Patents by Inventor Chet Birger
Chet Birger has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9866375Abstract: A key manager provides a way to separate out the management of encryption keys and policies from application domains. The key manager may create cipher objects that may be used by the domains to perform encryption or decryption, without exposing the keys or encryption/decryption algorithms to the domains. A master key managed by the key manager may be used to encrypt and decrypt the domain keys that are stored under the control of the key manager. The key manager supports the rekeying of both the master key and the domain keys based on policy. Multiple versions of domain keys may be supported, allowing domains to access data encrypted with a previous version of a domain key after a rekeying.Type: GrantFiled: March 2, 2015Date of Patent: January 9, 2018Assignee: BladeLogic, Inc.Inventors: Paul A. Reilly, Chet Birger, Denis Knjazihhin
-
Patent number: 9489499Abstract: Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.Type: GrantFiled: April 30, 2014Date of Patent: November 8, 2016Assignee: BLADELOGIC, INC.Inventors: Denis Knjazihhin, Paul A. Reilly, Chet Birger, David A. Solin, Carl Adams
-
Publication number: 20150172046Abstract: A key manager provides a way to separate out the management of encryption keys and policies from application domains. The key manager may create cipher objects that may be used by the domains to perform encryption or decryption, without exposing the keys or encryption/decryption algorithms to the domains. A master key managed by the key manager may be used to encrypt and decrypt the domain keys that are stored under the control of the key manager. The key manager supports the rekeying of both the master key and the domain keys based on policy. Multiple versions of domain keys may be supported, allowing domains to access data encrypted with a previous version of a domain key after a rekeying.Type: ApplicationFiled: March 2, 2015Publication date: June 18, 2015Inventors: Paul A. REILLY, Chet BIRGER, Denis KNJAZIHHIN
-
Patent number: 8971535Abstract: A key manager provides a way to separate out the management of encryption keys and policies from application domains. The key manager may create cipher objects that may be used by the domains to perform encryption or decryption, without exposing the keys or encryption/decryption algorithms to the domains. A master key managed by the key manager may be used to encrypt and decrypt the domain keys that are stored under the control of the key manager. The key manager supports the rekeying of both the master key and the domain keys based on policy. Multiple versions of domain keys may be supported, allowing domains to access data encrypted with a previous version of a domain key after a rekeying.Type: GrantFiled: May 27, 2010Date of Patent: March 3, 2015Assignee: Bladelogic, Inc.Inventors: Paul A. Reilly, Chet Birger, Denis Knjazihhin
-
Publication number: 20140237560Abstract: Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.Type: ApplicationFiled: April 30, 2014Publication date: August 21, 2014Applicant: BLADELOGIC, INC.Inventors: Denis KNJAZIHHIN, Paul A. REILLY, Chet BIRGER, David A. SOLIN, Carl ADAMS
-
Patent number: 8752137Abstract: Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.Type: GrantFiled: May 28, 2010Date of Patent: June 10, 2014Assignee: Bladelogic, Inc.Inventors: Denis Knjazihhin, Paul A. Reilly, Chet Birger, David Allen Solin, Carl Adams
-
Publication number: 20110293096Abstract: A key manager provides a way to separate out the management of encryption keys and policies from application domains. The key manager may create cipher objects that may be used by the domains to perform encryption or decryption, without exposing the keys or encryption/decryption algorithms to the domains. A master key managed by the key manager may be used to encrypt and decrypt the domain keys that are stored under the control of the key manager. The key manager supports the rekeying of both the master key and the domain keys based on policy. Multiple versions of domain keys may be supported, allowing domains to access data encrypted with a previous version of a domain key after a rekeying.Type: ApplicationFiled: May 27, 2010Publication date: December 1, 2011Applicant: BladeLogic, Inc.Inventors: Paul A. Reilly, Chet Birger, Denis Knjazihhin
-
Publication number: 20110296499Abstract: Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.Type: ApplicationFiled: May 28, 2010Publication date: December 1, 2011Applicant: BladeLogic, Inc.Inventors: Denis Knjazihhin, Paul A. Reilly, Chet Birger, David Solin, Carl Adams
-
Patent number: 7962655Abstract: A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. The identity-based communications layer is situated between a network layer and an application layer and transmits a message between two devices identified by a global address. The global address specifies a protocol, a network, and an address meaningful for the combination of the protocol and the network.Type: GrantFiled: February 25, 2003Date of Patent: June 14, 2011Assignee: Oracle International CorporationInventors: Chet Birger, David C. Douglas, Steven Rosenthal, Kenneth R. Traub
-
Patent number: 7958226Abstract: A computer architecture for enterprise device applications that provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. The unique identity is independent of a network-address. Security information and a network address may be associated with the unique identity.Type: GrantFiled: February 15, 2006Date of Patent: June 7, 2011Assignee: Oracle International CorporationInventors: Linda Bernardi, Chet Birger, David C. Douglas, Steven Rosenthal, Kenneth R. Traub
-
Patent number: 7805606Abstract: A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device.Type: GrantFiled: February 25, 2003Date of Patent: September 28, 2010Assignee: BEA Systems, Inc.Inventors: Chet Birger, David C. Douglas, Steven Rosenthal, Kenneth R. Traub
-
Publication number: 20090007234Abstract: A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device.Type: ApplicationFiled: December 6, 2006Publication date: January 1, 2009Applicant: ConnecTerra, Inc.Inventors: Chet Birger, David C. Douglas, Steven Rosenthal, Kenneth R. Traub
-
Publication number: 20090007217Abstract: A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device.Type: ApplicationFiled: December 6, 2006Publication date: January 1, 2009Applicant: ConnecTerra, Inc., a Washington corporationInventors: Chet Birger, David C. Douglas, Steven Rosenthal, Kenneth R. Traub
-
Publication number: 20090006840Abstract: A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. The identity-based communications layer is situated between a network layer and an application layer and transmits a message between two devices identified by a global address. The global address specifies a protocol, a network, and an address meaningful for the combination of the protocol and the network.Type: ApplicationFiled: February 25, 2003Publication date: January 1, 2009Inventors: Chet Birger, David C. Douglas, Steven Rosenthal, Kenneth R. Traub
-
Publication number: 20090006850Abstract: A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device.Type: ApplicationFiled: February 25, 2003Publication date: January 1, 2009Inventors: Chet Birger, David C. Douglas, Steven Rosenthal, Kenneth R. Traub
-
Publication number: 20080301298Abstract: A computer architecture for enterprise device applications that provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. The unique identity is independent of a network-address. Security information and a network address may be associated with the unique identity.Type: ApplicationFiled: February 25, 2003Publication date: December 4, 2008Inventors: Linda Bernardi, Chet Birger, David C. Douglas, Steven Rosenthal, Kenneth R. Traub
-
Publication number: 20060184681Abstract: A computer architecture for enterprise device applications that provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. The unique identity is independent of a network-address. Security information and a network address may be associated with the unique identity.Type: ApplicationFiled: February 15, 2006Publication date: August 17, 2006Applicant: BEA Systems, Inc.Inventors: Linda Bernardi, Chet Birger, David Douglas, Steven Rosenthal, Kenneth Traub
-
Publication number: 20060174037Abstract: A computer architecture for enterprise device applications that provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. The unique identity is independent of a network-address. Security information and a network address may be associated with the unique identity.Type: ApplicationFiled: February 15, 2006Publication date: August 3, 2006Applicant: BEA Systems, Inc.Inventors: Linda Bernardi, Chet Birger, David Douglas, Steven Rosenthal, Kenneth Traub