公开(公告)号：GB2581308A

公开(公告)日：2020-08-12

申请号：GB202007960

申请日：2018-10-19

Applicant: IBM

Inventor： MARTIN LEO SCHMATZ ,  MATHIAS BJÖRKQVIST ,  NAVANEETH RAMESHAN ,  ROBERT BIRKE ,  YIYU CHEN ,  MITCH GUSAT

IPC: H04L29/06 ,  G06F7/58 ,  H04L9/08

Abstract: Embodiments of the invention provide a computer-implemented method for managing cryptographic objects in a key management system. This system comprises a set of one or more hardware security modules (HSMs), as well as clients interacting with the HSMs on behalf of users who interact with the clients. The method comprises monitoring, for each HSM of the set, an entropy pool and/or a load at each HSM. The entropy pool of a HSM is the entropy that is available at this HSM for generating cryptographic objects. The load induced at a HSM is the load due to the users interacting with the clients to obtain cryptographic objects. Cryptographic objects are generated, at each HSM, according to the monitored entropy pool and/or load. The extent to which such objects are generated depends on the monitored entropy pool and/or load.

公开(公告)号：GB2595167A

公开(公告)日：2021-11-17

申请号：GB202111724

申请日：2020-02-11

Applicant: IBM

Inventor： MARTIN SCHMATZ ,  NAVANEETH RAMESHAN ,  PATRICIA SAGMEISTER ,  YIYU CHEN ,  MITCH GUSAT

IPC: G06F21/60

Abstract: In a computer-implemented method for providing obfuscated data to users, first, a user request to access data is received; then, an authorization level associated with the request received is identified. Next, obfuscated data is accessed in a protected enclave, which data corresponds to the request received. The data accessed has been obfuscated with an obfuscation algorithm that yields a level of obfuscation compatible with the authorization level identified. Finally, the obfuscated data accessed is provided to the user, from the protected enclave. Related systems and computer program products are also disclosed.

公开(公告)号：GB2581308B

公开(公告)日：2021-02-17

申请号：GB202007960

申请日：2018-10-19

Applicant: IBM

Inventor： MARTIN LEO SCHMATZ ,  MATHIAS BJÖRKQVIST ,  NAVANEETH RAMESHAN ,  ROBERT BIRKE ,  YIYU CHEN ,  MITCH GUSAT

IPC: H04L29/06 ,  G06F7/58 ,  H04L9/08

Abstract: Embodiments of the invention provide a computer-implemented method for managing cryptographic objects in a key management system. This system comprises a set of one or more hardware security modules (HSMs), as well as clients interacting with the HSMs on behalf of users who interact with the clients. The method comprises monitoring, for each HSM of the set, an entropy pool and/or a load at each HSM. The entropy pool of a HSM is the entropy that is available at this HSM for generating cryptographic objects. The load induced at a HSM is the load due to the users interacting with the clients to obtain cryptographic objects. Cryptographic objects are generated, at each HSM, according to the monitored entropy pool and/or load. The extent to which such objects are generated depends on the monitored entropy pool and/or load.