Patents by Inventor Anil Kurmus
Anil Kurmus has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11520939Abstract: USB traffic is intercepted between a USB device and a computer system. It is determined whether the USB device has previously had a policy associated with it as to whether USB traffic from the device should be blocked, allowed, or sanitized. In response to not having a previous policy for the USB device, a request is made for a user to be prompted to provide a policy of one of block, allow, or sanitize for the USB device. In response to a user-provided-policy, one of the following are performed: blocking the traffic, allowing the traffic, or sanitizing the traffic between the USB device and the computer system. Apparatus, methods, and computer program products are disclosed.Type: GrantFiled: March 17, 2017Date of Patent: December 6, 2022Assignee: International Business Machines CorporationInventors: Anton Beitler, Jiyong Jang, Dhilung Hang Kirat, Anil Kurmus, Matthias Neugschwandtner, Marc Philippe Stoecklin
-
Patent number: 10761970Abstract: The invention is notably directed to a computer-implemented method for performing safety check operations. The method comprises steps that are implemented while executing a computer program, which is instrumented with safety check operations. As a result, this computer program forms a sequence of ordered instructions. Such instructions comprise safety check operation instructions, in addition to generic execution instructions and system inputs. System inputs allow the executing program to interact with an operating system, which manages resources for the computer program to execute. A series of instructions are identified while executing the computer program. Namely, a first instruction is identified in the sequence, as one of the safety check operation instructions, in view of its subsequent execution. After having identified the first instruction, a second instruction is identified in the sequence. The second instruction is identified as one of the generic computer program instructions.Type: GrantFiled: October 20, 2017Date of Patent: September 1, 2020Assignee: International Business Machines CorporationInventors: Anil Kurmus, Matthias Neugschwandtner, Alessandro Sorniotti
-
Publication number: 20200142693Abstract: An example operation may include one or more of connecting, by a code collaboration server, to a blockchain network configured to store a code of a projects, receiving, by the code collaboration server, a transaction with a code contribution from a developer via a smart contract, executing, by a code collaboration server, a smart contract to merge the code contribution with the code of the project, executing, by a code collaboration server, a smart contract to build the project based on the merged code, executing, by a code collaboration server, a smart contract to test the build in an execution environment, and in response to a successful test of the build, executing, by a code collaboration server, a smart contract to commit the code contribution to the blockchain.Type: ApplicationFiled: November 7, 2018Publication date: May 7, 2020Inventors: Matthias Neugschwandtner, Anil Kurmus
-
Publication number: 20190121716Abstract: The invention is notably directed to a computer-implemented method for performing safety check operations. The method comprises steps that are implemented while executing a computer program, which is instrumented with safety check operations. As a result, this computer program forms a sequence of ordered instructions. Such instructions comprise safety check operation instructions, in addition to generic execution instructions and system inputs. System inputs allow the executing program to interact with an operating system, which manages resources for the computer program to execute. A series of instructions are identified while executing the computer program. Namely, a first instruction is identified in the sequence, as one of the safety check operation instructions, in view of its subsequent execution. After having identified the first instruction, a second instruction is identified in the sequence. The second instruction is identified as one of the generic computer program instructions.Type: ApplicationFiled: October 20, 2017Publication date: April 25, 2019Inventors: Anil Kurmus, Matthias Neugschwandtner, Alessandro Sorniotti
-
Patent number: 10229046Abstract: Separating data of trusted and untrusted data types in a memory of a computer during execution of a software program. Assigning mutually separated memory regions in the memory, namely, for each of the data types, a memory region for storing any data of the respective data type, and an additional memory region for storing any data which cannot be uniquely assigned to one of the data types. For each allocation instruction, performing a memory allocation including linking the allocation instruction to at least one data source, generating instruction-specific context information, evaluating the data source to determine the data type, associating the data type with the context information, based on the context information, assigning the allocation instruction to the memory region assigned to the evaluated data type, and allocating memory for storing data from the data source in the assigned memory region.Type: GrantFiled: June 1, 2017Date of Patent: March 12, 2019Assignee: International Business Machines CorporationInventors: Anil Kurmus, Matthias Neugschwandtner, Alessandro Sorniotti
-
Patent number: 10216673Abstract: Communications are intercepted between a universal serial bus (USB) device and a host, at least by implementing first device firmware of the USB device. The USB device contains its own second device firmware. Using at least the implemented first device firmware, intercepted communications from the USB device toward the host are sanitized. The sanitizing is performed so that no communication from the USB device is directly forwarded to the host and instead only sanitized communications are forwarded to the host. Methods, apparatus, and computer program products are disclosed.Type: GrantFiled: January 16, 2017Date of Patent: February 26, 2019Assignee: International Business Machines CorporationInventors: Anton Beitler, Jiyong Jang, Dhilung Hang Kirat, Anil Kurmus, Matthias Neugschwandtner, Marc Philippe Stoecklin
-
Patent number: 10169363Abstract: A device for storing data in a distributed file system, the distributed file system including a plurality of deduplication storage devices, includes a determination unit configured to determine a characteristic of first data to be stored in the distributed file system; an identification unit configured to identify one of the deduplication storage devices of the distributed file system as deduplication storage device for the first data based on the characteristic of the first data; and a storing unit configured to store the first data in the identified deduplication storage device such that the first data and second data being redundant to the first data are deduplicatable within the identified deduplication storage device.Type: GrantFiled: July 2, 2015Date of Patent: January 1, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Nikolas Ioannou, Ioannis Koltsidas, Anil Kurmus, Roman A. Pletka, Alessandro Sorniotti, Thomas D Weigold
-
Publication number: 20180349260Abstract: Separating data of trusted and untrusted data types in a memory of a computer during execution of a software program. Assigning mutually separated memory regions in the memory, namely, for each of the data types, a memory region for storing any data of the respective data type, and an additional memory region for storing any data which cannot be uniquely assigned to one of the data types. For each allocation instruction, performing a memory allocation including linking the allocation instruction to at least one data source, generating instruction-specific context information, evaluating the data source to determine the data type, associating the data type with the context information, based on the context information, assigning the allocation instruction to the memory region assigned to the evaluated data type, and allocating memory for storing data from the data source in the assigned memory region.Type: ApplicationFiled: June 1, 2017Publication date: December 6, 2018Inventors: Anil Kurmus, Matthias Neugschwandtner, Alessandro Sorniotti
-
Patent number: 10089223Abstract: Separating data of trusted and untrusted data types in a memory of a computer during execution of a software program. Assigning mutually separated memory regions in the memory, namely, for each of the data types, a memory region for storing any data of the respective data type, and an additional memory region for storing any data which cannot be uniquely assigned to one of the data types. For each allocation instruction, performing a memory allocation including linking the allocation instruction to at least one data source, generating instruction-specific context information, evaluating the data source to determine the data type, associating the data type with the context information, based on the context information, assigning the allocation instruction to the memory region assigned to the evaluated data type, and allocating memory for storing data from the data source in the assigned memory region.Type: GrantFiled: December 13, 2017Date of Patent: October 2, 2018Assignee: International Business Machines CorporationInventors: Anil Kurmus, Matthias Neugschwandtner, Alessandro Sorniotti
-
Publication number: 20180270194Abstract: USB traffic is intercepted between a USB device and a computer system. It is determined whether the USB device has previously had a policy associated with it as to whether USB traffic from the device should be blocked, allowed, or sanitized. In response to not having a previous policy for the USB device, a request is made for a user to be prompted to provide a policy of one of block, allow, or sanitize for the USB device. In response to a user-provided-policy, one of the following are performed: blocking the traffic, allowing the traffic, or sanitizing the traffic between the USB device and the computer system. Apparatus, methods, and computer program products are disclosed.Type: ApplicationFiled: March 17, 2017Publication date: September 20, 2018Inventors: Anton BEITLER, Jiyong JANG, Dhilung Hang KIRAT, Anil KURMUS, Matthias NEUGSCHWANDTNER, Marc Philippe STOECKLIN
-
Publication number: 20180203819Abstract: Communications are intercepted between a universal serial bus (USB) device and a host, at least by implementing first device firmware of the USB device. The USB device contains its own second device firmware. Using at least the implemented first device firmware, intercepted communications from the USB device toward the host are sanitized. The sanitizing is performed so that no communication from the USB device is directly forwarded to the host and instead only sanitized communications are forwarded to the host. Methods, apparatus, and computer program products are disclosed.Type: ApplicationFiled: January 16, 2017Publication date: July 19, 2018Inventors: Anton Beitler, Jiyong Jang, Dhilung Hang Kirat, Anil Kurmus, Matthias Neugschwandtner, Marc Philippe Stoecklin
-
Patent number: 9838199Abstract: A computer-implemented method of encryption of several units of a computerized system, wherein each of the units comprises data, includes generating distinct initialization vectors, or IVs, for the units, and storing the generated IVs; and for each unit of the several units: accessing a stored IV corresponding to the unit; and encrypting the unit according to the accessed IV and an encryption key.Type: GrantFiled: June 24, 2015Date of Patent: December 5, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Felipe Knop, Anil Kurmus, Alessandro Sorniotti, Yuri Volobuev
-
Patent number: 9800401Abstract: A computer-implemented method of encryption of several units of a computerized system, wherein each of the units comprises data, includes generating distinct initialization vectors, or IVs, for the units, and storing the generated IVs; and for each unit of the several units: accessing a stored IV corresponding to the unit; and encrypting the unit according to the accessed IV and an encryption key.Type: GrantFiled: April 2, 2015Date of Patent: October 24, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Felipe Knop, Anil Kurmus, Alessandro Sorniotti, Yuri Volobuev
-
Patent number: 9646019Abstract: Machines, systems and methods for handling a client request in a hierarchical multi-tenant data storage system, the method comprising processing a request in subtasks, wherein a subtask is executed with a minimal set of privileges associated with a specific subtenant; extracting a claimed n-level hierarchy of a tenant and sub-tenant identities from the request; extracting authentication signatures or credentials that correspond to a level in the hierarchy; for a first level in the hierarchy, sending the request to a dedicated subtenant authenticator with privilege to validate credentials for a subtenant at the first level; and receiving a confirmation from the dedicated subtenant authenticator, whether the request is authentic.Type: GrantFiled: May 17, 2016Date of Patent: May 9, 2017Assignee: International Business Machines CorporationInventors: Michael E. Factor, David Hadas, Elliot K. Kolodner, Anil Kurmus, Alexandra Shulman-Peleg, Alessandro Sorniotti
-
Publication number: 20160259807Abstract: Machines, systems and methods for handling a client request in a hierarchical multi-tenant data storage system, the method comprising processing a request in subtasks, wherein a subtask is executed with a minimal set of privileges associated with a specific subtenant; extracting a claimed n-level hierarchy of a tenant and sub-tenant identities from the request; extracting authentication signatures or credentials that correspond to a level in the hierarchy; for a first level in the hierarchy, sending the request to a dedicated subtenant authenticator with privilege to validate credentials for a subtenant at the first level; and receiving a confirmation from the dedicated subtenant authenticator, whether the request is authentic.Type: ApplicationFiled: May 17, 2016Publication date: September 8, 2016Inventors: Michael E. Factor, David Hadas, Elliot K. Kolodner, Anil Kurmus, Alexandra Shulman-Peleg, Alessandro Sorniotti
-
Patent number: 9411973Abstract: Machines, systems and methods for handling a client request in a hierarchical multi-tenant data storage system, the method comprising processing a request in subtasks, wherein a subtask is executed with a minimal set of privileges associated with a specific subtenant; extracting a claimed n-level hierarchy of a tenant and sub-tenant identities from the request; extracting authentication signatures or credentials that correspond to a level in the hierarchy; for a first level in the hierarchy, sending the request to a dedicated subtenant authenticator with privilege to validate credentials for a subtenant at the first level; and receiving a confirmation from the dedicated subtenant authenticator, whether the request is authentic.Type: GrantFiled: May 2, 2013Date of Patent: August 9, 2016Assignee: International Business Machines CorporationInventors: Michael E. Factor, David Hadas, Elliot K. Kolodner, Anil Kurmus, Alexandra Shulman-Peleg, Alessandro Sorniotti
-
Publication number: 20160070715Abstract: A device for storing data in a distributed file system, the distributed file system including a plurality of deduplication storage devices, includes a determination unit configured to determine a characteristic of first data to be stored in the distributed file system; an identification unit configured to identify one of the deduplication storage devices of the distributed file system as deduplication storage device for the first data based on the characteristic of the first data; and a storing unit configured to store the first data in the identified deduplication storage device such that the first data and second data being redundant to the first data are deduplicatable within the identified deduplication storage device.Type: ApplicationFiled: July 2, 2015Publication date: March 10, 2016Inventors: Nikolas Ioannou, Ioannis Koltsidas, Anil Kurmus, Roman A. Pletka, Alessandro Sorniotti, Thomas D, Weigold
-
Publication number: 20150318984Abstract: A computer-implemented method of encryption of several units of a computerized system, wherein each of the units comprises data, includes generating distinct initialization vectors, or IVs, for the units, and storing the generated IVs; and for each unit of the several units: accessing a stored IV corresponding to the unit; and encrypting the unit according to the accessed IV and an encryption key.Type: ApplicationFiled: June 24, 2015Publication date: November 5, 2015Inventors: Felipe Knop, Anil Kurmus, Alessandro Sorniotti, Yuri Volobuev
-
Publication number: 20150312030Abstract: A computer-implemented method of encryption of several units of a computerized system, wherein each of the units comprises data, includes generating distinct initialization vectors, or IVs, for the units, and storing the generated IVs; and for each unit of the several units: accessing a stored IV corresponding to the unit; and encrypting the unit according to the accessed IV and an encryption key.Type: ApplicationFiled: April 2, 2015Publication date: October 29, 2015Inventors: Felipe Knop, Anil Kurmus, Alessandro Sorniotti, Yuri Volobuev
-
Patent number: 9141813Abstract: A computer-implemented method for storing an object includes providing an object, an ordering vector of the object, the ordering vector being associated to a lexicographic order having at least one dimension, and base keys associated to each dimension of the lexicographic order; deriving a key by retrieving the base key associated to the first dimension of the lexicographic order for which the ordering vector has a value different from the smallest value, and applying a one-way function a number of times corresponding to the value of the ordering vector for the last dimension of the lexicographic order; encrypting the object with the key; and storing the object as encrypted.Type: GrantFiled: June 7, 2013Date of Patent: September 22, 2015Assignee: International Business Machines CorporationInventors: Christian Cachin, Robert Haas, Anil Kurmus, Alessandro Sorniotti