Patents by Inventor Radia J. Perlman

Radia J. Perlman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12288214
    Abstract: One example method includes generating a biometric of a user, requesting, and receiving, biometric data from a card, comparing the biometric data with the biometric, and when the biometric data matches data of the biometric, authorizing a transaction requested by a user using the card. The request for biometric data may identify what particular type of biometric data is compatible with the device making the request, and the biometric data may be a subset of the data that makes up the biometric.
    Type: Grant
    Filed: January 27, 2021
    Date of Patent: April 29, 2025
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Charles W. Kaufman
  • Patent number: 12081663
    Abstract: One example method includes continuously performing key related operations. Each data set in a storage system is encrypted with a different key. New keys are repeatedly introduced and new data is encrypted only with the newest or latest key. Data being rekeyed is re-encrypted with the latest key. By repeatedly introducing new keys and rekeying data sets associated with older keys, the overall key age of the system can be kept low and the data is less susceptible to being compromised.
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: September 3, 2024
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Jamie Pocas, Radia J. Perlman
  • Patent number: 12022003
    Abstract: One example method includes sending, by a sender, a commitment message, wherein the commitment message is digitally signed by the sender but is not verifiable by a recipient until a public key is revealed by the sender, transmitting, by the sender, the commitment message to the recipient, confirming, by the sender, that the commitment message has been received by the recipient, and only after receipt of the commitment message has been confirmed by the recipient, revealing in a second message, by the sender, the public key, wherein the public key is usable by the recipient to verify that the commitment message was validly signed by the sender.
    Type: Grant
    Filed: December 23, 2021
    Date of Patent: June 25, 2024
    Assignee: DELL PRODUCTS L.P.
    Inventors: Radia J. Perlman, Charles W. Kaufman
  • Publication number: 20240202355
    Abstract: An apparatus in an illustrative embodiment comprises a client device configured for communication with a storage system, with the client device comprising a processor coupled to a memory. The client device is further configured to generate a data encryption key for a data item by computing a function of at least the data item, to encrypt the data item using the data encryption key for the data item, to encrypt the data encryption key using a secret key of the client device, and to send the encrypted data item and the encrypted data encryption key to the storage system for storage in the storage system. The client device is still further configured to retrieve the encrypted data item and the encrypted data encryption key from the storage system, and to perform an integrity check on the retrieved encrypted data item using a result of decrypting the retrieved encrypted data encryption key.
    Type: Application
    Filed: December 19, 2022
    Publication date: June 20, 2024
    Inventors: Charles Kaufman, Radia J. Perlman
  • Publication number: 20240171567
    Abstract: An apparatus comprises at least one processing device that includes a processor coupled to a memory. The processing device is configured to obtain access credentials for accessing a protected resource via a server over a network, to modify at least a portion of the obtained access credentials based at least in part on identifying information of at least one of the protected resource and the server, and to utilize the modified access credentials in place of the obtained access credentials in an authentication protocol carried out with the server. In some embodiments, modifying at least a portion of the obtained access credentials illustratively comprises modifying at least a portion of the obtained access credentials in a manner compliant with one or more credential format rules for the protected resource. The access credentials may comprise at least one of a username and a password.
    Type: Application
    Filed: November 17, 2022
    Publication date: May 23, 2024
    Inventors: Radia J. Perlman, Charles Kaufman
  • Patent number: 11989158
    Abstract: One example method includes maintaining a deduplication data structure including one or more entries that each identify a respective fingerprint, and pointer, and also maintaining a ClientBlockList data structure comprising one or more entries that each identify a respective handle, retention date, and block, receiving a write request that identifies a handle, retention date, and block, computing a fingerprint of the block identified in the write request, determining, by the server, whether the fingerprint is in the deduplication data structure, and when the fingerprint is not in the deduplication data structure, storing the block identified in the write request at location ‘L’ in the deduplication data structure, and adding, to the deduplication data structure, an entry that identifies the fingerprint and the location ‘L,’ and adding, to the ClientBlockList data structure, an entry that identifies the handle, retention date, and fingerprint.
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: May 21, 2024
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Radia J. Perlman, Kalyan C. Gunda
  • Publication number: 20240146737
    Abstract: An apparatus in one embodiment comprises at least one processing device that includes a processor coupled to a memory, with the at least one processing device being configured to provide an authentication service for sharing access credentials of a protected resource among multiple users. The at least one processing device in providing the authentication service for sharing the access credentials is further configured to obtain the access credentials at least in part from a first one of the users, to automatically provide the access credentials to at least one additional one of the users responsive to authentication of the at least one additional user and satisfaction of one or more specified distribution conditions, and to automatically modify the access credentials responsive to satisfaction of one or more specified revocation conditions. The protected resource may comprise, for example, a user account of a website.
    Type: Application
    Filed: October 31, 2022
    Publication date: May 2, 2024
    Inventors: Seth Rothschild, Rana Afifi, Radia J. Perlman
  • Publication number: 20230368139
    Abstract: Selecting a review panel of dissimilar peers. An asset is reviewed from an ethical perspective by a panel of reviewers. The panel of reviewers includes members that are selected based on their dissimilarity to creators of the asset. Selecting dissimilar members for the panel of reviewers allows bias in the asset to be identified and remedied. A portion of the panel of reviewers may be selected randomly to further improve the effectiveness of the panel of reviewers in reviewing the asset for ethicalness.
    Type: Application
    Filed: May 14, 2022
    Publication date: November 16, 2023
    Inventors: Ming Qian, Nicole Reineke, Radia J. Perlman
  • Patent number: 11770412
    Abstract: One example method includes logging into websites through devices including insecure devices. A logon device may store credentials. The logon device is configured to connect with an insecure device and then communicate with a website for authentication purposes without exposing a user's credentials to the insecure device. After the user is authenticated, the session is transferred to the insecure device.
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: September 26, 2023
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Seth Jacob Rothschild, Benjamin Santaus, Orlando Xavier Nieves, Radia J. Perlman
  • Patent number: 11720270
    Abstract: A method of sending blocks of data from a client to be stored at a storage server, wherein for each block compression and encryption is performed at the client, and deduplication is performed at the server. Security is thus enhanced as the block is compressed and encrypted when it is sent over an unsecured network and when it is stored in potentially a third-party backup system. Provisions are made to enable addition of new compression algorithms and for retirement of old compression algorithms, while ensuring that a client would not receive a block which was compressed using an unsupported, e.g., retired, compression algorithm. In some examples a compression algorithm ID is tied to an encryption key version to enable refresh of blocks compressed with old algorithm.
    Type: Grant
    Filed: December 2, 2020
    Date of Patent: August 8, 2023
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Senthil Ponnuswamy, Charles W. Kaufman, Radia J. Perlman
  • Publication number: 20230208649
    Abstract: One example method includes sending, by a sender, a commitment message, wherein the commitment message is digitally signed by the sender but is not verifiable by a recipient until a public key is revealed by the sender, transmitting, by the sender, the commitment message to the recipient, confirming, by the sender, that the commitment message has been received by the recipient, and only after receipt of the commitment message has been confirmed by the recipient, revealing in a second message, by the sender, the public key, wherein the public key is usable by the recipient to verify that the commitment message was validly signed by the sender.
    Type: Application
    Filed: December 23, 2021
    Publication date: June 29, 2023
    Inventors: Radia J. Perlman, Charles W. Kaufman
  • Patent number: 11436345
    Abstract: In a cloud-based multiple client encryption and deduplication environment, secret plaintext data of a client is encrypted to produce ciphertext in an enclave comprising a trusted execution environment which is inaccessible by unauthorized entities and processes even with administrator privileges. Encryption is performed with an initialization vector and an encryption key calculated in the enclave. The encrypted ciphertext is deduplicated prior to storage by comparing a hash of the corresponding plaintext data to hashes of previously stored plaintext data.
    Type: Grant
    Filed: February 27, 2020
    Date of Patent: September 6, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Charles W. Kaufman
  • Patent number: 11435907
    Abstract: One example method includes accessing stored data, associating a unique identifier with the data, creating a hash by hashing a combination that comprises the unique identifier and the data, transmitting the hash to a notary service, receiving, from the notary service, a digital signature that corresponds to the hash, appending the digital signature to the data, and storing, as an object, a combination that comprises the digital signature, the data, and the unique identifier.
    Type: Grant
    Filed: June 27, 2019
    Date of Patent: September 6, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Yossef Saad, Radia J. Perlman, Charles William Kaufman
  • Publication number: 20220237623
    Abstract: One example method includes generating a biometric of a user, requesting, and receiving, biometric data from a card, comparing the biometric data with the biometric, and when the biometric data matches data of the biometric, authorizing a transaction requested by a user using the card. The request for biometric data may identify what particular type of biometric data is compatible with the device making the request, and the biometric data may be a subset of the data that makes up the biometric.
    Type: Application
    Filed: January 27, 2021
    Publication date: July 28, 2022
    Inventors: Radia J. Perlman, Charles W. Kaufman
  • Publication number: 20220239699
    Abstract: One example method includes logging into websites through devices including insecure devices. A logon device may store credentials. The logon device is configured to connect with an insecure device and then communicate with a website for authentication purposes without exposing a user's credentials to the insecure device. After the user is authenticated, the session is transferred to the insecure device.
    Type: Application
    Filed: January 28, 2021
    Publication date: July 28, 2022
    Inventors: Seth Jacob Rothschild, Benjamin Santaus, Orlando Xavier Nieves, Radia J. Perlman
  • Publication number: 20220237148
    Abstract: One example method includes maintaining a deduplication data structure including one or more entries that each identify a respective fingerprint, and pointer, and also maintaining a ClientBlockList data structure comprising one or more entries that each identify a respective handle, retention date, and block, receiving a write request that identifies a handle, retention date, and block, computing a fingerprint of the block identified in the write request, determining, by the server, whether the fingerprint is in the deduplication data structure, and when the fingerprint is not in the deduplication data structure, storing the block identified in the write request at location ‘L’ in the deduplication data structure, and adding, to the deduplication data structure, an entry that identifies the fingerprint and the location ‘L,’ and adding, to the ClientBlockList data structure, an entry that identifies the handle, retention date, and fingerprint.
    Type: Application
    Filed: January 28, 2021
    Publication date: July 28, 2022
    Inventors: Radia J. Perlman, Kalyan C. Gunda
  • Publication number: 20220239478
    Abstract: One example method includes continuously performing key related operations. Each data set in a storage system is encrypted with a different key. New keys are repeatedly introduced and new data is encrypted only with the newest or latest key. Data being rekeyed is re-encrypted with the latest key. By repeatedly introducing new keys and rekeying data sets associated with older keys, the overall key age of the system can be kept low and the data is less susceptible to being compromised.
    Type: Application
    Filed: January 28, 2021
    Publication date: July 28, 2022
    Inventors: Jamie Pocas, Radia J. Perlman
  • Patent number: 11374769
    Abstract: An apparatus in one embodiment includes at least one processing device comprising a processor coupled to a memory. The processing device is configured to implement a first ledger maintenance node. The first ledger maintenance node is configured to communicate over one or more networks with a plurality of additional ledger maintenance nodes, to identify a block for proposed addition to a distributed ledger collectively maintained by the first and additional ledger maintenance nodes, to apply a digital signature of the first ledger maintenance node to the block, and to receive digital signatures on the block from at least a subset of the additional ledger maintenance nodes. Responsive to receipt of sufficient digital signatures from respective ones of the additional ledger maintenance nodes to meet a specified quorum of digital signatures required for addition of the block to the distributed ledger, the first ledger maintenance node adds the block to the distributed ledger.
    Type: Grant
    Filed: July 20, 2020
    Date of Patent: June 28, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Charles Kaufman
  • Publication number: 20220171555
    Abstract: A method of sending blocks of data from a client to be stored at a storage server, wherein for each block compression and encryption is performed at the client, and deduplication is performed at the server. Security is thus enhanced as the block is compressed and encrypted when it is sent over an unsecured network and when it is stored in potentially a third-party backup system. Provisions are made to enable addition of new compression algorithms and for retirement of old compression algorithms, while ensuring that a client would not receive a block which was compressed using an unsupported, e.g., retired, compression algorithm.
    Type: Application
    Filed: December 2, 2020
    Publication date: June 2, 2022
    Inventors: Senthil PONNUSWAMY, Charles W. KAUFMAN, Radia J. PERLMAN
  • Patent number: 11128460
    Abstract: An apparatus in an illustrative embodiment comprises a client device configured for communication with a storage system, with the client device comprising a processor coupled to a memory. The client device is further configured to identify a data item to be stored in the storage system, and to generate a data encryption key for the data item as a function of a first secret key and the data item. For example, the function may comprise hashing at least the data item. The client device is further configured to encrypt the data item using the data encryption key for the data item, and to send the encrypted data item to the storage system for storage therein. The client device in some embodiments is further configured to encrypt the data encryption key using a second secret key, and to send the encrypted data encryption key to the storage system for storage therein as metadata of the data item.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: September 21, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Charles Kaufman, Xuan Tang