Patents by Inventor Danny Harnik
Danny Harnik has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11930099Abstract: A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and outputting the ciphertext string.Type: GrantFiled: March 30, 2023Date of Patent: March 12, 2024Assignee: International Business Machines CorporationInventors: Glen Alan Jaquette, Danny Harnik, William J. Scales
-
Patent number: 11917072Abstract: A computer-implemented method according to one embodiment includes compressing an uncompressed instance of data to create a compressed instance of data; encrypting the compressed instance of data in response to determining that a size of the compressed instance of data is less than a predetermined threshold; creating a message authentication code (MAC) for the encrypted compressed instance of data; and adding a variable-length zero pad and the MAC to the encrypted compressed instance of data to create a formatted string.Type: GrantFiled: December 3, 2020Date of Patent: February 27, 2024Assignee: International Business Machines CorporationInventors: Glen Alan Jaquette, William J. Scales, Danny Harnik
-
Patent number: 11777708Abstract: Encrypting data blocks by receiving blocks of compressed data, determining a size, in bytes, of the compressed data, appending a trailer to the compressed data, the trailer associated with the size in bytes of the compressed data, encrypting the compressed data and trailer, yielding encrypted data, where a header of the encrypted data comprises a number of complete encrypted data blocks, and providing the encrypted data to a user.Type: GrantFiled: September 30, 2021Date of Patent: October 3, 2023Assignee: International Business Machines CorporationInventors: Glen Alan Jaquette, Danny Harnik
-
Publication number: 20230291542Abstract: A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and outputting the ciphertext string.Type: ApplicationFiled: March 30, 2023Publication date: September 14, 2023Applicant: International Business Machines CorporationInventors: Glen Alan Jaquette, Danny Harnik, William J. Scales
-
Patent number: 11695541Abstract: A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and sending the ciphertext string to a storage device performing deduplication.Type: GrantFiled: December 7, 2020Date of Patent: July 4, 2023Assignee: International Business Machines CorporationInventors: Glen Alan Jaquette, Danny Harnik, William J. Scales
-
Publication number: 20230153140Abstract: Live migration of a virtual machine (VM) includes establishing multipath connections between the VM and functions of host interface on a source host. The multipath connections include a passthrough path and a software-virtualized (or emulated) path provided by a hypervisor of the source host. A failover of the passthrough path to the emulated path is executed, and a state of the emulated path is thereafter saved. On a host interface of a destination host, functions corresponding to those of the source host are exposed. The VM is then migrated from the source host to the destination host. The VM resumes host interface communication with the host interface of the destination host from the saved state via an emulated path provided by a hypervisor of the destination host. After resuming communication, a passthrough path of communication between the VM and the host interface of the destination host is established.Type: ApplicationFiled: November 18, 2021Publication date: May 18, 2023Inventors: JONAS ALEXANDER PFEFFERLE, NIKOLAS IOANNOU, JOSE GABRIEL CASTANOS, DANNY HARNIK, GAUTAM H. SHAH
-
Publication number: 20230111001Abstract: Encrypting data blocks by receiving blocks of compressed data, determining a size, in bytes, of the compressed data, appending a trailer to the compressed data, the trailer associated with the size in bytes of the compressed data, encrypting the compressed data and trailer, yielding encrypted data, where a header of the encrypted data comprises a number of complete encrypted data blocks, and providing the encrypted data to a user.Type: ApplicationFiled: September 30, 2021Publication date: April 13, 2023Inventors: Glen Alan Jaquette, DANNY HARNIK
-
Patent number: 11567664Abstract: A computer-implemented method according to one embodiment includes identifying a plurality of storage systems within a storage environment, determining characteristics of each of the plurality of storage systems, the characteristics including one or more data reduction techniques implemented by each of the plurality of storage systems, performing a plurality of storage simulations of one or more data volumes, utilizing the characteristics of each of the plurality of storage systems, and determining one of the plurality of storage systems to store the one or more data volumes, based on results of the plurality of storage simulations.Type: GrantFiled: April 16, 2018Date of Patent: January 31, 2023Assignee: International Business Machines CorporationInventors: Moshe Weiss, Amir Epstein, Danny Harnik, Vladimir Shalikashvili, Ety Khaitzin, Yoni Raveh
-
Patent number: 11372984Abstract: Embodiments of the present systems and methods may provide techniques to provide host side encryption while maintaining compression and deduplication benefits and providing communication between the host and the storage system that does not leak information about the data compressibility/deduplication properties. For example, in an embodiment, a method may comprise compressing, at a computer system, an original sector of data, generating a new sector of data including a first part including metadata and padding data, and a second part including the original sector of data that has been compressed and encrypted using a data encryption key (DEK), encrypting, at the computer system, the new sector of data using a data reduction key (DRK), and transmitting, at the computer system, the encrypted new sector of data to a storage system.Type: GrantFiled: August 14, 2019Date of Patent: June 28, 2022Assignee: International Business Machines CorporationInventors: Doron Chen, Michael Factor, Danny Harnik, Eliad Tsfadia
-
Publication number: 20220182242Abstract: A computer-implemented method according to one embodiment includes compressing an uncompressed instance of data to create a compressed instance of data; encrypting the compressed instance of data in response to determining that a size of the compressed instance of data is less than a predetermined threshold; creating a message authentication code (MAC) for the encrypted compressed instance of data; and adding a variable-length zero pad and the MAC to the encrypted compressed instance of data to create a formatted string.Type: ApplicationFiled: December 3, 2020Publication date: June 9, 2022Inventors: Glen Alan Jaquette, William J. Scales, Danny Harnik
-
Publication number: 20220182217Abstract: A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and sending the ciphertext string to a storage device performing deduplication.Type: ApplicationFiled: December 7, 2020Publication date: June 9, 2022Inventors: Glen Alan Jaquette, Danny Harnik, William J. Scales
-
Publication number: 20220155987Abstract: A mechanism is provided for dispersed location-based data storage. A request is received to write a data file to a referrer memory region in a set of memory regions. For each data chunk of the data file, responsive to a comparison of a hash value for the data chunk to other hash values for other stored data chunks referenced in the referrer memory region indicating that the data chunk fails to exist in the referrer memory region, responsive to the data chunk existing in another memory region in the set of memory regions, responsive to the memory region failing to be one of the predetermined number N of owner memory regions associated with the referrer memory region, and responsive to the predetermined number N of owner memory regions failing to have been met, a reference to the data chunk is stored in the referrer memory region.Type: ApplicationFiled: February 1, 2022Publication date: May 19, 2022Inventors: REUT COHEN, JONATHAN FISCHER-TOUBOL, Afief Halumi, DANNY HARNIK, Ety Khaitzin, SERGEY MARENKOV, Asaf Porat-Stoler, YOSEF SHATSKY, TOM SIVAN
-
Patent number: 11269531Abstract: A mechanism is provided for dispersed location-based data storage. A request is received to write a data file to a referrer memory region in a set of memory regions. For each data chunk of the data file, responsive to a comparison of a hash value for the data chunk to other hash values for other stored data chunks referenced in the referrer memory region indicating that the data chunk fails to exist in the referrer memory region, responsive to the data chunk existing in another memory region in the set of memory regions, responsive to the memory region failing to be one of the predetermined number N of owner memory regions associated with the referrer memory region, and responsive to the predetermined number N of owner memory regions failing to have been met, a reference to the data chunk is stored in the referrer memory region.Type: GrantFiled: October 25, 2017Date of Patent: March 8, 2022Assignee: International Business Machines CorporationInventors: Reut Cohen, Jonathan Fischer-Toubol, Afief Halumi, Danny Harnik, Ety Khaitzin, Sergey Marenkov, Asaf Porat-Stoler, Yosef Shatsky, Tom Sivan
-
Patent number: 11169968Abstract: Computer program products, as well as corresponding systems and methods are configured for performing deduplication in conjunction with random read and write operations, and include: computing a fingerprint of data included in a write request; determining whether a short term dictionary comprises an entry corresponding to the fingerprint; in response to determining the short term dictionary comprises the entry corresponding to the fingerprint, writing the data to a data store in a deduplicating manner; in response to determining the short term dictionary does not comprise the entry, determining whether a long term dictionary corresponding to the namespace comprises the entry; in response to determining the long term dictionary comprises the entry, writing the data to the data store in the deduplicating manner; and in response to determining the long term dictionary does not comprise the entry, writing the data to the data store in a non-deduplicating manner.Type: GrantFiled: May 21, 2019Date of Patent: November 9, 2021Assignee: International Business Machines CorporationInventors: David D. Chambliss, Joseph S. Glider, Danny Harnik, Ety Khaitzin
-
Patent number: 11144508Abstract: In one embodiment, a deduplicating storage system includes a processor and logic integrated with and/or executable by the processor. The logic is configured to cause the processor to perform a method which includes: computing a fingerprint of a data chunk, and determining whether a short term dictionary corresponding to the namespace comprises an entry corresponding to the fingerprint. In response to determining the short term dictionary does not comprise the entry, a determination is made whether a long term dictionary corresponding to the namespace comprises the entry. In response to determining the long term dictionary comprises the entry: the data chunk is written to the data store in the deduplicating manner, and the short term dictionary is repopulated with the entry. Moreover, in response to determining the long term dictionary does not comprise the entry, the data chunk is written to the data store in a non-deduplicating manner.Type: GrantFiled: June 13, 2019Date of Patent: October 12, 2021Assignee: International Business Machines CorporationInventors: David D. Chambliss, Joseph S. Glider, Danny Harnik, Ety Khaitzin
-
Patent number: 11057361Abstract: A computer program product and a system comprising: a cluster of Secure Execution Platforms (SEPs) having connectivity to a data storage, each SEP of said cluster is configured to maintain, using a key, confidentiality of data while processing thereof; the key is shared among the SEPs of said cluster, the key is automatically generated by the cluster or portion thereof and is unavailable to any non-cluster entity; the data storage retains encrypted data that is encrypted using the key; a first SEP of the cluster is configured to encrypt client data using the key to obtain encrypted client data and store the encrypted client data in the data storage; and a second SEP of the cluster is configured to retrieve encrypted stored data from the data storage, decrypt the encrypted stored data using the key to obtain non-encrypted form of the encrypted stored data.Type: GrantFiled: October 17, 2019Date of Patent: July 6, 2021Assignee: International Business Machines CorporationInventors: Danny Harnik, Moshik Hershcovitch, Paula Ta-Shma, Yaron Weinsberg
-
Patent number: 10958416Abstract: In some examples, a system for executing instructions can include a processor to detect data to be transmitted to a storage device in response to a write operation. The processor can also determine that the data comprises a compressible characteristic that enables compression of the data to a size below a threshold value. Additionally, the processor can generate a modified data block by encrypting the compressed data, and adding a padding to the compressed and encrypted data. Furthermore, the processor can transmit the modified data block to the storage device.Type: GrantFiled: November 26, 2018Date of Patent: March 23, 2021Assignee: International Business Machines CorporationInventors: Michael Factor, Danny Harnik, Ronen Itshak Kat
-
Patent number: 10944566Abstract: A computer-implemented method, computerized apparatus and computer program product for supporting fairness in secure computations. A trusted execution platform with remote attestation (“enclave”) is provided to each of a plurality of participants. An authenticated public ledger accessible by all participants is also provided. Each of the enclaves is configured for obtaining at least a portion of an input to a function for computing a joint secret output, complementing the input by obtaining any remainder portion(s) thereof from one or more other enclaves, and, responsive to obtaining an indication from the ledger that the output can be computed by each of the enclaves, providing to the owner participant the output computed using the function and input. At least one of the enclaves is further configured for providing the indication to the ledger responsive to obtaining knowledge that the output can be computed by each of the enclaves.Type: GrantFiled: November 15, 2017Date of Patent: March 9, 2021Assignee: International Business Machines CorporationInventor: Danny Harnik
-
Publication number: 20210049283Abstract: Embodiments of the present systems and methods may provide techniques to provide host side encryption while maintaining compression and deduplication benefits and providing communication between the host and the storage system that does not leak information about the data compressibility/deduplication properties. For example, in an embodiment, a method may comprise compressing, at a computer system, an original sector of data, generating a new sector of data including a first part including metadata and padding data, and a second part including the original sector of data that has been compressed and encrypted using a data encryption key (DEK), encrypting, at the computer system, the new sector of data using a data reduction key (DRK), and transmitting, at the computer system, the encrypted new sector of data to a storage system.Type: ApplicationFiled: August 14, 2019Publication date: February 18, 2021Inventors: Doron Chen, Michael Factor, Danny Harnik, Eliad Tsfadia
-
Patent number: 10884938Abstract: An apparatus, a computer program and a method for prefetching a predetermined number of data items to a cache. The method comprises obtaining a list of candidate data items and associated scores thereof, that comprises more candidate data items than the predetermined number of data items to be prefetched to the cache. The method comprises repeatedly selecting, based on scores of the candidate data items, a candidate data item from the list and determining whether to add the candidate data item to the cache. Determining whether to add the candidate data item to the cache comprises determining whether the candidate data item is retained by the cache; and in response to determining that the candidate data item is not retained by the cache, adding the candidate data item thereto. The repeatedly selecting and determining are performed until the predetermined number of data items is added to the cache.Type: GrantFiled: December 13, 2018Date of Patent: January 5, 2021Assignee: International Business Machines CorporationInventors: Danny Harnik, Effi Ofer, Dafna Sadeh