Patents by Inventor Brian D. Valentine
Brian D. Valentine has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11503030Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: August 6, 2019Date of Patent: November 15, 2022Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 11494174Abstract: In an approach, a processor receives input data comprising: (i) a code level for an update, (ii) a scheduled time for the update; (iii) a target system for the update, and (iv) authorization data, where the authorization data: (i) allows for scheduling of the update and (ii) is provided via a channel external from a connection to the target system without an inbound connection. A processor receives a set of data from the target system. A processor, responsive to receiving the set of data from the target system, sends a response packet to the target system that includes the input data. A processor receives, at the scheduled time, a request to process the update. A processor, responsive to the request, sends code for processing the update corresponding to the code level for the update. A processor receives status messages corresponding to progress of the update.Type: GrantFiled: October 14, 2020Date of Patent: November 8, 2022Assignee: International Business Machines CorporationInventors: Brian D Valentine, John Dale Eggleston, Brent J. Boisvert, Michael J Allen, Michael Lucks, Brendon Drew
-
Publication number: 20220113954Abstract: In an approach, a processor receives input data comprising: (i) a code level for an update, (ii) a scheduled time for the update; (iii) a target system for the update, and (iv) authorization data, where the authorization data: (i) allows for scheduling of the update and (ii) is provided via a channel external from a connection to the target system without an inbound connection. A processor receives a set of data from the target system. A processor, responsive to receiving the set of data from the target system, sends a response packet to the target system that includes the input data. A processor receives, at the scheduled time, a request to process the update. A processor, responsive to the request, sends code for processing the update corresponding to the code level for the update. A processor receives status messages corresponding to progress of the update.Type: ApplicationFiled: October 14, 2020Publication date: April 14, 2022Inventors: Brian D. Valentine, John Dale Eggleston, Brent J. Boisvert, Michael J. Allen, Michael Lucks, Brendon Drew
-
Patent number: 11176255Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: December 13, 2019Date of Patent: November 16, 2021Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20200117806Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: December 13, 2019Publication date: April 16, 2020Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 10528708Abstract: Embodiments include method, systems and computer program products for preventing unauthorized resource updates. In some embodiments, it may be determined that a mainframe computer is not within a service period. A control file may be obtained and decrypted. Using the decrypted control file, the mainframe computer may be determined to be authorized. An available resource update file may be selected based on a determination that the mainframe computer is authorized. An update to a resource of the mainframe computer may be facilitated based on the available resource update file.Type: GrantFiled: December 16, 2016Date of Patent: January 7, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael J. Allen, Brent J. Boisvert, Michael S. Bomar, John D. Eggleston, Ruben O. Manso, Brian D. Valentine
-
Patent number: 10528740Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: June 15, 2017Date of Patent: January 7, 2020Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20190364048Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: August 6, 2019Publication date: November 28, 2019Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 10397230Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: June 15, 2017Date of Patent: August 27, 2019Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20180365422Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: June 15, 2017Publication date: December 20, 2018Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20180365424Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: June 15, 2017Publication date: December 20, 2018Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20180173857Abstract: Embodiments include method, systems and computer program products for preventing unauthorized resource updates. In some embodiments, it may be determined that a mainframe computer is not within a service period. A control file may be obtained and decrypted. Using the decrypted control file, the mainframe computer may be determined to be authorized. An available resource update file may be selected based on a determination that the mainframe computer is authorized. An update to a resource of the mainframe computer may be facilitated based on the available resource update file.Type: ApplicationFiled: December 16, 2016Publication date: June 21, 2018Inventors: Michael J. Allen, Brent J. Boisvert, Michael S. Bomar, John D. Eggleston, Ruben O. Manso, Brian D. Valentine
-
Patent number: 9607135Abstract: A system and method of managing a plurality of assets by associating a smart card with a compute subsystem by installing a database on the smart card and embedding an identifier of the compute subsystem. The system and method, in turn, may receive a request to access an asset of a compute subsystem; verify that a feature of the database is enabled in response to the request, the feature corresponding to the asset; and grant the access to access the asset upon the verifying of the feature.Type: GrantFiled: August 13, 2015Date of Patent: March 28, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: James R. Coon, Richard J. Gusefski, Franz Hardt, Roger D. Krsnak, Jakob C. Lang, Victor M. Lourenco, Jan Schneider, Garry J. Sullivan, Brian D. Valentine
-
Patent number: 9424406Abstract: A system and method of managing a plurality of assets by associating a smart card with a compute subsystem by installing a database on the smart card and embedding an identifier of the compute subsystem. The system and method, in turn, may receive a request to access an asset of a compute subsystem; verify that a feature of the database is enabled in response to the request, the feature corresponding to the asset; and grant the access to access the asset upon the verifying of the feature.Type: GrantFiled: September 9, 2014Date of Patent: August 23, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: James R. Coon, Richard J. Gusefski, Franz Hardt, Roger D. Krsnak, Jakob C. Lang, Victor M. Lourenco, Jan Schneider, Garry J. Sullivan, Brian D. Valentine
-
Publication number: 20160070893Abstract: A system and method of managing a plurality of assets by associating a smart card with a compute subsystem by installing a database on the smart card and embedding an identifier of the compute subsystem. The system and method, in turn, may receive a request to access an asset of a compute subsystem; verify that a feature of the database is enabled in response to the request, the feature corresponding to the asset; and grant the access to access the asset upon the verifying of the feature.Type: ApplicationFiled: September 9, 2014Publication date: March 10, 2016Inventors: James R. Coon, Richard J. Gusefski, Franz Hardt, Roger D. Krsnak, Jakob C. Lang, Victor M. Lourenco, Jan Schneider, Garry J. Sullivan, Brian D. Valentine
-
Publication number: 20160070921Abstract: A system and method of managing a plurality of assets by associating a smart card with a compute subsystem by installing a database on the smart card and embedding an identifier of the compute subsystem. The system and method, in turn, may receive a request to access an asset of a compute subsystem; verify that a feature of the database is enabled in response to the request, the feature corresponding to the asset; and grant the access to access the asset upon the verifying of the feature.Type: ApplicationFiled: August 13, 2015Publication date: March 10, 2016Inventors: JAMES R. COON, RICHARD J. GUSEFSKI, FRANZ HARDT, ROGER D. KRSNAK, JAKOB C. LANG, VICTOR M. LOURENCO, JAN SCHNEIDER, GARRY J. SULLIVAN, BRIAN D. VALENTINE
-
Patent number: 9086918Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.Type: GrantFiled: December 20, 2012Date of Patent: July 21, 2015Assignee: INTERNATIONAL BUSINESS MACHINESS CORPORATIONInventors: Andreas Bieswanger, Patrick J. Callaghan, Joseph M. Gdaniec, Harm I. Osterndorf, Paul E. Rogers, Kurt N. Schroeder, Brian D. Valentine, Eric W. Weinmann, Friedrich M. Welter
-
Patent number: 9081613Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.Type: GrantFiled: November 2, 2010Date of Patent: July 14, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Andreas Bieswanger, Patrick J. Callaghan, Joseph M. Gdaniec, Harm I. Osterndorf, Kurt N. Schroeder, Paul E. Rogers, Brian D. Valentine, Eric A. Weinmann, Friedrich M. Welter
-
Publication number: 20120110588Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.Type: ApplicationFiled: November 2, 2010Publication date: May 3, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Andreas Bieswanger, Patrick J. Callaghan, Joseph M. Gdaniec, Harm I. Osterndorf, Kurt N. Schroeder, Paul E. Rogers, Brian D. Valentine, Eric A. Weinmann, Friedrich M. Welter