-
21.发明授权公开(公告)号:US11449367B2
公开(公告)日:2022-09-20
申请号:US16286987
申请日:2019-02-27
发明人: Matthias Klein , Simon Weishaupt , Anthony Thomas Sofia , Jonathan D. Bradbury , Mark S. Farrell , Mahmoud Amin , Timothy Slegel
摘要: A method is provided that includes receiving, by a firmware from an originating software, an asynchronous request for an instruction of an algorithm for compression of data. The firmware operates on a first processor and the originating software operates on a second processor. The firmware issues a synchronous request to the first processor to cause the processor to execute the instruction synchronously. It is determined, by the firmware, whether an interrupt is received from the first processor with respect to the first processor executing the instruction. The firmware retries the issuance of the synchronous request each time the interrupt is received until a retry threshold is reached.
-
公开(公告)号:US20220180000A1
公开(公告)日:2022-06-09
申请号:US17110722
申请日:2020-12-03
IPC分类号: G06F21/72
摘要: Techniques for container-based cryptography hardware security module (HSM) management in a computer system are described herein. An aspect includes providing a cryptography work daemon container in a computer system, wherein the cryptography work daemon container in the computer system has privileged access to a cryptography HSM of the computer system. Another aspect includes receiving, by the cryptography work daemon container, a request for a cryptography function of the cryptography HSM from an application container in the computer system. Another aspect includes causing, by the cryptography work daemon container, the cryptography HSM to perform the cryptography function based on receiving the request
-
公开(公告)号:US11265144B2
公开(公告)日:2022-03-01
申请号:US16812494
申请日:2020-03-09
摘要: Aspects of the invention include receiving, by a processor, an unencrypted object that includes plaintext and metadata that describes the plaintext. A data encryption key (DEK) and a nonce key for the unencrypted object are obtained by the processor. The nonce key is different than the DEK. The unencrypted object is encrypted by the processor. The encrypting includes generating a nonce based at least in part of the plaintext and the nonce key. The encrypting also includes generating ciphertext and a metadata authentication tag that includes a signature of the metadata. The generating is based at least in part on the plaintext, the metadata, the DEK, and the nonce. An encrypted object that includes the ciphertext, the metadata, and the metadata authentication tag is created.
-
公开(公告)号:US20220014365A1
公开(公告)日:2022-01-13
申请号:US16925403
申请日:2020-07-10
发明人: Anthony Thomas Sofia
摘要: Aspects include encrypting data based at least in part on a session key to generate encrypted data. The session key is encrypted based at least in part on a sender key to generate an encrypted session key. A request for an encrypted sender key index is transmitted to the KMS, the request includes an index of the sender key and an index of each of one or more additional keys. The encrypted sender key index is received from the KMS. An object that includes the encrypted data, the encrypted session key, the index of each of the one or more additional keys, and the encrypted sender key index is generated. Access to the data via the object is controlled based at least in part on whether a receiver has access to the sender key and to the one or more additional keys.
-
公开(公告)号:US11093133B2
公开(公告)日:2021-08-17
申请号:US16286749
申请日:2019-02-27
IPC分类号: G06F3/06
摘要: According to one or more embodiments of the present invention, computer implemented method includes obtaining by an input/output (I/O) subsystem a request block that includes a command code indicating a STORE IOP-UTILIZATION DATA command for tracking resource utilization during an asynchronous execution of an instance of a CPU DEFLATE command. The method further includes, based on the command code, initiating a command response block. The command response block includes multiple entries for input/output processor (IOP) utilization, each entry corresponding to resource utilization measurements of each IOP in the I/O subsystem. The method further includes, storing, in a command response code field of the command response block, a response code indicating that the resource utilization measurements have been recorded in the entries for IOP utilization. The response block includes a length code indicating a length of the response block and the response code field.
-
公开(公告)号:US20210117304A1
公开(公告)日:2021-04-22
申请号:US16658187
申请日:2019-10-21
摘要: Aspects of the invention include receiving, by a processor, source code for a software program. A static analysis of the source code is performed by the processor based at least in part on one or more breakpoint generation rules. Breakpoints are inserted, by the processor, into the source code based at least in part on the static analysis and the one or more breakpoint generation rules. The source code with the inserted breakpoints is compiled, by the processor, into object code for the software program.
-
公开(公告)号:US10740213B1
公开(公告)日:2020-08-11
申请号:US16407355
申请日:2019-05-09
摘要: Techniques for counter overflow management for an asynchronous data mover facility are described herein. An aspect includes tracking operations of an asynchronous data mover facility of a computer system using a plurality of internal counters. Another aspect includes, based on receiving a measurement query, determining a plurality of display counters, each of the plurality of display counters corresponding to a respective internal counter of the plurality of internal counters. Another aspect includes generating a measurement block based on the plurality of display counters. Another aspect includes setting a counter overflow flag corresponding to a display counter of the plurality of display counters in a counter overflow flags field of the measurement block. Yet another aspect includes sending the measurement block in response to the measurement query.
-
公开(公告)号:US11646878B2
公开(公告)日:2023-05-09
申请号:US16925403
申请日:2020-07-10
发明人: Anthony Thomas Sofia
CPC分类号: H04L9/0861 , H04L9/0825 , H04L9/0891 , H04L9/14 , H04L63/102
摘要: Aspects include encrypting data based at least in part on a session key to generate encrypted data. The session key is encrypted based at least in part on a sender key to generate an encrypted session key. A request for an encrypted sender key index is transmitted to the key management system (KMS), the request includes an index of the sender key and an index of each of one or more additional keys. The encrypted sender key index is received from the KMS. An object that includes the encrypted data, the encrypted session key, the index of each of the one or more additional keys, and the encrypted sender key index is generated. Access to the data via the object is controlled based at least in part on whether a receiver has access to the sender key and to the one or more additional keys.
-
公开(公告)号:US11522683B2
公开(公告)日:2022-12-06
申请号:US17111560
申请日:2020-12-04
摘要: Aspects of the invention include protecting data objects in a computing environment based on physical location. Aspects include receiving, by a computing system, a request to access an encrypted data from an authenticated user, wherein the encrypted data includes information about a data encryption key used to encrypt the encrypted data. Aspects also include providing, by the computing system, the encrypted data to the computer system where the user was authenticated, the computer system including a set of decryption keys protected by a master key stored within a hardware security module associated with the location of the hardware security module. Aspects further include decrypting, by the hardware security module, the encrypted data based on a determination that the data encryption key corresponds to one of the set of decryption keys, wherein the set of decryption keys are determined based on the location of the hardware security module.
-
公开(公告)号:US11368287B2
公开(公告)日:2022-06-21
申请号:US16877523
申请日:2020-05-19
摘要: Embodiments include encrypting an object such that the creator of the encrypted object can be identified. Aspects include receiving, by a processor, an unencrypted object that includes plaintext and metadata that describes the plaintext and obtaining, by the processor in response to a request from a user, a data encryption key (DEK) and a nonce key for the unencrypted object, the nonce key being unique to the user. Aspects also include encrypting, by the processor, the unencrypted object. The encrypting includes generating a nonce based at least in part of the plaintext and the nonce key and generating ciphertext and a metadata authentication tag comprising a signature of the metadata, the generating based at least in part on the plaintext, the metadata, the DEK, and the nonce. Aspects further include creating an encrypted object that includes the ciphertext, the metadata, and the metadata authentication tag.
-
-
-
-
-
-
-
-
-
搜索结果
37 条记录 (耗时 0.02 秒)
