Patents by Inventor Andrew Gregory Kegel
Andrew Gregory Kegel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8707383Abstract: A computer implemented method, data processing system, and computer program product for managing computer workloads with security policy enforcement. When a determination is made that a component in a data processing system has failed to meet processing requirements, a candidate host to where the component may be migrated based on performance considerations is identified. A first security policy associated with the component is compared to a second security policy associated with the candidate host to determine if the first security policy is equivalent to or stronger than the second security policy. Responsive to a determination that the first security policy is equivalent to or stronger than the second security policy, the component is migrated to the candidate host.Type: GrantFiled: August 16, 2006Date of Patent: April 22, 2014Assignee: International Business Machines CorporationInventors: Steven A. Bade, Andrew Gregory Kegel, Ronald Perez, Brian D. You
-
Patent number: 8065522Abstract: A method, an apparatus, a system, and a computer program product is presented for virtualizing trusted platform modules within a data processing system. A virtual trusted platform module along with a virtual endorsement key is created within a physical trusted platform module within the data processing system using a platform signing key of the physical trusted platform module, thereby providing a transitive trust relationship between the virtual trusted platform module and the core root of trust for the trusted platform. The virtual trusted platform module can be uniquely associated with a partition in a partitionable runtime environment within the data processing system.Type: GrantFiled: May 22, 2008Date of Patent: November 22, 2011Assignee: International Business Machines CorporationInventors: Steven A. Bade, Linda Nancy Betz, Andrew Gregory Kegel, Michael J. Kelly, William Lee Terrell
-
Patent number: 8055912Abstract: Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.Type: GrantFiled: November 19, 2009Date of Patent: November 8, 2011Assignee: International Business Machines CorporationInventors: Steven A. Bade, Linda Nancy Betz, Andrew Gregory Kegel, David R. Safford, Leendert Peter Van Doorn
-
Patent number: 7900059Abstract: A method, system and computer program product for implementing general purpose PCRs with extended semantics (referred to herein as “ePCRs”) in a trusted, measured software module. The module is designed to run in one of a hypervisor context, an isolated partition, or under other isolated configurations. Because the software module is provided using trusted (measured) code, the software implementing the PCRs is able to run as a simple software process in the operating system (OS), as long as the software is first measured and logged. The software-implemented ePCRs are generated as needed to record specific measurements of the software and hardware elements on which an application depends, and the ePCRs are able to ignore other non-dependencies.Type: GrantFiled: December 13, 2005Date of Patent: March 1, 2011Assignee: International Business Machines CorporationInventors: Steven A. Bade, Andrew Gregory Kegel, Leendert Peter Van Doorn
-
Publication number: 20100070781Abstract: Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.Type: ApplicationFiled: November 19, 2009Publication date: March 18, 2010Inventors: Steven A. Bade, Linda Nancy Betz, Andrew Gregory Kegel, David R. Safford, Leendert Peter Van Doorn
-
Patent number: 7664965Abstract: Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.Type: GrantFiled: April 29, 2004Date of Patent: February 16, 2010Assignee: International Business Machines CorporationInventors: Steven A. Bade, Linda Nancy Betz, Andrew Gregory Kegel, David R. Safford, Leendert Peter Van Doorn
-
Publication number: 20090327700Abstract: A method, an apparatus, a system, and a computer program product is presented for virtualizing trusted platform modules within a data processing system. A virtual trusted platform module along with a virtual endorsement key is created within a physical trusted platform module within the data processing system using a platform signing key of the physical trusted platform module, thereby providing a transitive trust relationship between the virtual trusted platform module and the core root of trust for the trusted platform. The virtual trusted platform module can be uniquely associated with a partition in a partitionable runtime environment within the data processing system.Type: ApplicationFiled: May 22, 2008Publication date: December 31, 2009Inventors: Steven A. Blade, Linda Nancy Betz, Andrew Gregory Kegel, Michael J. Kelly, William Lee Terrell
-
Patent number: 7380119Abstract: A method, an apparatus, a system, and a computer program product is presented for virtualizing trusted platform modules within a data processing system. A virtual trusted platform module along with a virtual endorsement key is created within a physical trusted platform module within the data processing system using a platform signing key of the physical trusted platform module, thereby providing a transitive trust relationship between the virtual trusted platform module and the core root of trust for the trusted platform. The virtual trusted platform module can be uniquely associated with a partition in a partitionable runtime environment within the data processing system.Type: GrantFiled: April 29, 2004Date of Patent: May 27, 2008Assignee: International Business Machines CorporationInventors: Steven A. Bade, Linda Nancy Betz, Andrew Gregory Kegel, Michael J. Kelly, William Lee Terrell
-
Publication number: 20080046960Abstract: A computer implemented method, data processing system, and computer program product for managing computer workloads with security policy enforcement. When a determination is made that a component in a data processing system has failed to meet processing requirements, a candidate host to where the component may be migrated based on performance considerations is identified. A first security policy associated with the component is compared to a second security policy associated with the candidate host to determine if the first security policy is equivalent to or stronger than the second security policy. Responsive to a determination that the first security policy is equivalent to or stronger than the second security policy, the component is migrated to the candidate host.Type: ApplicationFiled: August 16, 2006Publication date: February 21, 2008Inventors: Steven A. Bade, Andrew Gregory Kegel, Ronald Perez, Brian D. You