Patents by Inventor David Lebutsch
David Lebutsch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10664577Abstract: The invention relates to a computer-implemented method for user authentication using a cryptographically secured register. An authentication request for authenticating the user is received. The user is authenticated using a root identity of the user. A successful authentication requires receiving a credential assigned to a root identifier of the root identity of the user. An authentication context of the requested authentication is identified. One of the one or more delegated identities assigned to the root identity of the user and assigned to the identified authentication context is identified. In response to a successful authentication of the user, an authentication token is issued confirming the successful user authentication and identifying the successfully authenticated user by the delegated identifier of the identified delegated identity.Type: GrantFiled: April 23, 2019Date of Patent: May 26, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Philipp Hoffmann, David Lebutsch, Martin Oberhofer, Daniel Pittner, Mehmet Uenluetepe
-
Patent number: 10650476Abstract: The invention relates to a computer-implemented method for performing an electronic discovery process using a blockchain. For at least two of phases of the electronic discovery process individual electronic data processing tools are used for executing the respective phase. For each of the phases of the electronic discovery process metadata of the electronic data objects subject to the respective phase of the electronic discovery process and to the electronic data processing tool used for executing the respective phase are stored in the blockchain. Furthermore, audit information about auditable actions carried out during the respective phase by the electronic data processing tool used for executing the respective phase on the electronic data objects is stored in the blockchain. The stored audit information provides an end-to-end audit trail for each of the electronic data objects subject to at least one of the phases of the electronic discovery process.Type: GrantFiled: November 28, 2017Date of Patent: May 12, 2020Assignee: International Bussiness Machines CorporationInventors: Michael Bässler, Thomas Hampp, Philipp Hoffmann, David Lebutsch, Daniel Pittner
-
Patent number: 10628566Abstract: The invention relates to a computer-implemented method for user authentication using a cryptographically secured register. An authentication request for authenticating the user is received. The user is authenticated using a root identity of the user. A successful authentication requires receiving a credential assigned to a root identifier of the root identity of the user. An authentication context of the requested authentication is identified. One of the one or more delegated identities assigned to the root identity of the user and assigned to the identified authentication context is identified. In response to a successful authentication of the user, an authentication token is issued confirming the successful user authentication and identifying the successfully authenticated user by the delegated identifier of the identified delegated identity.Type: GrantFiled: November 20, 2017Date of Patent: April 21, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Philipp Hoffmann, David Lebutsch, Martin Oberhofer, Daniel Pittner, Mehmet Uenluetepe
-
Patent number: 10554508Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.Type: GrantFiled: September 7, 2016Date of Patent: February 4, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Andreas Boerner, David Lebutsch, Cataldo Mega, Chun Guang Zeng
-
Publication number: 20190251235Abstract: The invention relates to a computer-implemented method for user authentication using a cryptographically secured register. An authentication request for authenticating the user is received. The user is authenticated using a root identity of the user. A successful authentication requires receiving a credential assigned to a root identifier of the root identity of the user. An authentication context of the requested authentication is identified. One of the one or more delegated identities assigned to the root identity of the user and assigned to the identified authentication context is identified. In response to a successful authentication of the user, an authentication token is issued confirming the successful user authentication and identifying the successfully authenticated user by the delegated identifier of the identified delegated identity.Type: ApplicationFiled: April 23, 2019Publication date: August 15, 2019Inventors: PHILIPP HOFFMANN, DAVID LEBUTSCH, MARTIN OBERHOFER, DANIEL PITTNER, MEHMET UENLUETEPE
-
Publication number: 20190164241Abstract: The invention relates to a computer-implemented method for performing an electronic discovery process using a blockchain. For at least two of phases of the electronic discovery process individual electronic data processing tools are used for executing the respective phase. For each of the phases of the electronic discovery process metadata of the electronic data objects subject to the respective phase of the electronic discovery process and to the electronic data processing tool used for executing the respective phase are stored in the blockchain. Furthermore, audit information about auditable actions carried out during the respective phase by the electronic data processing tool used for executing the respective phase on the electronic data objects is stored in the blockchain. The stored audit information provides an end-to-end audit trail for each of the electronic data objects subject to at least one of the phases of the electronic discovery process.Type: ApplicationFiled: November 28, 2017Publication date: May 30, 2019Inventors: Michael Bässler, Thomas Hampp, Philipp Hoffmann, David Lebutsch, Daniel Pittner
-
Publication number: 20190156000Abstract: The invention relates to a computer-implemented method for user authentication using a cryptographically secured register. An authentication request for authenticating the user is received. The user is authenticated using a root identity of the user. A successful authentication requires receiving a credential assigned to a root identifier of the root identity of the user. An authentication context of the requested authentication is identified. One of the one or more delegated identities assigned to the root identity of the user and assigned to the identified authentication context is identified. In response to a successful authentication of the user, an authentication token is issued confirming the successful user authentication and identifying the successfully authenticated user by the delegated identifier of the identified delegated identity.Type: ApplicationFiled: November 20, 2017Publication date: May 23, 2019Inventors: PHILIPP HOFFMANN, DAVID LEBUTSCH, MARTIN OBERHOFER, DANIEL PITTNER, MEHMET UENLUETEPE
-
Patent number: 9613038Abstract: Embodiments relate to digital data retention management. An aspect includes calculating a retention date associated with a data object in a storage system. Another aspect includes generating a cryptographic checksum for metadata relating to said data object, the metadata comprising the retention date. Another aspect includes storing said metadata and said cryptographic checksum. Another aspect includes, based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system: verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.Type: GrantFiled: August 21, 2014Date of Patent: April 4, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael E. Factor, Bernhard Kurtz, David Lebutsch, Cataldo Mega, Alexandra Shulman-Peleg, Tim Waizenegger
-
Patent number: 9548866Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.Type: GrantFiled: February 18, 2016Date of Patent: January 17, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jonathan M. Barney, David Lebutsch, Cataldo Mega, Stefan Schleipen, Tim Waizenegger
-
Publication number: 20160380846Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.Type: ApplicationFiled: September 7, 2016Publication date: December 29, 2016Inventors: Andreas Boerner, David Lebutsch, Cataldo Mega, Chun Guang Zeng
-
Patent number: 9455881Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.Type: GrantFiled: October 15, 2013Date of Patent: September 27, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Andreas Boerner, David Lebutsch, Cataldo Mega, Chun Guang Zeng
-
Publication number: 20160164683Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.Type: ApplicationFiled: February 18, 2016Publication date: June 9, 2016Inventors: Jonathan M. BARNEY, David LEBUTSCH, Cataldo MEGA, Stefan SCHLEIPEN, Tim WAIZENEGGER
-
Patent number: 9298951Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.Type: GrantFiled: November 19, 2014Date of Patent: March 29, 2016Assignee: International Business Machines CorporationInventors: Jonathan M. Barney, David Lebutsch, Cataldo Mega, Stefan Schleipen, Tim Waizenegger
-
Publication number: 20150143136Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.Type: ApplicationFiled: November 19, 2014Publication date: May 21, 2015Inventors: Jonathan M. BARNEY, David LEBUTSCH, Cataldo MEGA, Stefan SCHLEIPEN, Tim WAIZENEGGER
-
Publication number: 20150134619Abstract: Embodiments relate to digital data retention management. An aspect includes calculating a retention date associated with a data object in a storage system. Another aspect includes generating a cryptographic checksum for metadata relating to said data object, the metadata comprising the retention date. Another aspect includes storing said metadata and said cryptographic checksum.Type: ApplicationFiled: August 21, 2014Publication date: May 14, 2015Inventors: Michael E. Factor, Bernhard Kurtz, David Lebutsch, Cataldo Mega, Alexandra Shulman-Peleg, Tim Waizenegger
-
Publication number: 20140122706Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.Type: ApplicationFiled: October 15, 2013Publication date: May 1, 2014Applicant: International Business Machines CorporationInventors: Andreas Boerner, David Lebutsch, Cataldo Mega, Chun Guang Zeng
-
Publication number: 20090125572Abstract: The present invention provides for a method and a computer system for managing the retention of data on WORM disk media employing an event-based scheme of retaining data. The protection of the files is accomplished by establishing a retention period for the WORM disk media file volume containing the data files, followed by a reclamation period. The retention and reclamation periods are managed by comparing the amount of reclaimable space on the file volume to a threshold value, and if the threshold is not exceeded, the retention period of the file volume is extended by a default retention extension value. If the threshold value is exceeded, the files are moved to another file volume, and the retention period of this target file volume is extended based on the longer of the default retention extension value and the latest expiration date of the file contained within the file volume.Type: ApplicationFiled: November 14, 2007Publication date: May 14, 2009Applicant: International Business Machines CorporationInventors: David M. Cannon, Jonathan M. Haswell, David Lebutsch, Toby L. Marek, Howard N. Martin