Patents by Inventor John Clay Richard Wray
John Clay Richard Wray has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8782410Abstract: Information leakage prevention in a cryptographic protocol is implemented in a network device. The technique implements an error message processing strategy to mask information otherwise useful to an attacker and that has been generated (by decryption processes) as a consequence of an attacker's exploit. The technique avoids information leakage associated with a padding oracle attack. In one aspect each error message (irrespective of its content) is replaced with a generic error message so that the attacker does not obtain the specific error message content(s) that might otherwise provide useful information. In addition to masking the error message content, the technique preferably implements a “delay” policy that delays the transmission of particular error messages (or message types) to hide (from the attacker's point-of-view) whether a particular error message is relevant to (or a consequence of) the attacker's exploit.Type: GrantFiled: June 20, 2012Date of Patent: July 15, 2014Assignee: International Business Machines CorporationInventors: John Clay Richard Wray, Peter James Argue, Krithika Prakash
-
Patent number: 8745389Abstract: A method to prevent information leakage in a cryptographic protocol is implemented in a network device. The method implements an error message processing strategy to mask information otherwise useful to an attacker and that has been generated (by decryption processes) as a consequence of an attacker's exploit. The technique avoids information leakage associated with a padding oracle attack. In one aspect each error message (irrespective of its content) is replaced with a generic error message so that the attacker does not obtain the specific error message content(s) that might otherwise provide useful information. In addition to masking the error message content, the technique preferably implements a “delay” policy that delays the transmission of particular error messages (or message types) to hide (from the attacker's point-of-view) whether a particular error message is relevant to (or a consequence of) the attacker's exploit.Type: GrantFiled: March 1, 2013Date of Patent: June 3, 2014Assignee: International Business Machines CorporationInventors: John Clay Richard Wray, Peter James Argue, Krithika Prakash
-
Publication number: 20130346749Abstract: A method to prevent information leakage in a cryptographic protocol is implemented in a network device. The method implements an error message processing strategy to mask information otherwise useful to an attacker and that has been generated (by decryption processes) as a consequence of an attacker's exploit. The technique avoids information leakage associated with a padding oracle attack. In one aspect each error message (irrespective of its content) is replaced with a generic error message so that the attacker does not obtain the specific error message content(s) that might otherwise provide useful information. In addition to masking the error message content, the technique preferably implements a “delay” policy that delays the transmission of particular error messages (or message types) to hide (from the attacker's point-of-view) whether a particular error message is relevant to (or a consequence of) the attacker's exploit.Type: ApplicationFiled: June 20, 2012Publication date: December 26, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John Clay Richard Wray, Peter James Argue, Krithika Prakash
-
Patent number: 8572268Abstract: The different illustrative embodiments provide a method, a computer program product, and an apparatus for managing secure sessions. An identity of a requestor is verified in response to receiving a request from the requestor to access a resource. The identity of the requestor comprises authentication information used to identify a number of privileges to the resource for the requestor. A session cookie is sent to the requestor by a first data processing system. The session cookie identifies the number of privileges for a session. A migration cookie is sent to the requestor by the first data processing system, wherein the migration cookie is used to recreate the session on a second data processing system.Type: GrantFiled: June 23, 2010Date of Patent: October 29, 2013Assignee: International Business Machines CorporationInventor: John Clay Richard Wray
-
Patent number: 8490165Abstract: The different illustrative embodiments provide a method, a computer program product, and an apparatus for restoring secure sessions. A determination is made whether cached information for a session for the requestor is stored at the data processing system using a session cookie responsive to receiving a request at a data processing system from a requestor to access a resource. Access to the resource is controlled using the cached information and a number of privileges for the requestor associated with the cached information responsive to a determination that the cached information for the session is stored at the data processing system. A migration cookie is requested from the requestor responsive to an absence of a determination that the cached information for the session is stored at the data processing system. The cached information is generated for the session using the migration cookie.Type: GrantFiled: June 23, 2010Date of Patent: July 16, 2013Assignee: International Business Machines CorporationInventor: John Clay Richard Wray
-
Patent number: 6839437Abstract: A cryptographic system for use in a data processing system. The system includes a security layer and a plurality of cryptographic routines, wherein the plurality of cryptographic routines are accessed through the security layer. Also included is a keystore and a keystore application program interface layer coupled to the security layer. The keystore application program interface layer receives a call from an application to perform a cryptographic operation, identifies a routine, calls the routine to perform the cryptographic operation, receives a result from the routine, and returns the result to the application.Type: GrantFiled: January 31, 2000Date of Patent: January 4, 2005Assignee: International Business Machines CorporationInventors: Michael A. Crane, Sohail H. Malik, John Clay Richard Wray