Patents by Inventor David Haikney
David Haikney has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10620936Abstract: Updating boot components in compliance with a chain of trust by loading a boot component update forming part of the chain of trust during a boot process in an execution environment. Boot component measurements are detected and stored as a revised set of attestation values for retrieval by an attestation system. Performing the boot component update upon determining a pass indication for the chain of trust including the boot component update.Type: GrantFiled: May 1, 2018Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: David A. Gilbert, David Haikney, James W. Walker
-
Patent number: 10108413Abstract: This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred.Type: GrantFiled: January 12, 2016Date of Patent: October 23, 2018Assignee: International Business Machines CorporationInventors: David A. Gilbert, David Haikney, James W. Walker
-
Publication number: 20180246709Abstract: Updating boot components in compliance with a chain of trust by loading a boot component update forming part of the chain of trust during a boot process in an execution environment. Boot component measurements are detected and stored as a revised set of attestation values for retrieval by an attestation system. Performing the boot component update upon determining a pass indication for the chain of trust including the boot component update.Type: ApplicationFiled: May 1, 2018Publication date: August 30, 2018Inventors: David A. Gilbert, David Haikney, James W. Walker
-
Patent number: 10007510Abstract: This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred.Type: GrantFiled: January 12, 2016Date of Patent: June 26, 2018Assignee: International Business Machines CorporationInventors: David A. Gilbert, David Haikney, James W. Walker
-
Patent number: 9891947Abstract: A system, method, and computer program product for controlling migration of a VM operable on a first site and a second site. The system includes an identify component for identifying the second site; a request component for sending a consent request message to a software component, wherein the consent request message comprises at least one of an identifier of the VM and an identifier of the second site; a calculate component, operable on the software component and responsive to receiving the consent request message, for determining consent for the second site; a send component, responsive to a positive determination, for sending a consent message; and a migrate component, responsive to receiving the consent message, for migrating the VM from the first site to the second site.Type: GrantFiled: March 8, 2017Date of Patent: February 13, 2018Assignee: International Business Machines CorporationInventors: David Gilbert, David Haikney, David MacKintosh
-
Publication number: 20170242724Abstract: A system, method, and computer program product for controlling migration of a VM operable on a first site and a second site. The system includes an identify component for identifying the second site; a request component for sending a consent request message to a software component, wherein the consent request message comprises at least one of an identifier of the VM and an identifier of the second site; a calculate component, operable on the software component and responsive to receiving the consent request message, for determining consent for the second site; a send component, responsive to a positive determination, for sending a consent message; and a migrate component, responsive to receiving the consent message, for migrating the VM from the first site to the second site.Type: ApplicationFiled: March 8, 2017Publication date: August 24, 2017Inventors: DAVID GILBERT, DAVID HAIKNEY, DAVID MACKINTOSH
-
Patent number: 9612855Abstract: A system, method, and computer program product for controlling migration of a VM operable on a first site and a second site. The system includes an identify component for identifying the second site; a request component for sending a consent request message to a software component, wherein the consent request message comprises at least one of an identifier of the VM and an identifier of the second site; a calculate component, operable on the software component and responsive to receiving the consent request message, for determining consent for the second site; a send component, responsive to a positive determination, for sending a consent message; and a migrate component, responsive to receiving the consent message, for migrating the VM from the first site to the second site.Type: GrantFiled: January 10, 2012Date of Patent: April 4, 2017Assignee: International Business Machines CorporationInventors: David Gilbert, David Haikney, David Mackintosh
-
Patent number: 9558026Abstract: A system, method, and computer program product for controlling migration of a VM operable on a first site and a second site. The system includes an identify component for identifying the second site; a request component for sending a consent request message to a software component, wherein the consent request message comprises at least one of an identifier of the VM and an identifier of the second site; a calculate component, operable on the software component and responsive to receiving the consent request message, for determining consent for the second site; a send component, responsive to a positive determination, for sending a consent message; and a migrate component, responsive to receiving the consent message, for migrating the VM from the first site to the second site.Type: GrantFiled: February 28, 2013Date of Patent: January 31, 2017Assignee: International Business Machines CorporationInventors: David A. Gilbert, David Haikney, David N. Mackintosh
-
Patent number: 9489232Abstract: A technique for attesting a plurality of data processing systems includes generating a logical grouping for a data processing system. The logical grouping is associated with a rule that describes a condition that must be met in order for the data processing system to be considered trusted. A list of one or more children associated with the logical grouping is retrieved. The one or more children are attested to determine whether each of the one or more children is trusted. In response to the attesting, the rule is applied to determine whether the condition has been met in order for the data processing system to be considered trusted. A plurality of logical groupings is associated to determine whether an associated plurality of data processing systems can be considered trusted.Type: GrantFiled: September 20, 2011Date of Patent: November 8, 2016Assignee: International Business Machines CorporationInventors: David Haikney, David Nigel Mackintosh, Jose Juan Palacios Perez
-
Publication number: 20160162285Abstract: This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred.Type: ApplicationFiled: January 12, 2016Publication date: June 9, 2016Inventors: David A. Gilbert, David Haikney, James W. Walker
-
Publication number: 20160162396Abstract: This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred.Type: ApplicationFiled: January 12, 2016Publication date: June 9, 2016Inventors: David A. Gilbert, David Haikney, James W. Walker
-
Patent number: 9317276Abstract: This invention relates to updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred. The installing of the new version of the component comprises: identifying an updater associated with new version of the component; measuring an identifying characteristic of the identified updater; loading and installing the new version of the component; and making both the identifying measurement of the updater and the new version of the component available to the attestation system.Type: GrantFiled: January 10, 2012Date of Patent: April 19, 2016Assignee: International Business Machines CorporationInventors: David A. Gilbert, David Haikney, James W. Walker
-
Patent number: 9251349Abstract: Attesting a virtual machine that is migrating from a first environment to a second environment includes in response to initiation of migration of the virtual machine from the first environment to the second environment, accessing one or more stored trust values generated during the trusted boot of the virtual machine in the first environment, determining if the accessed trust values define a security setting sufficient for the second environment, and if the accessed trust values do not define a security setting sufficient for the second environment, performing a predetermined action in relation to the migration of the virtual machine to the second environment.Type: GrantFiled: February 28, 2013Date of Patent: February 2, 2016Assignee: International Business Machines CorporationInventors: David Haikney, Shawn P. Mullen, James W. Walker
-
Patent number: 9250951Abstract: A technique for attesting a plurality of data processing systems includes generating a logical grouping for a data processing system. The logical grouping is associated with a rule that describes a condition that must be met in order for the data processing system to be considered trusted. A list of one or more children associated with the logical grouping is retrieved. The one or more children are attested to determine whether each of the one or more children is trusted. In response to the attesting, the rule is applied to determine whether the condition has been met in order for the data processing system to be considered trusted. A plurality of logical groupings is associated to determine whether an associated plurality of data processing systems can be considered trusted.Type: GrantFiled: September 30, 2013Date of Patent: February 2, 2016Assignee: International Business Machines CorporationInventors: David Haikney, David Nigel Mackintosh, Jose Juan Palacios Perez
-
Patent number: 9075994Abstract: An attestation technique is provided for processing attestation data associated with a plurality of data processing systems. A first data processing system is operable for receiving a request for attestation from a requester. In response to receiving the request, the first data processing system is further operable for retrieving a list of one or more children, wherein the one or more children include the second data processing system; retrieving and storing attestation data associated with each of the one or more children; retrieving and storing attestation data associated with the first data processing system; and sending to the requester a concatenated response containing the attestation data associated with the first data processing system and the child attestation data associated with the one or more children.Type: GrantFiled: April 30, 2012Date of Patent: July 7, 2015Assignee: International Business Machines CorporationInventors: David Haikney, David N. Mackintosh, Jose J. P. Perez
-
Publication number: 20150047042Abstract: A technique for validating a distributed denial of service attack against a computer network service associated with a computing device adapted to be connected to a computer network includes monitoring requests to the computer network service on the computer network. Social media for current trending topics or popular items is monitored to detect content directly linked to content located on the computing device or directly related to content located on the computing device. Responsive to the monitoring requests to the computer network service indicating an increased number of requests and the monitoring social media indicating that content located on the computing device or directly related to content located on the computing device is currently trending or popular, a response provided to the requests to the computer network service is modified to avoid overloading the computer network service.Type: ApplicationFiled: September 19, 2014Publication date: February 12, 2015Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: DAVID HAIKNEY, RICHARD MARSTON, PATRICK VARLEY
-
Publication number: 20150047038Abstract: A technique for validating a distributed denial of service attack against a computer network service associated with a computing device adapted to be connected to a computer network includes monitoring requests to the computer network service on the computer network. Social media for current trending topics or popular items is monitored to detect content directly linked to content located on the computing device or directly related to content located on the computing device. Responsive to the monitoring requests to the computer network service indicating an increased number of requests and the monitoring social media indicating that content located on the computing device or directly related to content located on the computing device is currently trending or popular, a response provided to the requests to the computer network service is modified to avoid overloading the computer network service.Type: ApplicationFiled: August 4, 2014Publication date: February 12, 2015Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: DAVID HAIKNEY, RICHARD MARSTON, PATRICK VARLEY
-
Publication number: 20140173598Abstract: Attesting a virtual machine that is migrating from a first environment to a second environment includes in response to initiation of migration of the virtual machine from the first environment to the second environment, accessing one or more stored trust values generated during the trusted boot of the virtual machine in the first environment, determining if the accessed trust values define a security setting sufficient for the second environment, and if the accessed trust values do not define a security setting sufficient for the second environment, performing a predetermined action in relation to the migration of the virtual machine to the second environment.Type: ApplicationFiled: February 28, 2013Publication date: June 19, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: DAVID Haikney, Shawn P. Mullen, James W. Walker
-
Publication number: 20140157268Abstract: A system, method, and computer program product for controlling migration of a VM operable on a first site and a second site. The system includes an identify component for identifying the second site; a request component for sending a consent request message to a software component, wherein the consent request message comprises at least one of an identifier of the VM and an identifier of the second site; a calculate component, operable on the software component and responsive to receiving the consent request message, for determining consent for the second site; a send component, responsive to a positive determination, for sending a consent message; and a migrate component, responsive to receiving the consent message, for migrating the VM from the first site to the second site.Type: ApplicationFiled: February 28, 2013Publication date: June 5, 2014Inventors: David A. Gilbert, David Haikney, David N. MacKintosh
-
Publication number: 20140033210Abstract: A technique for attesting a plurality of data processing systems includes generating a logical grouping for a data processing system. The logical grouping is associated with a rule that describes a condition that must be met in order for the data processing system to be considered trusted. A list of one or more children associated with the logical grouping is retrieved. The one or more children are attested to determine whether each of the one or more children is trusted. In response to the attesting, the rule is applied to determine whether the condition has been met in order for the data processing system to be considered trusted. A plurality of logical groupings is associated to determine whether an associated plurality of data processing systems can be considered trusted.Type: ApplicationFiled: September 30, 2013Publication date: January 30, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: David Haikney, David Nigel Mackintosh, Jose Juan Palacios Perez