公开(公告)号：WO2009066217A2

公开(公告)日：2009-05-28

申请号：PCT/IB2008054782

申请日：2008-11-14

Applicant: IBM ,  BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO JOSEF ,  KRAMP THORSTEN ,  VISEGRADY TAMAS ,  WEIGOLD THOMAS D

Inventor： BAENTSCH MICHAEL ,  BUHLER PETER ,  EIRICH THOMAS ,  HERMANN RETO JOSEF ,  KRAMP THORSTEN ,  VISEGRADY TAMAS ,  WEIGOLD THOMAS D

IPC: G06Q20/08 ,  G06Q20/42

CPC classification number: H04L63/0869 ,  G06Q20/08 ,  G06Q20/42 ,  H04L63/0471 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/166 ,  H04L67/42 ,  H04L2463/102

Abstract: Performing secure electronic transactions The invention relates to a method for performing electronic transactions between a server computer (110) and a client computer (120), the method comprising the steps of: - running a first communication protocol with encrypted data transmission and mutual authentication between the server computer (110) and a hardware device (130) via a communication network (160), - performing a decryption of encrypted server responses received from the server computer (110) in the hardware device (130), - forwarding the decrypted server responses from the hardware device (130) to the client computer (120), - displaying the decrypted server responses on a client computer display (121) of the client computer (120), - receiving client requests to be send from the client computer (120) to the server computer (110) by the hardware device (130), - parsing the client requests for predefined transaction information by the hardware device (130), - encrypting and forwarding client requests that do not contain any predefined transaction information to the server computer (110) by the hardware device (130), - displaying the predefined transaction information upon detection in a client request on a hardware device display (210) of the hardware device (130), - forwarding and encrypting the client request containing the predefined transaction information to the server computer (110) if a user confirmation is received, - canceling the electronic transaction if no user confirmation is received.

Abstract translation: 执行安全的电子交易技术领域本发明涉及一种用于在服务器计算机（110）和客户端计算机（120）之间执行电子交易的方法，所述方法包括以下步骤： - 运行带有加密数据传输的第一通信协议和 服务器计算机（110）和经由通信网络（160）的硬件设备（130）， - 执行从所述硬件设备（130）中从所述服务器计算机（110）接收的加密的服务器响应的解密， - 转发所述解密的服务器 从硬件设备（130）到客户端计算机（120）的响应， - 在客户端计算机（120）的客户端计算机显示器（121）上显示解密的服务器响应， - 接收客户端计算机发送的客户端请求 120）由所述硬件设备（130）发送到所述服务器计算机（110）， - 通过所述硬件设备（130）解析所述客户端对于预定义事务信息的请求， - 加密和加密 通过硬件设备（130）向服务器计算机（110）不包含任何预定义的交易信息的订单客户端请求， - 在硬件设备的硬件设备显示器（210）上的客户机请求中检测到显示预定交易信息 （130），如果接收到用户确认，则将包含所述预定交易信息的所述客户端请求转发和加密到所述服务器计算机（110）; - 如果没有接收到用户确认，则取消所述电子交易。

公开(公告)号：ZA202106316B

公开(公告)日：2023-03-29

申请号：ZA202106316

申请日：2021-08-30

Applicant: IBM

Inventor： BUENDGEN REINHARD ,  VISEGRADY TAMAS ,  FRANZKI INGO

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

公开(公告)号：AU2017341251B2

公开(公告)日：2020-10-01

申请号：AU2017341251

申请日：2017-10-02

Applicant: IBM

Inventor： GREINER DAN ,  SLEGEL TIMOTHY ,  ZOELLIN CHRISTIAN ,  JACOBI CHRISTIAN ,  PAPROTSKI VOLODYMYR ,  VISEGRADY TAMAS ,  BUENDGEN REINHARD THEODOR ,  BRADBURY JONATHAN ,  PURANIK ADITYA NITIN

IPC: H04L9/06 ,  H04L9/32

Abstract: An instruction to perform ciphering and authentication is executed. The executing includes ciphering one set of data provided by the instruction to obtain ciphered data and placing the ciphered data in a designated location. It further includes authenticating an additional set of data provided by the instruction, in which the authenticating generates at least a part of a message authentication tag. The at least a part of the message authentication tag is stored in a selected location.

公开(公告)号：CA3037231A1

公开(公告)日：2018-04-19

申请号：CA3037231

申请日：2017-10-02

Applicant: IBM

Inventor： GREINER DAN ,  SLEGEL TIMOTHY ,  ZOELLIN CHRISTIAN ,  JACOBI CHRISTIAN ,  PAPROTSKI VOLODYMYR ,  VISEGRADY TAMAS ,  BUENDGEN REINHARD THEODOR ,  BRADBURY JONATHAN ,  PURANIK ADITYA NITIN

IPC: H04L9/06 ,  H04L9/32

Abstract: An instruction to perform ciphering and authentication is executed. The executing includes ciphering one set of data provided by the instruction to obtain ciphered data and placing the ciphered data in a designated location. It further includes authenticating an additional set of data provided by the instruction, in which the authenticating generates at least a part of a message authentication tag. The at least a part of the message authentication tag is stored in a selected location.

公开(公告)号：GB2526040A

公开(公告)日：2015-11-11

申请号：GB201516536

申请日：2014-02-11

Applicant: IBM

Inventor： GREINER DAN ,  NERZ BERND ,  VISEGRADY TAMAS

IPC: G06F7/58

Abstract: A machine instruction is provided that includes an opcode field to provide an opcode, the opcode to identify a perform pseudorandom number operation, and a register field to be used to identify a register, the register to specify a location in memory of a first operand to be used. The machine instruction is executed, and execution includes for each block of memory of one or more blocks of memory of the first operand, generating a hash value using a 512 bit secure hash technique and at least one seed value of a parameter block of the machine instruction; and storing at least a portion of the generated hash value in a corresponding block of memory of the first operand, the generated hash value being at least a portion of a pseudorandom number.

公开(公告)号：DE112011103162T5

公开(公告)日：2013-12-05

申请号：DE112011103162

申请日：2011-08-03

Applicant: IBM

Inventor： WOLF HEIKO ,  VISEGRADY TAMAS

IPC: G06K19/06 ,  G06K19/08

Abstract: Der Erfindung bezieht sich auf Produkte, die eine PUF verkörpern. Ein Verfahren zum Fertigen eines solchen Produkts wird offenbart, das sich auf ein Material stützt, das eine Oberfläche mit „deterministischen” Unebenheiten aufweist. Das Verfahren verwendet des Weiteren Teilchen, die so dimensioniert sind, dass sie durch die Unebenheiten der Oberfläche gefangen werden können. Im Allgemeinen ermöglicht das Verfahren Teilchen (20), sich zufällig auf Unebenheiten (14) der Materialoberfläche (12) abzuscheiden und daran gefangen zu werden, um eine Struktur zu erzielen, die die PUF ausbildet. Die resultierende PUF ist leichter auslesbar gestaltet, da die allgemeine Struktur und die Position der Teilchen bekannt sind. Lediglich die Füllhöhe (einer bestimmten Art) der Teilchen ist zufällig.

公开(公告)号：DE112012000770T5

公开(公告)日：2013-11-07

申请号：DE112012000770

申请日：2012-02-22

Applicant: IBM

Inventor： OSBORNE MICHAEL ,  VISEGRADY TAMAS

IPC: H04L9/32

Abstract: Die Erfindung gilt hauptsächlich Verfahren und Systemen zum Ermöglichen des Überprüfens von digitalen Signaturen (S41). Die Verfahren sind in einem computergestützten System (1) umgesetzt, das einen Server (10) aufweist, der mit Anwendungen (A, B, C) Daten austauscht, und weisen die folgenden Schritte an dem Server auf: – Empfangen (S13) einer oder mehrerer von einer oder mehreren der Anwendungen ausgegebenen Signaturanforderungen (ai, bi, ci); – Weiterleiten (S14) von ersten Daten, die den empfangenen Signaturanforderungen entsprechen, an eine oder mehrere Signiereinheiten (Sig1-4) zum anschließenden Signieren der ersten Daten; – Speichern (S16) eines aktualisierten Systemzustands (sn+1), der unter Verwendung einer Funktion aus Folgendem berechnet (S15) wurde: – einem Bezugssystemzustand (sn); und – zweiten Daten (ai, bi, ci, Ai, Bi, Ci), die den empfangenen Signaturanforderungen entsprechen, wobei der Bezugssystemzustand und der aktualisierte Systemzustand die Signaturanforderungen bestätigen; und – Wiederholen der obigen Schritte (S12 bis S16) unter Verwendung des aktualisierten Systemzustands (sn+1) als neuen Bezugssystemzustand.

公开(公告)号：GB2497032A

公开(公告)日：2013-05-29

申请号：GB201303961

申请日：2011-08-03

Applicant: IBM

Inventor： VISEGRADY TAMAS ,  WOLF HEIKO

IPC: G06K19/08 ,  G06K19/06 ,  H04L9/32

Abstract: The invention is directed to products embodying a PUF. A method for manufacturing such a product is disclosed which relies on a material having one surface with "deterministic" asperities. The method further uses particles dimensioned such as to be able to be trapped by the asperities of the surface. Generally, the method enables particles (20) to randomly deposit on and get trapped by asperities (14) of the material surface (12), such as to obtain a pattern that forms the PUF. The resulting PUF is made easier to read out since the general pattern and the location of the particles are known. Only the filling level (of a given type) of the particles is random.

公开(公告)号：DE602006008029D1

公开(公告)日：2009-09-03

申请号：DE602006008029

申请日：2006-10-16

Applicant: IBM

Inventor： CONDORELLI VINCENZO ,  DEWKETT THOMAS ,  HOCKER MICHAEL ,  VISEGRADY TAMAS

IPC: G06F11/16

Abstract: In a communications channel coupled to multiple duplicated subsystems, a method, interposer and program product are provided for verifying integrity of subsystem responses. Within the communications channel, a first checksum is calculated with receipt of a first response from a first subsystem responsive to a common request, and a second checksum is calculated for a second response of a second subsystem received responsive to the common request. The first checksum and the second checksum are compared, and if matching, only one of the first response and the second response is forwarded from the communications channel as the response to the common request, with the other of the first response and the second response being discarded by the communications channel.

公开(公告)号：AU2020234675B2

公开(公告)日：2022-11-24

申请号：AU2020234675

申请日：2020-02-27

Applicant: IBM

Inventor： BUENDGEN REINHARD ,  VISEGRADY TAMAS ,  FRANZKI INGO

IPC: G06F21/44 ,  G06F21/64 ,  G06F21/71 ,  G06F21/86

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control ("SC") obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.