may be sent by a virtual machine 110 to an entropy manager 145 controlled by a hypervisor 140 as the result of the start of a virtual trusted platform module 115.

公开(公告)号：GB2501588A

公开(公告)日：2013-10-30

申请号：GB201302922

申请日：2013-02-20

Applicant: IBM

Inventor： WALKER JAMES WILLIAM ,  WALTON TRAVIS ,  SHERWOOD DAVID

IPC: H04L9/08 ,  G06F21/60

Abstract: Managing encryption keys comprising the steps of storing a first key for encrypting data for a selected domain, storing a second key for the domain in addition to the first key in response to a key change and providing the first key or the second key in response to a request for an encryption key. One of the keys may be provided in response to a first request and the other key is provided in response to a subsequent associated request. Keys may be maintained up to a predetermined maximum number after which the oldest key is discarded in response to storing a new key. The keys may be maintained in a key history comprising a list of the keys ranked in order in which the keys were created. The domain may be a virtual machine, migration of which to a target domain may only be performed if the selected key is available in the target domain. Enables key changes and migration of data to be performed simultaneously in virtual machines so if a key change occurs during migration the old key will be maintained to enable the decryption of the migrated data.

公开(公告)号：GB2519549A

公开(公告)日：2015-04-29

申请号：GB201318780

申请日：2013-10-24

Applicant: IBM

Inventor： SHERWOOD DAVID ,  BODEN IAN ,  SANDERS LEE JASON ,  NORTH GERAINT

IPC: G06F12/08 ,  G06F12/0804 ,  G06F12/0806 ,  G06F12/0868 ,  G06F12/0871

Abstract: A controller (24) is adapted to issue write permissions to a plurality of data storage devices (32), the write permissions including a permission to perform a data destage operation from a cache (22) to a data storage device (32); wherein each cache has a first performance score expressed as the difference between the number of data destage operations the cache has in flight and the maximum number of data destage actions the cache is permitted to issue in parallel; and wherein the controller is adapted to offer a data destage operation permission to the cache in the plurality of caches associated with the highest first performance score.

公开(公告)号：GB2513826A

公开(公告)日：2014-11-12

申请号：GB201211544

申请日：2012-06-29

Applicant: IBM

Inventor： WALKER JAMES ,  SHERWOOD DAVID ,  WALTON TRAVIS

IPC: G06F21/00 ,  G06F9/44 ,  G06F9/455

Abstract: Performing a trusted boot of a virtual machine by executing, in turn, a series of components of the boot, performing a function on each component prior to the execution of the respective component, storing the output of the functions in a virtual trusted platform module, detecting that the virtual trusted platform module has not responded to the storing of an output of a function in the virtual trusted platform module, and generating a request that the virtual trusted platform module be disabled. This ensures that no malicious component can spoof itself in a hole in the chain of trust by inserting a fake trusted measurement, by disabling the whole boot process. This may be achieved using a hypervisor and time out function. Each component may be hashed prior to execution by a previously loaded component.

公开(公告)号：GB2507556A

公开(公告)日：2014-05-07

申请号：GB201219838

申请日：2012-11-05

Applicant: IBM

Inventor： JARVIS MATT ,  SHERWOOD DAVID

IPC: G06F3/023 ,  G06F3/02

Abstract: A method of configuring a keyboard model (30) (for use e.g. on a touch screen) includes the steps of receiving a keyboard model that includes key definitions, each key definition defining at least key function, key location and key size, presenting an output (32) generated from the keyboard model, receiving a user input comprising one or more changes to the keyboard model, updating the keyboard model according to the received user input, and saving the updated keyboard model. Tactile haptic feedback and sound output can be used to model different types of keys. Resistance, height and virtual spring point for a key may also be changed.