摘要:
A data processing system having a host computer including a key manager, a control unit connected to the host computer, a data storage unit (such as a tape drive) controlled by the control unit, and data storage medium for storing data thereon to be written to or read from by the data storage unit. The key manager stores a data structure having at least one record having a volume serial number, as start location, a length entry, and a key for encrypting and decrypting data on the data storage medium. A data storage medium (such as data tape) is mounted on the data storage unit, and a volume recorded on the tape is retrieved. The control unit retrieves the data structure from the key manager and matches the volume serial number recorded in the retrieved data structure with the volume serial number retrieved from the data storage medium. It they match, the control unit passes to the data storage unit, commands to turn on or turn off encryption dependent upon the location where data is written by the data storage unit onto the data storage medium, or to turn on or turn off decryption dependent upon the location where data is read by the data storage unit from the data storage medium.
摘要:
A method, system, and program storage device for creating a new user account or user group with a unique identification number in a computing environment having multiple user registries is provided. In response to receiving a command to create a new user account or user group, an operating system of a clustered computing environment automatically checks multiple registries configured for the operating system to determine whether a candidate identification number for the new user account or user group has been assigned already to one or more existing user accounts or groups, respectively. The operating system automatically assigns the candidate identification number to the new user account or user group created in a target user registry if the checking indicates that the candidate identification number has not been assigned already to any of the existing user accounts or user groups, respectively.
摘要:
Methods and apparatus for processing of a distributed remote shell command are disclosed. In some embodiments, a target host receives from a client a remote shell command specifying an operation to be performed by an operating system at the target host. The target host performs the specified operation and formulates a response that has a first part containing target host identification data for the target host and a second part showing a result of performance of the specified operation. The target host issues the response to the client.
摘要:
A method, apparatus and program product for encryption/decryption of data on a volume of data storage media including dividing the volume into a plurality of locations, assigning a unique key to each location for encryption/decryption of data in the respective location of the volume, mapping the locations and keys in the key manager, and encrypting/decrypting data on the volume based on the data's physical location on the volume. The owning entity owning each location on the volume may also be mapped, and the keys for each location owned by the same owning entity may be the same.
摘要:
A system to improve communication security in cluster machine processing may include interconnected computers that can jointly process data. The system may also include a shared secret key used by each of the interconnected computers to encrypt, decrypt, and/or authenticate data being sent, or received, from one of the interconnected computers to another of the interconnected computers. The system may further include a new shared secret key used by each of the interconnected computers to encrypt, decrypt, and/or authenticate data being sent, or received, from one of the interconnected computers to another of the interconnected computers. In addition, the new shared secret key may coexist with the shared secret key without adversely affecting the joint processing of data performed by the plurality of interconnected computers.
摘要:
Generic session keys are pre-generated and stored in a pool of session keys for later use in communicating within a communications environment. The session keys that are stored in the pool are pre-encrypted with the private key of the entity storing those keys. To communicate between entities, a pre-encrypted session key is extracted from the pool and then further encrypted with the destination entity's public key to ensure data integrity and data confidentiality. The encrypted key is then forwarded to the destination entity and used during communications between the two entities.
摘要:
Disclosed are a method of and system for managing plural files registries, for use with a computer operating system having a user/group management operation. The method comprises the steps of creating a plurality of files registries, and providing an administrator with access to each of said plurality of files registries independent of all of the others of said plurality of file registries. Preferably, this is done by inserting, for each of said plurality of files registries, a respective one instruction into the user/group management operation specifying a base directory path to said each of said plurality of files registries.
摘要:
A system to improve communication security in cluster machine processing may include interconnected computers that can jointly process data. The system may also include a shared secret key used by each of the interconnected computers to encrypt, decrypt, and/or authenticate data being sent, or received, from one of the interconnected computers to another of the interconnected computers. The system may further include a new shared secret key used by each of the interconnected computers to encrypt, decrypt, and/or authenticate data being sent, or received, from one of the interconnected computers to another of the interconnected computers. In addition, the new shared secret key may coexist with the shared secret key without adversely affecting the joint processing of data performed by the plurality of interconnected computers.
摘要:
In a distributed, multinode data processing environment, computationally more intense public key cryptography is used to establish computationally less challenging symmetric key cryptographic paths which are thus enabled for longer term communication interchanges and in particular for establishing a client's network identity.
摘要:
A data processing system having a host computer including a key manager, a control unit connected to the host computer, a data storage unit (such as a tape drive) controlled by the control unit, and data storage medium for storing data thereon to be written to or read from by the data storage unit. The key manager stores a data structure having at least one record having a volume serial number, as start location, a length entry, and a key for encrypting and decrypting data on the data storage medium. A data storage medium (such as data tape) is mounted on the data storage unit, and a volume recorded on the tape is retrieved. The control unit retrieves the data structure from the key manager and matches the volume serial number recorded in the retrieved data structure with the volume serial number retrieved from the data storage medium. It they match, the control unit passes to the data storage unit, commands to turn on or turn off encryption dependent upon the location where data is written by the data storage unit onto the data storage medium, or to turn on or turn off decryption dependent upon the location where data is read by the data storage unit from the data storage medium.