Patents by Inventor John B. Geagan
John B. Geagan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11526583Abstract: An encryption scheme is provided in which subset-difference lists are generated by blacklisting subsets corresponding to compromised devices and splitting subset difference lists corresponding to the blacklisted subsets into multiple subset difference lists. In some embodiments, a subset-difference tree is generated. The subset-difference tree includes a plurality of subsets. The subset-difference tree covers a plurality of nodes. Each of the plurality of subsets has an apex node among the plurality of nodes. At least one blacklisted node of the plurality of nodes is determined. A first subset among the plurality of subsets is identified that covers the at least one blacklisted node. A plurality of substitute subsets is determined. Each of the plurality of substitute subsets overlaps the first subset and does not cover the at least one blacklisted node. The plurality of substitute subsets are substituted for the first subset.Type: GrantFiled: September 12, 2019Date of Patent: December 13, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John B. Geagan, Dulce B. Ponceleon
-
Patent number: 11431484Abstract: An example operation may include one or more of storing a broadcast encryption tree comprising a set of cryptographic keys disposed in a hierarchical tree format, distributing a partial set of keys from the broadcast encryption tree to each respective peer from among a group of peers included in a blockchain network, receiving, from a user device, an identification of at least one peer included in the group of peers for processing a blockchain transaction, selecting a subset of keys from among the set of cryptographic keys in the broadcast encryption tree which enables at least one peer to decrypt transactions and doesn't enable the remaining peers included in the group of peers to decrypt transactions, and transmitting broadcast encryption information about the selected subset of keys to the user device for performing encryption of the transactions.Type: GrantFiled: January 2, 2020Date of Patent: August 30, 2022Assignee: International Business Machines CorporationInventors: Andres Garagiola, John B. Geagan, III, Jeronimo Irazabal, Guillermo R. Lopez, Diego A. Masini, Dulce Ponceleon
-
Patent number: 10992453Abstract: A system architecture providing memory encryption suitable for protection against liquid nitrogen and trace probe attacks. In one embodiment, a method of and system for memory encryption are provided. A write request is received at a memory controller. The write request includes first data and a first address. The memory controller is embedded in a CPU and is operatively coupled to memory external to the CPU. The first data are encrypted at the memory controller to generate encrypted first data. The encrypted first data are written to the memory.Type: GrantFiled: May 18, 2016Date of Patent: April 27, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John B. Geagan, Dulce B. Ponceleon
-
Patent number: 10979418Abstract: One example method may include generating a template transaction certificate by one or more entities which verify proof of ownership of attributes incorporated into the template transaction certificate, and generating one or more operational transaction certificates by the one or more entities which verified proof of ownership of the template transaction certificate.Type: GrantFiled: August 14, 2019Date of Patent: April 13, 2021Assignee: International Business Machines CorporationInventors: David W. Kravitz, Dulce B. Ponceleon, Diego A. Masini, John B. Geagan, III, Brian K. Smith
-
Patent number: 10841078Abstract: Encryption key block generation with barrier descriptors is provided. In some embodiments, a descriptor is read. The descriptor includes a list of revoked devices and a list of boundaries between devices. A plurality of subset differences is generated. The plurality of subset-differences covers a plurality of devices. None of the plurality of devices appears in the list of revoked devices. None of the plurality of subset differences spans any of the boundaries. Encrypted information is generated based on the subset differences.Type: GrantFiled: July 26, 2018Date of Patent: November 17, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John B. Geagan, Dulce B. Ponceleon
-
Patent number: 10700853Abstract: One example method of operation may include receiving a request, from an entity, for one or more tokens based on one or more attributes, encrypting and masking the one or more attributes, adding the encrypted and masked one or more attributes to the one or more tokens, and transmitting the one or more tokens to the entity.Type: GrantFiled: May 9, 2017Date of Patent: June 30, 2020Assignee: International Business Machines CorporationInventors: David W. Kravitz, Dulce B. Ponceleon, Diego A. Masini, Raul O. Laprida, Andres Garagiola, John B. Geagan, III
-
Publication number: 20200145204Abstract: An example operation may include one or more of storing a broadcast encryption tree comprising a set of cryptographic keys disposed in a hierarchical tree format, distributing a partial set of keys from the broadcast encryption tree to each respective peer from among a group of peers included in a blockchain network, receiving, from a user device, an identification of at least one peer included in the group of peers for processing a blockchain transaction, selecting a subset of keys from among the set of cryptographic keys in the broadcast encryption tree which enables at least one peer to decrypt transactions and doesn't enable the remaining peers included in the group of peers to decrypt transactions, and transmitting broadcast encryption information about the selected subset of keys to the user device for performing encryption of the transactions.Type: ApplicationFiled: January 2, 2020Publication date: May 7, 2020Inventors: Andres Garagiola, John B. Geagan, III, Jeronimo Irazabal, Guillermo R. Lopez, Diego A. Masini, Dulce Ponceleon
-
Patent number: 10616190Abstract: Space-efficient methods of defining a key allocation scheme within a broadcast encryption system are provided. In some embodiments, a descriptor is received. The descriptor includes a plurality of subset definitions and a plurality of pointers. A data segment is resolved from each of the plurality of pointers. The resulting data segments are assembled into a plurality of variant definitions. A media key block is generated from the plurality of subset definitions and the plurality of variant definitions.Type: GrantFiled: May 18, 2016Date of Patent: April 7, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: John B. Geagan
-
Publication number: 20200036513Abstract: Encryption key block generation with barrier descriptors is provided. In some embodiments, a descriptor is read. The descriptor includes a list of revoked devices and a list of boundaries between devices. A plurality of subset differences is generated. The plurality of subset-differences covers a plurality of devices. None of the plurality of devices appears in the list of revoked devices. None of the plurality of subset differences spans any of the boundaries. Encrypted information is generated based on the subset differences.Type: ApplicationFiled: July 26, 2018Publication date: January 30, 2020Inventors: John B. Geagan, Dulce B. Ponceleon
-
Publication number: 20200004931Abstract: An encryption scheme is provided in which subset-difference lists are generated by blacklisting subsets corresponding to compromised devices and splitting subset difference lists corresponding to the blacklisted subsets into multiple subset difference lists. In some embodiments, a subset-difference tree is generated. The subset-difference tree includes a plurality of subsets. The subset-difference tree covers a plurality of nodes. Each of the plurality of subsets has an apex node among the plurality of nodes. At least one blacklisted node of the plurality of nodes is determined. A first subset among the plurality of subsets is identified that covers the at least one blacklisted node. A plurality of substitute subsets is determined. Each of the plurality of substitute subsets overlaps the first subset and does not cover the at least one blacklisted node. The plurality of substitute subsets are substituted for the first subset.Type: ApplicationFiled: September 12, 2019Publication date: January 2, 2020Inventors: John B. Geagan, Dulce B. Ponceleon
-
Publication number: 20190372965Abstract: One example method may include generating a template transaction certificate by one or more entities which verify proof of ownership of attributes incorporated into the template transaction certificate, and generating one or more operational transaction certificates by the one or more entities which verified proof of ownership of the template transaction certificate.Type: ApplicationFiled: August 14, 2019Publication date: December 5, 2019Inventors: David W. Kravitz, Dulce B. Ponceleon, Diego A. Masini, John B. Geagan, III, Brian K. Smith
-
Patent number: 10467384Abstract: An encryption scheme is provided in which subset-difference lists are generated by blacklisting subsets corresponding to compromised devices and splitting subset difference lists corresponding to the blacklisted subsets into multiple subset difference lists. In some embodiments, a subset-difference tree is generated. The subset-difference tree includes a plurality of subsets. The subset-difference tree covers a plurality of nodes. Each of the plurality of subsets has an apex node among the plurality of nodes. At least one blacklisted node of the plurality of nodes is determined. A first subset among the plurality of subsets is identified that covers the at least one blacklisted node. A plurality of substitute subsets is determined. Each of the plurality of substitute subsets overlaps the first subset and does not cover the at least one blacklisted node. The plurality of substitute subsets are substituted for the first subset.Type: GrantFiled: May 18, 2016Date of Patent: November 5, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John B. Geagan, Dulce B. Ponceleon
-
Patent number: 10425399Abstract: One example method may include generating a template transaction certificate by one or more entities which verify proof of ownership of attributes incorporated into the template transaction certificate, and generating one or more operational transaction certificates by the one or more entities which verified proof of ownership of the template transaction certificate.Type: GrantFiled: June 23, 2017Date of Patent: September 24, 2019Assignee: International Business Machines CorporationInventors: David W. Kravitz, Dulce B. Ponceleon, Diego A. Masini, John B. Geagan, III, Brian K. Smith
-
Publication number: 20180019879Abstract: One example method of operation may include receiving a request, from an entity, for one or more tokens based on one or more attributes, encrypting and masking the one or more attributes, adding the encrypted and masked one or more attributes to the one or more tokens, and transmitting the one or more tokens to the entity.Type: ApplicationFiled: May 9, 2017Publication date: January 18, 2018Inventors: David W. Kravitz, Dulce B. Ponceleon, Diego A. Masini, Raul O. Laprida, Andres Garagiola, John B. Geagan, III
-
Publication number: 20180019993Abstract: One example method may include generating a template transaction certificate by one or more entities which verify proof of ownership of attributes incorporated into the template transaction certificate, and generating one or more operational transaction certificates by the one or more entities which verified proof of ownership of the template transaction certificate.Type: ApplicationFiled: June 23, 2017Publication date: January 18, 2018Inventors: David W. Kravitz, Dulce B. Ponceleon, Diego A. Masini, John B. Geagan, III, Brian K. Smith
-
Patent number: 9866373Abstract: Embodiments of the present invention relate to encryption key allocation with additional security elements to lessen vulnerability to certain attacks. In one embodiment, a method and computer program product is provided for broadcast encryption. A key bundle encoded in a non-transient machine-readable medium is received. The key bundle comprises a first cryptographic key and an associated first cryptographic function identifier. Encrypted content is received. A key block corresponding to a subset difference tree is received. A first cryptographic triple function corresponding to the first cryptographic function identifier is determined. The subset difference tree is traversed using the first cryptographic key and the first cryptographic triple function to obtain a content cryptographic key. The content cryptographic key is applied to the encrypted content to obtain decrypted content.Type: GrantFiled: July 7, 2017Date of Patent: January 9, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John B. Geagan, III, Dulce B. Ponceleon
-
Patent number: 9860219Abstract: Embodiments of the present invention relate to runtime instantiation of broadcast encryption schemes. In one embodiment, a method of and computer program product for runtime instantiation of broadcast encryption schemes is provided. A broadcast encryption definition is read. The broadcast encryption definition defines a broadcast encryption scheme and includes a plurality of function definitions. Based on the plurality of function definitions, it is determined whether the broadcast encryption definition defines encrypting or decrypting content. Based on the plurality of function definitions a type of the broadcast encryption scheme is determined.Type: GrantFiled: October 28, 2016Date of Patent: January 2, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: John B. Geagan, III
-
Publication number: 20170337351Abstract: An encryption scheme is provided in which subset-difference lists are generated by blacklisting subsets corresponding to compromised devices and splitting subset difference lists corresponding to the blacklisted subsets into multiple subset difference lists. In some embodiments, a subset-difference tree is generated. The subset-difference tree includes a plurality of subsets. The subset-difference tree covers a plurality of nodes. Each of the plurality of subsets has an apex node among the plurality of nodes. At least one blacklisted node of the plurality of nodes is determined. A first subset among the plurality of subsets is identified that covers the at least one blacklisted node. A plurality of substitute subsets is determined. Each of the plurality of substitute subsets overlaps the first subset and does not cover the at least one blacklisted node. The plurality of substitute subsets are substituted for the first subset.Type: ApplicationFiled: May 18, 2016Publication date: November 23, 2017Inventors: John B. Geagan, Dulce B. Ponceleon
-
Publication number: 20170338955Abstract: Space-efficient methods of defining a key allocation scheme within a broadcast encryption system are provided. In some embodiments, a descriptor is received. The descriptor includes a plurality of subset definitions and a plurality of pointers. A data segment is resolved from each of the plurality of pointers. The resulting data segments are assembled into a plurality of variant definitions. A media key block is generated from the plurality of subset definitions and the plurality of variant definitions.Type: ApplicationFiled: May 18, 2016Publication date: November 23, 2017Inventor: John B. Geagan
-
Publication number: 20170337141Abstract: A system architecture providing memory encryption suitable for protection against liquid nitrogen and trace probe attacks. In one embodiment, a method of and system for memory encryption are provided. A write request is received at a memory controller. The write request includes first data and a first address. The memory controller is embedded in a CPU and is operatively coupled to memory external to the CPU. The first data are encrypted at the memory controller to generate encrypted first data. The encrypted first data are written to the memory.Type: ApplicationFiled: May 18, 2016Publication date: November 23, 2017Inventors: John B. Geagan, Dulce B. Ponceleon