Patents by Inventor Angel Nunez Mencias
Angel Nunez Mencias has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11360963Abstract: An example operation may include one or more of receiving a unique identifier and a security value from an object, retrieving a previously stored security value of the object from a database based on the received unique identifier, determining that the object is verified based on the received security value and the previously stored security value, and modifying the previously stored security value to generate a modified security value and transmitting the modified security value to the database.Type: GrantFiled: September 24, 2019Date of Patent: June 14, 2022Assignee: International Business Machines CorporationInventors: Klaus Werner, Jakob Christopher Lang, Joerg Schmidbauer, Angel Nunez Mencias
-
Publication number: 20220108015Abstract: A method includes: federating, by a computer device, a proxy hardware security module from a physical hardware security module; storing, by the computer device, the proxy hardware security module; receiving, by the computer device, a first one of a plurality of periodic identifying communications from the physical hardware security module; and erasing, by the computer device, the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications.Type: ApplicationFiled: December 16, 2021Publication date: April 7, 2022Inventors: Erlander LO, Karunakar BOJJIREDDY, Angel NUNEZ MENCIAS, Marco PAVONE
-
Patent number: 11222117Abstract: A computer program product, the computer program product including a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer device to cause the computer device to: federate a proxy hardware security module from a physical hardware security module; store the proxy hardware security module; receive a first one of a plurality of periodic identifying communications from the physical hardware security module; and erase the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications.Type: GrantFiled: September 27, 2018Date of Patent: January 11, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Erlander Lo, Karunakar Bojjireddy, Angel Nunez Mencias, Marco Pavone
-
Patent number: 11204881Abstract: Technology for decrypting and using a security module in a processor cache in a secure mode such that dynamic address translation prevents access to portions of the volatile memory outside of a secret store in a volatile memory.Type: GrantFiled: November 27, 2019Date of Patent: December 21, 2021Assignee: International Business Machines CorporationInventors: Angel Nunez Mencias, Jakob C. Lang, Martin Recktenwald, Ulrich Mayer
-
Patent number: 11176253Abstract: A method includes: federating, by a computer device, a proxy hardware security module from a physical hardware security module; storing, by the computer device, the proxy hardware security module; receiving, by the computer device, a first one of a plurality of periodic identifying communications from the physical hardware security module; and erasing, by the computer device, the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications.Type: GrantFiled: July 12, 2019Date of Patent: November 16, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Erlander Lo, Karunakar Bojjireddy, Angel Nunez Mencias, Marco Pavone
-
Patent number: 11176245Abstract: Aspects of the invention include obtaining, via a processor, an original docker image from a customer, encrypting a disk image using content from the original docker image and encrypting a bootloader. A re-packaged image is created using the encrypted disk image and the secure encrypted bootloader. The re-packaged image is deployed by inserting the re-package image into a pod container and by means of using a mutating webhook, granting elevated privileges to said container and creating a secured Kubernetes pod for protecting workloads, wherein the secured Kubernetes pod has at least one virtual machine containing the pod container.Type: GrantFiled: September 30, 2019Date of Patent: November 16, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Angel Nunez Mencias, Peter Morjan, Dirk Herrendoerfer, Preethi Polepalli Yeshwanth
-
Patent number: 11153316Abstract: Aspects of the invention include a computer-implemented method including providing, by a processor, a computing cluster having a plurality of cluster nodes and services. The method provides, by the processor, a limited catalog of services and restricts, by the processor, access of an administrator of the computing cluster to use of a service deployer, wherein the service deployer restricts administrator access to installation and administration of clusters and deployment of only the limited catalog of services.Type: GrantFiled: August 30, 2019Date of Patent: October 19, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Preethi Polepalli Yeshwanth, Angel Nunez Mencias, James Robert Magowan
-
Patent number: 11086850Abstract: Processing is provided for operating an in-memory database, wherein transaction data is stored by a persistence buffer in an FIFO queue, and update processor subsequently: waits for a trigger; extracts the last transactional data associated with a single transaction of the in-memory database from the FIFO memory queue; determines if the transaction data includes updates to data fields in the in-memory database which were already processed; and if not, then stores the extracted transaction data to a store queue, remembering the fields updated in the in-memory database, or otherwise updates the store queue with the extracted transaction data. The process continues until the extracting is complete, and the content of the store queue is periodically written into a persistent storage device.Type: GrantFiled: April 10, 2012Date of Patent: August 10, 2021Assignee: International Business Machines CorporationInventors: Natalia V. Ivanova, Edward McCarthy, Angel Nunez Mencias, Roland Seiffert
-
Patent number: 11082232Abstract: Auditably proving a usage history of an asset, in which the asset includes a hardware security module with at least a public key and a private key. A client application logs hash values of a pair of request data and response data. Usage history of the asset is proved. The proving includes verifying, using the public key, a signature of other hash values of the pair of request data and response data. The other hash values are signed with the private key. The proving further includes comparing the hash values logged by the client application with the other hash values.Type: GrantFiled: June 24, 2019Date of Patent: August 3, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Klaus Werner, Jakob C. Lang, Joerg Schmidbauer, Angel Nunez Mencias
-
Patent number: 11061666Abstract: A computer-implemented method for distributing computing tasks to individual computer systems from a first pool of first computer systems, characterized by controllers executing a specific firmware with a gateway to receive commands via a network and an orchestration unit, whereby in response to a request to perform a computing task, an available and suitable first computer system is selected. An available second computer system is selected from a second pool. A firmware image corresponding to a requested controller firmware level is selected, using a gateway connector to send commands to the gateways. A network connection is established between the gateway in the controller of the first computer system and the gateway connector in the second computer system. Execution of the firmware image is triggered.Type: GrantFiled: January 7, 2020Date of Patent: July 13, 2021Assignee: International Business Machines CorporationInventors: Thomas Pohl, Martin Tröster, Angel Nunez Mencias, Jakob Christopher Lang, Herwig Elfering
-
Publication number: 20210208873Abstract: A computer-implemented method for distributing computing tasks to individual computer systems from a first pool of first computer systems, characterized by controllers executing a specific firmware with a gateway to receive commands via a network and an orchestration unit, whereby in response to a request to perform a computing task, an available and suitable first computer system is selected. An available second computer system is selected from a second pool. A firmware image corresponding to a requested controller firmware level is selected, using a gateway connector to send commands to the gateways. A network connection is established between the gateway in the controller of the first computer system and the gateway connector in the second computer system. Execution of the firmware image is triggered.Type: ApplicationFiled: January 7, 2020Publication date: July 8, 2021Inventors: Thomas Pohl, Martin Tröster, Angel Nunez Mencias, Jakob Christopher Lang, Herwig Elfering
-
Publication number: 20210097169Abstract: Aspects of the invention include obtaining, via a processor, an original docker image from a customer, encrypting a disk image using content from the original docker image and encrypting a bootloader. A re-packaged image is created using the encrypted disk image and the secure encrypted bootloader. The re-packaged image is deployed by inserting the re-package image into a pod container and by means of using a mutating webhook, granting elevated privileges to said container and creating a secured Kubernetes pod for protecting workloads, wherein the secured Kubernetes pod has at least one virtual machine containing the pod container.Type: ApplicationFiled: September 30, 2019Publication date: April 1, 2021Inventors: Angel Nunez Mencias, Peter Morjan, Dirk Herrendoerfer, Preethi Polepalli Yeshwanth
-
Publication number: 20210089514Abstract: An example operation may include one or more of receiving a unique identifier and a security value from an object, retrieving a previously stored security value of the object from a database based on the received unique identifier, determining that the object is verified based on the received security value and the previously stored security value, and modifying the previously stored security value to generate a modified security value and transmitting the modified security value to the database.Type: ApplicationFiled: September 24, 2019Publication date: March 25, 2021Inventors: Klaus Werner, Jakob Christopher Lang, Joerg Schmidbauer, Angel Nunez Mencias
-
Publication number: 20210091960Abstract: An example operation may include one or more of receiving a signed storage request which comprises a unique identifier of an object, a public key of the object, and a signed security value associated with the object, determining, via code installed on a database node, whether the signed storage request is valid based on a signature of the signed storage request and a signature of the signed security value of the object, and in response to validation of the signed storage request, generating a storage object based on the signed storage request which includes the unique identifier, the public key of the object, and the signed security value, and storing the generated storage object in a database including the database node.Type: ApplicationFiled: September 24, 2019Publication date: March 25, 2021Inventors: Klaus Werner, Jakob Christopher Lang, Joerg Schmidbauer, Angel Nunez Mencias
-
Publication number: 20210067512Abstract: Aspects of the invention include a computer-implemented method including providing, by a processor, a computing cluster having a plurality of cluster nodes and services. The method provides, by the processor, a limited catalog of services and restricts, by the processor, access of an administrator of the computing cluster to use of a service deployer, wherein the service deployer restricts administrator access to installation and administration of clusters and deployment of only the limited catalog of services.Type: ApplicationFiled: August 30, 2019Publication date: March 4, 2021Inventors: Preethi Polepalli Yeshwanth, Angel Nunez Mencias, James Robert Magowan
-
Patent number: 10936325Abstract: A computer-implemented method, for booting a computer system, that provides a list with entries of startup processes. Each startup process defines a resource of the computer system. For each startup process a requirement is defined. The method further comprises fetching one of the entries of the list with entries of startup processes; determining whether the requirement is satisfied for the one of the entries of the list with entries of startup processes; fetching, in case the requirement is not fulfilled, a next one of the entries of the list with entries of startup processes; starting, in case the required resource is fulfilled, the startup process; and repeating the fetching a next one of the entries, the determining and the starting until all startup processes of the list of startup processes have been started.Type: GrantFiled: September 4, 2019Date of Patent: March 2, 2021Assignee: International Business Machines CorporationInventors: Reinhard T. Buendgen, Jakob C. Lang, Volker Boenisch, Angel Nunez Mencias
-
Patent number: 10891170Abstract: In an approach to grouping related tasks, one or more computer processors receive a first task initialization by a first user. The one or more computer processors determine whether one or more additional tasks contained in one or more task groups are in use by the first user. Responsive to determining one or more additional tasks contained in one or more task groups are in use, the one or more computer processors determine whether the first task is related to at least one task of the one or more additional tasks. Responsive to determining the first task is related to at least one task of the one or more additional tasks, the one or more computer processors add the first task to the task group containing the at least one related task of the one or more additional tasks.Type: GrantFiled: July 20, 2016Date of Patent: January 12, 2021Assignee: International Business Machines CorporationInventors: Volker M. Boenisch, Reinhard Buendgen, Franziska Geisert, Jakob C. Lang, Mareike Lattermann, Angel Nunez Mencias
-
Publication number: 20200403803Abstract: Auditably proving a usage history of an asset, in which the asset includes a hardware security module with at least a public key and a private key. A client application logs hash values of a pair of request data and response data. Usage history of the asset is proved. The proving includes verifying, using the public key, a signature of other hash values of the pair of request data and response data. The other hash values are signed with the private key. The proving further includes comparing the hash values logged by the client application with the other hash values.Type: ApplicationFiled: June 24, 2019Publication date: December 24, 2020Inventors: Klaus Werner, Jakob C. Lang, Joerg Schmidbauer, Angel Nunez Mencias
-
Publication number: 20200364057Abstract: An aspect includes receiving a software image file set and a capacity requirement at a software image distribution system. A software image is generated based on the software image file set. A license record is generated based on the capacity requirement. The software image and the license record are provided to an external interface of the software image distribution system. An installation action is triggered by the software image distribution system on to a machine based on a request of an ordering system.Type: ApplicationFiled: August 7, 2020Publication date: November 19, 2020Inventors: Fabian Kulmann, Angel Nunez Mencias, Benno Schuepferling, Jakob Christopher Lang
-
Patent number: 10789073Abstract: An aspect includes receiving a request to boot a software image on a machine including a plurality of processing units having different characteristics. A processing unit subtype identifier is extracted from a license record for the machine. The processing unit subtype identifier includes a software image type and an allocation of the processing units of the processing unit subtype. A processing unit capability of the machine is queried. The software image is enabled with the allocation of the processing units based on verifying that a software image identifier of the software image matches the software image type from the processing unit subtype identifier, and the processing unit capability of the machine meets the allocation of the processing units from the processing unit subtype.Type: GrantFiled: December 18, 2018Date of Patent: September 29, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Fabian Kulmann, Angel Nunez Mencias, Benno Schuepferling, Jakob Christopher Lang