Patents by Inventor Paul Ashley Karger
Paul Ashley Karger has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8276192Abstract: A method for security planning with hard security constraints includes: receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.Type: GrantFiled: May 30, 2008Date of Patent: September 25, 2012Assignee: International Business Machines CorporationInventors: Kay Schwendimann Anderson, Pau-Chen Cheng, Genady Ya. Grabarnik, Paul Ashley Karger, Marc Lelarge, Zhen Liu, Anton Viktorovich Riabov, Pankaj Rohatgi, Angela Marie Schuett, Grant Wagner
-
Patent number: 8135766Abstract: A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.Type: GrantFiled: June 2, 2008Date of Patent: March 13, 2012Assignee: International Business Machines CorporationInventors: Suresh Narayana Chari, Vincenzo Valentino Diluoffo, Paul Ashley Karger, Elaine Rivette Palmer, Tal Rabin, Josyula Ramachandra Rao, Pankaj Rohatgi, Helmut Scherzer, Michael Steiner, David Claude Toll
-
Patent number: 8099781Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.Type: GrantFiled: July 23, 2009Date of Patent: January 17, 2012Assignee: International Business Machines CorporationInventors: Kay S. Anderson, Pau-Chen Cheng, Mark D. Feblowitz, Genady Grabarnik, Shai Halevi, Nagui Halim, Trent R. Jaeger, Paul Ashley Karger, Zhen Liu, Ronald Perez, Anton V. Riabov, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Patent number: 8087090Abstract: An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range by mapping the effectiveness of performing the mitigation measures to determine a residual risk after a mitigation measure has been implemented.Type: GrantFiled: June 2, 2008Date of Patent: December 27, 2011Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, Shai Halevi, Trent Ray Jaeger, Paul Ashley Karger, Ronald Perez, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Patent number: 7832007Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.Type: GrantFiled: January 10, 2006Date of Patent: November 9, 2010Assignee: International Business Machines CorporationInventors: Kay S. Anderson, Pau-Chen Cheng, Mark D. Feblowitz, Genady Grabarnik, Shai Halevi, Nagui Halim, Trent R. Jaeger, Paul Ashley Karger, Zhen Liu, Ronald Perez, Anton V. Riabov, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Publication number: 20090282487Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.Type: ApplicationFiled: July 23, 2009Publication date: November 12, 2009Applicant: International Business Machines CorporationInventors: Kay S. Anderson, Pau-Chen Cheng, Mark D. Feblowitz, Genady Grabarnik, Shai Halevi, Nagui Halim, Trent R. Jaeger, Paul Ashley Karger, Zhen Liu, Ronald Perez, Anton V. Riabov, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Patent number: 7530110Abstract: An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range.Type: GrantFiled: May 6, 2005Date of Patent: May 5, 2009Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, Shai Halevi, Trent Ray Jaeger, Paul Ashley Karger, Ronald Perez, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Publication number: 20090055890Abstract: A method for security planning with hard security constraints includes: receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.Type: ApplicationFiled: May 30, 2008Publication date: February 26, 2009Inventors: Kay Schwendimann Anderson, Pau-Chen Cheng, Genady Ya. Grabarnik, Paul Ashley Karger, Marc Lelarge, Zhen Liu, Anton Viktotovich Riabov, Pankai Rohatgi, Angela Marie Schuett, Grant Wagner
-
Patent number: 7496616Abstract: A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.Type: GrantFiled: November 12, 2004Date of Patent: February 24, 2009Assignee: International Business Machines CorporationInventors: Suresh Narayana Chari, Vincenzo Valentino Diluoffo, Paul Ashley Karger, Elaine Rivette Palmer, Tal Rabin, Josyula Ramachandra Rao, Pankaj Rohatgi, Helmut Scherzer, Michael Steiner, David Claude Toll
-
Publication number: 20090049111Abstract: A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.Type: ApplicationFiled: June 2, 2008Publication date: February 19, 2009Inventors: Suresh Narayana Chari, Vincenzo Valentino Diluoffo, Paul Ashley Karger, Elaine Rivette Palmer, Tal Rabin, Josyula Ramachandra Rao, Pankaj Rohatgi, Helmut Scherzer, Michael Steiner, David Claude Toll
-
Publication number: 20080263662Abstract: An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range.Type: ApplicationFiled: June 2, 2008Publication date: October 23, 2008Inventors: Pau-Chen Cheng, Shai Halevi, Trent Ray Jaeger, Paul Ashley Karger, Ronald Perez, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Publication number: 20080016547Abstract: A method for security planning with hard security constraints includes: receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.Type: ApplicationFiled: July 11, 2006Publication date: January 17, 2008Inventors: Kay Schwendimann Anderson, Pau-Chen Cheng, Genady Ya. Grabarnik, Paul Ashley Karger, Marc Lelarge, Zhen Liu, Anton Viktorovich Riabov, Pankaj Rohatgi, Angela Marie Schuett, Grant Wagner
-
Patent number: 6430561Abstract: Access to files by accessing programs, where files comprise other files, programs and data is controlled. An initial access class is assigned to each file and to each accessing program. An access class comprises an integrity access class and a secrecy access class. An integrity access class comprises rules governing modification of data contained in files and a security access class comprises rules governing disclosure of data contained in files. An integrity access class comprises a set of rules for allowing the performance of a read function, and another set of rules for allowing the performance of write/execute function. An execute function comprises transferring and chaining, where chaining comprises starting another process running at potentially different secrecy and integrity access classes. A secrecy access class comprises a set of rules for allowing the performance of a write function, and another set of rules for allowing the performance of read/execute function.Type: GrantFiled: October 29, 1999Date of Patent: August 6, 2002Assignee: International Business Machines CorporationInventors: Vernon Ralph Austel, Paul Ashley Karger, David Claude Toll
-
Patent number: 6052469Abstract: A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys.Type: GrantFiled: August 14, 1998Date of Patent: April 18, 2000Assignee: International Business Machines CorporationInventors: Donald Byron Johnson, Paul Ashley Karger, Charles William Kaufman, Jr., Stephen Michael Matyas, Jr., David Robert Safford, Marcel Mordechay Yung, Nevenko Zunic
-
Patent number: 5937066Abstract: A cryptographic key recovery system that operates in two phases. In the first phase, the sender establishes a secret value with the receiver. For each key recovery agent, the sender generates a key-generating value as a one-way function of the secret value and encrypts the key-generating value with a public key of the key recovery agent. In the second phase, performed for a particular cryptographic session, the sender generates for each key recovery agent a key-encrypting key as a one-way function of the corresponding key-generating value and multiply encrypts the session key with the key-encrypting keys of the key recovery agents. The encrypted key-generating values and the multiply encrypted session key are transmitted together with other recovery information in a manner permitting their interception by a party seeking to recover the secret value.Type: GrantFiled: October 2, 1996Date of Patent: August 10, 1999Assignee: International Business Machines CorporationInventors: Rosario Gennaro, Donald Byron Johnson, Paul Ashley Karger, Stephen Michael Matyas, Jr., Mohammad Peyravian, David Robert Safford, Marcel Mordechay Yung, Nevenko Zunic
-
Patent number: 5907618Abstract: A method and apparatus for verifiably providing key recovery information to one or more trustees in a cryptographic communication system having a sender and a receiver Each communicating party has its own Diffie-Hellman key pair comprising a secret value and corresponding public value, as does each trustee The sender non-interactively generates from its own secret value and the public value held by the receiver a first shared Diffie-Hellman key pair comprising a first shared secret value, shared with the receiver but not with any trustee, and a corresponding public value. For each trustee, the sender then non-interactively generates an additional shared secret value, shared with the receiver and the trustee, from the first shared secret value and the public value corresponding to the secret value held by the trustee. The sender uses the additional shared secret value to encrypt recovery information for each trustee, which is transmitted to the receiver along with the encrypted message.Type: GrantFiled: January 3, 1997Date of Patent: May 25, 1999Assignee: International Business Machines CorporationInventors: Rosario Gennaro, Paul Ashley Karger, Stephen Michael Matyas, Jr., Mohammad Peyravian, David Robert Safford, Nevenko Zunic
-
Patent number: 5815573Abstract: A cryptographic key recovery system for generating a cryptographic key for use by a pair of communicating parties while simultaneously providing for its recovery using one or more key recover agents. A plurality of m-bit shared key parts (P, Q) are generated which are shared with respective key recovery agents, while an n-bit nonshared key part (R) is generated that is not shared with any key recovery agent. The shared key parts (P, Q) are combined to generate an m-bit value which is concatenated with the nonshared key part (R) to generate an (m+n)-bit value from which an encryption key is generated. The cryptographic system has the effective work factor of an n-bit key to all of the key recovery agents acting in concert, but has the effective work factor of an (m+n)-bit to any other combination of third parties.Type: GrantFiled: April 10, 1996Date of Patent: September 29, 1998Assignee: International Business Machines CorporationInventors: Donald Byron Johnson, Paul Ashley Karger, Charles William Kaufman, Jr., Stephen Michael Matyas, Jr., Marcel Mordechay Yung, Nevenko Zunic
-
Patent number: 5796830Abstract: A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys.Type: GrantFiled: July 29, 1996Date of Patent: August 18, 1998Assignee: International Business Machines CorporationInventors: Donald Byron Johnson, Paul Ashley Karger, Charles William Kaufman, Jr., Stephen Michael Matyas, Jr., David Robert Safford, Marcel Mordechay Yung, Nevenko Zunic