摘要:
Access to encrypted data on a removable computer media such as a computer tape is controlled via a uniquely-structured header on the medium having a symmetrical key wrapped by asymmetrical encryption plus a public key associated with the asymmetrical encryption. The data on the medium is encrypted using the symmetrical key. Prior to automated reading of the data by a reader, a challenge is issued to a host system including the public key and preferably a nonce value. The host responds by signing the nonce using a private key associated with the public key in order to prove it has rights to decrypt the data. The symmetrical key is unwrapped using the private key, and finally the unwrapped symmetrical key is used to decrypt the data on the medium, thereby allowing automated reading of the tape data without the need or risk of two administrators sharing a symmetrical key value.
摘要:
A method, apparatus and program storage device for program verification in an information handling system in which an application program runs on an operating system having a signature verification function for verifying a digital signature of the application program. Upon loading of the application program, the signature verification function of the operating system verifies the digital signature of the application program and, if the digital signature is verified, initiates execution of the application program. Upon initiation of execution of the application program, a verification testing function associated with the application program tests the signature verification function of the operating system by presenting to it a sequence of test digital signatures in a specified pattern of true and false signatures. If its test of the signature verification function of the operating system is successful, the application program initiates normal execution. Otherwise, the application program terminates without initiating normal execution.
摘要:
A computer program product for integrated key serving is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes using a smart card of two or more smart cards with a support element of two or more support elements to create an encryption key and storing the encryption key in an encrypted file that can only be decrypted by the smart card and the support element used to create the encryption key.
摘要:
A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.
摘要:
A method of certifying a host-identification mapping extension included in a digital certificate, the digital certificate issued and signed by a specific certification authority. In an exemplary embodiment of the invention, the method includes assigning a trust value for each certification authority included in a set of certification authorities. A digital certificate containing the host-identification mapping extension therein is received, with the host-identification mapping extension further containing a plurality of identification attributes therein. The plurality of identification attributes are evaluated, along with the trust value assigned to the specific certification authority issuing the digital certificate. A determination is then made, based upon the plurality of identification attributes and the trust value, as to whether the host-mapping extension is to be certified.