Patents by Inventor Ton Engbersen
Ton Engbersen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10230792Abstract: The present invention is notably directed to a method for synchronizing proprietary data in an external cloud provided by a cloud service provider with data of a private storage system. The method comprises, at a synchronization system: copying outward data from a flow of outward data sent from a private cloud to the external cloud, the outward data being proprietary data of an entity that owns data of the private cloud. Next, and in parallel to copying outward data: the synchronization system compares copied outward data with data stored on the private storage system, to determine whether the compared outward data are already replicated in the private storage system. Finally, if it is determined that the compared outward data are not yet replicated in the private storage system, it instructs to store the compared outward data on the private storage system. The present invention is further directed to related systems and computer program products.Type: GrantFiled: October 23, 2015Date of Patent: March 12, 2019Assignee: International Business Machines CorporationInventors: Ton Engbersen, Martin Schmatz
-
Publication number: 20170118279Abstract: The present invention is notably directed to a method for synchronizing proprietary data in an external cloud provided by a cloud service provider with data of a private storage system. The method comprises, at a synchronization system: copying outward data from a flow of outward data sent from a private cloud to the external cloud, the outward data being proprietary data of an entity that owns data of the private cloud. Next, and in parallel to copying outward data: the synchronization system compares copied outward data with data stored on the private storage system, to determine whether the compared outward data are already replicated in the private storage system. Finally, if it is determined that the compared outward data are not yet replicated in the private storage system, it instructs to store the compared outward data on the private storage system. The present invention is further directed to related systems and computer program products.Type: ApplicationFiled: October 23, 2015Publication date: April 27, 2017Inventors: Ton Engbersen, Martin Schmatz
-
Patent number: 8650406Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: GrantFiled: February 27, 2012Date of Patent: February 11, 2014Assignee: International Business Machines CorporationInventors: Michael Backes, Shmuel S Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Publication number: 20120159610Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: ApplicationFiled: February 27, 2012Publication date: June 21, 2012Applicant: International Business Machine CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Patent number: 8161287Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: GrantFiled: June 3, 2010Date of Patent: April 17, 2012Assignee: International Business Machines CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, Michael Waidner
-
Patent number: 7925801Abstract: A method and system for protection and security of IO devices using credential are provided. The system may include at least one consumer arranged to initiate IO requests from the IO device, and the IO requests may include IO capability allocation and additional parameters. The system may also include an IO resource manager (IORM) arranged to translate the IO capability allocation and additional parameters included in said IO request to a set of capability tokens for the consumer or for a group of consumers, to generate a global key to protect the capability tokens, and further arranged to manage the IO device. The system may further include a channel component arranged to transfer and receive the IO request to and from the IO device.Type: GrantFiled: January 17, 2006Date of Patent: April 12, 2011Assignee: International Business Machines CorporationInventors: Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III
-
Publication number: 20100242108Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: ApplicationFiled: June 3, 2010Publication date: September 23, 2010Applicant: International Business Machines CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Patent number: 7757280Abstract: A computer-implemented method for protecting a memory is provided. The method includes responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to the memory, the request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB), forming a credential from CAP and CAPB, appending the credential to the IO command, configuring the IO device according to the credential and the IO command, transmitting the data from the IO device to the memory and prior to allowing execution of the DMA, authenticating that the credential is valid, further includes regenerating CAPB from a key available to an authenticating entity and from the CAP (included in CAPB) and verifying that the memory region information described in the cryptographically signed capability is the same as the requested region that was originally created, and that the cryptographically signed capability encompasses the IO command.Type: GrantFiled: January 17, 2006Date of Patent: July 13, 2010Assignee: International Business Machines CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Publication number: 20070169172Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: ApplicationFiled: January 17, 2006Publication date: July 19, 2007Applicant: International Business Machines CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Smith, Michael Waidner
-
Publication number: 20070168299Abstract: A method and system for protection and security of IO devices using credential are provided. The system may include at least one consumer arranged to initiate IO requests from the IO device, and the IO requests may include IO capability allocation and additional parameters. The system may also include an IO resource manager (IORM) arranged to translate the IO capability allocation and additional parameters included in said IO request to a set of capability tokens for the consumer or for a group of consumers, to generate a global key to protect the capability tokens, and further arranged to manage the IO device. The system may further include a channel component arranged to transfer and receive the IO request to and from the IO device.Type: ApplicationFiled: January 17, 2006Publication date: July 19, 2007Applicant: International Business Machines CorporationInventors: Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Smith
-
Patent number: 6996116Abstract: An interface module is provided for connecting a data communications link to a switching node, comprising a plurality of other interface modules, of a data communications network. The interface module has at least one external port for connection to a data communications link, and a plurality of internal ports for connection to respective internal ports of the switching node. A link interface is connected to the external port for processing inbound and outbound data. A switch circuit is connected between the link interface and the internal ports of the module for transmission of data between the internal ports and to the link interface. The module includes a controller for controlling routing of data via the internal ports in accordance with an intra-node routing protocol. Switching nodes comprising a plurality of interface modules, and optionally one or more switching modules, are provided.Type: GrantFiled: November 21, 2001Date of Patent: February 7, 2006Assignee: International Business Machines CorporationInventors: Ton Engbersen, Ronald P. Luijten
-
Publication number: 20020080775Abstract: An interface module is provided for connecting a data communications link to a switching node, comprising a plurality of other such interface modules, of a data communications network. The interface module has at least one external port for connection to a data communications link, and a plurality of internal ports for connection to respective internal ports of said other interface modules of the switching node. A link interface is connected to the external port for processing inbound data for forwarding across the switching node and outbound data for transmission over the link. A switch circuit is connected between the link interface and the internal ports of the module for transmission of data between the internal ports of the module and between the internal ports and the link interface.Type: ApplicationFiled: November 21, 2001Publication date: June 27, 2002Applicant: International Business Machines CorporationInventors: Ton Engbersen, Ronald P. Luijten
-
Publication number: 20020009076Abstract: For a system in which data packets are to be handled according to one of several rules, depending on two (or more) criteria present in each packet, such as source and destination addresses, a classification method is disclosed that allows to determine the applicable rule by a longest-matching-prefix search operation. Range tokens of non-uniform length are assigned to basic ranges of criterion values so that each combination of input values from a packet can be represented by a particular variable length combination of range tokens. A search tree containing stored rule identifiers is so designed that each particular range token combination, used as input for a longest-matching-prefix lookup operation, will provide the required identifier. Different range token combinations having the same prefix can use the same path to one stored rule identifier, so that this method reduces the storage and time requirements for the classification procedure and allows simple updating when rules change.Type: ApplicationFiled: February 7, 2001Publication date: January 24, 2002Inventors: Ton Engbersen, Jan Van Lunteren