Abstract: Methods, systems and computer program products are provided which allow “bootstrapping” of credentials by a client application using the well known certificate authority SSL capabilities of another installed application, such as a browser. A first secured session is established between the client and a server which has a certificate including a digital signature from a well known certificate authority. For example, a hypertext transport protocol over SSL (HTTPS) session may be established to the server by a browser such as Netscape™ or Internet Explorer™. An additional public key, or public key ring is then downloaded from the server to the client which may be subsequently used by the client to establish SSL sessions with servers that do not have a certificate from a well known certificate authority.
Type:
Grant
Filed:
August 30, 1999
Date of Patent:
June 8, 2004
Assignee:
International Business Machines Corporation
Abstract: Methods for enabling database privileges are provided. The methods eliminate strict dependency on tradition password, or “secret” based security systems. Instead, database privileges are enabled based on verifying information stored in one or more frames of a call stack corresponds to trusted security logic. In another embodiment, database privileges are enabled based on policies identified in the trusted security logic. The methods and techniques described herein provide a flexible and extensible mechanisms for verifying that trusted security logic has been executed prior to enabling database privileges.
Abstract: A set of methods is specified whereby software reduces compromising electromagnetic emanations of computers that could otherwise allow eavesdroppers to reconstruct sensitive processed data using periodic averaging techniques. Fonts for screen display of text are low-pass filtered to attenuate those spectral components that radiate most strongly, without significantly affecting the readability of the text, while the character glyphs displayed are chosen at random from sets that are visually equivalent but that radiate differently. Keyboard microcontroller scan loops are also furnished with random variations that hinder reconstruction of the signal emanated by a keyboard. Drivers for hard disks and other mass-storage devices ensure that the read head is never parked over confidential data longer than necessary.
Abstract: A security monitoring apparatus monitors access to a monitor target from the outside, and judges whether new access is normal by referring to an access log concerning past access situations. Then, if the access is abnormal, the security monitoring apparatus issues an alarm to a user/manager, and executes a lockout process, etc.
Abstract: A key distribution method for distributing, via a communications network, a key in a multicast communications system in which each one of a plurality of communications is directed to an associated multicast group including a plurality of recipients intended to receive the one communication. The method includes providing a plurality of implemented key distribution methods, dynamically choosing one implemented key distribution method of the plurality of key distribution methods, and distributing at least one key using the one implemented key distribution method.
Related apparatus and methods are also provided.
Abstract: A system and method are disclosed for securely establishing a cryptographic key between a first cryptographic device, for example a host cryptographic security module, and a second cryptographic device, for example a bank Automated Teller Machine (ATM). A plurality of key components is generated from a pool of random numbers and a unique reference number indexes each of the key components. The key components are encrypted, stored and indexed in the host security module by the corresponding reference numbers. The key components are arbitrarily distributed to field personnel in tamper evident envelopes to be entered into the ATM. Each of the tamper evident envelopes is marked with the reference number corresponding to the key component contained in the envelope. At least two field personnel each enter a different key component into the ATM to form the cryptographic key.