Patents by Inventor Amal Ahmed Shaheen
Amal Ahmed Shaheen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 7864953Abstract: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.Type: GrantFiled: March 27, 2008Date of Patent: January 4, 2011Assignee: International Business Machines CorporationInventors: Julian A. Cerruti, Matthew Francis Rutkowski, Amal Ahmed Shaheen
-
Patent number: 7756830Abstract: A method and apparatus for providing a recent set of replicas for a cluster data resource within a cluster having a plurality of nodes. Each of the nodes having a group services client with membership and voting services. The method of the present invention concerns broadcasting a data resource open request to the nodes of the cluster, determining a recent replica of the cluster data resource among the nodes, and distributing the recent replica to the nodes of the cluster. The apparatus of the present invention is for providing a recent set of replicas for a cluster data resource. The apparatus has a cluster having a plurality of nodes in a peer relationship, each node has an electronic memory for storing a local replica of the cluster data resource. A group services client, which is executable by each node of the cluster, has cluster broadcasting and cluster voting capability.Type: GrantFiled: March 31, 1999Date of Patent: July 13, 2010Assignee: International Business Machines CorporationInventors: Ching-Yun Chao, Roger Eldred Hough, Rodolfo Augusto Mancisidor-Landa, Javashree Ramanathan, Amal Ahmed Shaheen
-
Patent number: 7613303Abstract: Controlling delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from the network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id and calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id. In typical embodiments, calculating a binding key includes calculating a management key from the key management block for the cluster; calculating a content server device key from the management key and the content server device id; decrypting the encrypted cluster id with the content server device key; and calculating the binding key with the management key, the unique data token for the cluster, and the cluster id.Type: GrantFiled: June 30, 2008Date of Patent: November 3, 2009Assignee: International Business Machines CorporationInventors: Eunjin Jung, Amal Ahmed Shaheen
-
Patent number: 7519181Abstract: A system, method and computer program for enforcing network cluster proximity requirements using a proxy is useful in preventing unauthorized devices from receiving encrypted broadcast content intended for only authorized users within a network cluster. The current art allows users to remotely establish trust via a cryptographic handshake. This results in encrypted broadcast content being delivered to unauthorized devices. The present invention assures that encrypted broadcast content is delivered to only authorized devices, allowing authorized remote devices to receive encrypted broadcast content while preventing unauthorized remote devices from doing so. The present invention enforces network proximity requirements to authorized devices within a defined area by timing the cryptographic handshaking, and by authorizing device proxies within a geographic area for retransmitting to authorized remote devices outside said geographic area.Type: GrantFiled: December 16, 2004Date of Patent: April 14, 2009Assignee: International Business Machines CorporationInventors: Amal Ahmed Shaheen, Tommy McGuire
-
Publication number: 20090028342Abstract: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.Type: ApplicationFiled: March 27, 2008Publication date: January 29, 2009Inventors: Julian A. Cerruti, Matthew Francis Rutkowski, Amal Ahmed Shaheen
-
Publication number: 20090016533Abstract: Methods, systems, and products are disclosed for controlling with rights objects delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from a network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id; calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id; inserting a title key into a rights object defining rights for the broadcast encryption content; and sending the rights object to the cluster. In typical embodiments, the rights for content include an authorization for a play period and an authorized number of copies of the broadcast encryption content to devices outside the cluster.Type: ApplicationFiled: March 29, 2008Publication date: January 15, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Eunjin Jung, Amal Ahmed Shaheen
-
Publication number: 20090013179Abstract: Methods, systems, and products are disclosed for delivering broadcast encryption content. Embodiments of the present invention typically include receiving in a cluster broadcast encryption content; receiving in a cluster a rights object defining device-oriented digital rights for broadcast encryption content; and administering the broadcast encryption content on one or more network devices in the cluster in dependence upon the digital rights. In some embodiments, administering the broadcast encryption content on one or more network devices in the cluster in dependence upon the digital rights include mapping the device-oriented digital rights to digital rights supported in the cluster, excluding device-oriented rights not supported in the cluster. In some embodiments, mapping the device-oriented digital rights to digital rights supported in the cluster includes supporting in the cluster only those device-oriented digital rights having direct analogs in the cluster.Type: ApplicationFiled: March 31, 2008Publication date: January 8, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Eunjin Jung, Amal Ahmed Shaheen
-
Publication number: 20080260162Abstract: Controlling delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from the network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id and calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id. In typical embodiments, calculating a binding key includes calculating a management key from the key management block for the cluster; calculating a content server device key from the management key and the content server device id; decrypting the encrypted cluster id with the content server device key; and calculating the binding key with the management key, the unique data token for the cluster, and the cluster id.Type: ApplicationFiled: June 30, 2008Publication date: October 23, 2008Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Eunjin Jung, Amal Ahmed Shaheen
-
Publication number: 20080253574Abstract: Controlling delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from the network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id and calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id. In typical embodiments, calculating a binding key includes calculating a management key from the key management block for the cluster; calculating a content server device key from the management key and the content server device id; decrypting the encrypted cluster id with the content server device key; and calculating the binding key with the management key, the unique data token for the cluster, and the cluster id.Type: ApplicationFiled: June 30, 2008Publication date: October 16, 2008Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Eunjin Jung, Amal Ahmed Shaheen
-
Patent number: 7412063Abstract: Controlling delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from the network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id and calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id. In typical embodiments, calculating a binding key includes calculating a management key from the key management block for the cluster; calculating a content server device key from the management key and the content server device id; decrypting the encrypted cluster id with the content server device key; and calculating the binding key with the management key, the unique data token for the cluster, and the cluster id.Type: GrantFiled: March 31, 2004Date of Patent: August 12, 2008Assignee: International Business Machines CorporationInventors: Eunjin Jung, Amal Ahmed Shaheen
-
Publication number: 20080172334Abstract: Controlling delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from the network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id and calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id. In typical embodiments, calculating a binding key includes calculating a management key from the key management block for the cluster; calculating a content server device key from the management key and the content server device id; decrypting the encrypted cluster id with the content server device key; and calculating the binding key with the management key, the unique data token for the cluster, and the cluster id.Type: ApplicationFiled: March 25, 2008Publication date: July 17, 2008Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Eunjin Jung, Amal Ahmed Shaheen
-
Patent number: 6823457Abstract: A method for verifying control accesses between a device on a non-proprietary bus and a device on a proprietary bus is disclosed. A gateway controller is connected between a proprietary bus and a non-proprietary bus. A determination is made as to whether or not a non-proprietary device is registered to more than one gateway controller. In response to a determination that the non-proprietary device is registered to more than one gateway controller, another determination is made as to whether or not the non-proprietary device is a portable device. In response to a determination that the non-proprietary device is a portable device, another determination is made as to whether or not a number of acceptable duplication has been exceeded. In response to a determination that the number of acceptable duplication has been exceeded, a flag is set to indicate a control access violation has occurred.Type: GrantFiled: November 22, 1999Date of Patent: November 23, 2004Assignee: International Business Machines CorporationInventors: Viktors Berstis, George Willard Van Leeuwen, Steven Michael Pritko, Amal Ahmed Shaheen
-
Patent number: 6748381Abstract: A method and apparatus for providing a recent set of replicas for a cluster data resource within a cluster having a plurality of nodes; each of the nodes having a group services client with membership and voting services. The method broadcasts a data resource open request to the nodes of the cluster, determines a recent replica of the cluster data resource among the nodes, and distributes the recent replica to the nodes of the cluster. The apparatus is for providing a recent set of replicas for a cluster data resource. The apparatus has a cluster having a plurality of nodes in a peer relationship; each node has an electronic memory for storing a local replica of the cluster data resource. A group services client, which is executable by each node of the cluster, has cluster broadcasting and cluster voting capability.Type: GrantFiled: March 31, 1999Date of Patent: June 8, 2004Assignee: International Business Machines CorporationInventors: Ching-Yun Chao, Roger Eldred Hough, Amal Ahmed Shaheen
-
Patent number: 6587860Abstract: Within a computer cluster usage reference counts are maintained for replicated databases within a computer cluster using cluster membership and cluster voting services. Such a method includes the maintaining of a local reference count for all open distributed data resources within a given node, tracking by a group services client of those nodes that have the open distributed data resources, and using cluster membership services to update the local reference counts for node failures.Type: GrantFiled: March 31, 1999Date of Patent: July 1, 2003Assignee: International Business Machines CorporationInventors: Tushar Deepak Chandra, Ching-Yun Chao, Roger Eldred Hough, Daniel Ming-Te Hsieh, Rodolfo Augusto Mancisidor-Landa, Javashree Ramanathan, Amal Ahmed Shaheen
-
Patent number: 6549972Abstract: A method for providing control accesses between a device on a non-proprietary bus and a device on a proprietary bus is disclosed. A gateway controller is connected between a proprietary bus and a non-proprietary bus. A message originated from a device on the non-proprietary bus intended for a device on the proprietary bus is checked by the gateway controller to determine if a transmission of the message should be permitted according to a permitted message bitmap. The permitted message bitmap contains a list of devices on the non-proprietary bus that are previously registered as able to communicate with devices on the proprietary bus and a list of permitted messages associated with each of the devices on the non-proprietary bus. The transmission of the message to the device on the proprietary bus is denied if the message is not registered within the permitted message bitmap.Type: GrantFiled: November 22, 1999Date of Patent: April 15, 2003Assignee: International Business Machines CorporationInventors: Viktors Berstis, George Willard Van Leeuwen, Steven Michael Pritko, Amal Ahmed Shaheen
-
Patent number: 6529960Abstract: A method for replicating data in a distributed computer environment wherein a plurality of servers are configured about one or more central hubs in a hub and spoke arrangement. In each of a plurality of originating nodes, updates and associated origination sequence numbers are sent to the central hub. The hub sends updates and associated distribution sequence numbers to the plurality of originating nodes. The hub tracks acknowledgments sent by nodes for a destination sequence number acknowledged by all nodes. Thereafter, a highest origination sequence number is sent from the central hub back to each originating node.Type: GrantFiled: June 29, 2001Date of Patent: March 4, 2003Assignee: International Business Machines CorporationInventors: Ching-Yun Chao, Roger Eldred Hough, Amal Ahmed Shaheen
-
Patent number: 6363495Abstract: A method in a computer for handling a network partition of a clustered computer system, wherein the computer is part of a number of computers located within the cluster. Data is periodically written into a data structure in a shared resource, wherein the data provides a status of the computer and wherein a data structure is associated with each cluster node. Monitoring for a partition of the cluster is performed. All data structures located in the shared resource are read in response to detecting a network partition of the cluster. A determination is made as to whether the computer is in the preferred partition, one containing the largest number of computers or is otherwise determined to be viable for continued operation. Should the computer determine that it is not a member of a preferred or otherwise viable partition, it must relinquish access to shared cluster resources requiring mutually exclusive access, such as a database on a shared disk volume.Type: GrantFiled: January 19, 1999Date of Patent: March 26, 2002Assignee: International Business Machines CorporationInventors: Kenneth Bruce MacKenzie, Richard James McCarty, Amal Ahmed Shaheen
-
Patent number: 6338092Abstract: A method for replicating data in a distributed computer environment wherein a plurality of servers are configured about one or more central hubs in a hub and spoke arrangement. In each of a plurality of originating nodes, updates and associated origination sequence numbers are sent to the central hub. The hub sends updates and associated distribution sequence numbers to the plurality of originating nodes. The hub tracks acknowledgments sent by nodes for a destination sequence number acknowledged by all nodes. Thereafter, a highest origination sequence number is sent from the central hub back to each originating node.Type: GrantFiled: September 24, 1998Date of Patent: January 8, 2002Assignee: International Business Machines CorporationInventors: Ching-Yun Chao, Roger Eldred Hough, Amal Ahmed Shaheen
-
Patent number: 6335937Abstract: A node failure recovery mechanism for use in a data replicating system in a distributed computer environment wherein a plurality of servers are configured about one or more central hubs in a hub and spoke arrangement. In each of a plurality of originating nodes, updates and associated origination sequence numbers are sent to the central hub. The hub sends updates and associated distribution sequence numbers to the plurality of originating nodes. The hub tracks acknowledgments sent by nodes for a destination sequence number acknowledged by all nodes. Upon failure of a node, a node failure recovery method may be used to enable a “buddy” node to help the failed node gain readmission to a distribution group.Type: GrantFiled: September 24, 1998Date of Patent: January 1, 2002Assignee: International Business Machines Corp.Inventors: Ching-Yun Chao, Roger Eldred Hough, Amal Ahmed Shaheen
-
Publication number: 20010037398Abstract: A method for replicating data in a distributed computer environment wherein a plurality of servers are configured about one or more central hubs in a hub and spoke arrangement. In each of a plurality of originating nodes, updates and associated origination sequence numbers are sent to the central hub. The hub sends updates and associated distribution sequence numbers to the plurality of originating nodes. The hub tracks acknowledgments sent by nodes for a destination sequence number acknowledged by all nodes. Thereafter, a highest origination sequence number is sent from the central hub back to each originating node.Type: ApplicationFiled: June 29, 2001Publication date: November 1, 2001Inventors: Ching-Yun Chao, Roger Eldred Hough, Amal Ahmed Shaheen