Patents by Inventor Miriam Zohar
Miriam Zohar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11503030Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: August 6, 2019Date of Patent: November 15, 2022Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 11176255Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: December 13, 2019Date of Patent: November 16, 2021Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20200117806Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: December 13, 2019Publication date: April 16, 2020Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 10528740Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: June 15, 2017Date of Patent: January 7, 2020Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20190364048Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: August 6, 2019Publication date: November 28, 2019Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 10397230Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: June 15, 2017Date of Patent: August 27, 2019Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20180365424Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: June 15, 2017Publication date: December 20, 2018Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20180365422Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: June 15, 2017Publication date: December 20, 2018Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20070195714Abstract: The present invention provides methods and apparatus for classifying and demultiplexing packets in a network protocol stack. It provides extendibility for packet processing in the network protocol stack by defining a standard method for adding new functionality. It provides a method to obtain external information, from an application scheduled outside of the forwarding or interrupt context of the kernel, in order to augment packet classification and/or augment packet disposition. In some embodiments, external information augments a criteria of a node in a classification tree with additional information. It presents a way of augmenting which suspends the classification process until an application, scheduled outside of the forwarding or interrupt context of the kernel, completes. The resulting external information is used to augment the packet classification.Type: ApplicationFiled: February 23, 2007Publication date: August 23, 2007Inventors: Douglas Schales, Srinivasan Seshan, Miriam Zohar
-
Patent number: 7200684Abstract: The present invention provides methods and apparatus for classifying and demultiplexing packets in a network protocol stack. It provides extendibility for packet processing in the network protocol stack by defining a standard method for adding new functionality. It provides a method to obtain external information, from an application scheduled outside of the forwarding or interrupt context of the kernel, in order to augment packet classification and/or augment packet disposition. In some embodiments, external information augments a criteria of a node in a classification tree with additional information. It presents a way of augmenting which suspends the classification process until an application, scheduled outside of the forwarding or interrupt context of the kernel, completes. The resulting external information is used to augment the packet classification.Type: GrantFiled: April 13, 2000Date of Patent: April 3, 2007Assignee: International Business Machines CorporationInventors: Douglas Lee Schales, Srinivasan Seshan, Miriam Zohar
-
Publication number: 20020124103Abstract: A system and method for controlling the rates at which application workload, e.g., TCP connection requests, is admitted to a collection of servers, such as a server farm of an application service provider (ASP) that hosts Internet World Wide Web (WWW) sites of various owners. The system and method are intended to operate in an environment in which each customer has a workload-based SLA for each type of application hosted by the provider and used by the customer. The system and method achieve support (minimum, maximum) TCP connection requests for multiple customers and applications. According to one aspect, the system and method guarantee, control and deliver TCP connection-based workload SLA's to customers whose applications are hosted by the server farm with the use of a workload regulator that operates by regulating only new TCP connection request packets while transparently passing existing TCP connection packets and other request packets received for customers.Type: ApplicationFiled: February 20, 2001Publication date: September 5, 2002Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Kiyoshi Maruyama, Shun-Shing Chan, Jarir Kamel Chaar, Jean A. Lorrain, Miriam Zohar, David Alson George
-
Patent number: 4935953Abstract: A system for full motion videoconferencing. The total video image space is broken down into regions of such position and size relative to the space that the image data in predetermined sections of the regions is overlapped during the cyclic transmission thereof. The reception and display of the superimposed regions provides a significant increase in the perceived transmission rate in the overlapped sections, rendering those sections suitable for full motion effects.Type: GrantFiled: April 27, 1989Date of Patent: June 19, 1990Assignee: International Business Machines CorporationInventors: Arthur Appel, Miriam Zohar