Patents by Inventor Michael Waidner
Michael Waidner has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11907683Abstract: A method for generating a random number comprises selecting a group of at least two servers within a network; receiving a server specific string from at least two servers of the group; and using the server specific strings to generate the random number.Type: GrantFiled: October 23, 2019Date of Patent: February 20, 2024Assignee: Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.Inventors: Haya Shulman, Michael Waidner
-
Patent number: 11700263Abstract: A method to validate ownership of a resource within a network, comprising selecting a group of at least two validation agents such that network routes between a validation agent of the group and entities of a group of one or more entities associated to the resource do not intersect. The method further comprises transmitting a property of the resource to be validated and an address indicator for the resource from a coordinating agent to the group of validation agents. Also, the method comprises querying the property of the resource from the entities using the validation agents of the group to determine queried properties; and evaluating the queried properties to validate ownership of the resource.Type: GrantFiled: October 11, 2019Date of Patent: July 11, 2023Assignee: Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.Inventors: Haya Shulman, Michael Waidner, Markus Brandt
-
Publication number: 20200296109Abstract: A method to validate ownership of a resource within a network, comprising selecting a group of at least two validation agents such that network routes between a validation agent of the group and entities of a group of one or more entities associated to the resource do not intersect. The method further comprises transmitting a property of the resource to be validated and an address indicator for the resource from a coordinating agent to the group of validation agents. Also, the method comprises querying the property of the resource from the entities using the validation agents of the group to determine queried properties; and evaluating the queried properties to validate ownership of the resource.Type: ApplicationFiled: October 11, 2019Publication date: September 17, 2020Inventors: Haya SHULMAN, Michael WAIDNER, Markus BRANDT
-
Publication number: 20200167130Abstract: A method for generating a random number comprises selecting a group of at least two servers within a network; receiving a server specific string from at least two servers of the group; and using the server specific strings to generate the random number.Type: ApplicationFiled: October 23, 2019Publication date: May 28, 2020Inventors: Haya SHULMAN, Michael WAIDNER
-
Patent number: 10425396Abstract: A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information.Type: GrantFiled: October 28, 2016Date of Patent: September 24, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Birgit M. Pfitzmann, Michael Waidner
-
Publication number: 20170048237Abstract: A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information.Type: ApplicationFiled: October 28, 2016Publication date: February 16, 2017Inventors: BIRGIT M. PFITZMANN, MICHAEL WAIDNER
-
Patent number: 9501634Abstract: A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information.Type: GrantFiled: June 2, 2011Date of Patent: November 22, 2016Assignee: International Business Machines CorporationInventors: Birgit Pfitzmann, Michael Waidner
-
Patent number: 8650406Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: GrantFiled: February 27, 2012Date of Patent: February 11, 2014Assignee: International Business Machines CorporationInventors: Michael Backes, Shmuel S Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Publication number: 20120331285Abstract: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM}, and comprises the following steps. First, the computing platform (P) receives configuration values (PCRI . . . PCRn). Then, by means of the trusted platform module (TPM}, a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCRI . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp}} on one of the received configuration values (PCRI . . . PCRn).Type: ApplicationFiled: September 2, 2012Publication date: December 27, 2012Applicant: International Business Machines CorporationInventors: Endre Bangerter, Matthias Schunter, Michael Waidner, Jan Camenisch
-
Patent number: 8312271Abstract: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM), and comprises the following steps. First, the computing platform (P) receives configuration values (PCR1 . . . PCRn). Then, by means of the trusted platform module (TPM), a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCR1 . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp)) on one of the received configuration values (PCR1 . . . PCRn).Type: GrantFiled: May 26, 2008Date of Patent: November 13, 2012Assignee: International Business Machines CorporationInventors: Endre Bangerter, Matthias Schunter, Michael Waidner, Jan Camenisch
-
Publication number: 20120159610Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: ApplicationFiled: February 27, 2012Publication date: June 21, 2012Applicant: International Business Machine CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Patent number: 8161287Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: GrantFiled: June 3, 2010Date of Patent: April 17, 2012Assignee: International Business Machines CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, Michael Waidner
-
Publication number: 20110302273Abstract: A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information.Type: ApplicationFiled: June 2, 2011Publication date: December 8, 2011Applicant: International Business Machines CorporationInventors: Birgit Pfitzmann, Michael Waidner
-
Patent number: 7992195Abstract: The invention allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a method and system are presented for providing an identity-related information about a user to a requesting entity. The method comprises a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information.Type: GrantFiled: March 26, 2003Date of Patent: August 2, 2011Assignee: International Business Machines CorporationInventors: Birgit Pfitzmann, Michael Waidner
-
Patent number: 7962962Abstract: In a computer, a first set of object classes are provided representing active entities in an information-handling process and a second set of object classes are provided representing data and rules in the information-handling process. At least one object class has rules associated with data. The above-mentioned objects are used in constructing a model of an information-handling process, and to provide an output that identifies at least one way in which the information-handling process could be improved. One aspect is a method for handling personally identifiable information. Another aspect is a system for executing the method of the present invention. A third aspect is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.Type: GrantFiled: June 19, 2001Date of Patent: June 14, 2011Assignee: International Business Machines CorporationInventors: Steven B. Adler, Endre Felix Bangerter, Kathryn Ann Bohrer, Nigel Howard Julian Brown, Jan Camenisch, Arthur M. Gilbert, Dogan Kesdogan, Matthew P. Leonard, Xuan Liu, Michael Robert McCullough, Adam Charles Nelson, Charles Campbell Palmer, Calvin Stacy Powers, Michael Schnyder, Edith Schonberg, Matthias Schunter, Elsie Van Herreweghen, Michael Waidner
-
Publication number: 20100242108Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: ApplicationFiled: June 3, 2010Publication date: September 23, 2010Applicant: International Business Machines CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Patent number: 7770000Abstract: Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.Type: GrantFiled: May 21, 2008Date of Patent: August 3, 2010Assignee: International Business Machines CorporationInventors: Matthias Schunter, Jonathan A. Poritz, Michael Waidner, Elsie A. Van Herreweghen
-
Patent number: 7757280Abstract: A computer-implemented method for protecting a memory is provided. The method includes responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to the memory, the request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB), forming a credential from CAP and CAPB, appending the credential to the IO command, configuring the IO device according to the credential and the IO command, transmitting the data from the IO device to the memory and prior to allowing execution of the DMA, authenticating that the credential is valid, further includes regenerating CAPB from a key available to an authenticating entity and from the CAP (included in CAPB) and verifying that the memory region information described in the cryptographically signed capability is the same as the requested region that was originally created, and that the cryptographically signed capability encompasses the IO command.Type: GrantFiled: January 17, 2006Date of Patent: July 13, 2010Assignee: International Business Machines CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Patent number: 7603317Abstract: The invention entails identifying the parties involved in a process of handling personally identifiable information; identifying the data involved in said process; classifying the data; expressing each relationship between each pair of said parties in terms of a privacy agreement; and representing the parties, data, and privacy agreements graphically in one or more privacy agreement relationship diagrams. The invention has the advantage of identifying opportunities to reduce privacy-related risks, including identifying unnecessary exchanges of data, for possible elimination, and identifying opportunities to transform data into a less sensitive form. Privacy agreements are based on a limited set of privacy-related actions: access, disclose, release, notify, utilize, update, withdrawConsent, giveConsent, delete, anonymize, depersonalize, and repersonalize. One aspect of the present invention is a method for improving the handling of personally identifiable information.Type: GrantFiled: June 19, 2001Date of Patent: October 13, 2009Assignee: International Business Machines CorporationInventors: Steven B. Adler, Nigel Howard Julian Brown, Arthur M. Gilbert, Charles Campbell Palmer, Michael Schnyder, Michael Waidner
-
Publication number: 20080313736Abstract: The invention provides a data network, systems and methods for checking nodes of a data network that are used for detecting whether a privacy policy concerning an information is maintained. The information comprises a mark corresponding to the privacy policy. The mark defines the storage place or the accessing paths or the transferring paths of the information. The mark is automatically searchable. The mark is searched, analyzed and checked as to whether the privacy policy is maintained. The advantage of the system is that vulnerabilities of systems for protecting confidential information may be detected a long time before an attack on the confidential information occurs.Type: ApplicationFiled: July 31, 2008Publication date: December 18, 2008Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Birgit Baum-Waidner, Michael Waidner, Christopher Kenyon