Abstract: A method and system for securing access to a keyboard driver in a host computer. The host computer includes a host processor that manages communication between a keyboard driver and a keyboard attached to the host computer. In accordance with a method of the present invention, a packet is received on a bus that connects the keyboard to the host processor. A determining is made of whether or not the packet originated from the keyboard. In response to determining that the packet originated from the keyboard, a independent bus traffic monitor processor sets an input secure bit which is then read by the host processor to selectively provide access to the keyboard driver in accordance with verification that the keyboard originated the packet.
Type:
Grant
Filed:
December 11, 2000
Date of Patent:
November 22, 2005
Assignee:
International Business Machines Corporation
Inventors:
David Carroll Challener, Richard Alan Dayan, Eric Richard Kern
Abstract: The invention relates to a method which can be used to declare a session key (K) between a first computer unit (U) and a second computer unit (N) without it being possible for an unauthorized third party to obtain useful information regarding the keys or the identity of the first computer unit (U). This is achieved by embedding the principle of El-Gamal key interchange in the method with additional formation of a digital signature using a hash value whose input variable contains at least variables which can be used to infer the session key unambiguously.
Type:
Grant
Filed:
May 6, 1999
Date of Patent:
October 4, 2005
Assignee:
Siemens Aktiengesellschaft
Inventors:
Guenther Horn, Volker Kessler, Klaus Mueller
Abstract: A method and apparatus for monitoring encrypted communications in a network comprising: establishing a network monitoring digital contract with a network monitoring element, establishing a network use digital contract with a first and a second network element; and transmitting decrypting information to the network monitoring element for decrypting encrypted communications between the first network element and the second network element per terms in the network monitoring digital contract and the network use digital contract.
Abstract: A method and apparatus for processing incomplete SSL/TLS records is disclosed. Typical processing of encrypted and authenticated SSL/TLS records involves reconstructing the entire record after if has been segmented by a transport layer in order to be sent over a networked connection. This creates a significant performance bottleneck. The disclosed invention takes the truncated records as they arrive and creates block-aligned segments (truncated records), coupled with residue left to transfer between an arriving segment and the previously block-aligned segment, which allows continuous processing of the encrypted partial records.
Abstract: A system, method, and program product for implementing logon assignments for users in a heterogeneous network are disclosed. Sets of logon assignments for a user for various platforms are defined and stored in a configuration server. The appropriate set of user logon assignments is selected, by either the configuration server or a client system, based on the user identity of the user and a software platform of the client system on which the user logs onto the heterogeneous network. The appropriate set of logon assignments is sent from the configuration server to the client system. The appropriate set of logon assignments is then implemented at the client system so that the user is able to use preferences and allocated resources specified by the set of logon assignments.
Type:
Grant
Filed:
May 4, 2000
Date of Patent:
January 18, 2005
Assignee:
International Business Machines Corporation
Inventors:
Vaijayanthimala Anand, Janet Roberts Callaway, Steven Michael French, Steven Pratt, Dennis Wayne Riddlemoser
Abstract: Keys (e.g., decryption key, authentication key) are stored in a non-volatile memory of a display unit. The keys are retrieved in encrypted form into an integrated circuit. The integrated circuit decrypts the keys and uses the keys. As the keys are available in decrypted form only within the integrated circuit and potentially only during use, the keys may not be available to unauthorized third parties.
Abstract: A load-balancer assigns incoming requests to servers at a server farm. An atomic operation assigns both un-encrypted clear-text requests and encrypted requests from a client to the same server at the server farm. An encrypted session is started early by the atomic operation, before encryption is required. The atomic operation is initiated by a special, automatically loaded component on a web page. This component is referenced by code requiring that an encrypted session be used to retrieve the component. Keys and certificates are exchanged between a server and the client to establish the encrypted session. The server generates a secure-sockets-layer (SSL) session ID for the encrypted session. The server also generates a server-assignment cookie that identifies the server at the server farm. The server-assignment cookie is encrypted and sent to the client along with the SSL session ID. The Client decrypts the server-assignment cookie and stores it along with the SSL session ID.