Patents by Inventor Robert Safford
Robert Safford has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11907361Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.Type: GrantFiled: March 17, 2020Date of Patent: February 20, 2024Assignee: International Business Machines CorporationInventors: Richard Harold Boivie, Kattamuri Ekanadham, Kenneth Alan Goldman, William Eric Hall, Guerney D. Hunt, Bhushan Pradip Jain, Mohit Kapur, Dimitrios Pendarakis, David Robert Safford, Peter Anthony Sandon, Enriquillo Valdez
-
Patent number: 11150634Abstract: An exemplary additive manufacturing method includes receiving a build file comprising instructions for controlling the manufacturing hardware to generate an object, receiving a material identifier indicating a particular lot of manufacturing media, validating the build file and the material identifier via a distributed ledger to verify both an author of the build file and an origin of the particular lot of manufacturing media, causing manufacturing hardware to generate the object using the build file and the particular lot of manufacturing media, generating an object manufactured transaction to the distributed ledger indicating a result of the validation of the origin of the at least one of the build file or the material identifier, and certifying the object in response to verifying the author of the build file and the origin of the particular lot of manufacturing media, and wherein the object manufactured transaction indicates that the object is certified.Type: GrantFiled: April 3, 2020Date of Patent: October 19, 2021Assignee: General Electric CompanyInventors: John Joseph Freer, Richard Paul Messmer, Arvind Rangarajan, David Robert Safford
-
Patent number: 10754323Abstract: Some aspects are directed to additive manufacturing systems. An example additive manufacturing system controller is configured to receive a build file comprising instructions for controlling the manufacturing hardware to generate the object, receive a material identifier indicating a particular lot of manufacturing media, validate the build file and the material identifier via a distributed ledger to verify at least one of an author of the build file or an origin of the particular lot of manufacturing media, control the manufacturing hardware using the build file to generate the object using the particular lot of manufacturing media, and in response to completion of the generation of the object, generate an object manufactured transaction to the distributed ledger indicating a result of the validation of the origin of the at least one of the build file or the material identifier.Type: GrantFiled: December 19, 2017Date of Patent: August 25, 2020Assignee: General Electric CompanyInventors: John Joseph Freer, Richard Paul Messmer, Arvind Rangarajan, David Robert Safford
-
Publication number: 20200233398Abstract: An exemplary additive manufacturing method includes receiving a build file comprising instructions for controlling the manufacturing hardware to generate an object, receiving a material identifier indicating a particular lot of manufacturing media, validating the build file and the material identifier via a distributed ledger to verify both an author of the build file and an origin of the particular lot of manufacturing media, causing manufacturing hardware to generate the object using the build file and the particular lot of manufacturing media, generating an object manufactured transaction to the distributed ledger indicating a result of the validation of the origin of the at least one of the build file or the material identifier, and certifying the object in response to verifying the author of the build file and the origin of the particular lot of manufacturing media, and wherein the object manufactured transaction indicates that the object is certified.Type: ApplicationFiled: April 3, 2020Publication date: July 23, 2020Inventors: John Joseph Freer, Richard Paul Messmer, Arvind Rangarajan, David Robert Safford
-
Publication number: 20200218799Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.Type: ApplicationFiled: March 17, 2020Publication date: July 9, 2020Inventors: Richard Harold Boivie, Kattamuri Ekanadham, Kenneth Alan Goldman, William Eric Hall, Guerney D. Hunt, Bhushan Pradip Jain, Mohit Kapur, Dimitrios Pendarakis, David Robert Safford, Peter Anthony Sandon, Enriquillo Valdez
-
Patent number: 10628579Abstract: A processor in a computer system, the processor including a mechanism supporting a Secure Object that comprises information that is protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information while making the Secure Object information available to the Secure Object itself during execution of the Secure Object. The mechanism includes a crypto mechanism that decrypts and integrity-checks Secure Object information as said Secure Object information moves into the computer system from an external storage system, and encrypts and updates an integrity value for Secure Object information as said Secure Object information moves out of the computer system to the external storage system, and a memory protection mechanism that protects the confidentiality and integrity of Secure Object information when that information is in the memory of the computer system.Type: GrantFiled: August 28, 2015Date of Patent: April 21, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard Harold Boivie, Kattamuri Ekanadham, Kenneth Alan Goldman, William Eric Hall, Guerney Douglass Holloway Hunt, Bhushan Pradip Jain, Mohit Kapur, Dimitrios Pendarakis, David Robert Safford, Peter Anthony Sandon, Enriquillo Valdez
-
Publication number: 20190238514Abstract: A method, computer-readable medium, and system including an inside container module to communicate with an inside network internal to a system; an outside container module to communicate with an outside network external to the system; and an inspector module to communicate with the inside container module and the outside container module, the inspector container to control communication of all data between the inside container module and the outside container module; and the inspector module, the inside container module, and the outside container module each being self-contained and to operate independent of each other.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: David Robert SAFFORD, Brandon R. CASTEL, Tom GARDINER
-
Publication number: 20190238513Abstract: A method, computer-readable medium, and system including an inside container module to communicate with an inside network internal to a system; an outside container module to communicate with an outside network external to the system; and an inspector module to communicate with the inside container module and the outside container module, the inspector container to control communication of all data between the inside container module and the outside container module, including enforcing single direction data flow directionality between the inspector module and at least one of the outside container module and the inside container module; and the inspector module, the inside container module, and the outside container module each being self-contained and to operate independent of each other.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: David Robert SAFFORD, Brandon R. CASTEL, Tom GARDINER
-
Publication number: 20190238512Abstract: A system, computer-readable medium, and method including receiving, during a development of a container based application proxy firewall system, application source code for an application; analyzing, during the development of the container based application proxy firewall system, the source code to determine a data flow for the application; generating, during the development of the container based application proxy firewall system, inspection rules for a application specific proxy firewall; and incorporating the generated inspection rules into the application specific proxy firewall system.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: David Robert SAFFORD, Brandon R. CASTEL, Tom GARDINER
-
Publication number: 20180173203Abstract: Some aspects are directed to additive manufacturing systems. An example additive manufacturing system controller is configured to receive a build file comprising instructions for controlling the manufacturing hardware to generate the object, receive a material identifier indicating a particular lot of manufacturing media, validate the build file and the material identifier via a distributed ledger to verify at least one of an author of the build file or an origin of the particular lot of manufacturing media, control the manufacturing hardware using the build file to generate the object using the particular lot of manufacturing media, and in response to completion of the generation of the object, generate an object manufactured transaction to the distributed ledger indicating a result of the validation of the origin of the at least one of the build file or the material identifier.Type: ApplicationFiled: December 19, 2017Publication date: June 21, 2018Inventors: John Joseph FREER, Richard Paul MESSMER, Arvind RANGARAJAN, David Robert SAFFORD
-
Publication number: 20160171250Abstract: A processor in a computer system, the processor including a mechanism supporting a Secure Object that comprises information that is protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information while making the Secure Object information available to the Secure Object itself during execution of the Secure Object. The mechanism includes a crypto mechanism that decrypts and integrity-checks Secure Object information as said Secure Object information moves into the computer system from an external storage system, and encrypts and updates an integrity value for Secure Object information as said Secure Object information moves out of the computer system to the external storage system, and a memory protection mechanism that protects the confidentiality and integrity of Secure Object information when that information is in the memory of the computer system.Type: ApplicationFiled: August 28, 2015Publication date: June 16, 2016Inventors: Richard Harold Boivie, Kattamuri Ekanadham, Kenneth Alan Goldman, William Eric Hall, Guerney D. Hunt, Bhushan Pradip Jain, Mohit Kapur, Dimitrios Pendarakis, David Robert Safford, Peter Anthony Sandon, Enriquillo Valdez
-
Publication number: 20130291067Abstract: A method for identifying unauthorized and/or misconfigured wireless access points (WAPs) in a communication network includes the steps of: an agent running on an endpoint in the communication network locating one or more WAPs in the communication network; the agent reporting at least one located WAP to a central entity; and the central entity performing steps of applying prescribed criteria to determine whether the located WAP needs to be probed, and initiating active probing of the located WAP when it is determined that the located WAP needs to be probed to thereby determine whether the located WAP is unauthorized and/or misconfigured.Type: ApplicationFiled: April 30, 2012Publication date: October 31, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Terry Dwain Escamilla, Charles Steven Lingafelt, David Robert Safford
-
Publication number: 20130291063Abstract: A system for identifying unauthorized and/or misconfigured wireless access points (WAPs) in a communication network includes multiple network endpoints and multiple agents running on endpoints. The agents are adapted to periodically locate WAPs and to report located WAPs to a central entity. The system further includes a central entity operative to receive information from the agents regarding located WAPs, to determine whether at least a given one of the located WAPs needs to be probed, and to initiate active probing of located WAPs when it is determined that the given one of the located WAPs needs to be probed.Type: ApplicationFiled: April 25, 2012Publication date: October 31, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Terry Dwain Escamilla, Charles Steven Lingafelt, David Robert Safford
-
Patent number: 7893830Abstract: An intrusion detection mechanism is provided for flexible, automatic, thorough, and consistent security checking and vulnerability resolution in a heterogeneous environment. The mechanism may provide a predefined number of default intrusion analysis approaches, such as signature-based, anomaly-based, scan-based, and danger theory. The intrusion detection mechanism also allows a limitless number of intrusion analysis approaches to be added on the fly. Using an intrusion detection skin, the mechanism allows various weights to be assigned to specific intrusion analysis approaches. The mechanism may adjust these weights dynamically. The score ration can be tailored to determine if an intrusion occurred and adjusted dynamically. Also, multiple security policies for any type of computing element may be enforced.Type: GrantFiled: October 6, 2008Date of Patent: February 22, 2011Assignee: International Business Machines CorporationInventors: Vaijayanthimala K. Anand, Sandra K. Johnson, David Robert Safford, Kimberly DaShawn Simon
-
Publication number: 20090033490Abstract: An intrusion detection mechanism is provided for flexible, automatic, thorough, and consistent security checking and vulnerability resolution in a heterogeneous environment. The mechanism may provide a predefined number of default intrusion analysis approaches, such as signature-based, anomaly-based, scan-based, and danger theory. The intrusion detection mechanism also allows a limitless number of intrusion analysis approaches to be added on the fly. Using an intrusion detection skin, the mechanism allows various weights to be assigned to specific intrusion analysis approaches. The mechanism may adjust these weights dynamically. The score ration can be tailored to determine if an intrusion occurred and adjusted dynamically. Also, multiple security policies for any type of computing element may be enforced.Type: ApplicationFiled: October 6, 2008Publication date: February 5, 2009Applicant: International Business Machines CorporationInventors: Vaijayanthimala K. Anand, Sandra K. Johnson, David Robert Safford, Kimberly DaShawn Simon
-
Patent number: 7450005Abstract: An intrusion detection mechanism is provided for flexible, automatic, thorough, and consistent security checking and vulnerability resolution in a heterogeneous environment. The mechanism may provide a predefined number of default intrusion analysis approaches, such as signature-based, anomaly-based, scan-based, and danger theory. The intrusion detection mechanism also allows a limitless number of intrusion analysis approaches to be added on the fly. Using an intrusion detection skin, the mechanism allows various weights to be assigned to specific intrusion analysis approaches. The mechanism may adjust these weights dynamically. The score ration can be tailored to determine if an intrusion occurred and adjusted dynamically. Also, multiple security policies for any type of computing element may be enforced.Type: GrantFiled: January 18, 2006Date of Patent: November 11, 2008Assignee: International Business Machines CorporationInventors: Vaijayanthimala K. Anand, Sandra K. Johnson, David Robert Safford, Kimberly DaShawn Simon
-
Patent number: 7343493Abstract: A method for restricting access to an encryption key of an encrypted file system (EFS), whereby access is provided only when a computer system is booted in a trusted state. The EFS encrypts the files within a TPM chip according to TCPA specifications and simultaneously creates the encryption key, which is also stored in the TPM. The key is sealed to one or more platform control register (PCR) states (i.e., the TPM will export the key only when the PCRs are in a pre-defined state.). The original PCR states are modified during boot up of the computer system via a secure hashing algorithm, which extends a value of one PCR to a next PCR at each stage of the boot process and then hashes the value with the remaining content of the next PCR. When the system boot process is completed and before control passes to the user, the values within the PCRs are compared to values stored in a PCR table within the TPM, and the encryption key is exported to the OS kernel only when the PCR values match the table values.Type: GrantFiled: March 28, 2002Date of Patent: March 11, 2008Assignee: Lenovo (Singapore) Pte. Ltd.Inventors: David Carroll Challener, David Robert Safford
-
Patent number: 7281125Abstract: A method, computer program product and computer system for securing alterable data. A computer that is remotely managed may be equipped with a protected storage that is accessible only by BIOS code. The protected storage may have the capacity to store a symmetrical encryption key. An EEPROM, which normally contains the BIOS code, may be used to store accessible configuration data as well as remotely unaccessible sensitive access information (e.g., passwords). The remotely unaccessible sensitive data is encrypted with the symmetrical encryption key by the BIOS code. Remote access to the sensitive data is accomplished via change requests submitted to the BIOS code over a secure channel. The BIOS code then determines whether the request is valid. If so, then sensitive data is decrypted, altered, encrypted, and re-written into the EEPROM. Normal access to accessible data is unaffected and remote access is allowed without changing the computer system architecture.Type: GrantFiled: August 24, 2001Date of Patent: October 9, 2007Assignee: Lenovo (Singapore) Pte. Ltd.Inventors: David Carroll Challener, Steven Dale Goodman, David Robert Safford, Randall Scott Springfield
-
Patent number: 7085933Abstract: A computer system, method of operation, and program product which gives a clear indication to a user when a computer system has transitioned to a trusted state.Type: GrantFiled: June 11, 2002Date of Patent: August 1, 2006Assignee: Lenvo (Singapore) Pte, Ltd.Inventors: David Carroll Challener, David Robert Safford, Leendert Peter Van Doorn
-
Publication number: 20040059704Abstract: A method, computer program product, and data processing system for constructing a self-managing distributed computing system comprised of “autonomic elements” is disclosed. An autonomic element provides a set of services, and may provide them to other autonomic elements. Relationships between autonomic elements include the providing and consuming of such services. These relationships are “late bound,” in the sense that they can be made during the operation of the system rather than when parts of the system are implemented or deployed. They are dynamic, in the sense that relationships can begin, end, and change over time. They are negotiated, in the sense that they are arrived at by a process of mutual communication between the elements that establish the relationship.Type: ApplicationFiled: September 20, 2002Publication date: March 25, 2004Applicant: International Business Machines CorporationInventors: Joseph L. Hellerstein, Jeffrey Owen Kephart, Edwin Richie Lassettre, Norman J. Pass, David Robert Safford, William Harold Tetzlaff, Steve Richard White