Patents by Inventor David R. Safford
David R. Safford has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11503030Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: August 6, 2019Date of Patent: November 15, 2022Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 11176255Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: December 13, 2019Date of Patent: November 16, 2021Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 11025640Abstract: A method alters a computer resource in response to the computer resource moving from a first geolocation to a second geolocation. One or more processors receive a message indicating that a computer resource has moved from a first geolocation to a new geolocation. In response to receiving the message that the computer resource has moved from the first geolocation to the new geolocation, the processor(s) encrypt data that is stored on the computer resource, and apply decryption information to the encrypted data from the new geolocation, where the decryption information is specifically for decrypting encrypted data at the new geolocation. In response to the decryption information failing to decrypt the encrypted data at the new geolocation, the processor(s) and/or a user alter the computer resource.Type: GrantFiled: October 29, 2019Date of Patent: June 1, 2021Assignee: International Business Machines CorporationInventors: Ashish Kundu, Dimitrios Pendarakis, David R. Safford
-
Patent number: 10802990Abstract: Hardware mechanisms are provided for performing hardware based access control of instructions to data. These hardware mechanisms associate an instruction access policy label with an instruction to be processed by a processor and associate an operand access policy label with data to be processed by the processor. The instruction access policy label is passed along with the instruction through one or more hardware functional units of the processor. The operand access policy label is passed along with the data through the one or more hardware functional units of the processor. One or more hardware implemented policy engines associated with the one or more hardware functional units of the processor are utilized to control access by the instruction to the data based on the instruction access policy label and the operand access policy label.Type: GrantFiled: October 6, 2008Date of Patent: October 13, 2020Assignee: International Business Machines CorporationInventors: William E. Hall, Guerney D. H. Hunt, Paul A. Karger, Mark F. Mergen, David R. Safford, David C. Toll
-
Publication number: 20200117806Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: December 13, 2019Publication date: April 16, 2020Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20200067941Abstract: A method alters a computer resource in response to the computer resource moving from a first geolocation to a second geolocation. One or more processors receive a message indicating that a computer resource has moved from a first geolocation to a new geolocation. In response to receiving the message that the computer resource has moved from the first geolocation to the new geolocation, the processor(s) encrypt data that is stored on the computer resource, and apply decryption information to the encrypted data from the new geolocation, where the decryption information is specifically for decrypting encrypted data at the new geolocation. In response to the decryption information failing to decrypt the encrypted data at the new geolocation, the processor(s) and/or a user alter the computer resource.Type: ApplicationFiled: October 29, 2019Publication date: February 27, 2020Inventors: Ashish KUNDU, Dimitrios PENDARAKIS, David R. SAFFORD
-
Patent number: 10528740Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: June 15, 2017Date of Patent: January 7, 2020Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 10528524Abstract: A method, system, and/or computer program product modify a computer resource that has been moved to a new geolocation. One or more processors detect that a geolocation of a software resource has changed to a new geolocation. In response to detecting that the geolocation of the software resource has changed to the new geolocation, the processor(s) apply a geolocation based resource policy to alter the software resource.Type: GrantFiled: January 3, 2017Date of Patent: January 7, 2020Assignee: International Business Machines CorporationInventors: Ashish Kundu, Dimitrios Pendarakis, David R. Safford
-
Patent number: 10516676Abstract: A processor-implemented method alters a computer resource based on its new geolocation. One or more processors receive a message that a computer resource has moved from a first geolocation to a new geolocation. The processor(s) receive an identifier of the new geolocation for the computer resource. In response to receiving the identifier of the new geolocation for the computer resource, the processor(s) request and receive encrypted data from the new geolocation. The processor(s) apply decryption information to the encrypted data from the new geolocation, where the decryption information is specifically for decrypting encrypted data from the new geolocation. In response to the decryption information failing to decrypt the encrypted data from the new geolocation, the processor(s) determine that the identifier of the new geolocation is false and apply a geolocation based resource policy to alter the computer resource at the new geolocation.Type: GrantFiled: January 3, 2017Date of Patent: December 24, 2019Assignee: International Business Machines CorporationInventors: Ashish Kundu, Dimitrios Pendarakis, David R. Safford
-
Publication number: 20190364048Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: August 6, 2019Publication date: November 28, 2019Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 10397230Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: June 15, 2017Date of Patent: August 27, 2019Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 10255463Abstract: A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.Type: GrantFiled: November 17, 2008Date of Patent: April 9, 2019Assignee: International Business Machines CorporationInventors: William E. Hall, Guerney D. H. Hunt, Paul A. Karger, Mark F. Mergen, David R. Safford, David C. Toll
-
Patent number: 10228924Abstract: Examples of techniques for deploying an application on a cloud environment satisfying integrity and geo-fencing constraints are disclosed herein. A computer implemented method may include: receiving a guest application for deployment on a cloud environment; receiving the integrity constraints on the integrity of each of the plurality of host where the application is to be deployed; receiving geo-fencing constraints identifying a geographic location where the guest application is to be deployed; determining for which of the plurality of hosts the integrity constraints and the geo-fencing constraints are satisfied; and deploying the guest application on at least one of the plurality of hosts that satisfy the integrity constraints and the geo-fencing constraints.Type: GrantFiled: April 19, 2016Date of Patent: March 12, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Stefan Berger, Kenneth A. Goldman, Simon J. Kofkin-Hansen, Hui Lei, Vijay K. Naik, Dimitrios Pendarakis, Jayaram Kallapalayam Radhakrishnan, David R. Safford, Shu Tao
-
Publication number: 20180365424Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: June 15, 2017Publication date: December 20, 2018Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20180365422Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: June 15, 2017Publication date: December 20, 2018Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20180191733Abstract: A processor-implemented method alters a computer resource based on its new geolocation. One or more processors receive a message that a computer resource has moved from a first geolocation to a new geolocation. The processor(s) receive an identifier of the new geolocation for the computer resource. In response to receiving the identifier of the new geolocation for the computer resource, the processor(s) request and receive encrypted data from the new geolocation. The processor(s) apply decryption information to the encrypted data from the new geolocation, where the decryption information is specifically for decrypting encrypted data from the new geolocation. In response to the decryption information failing to decrypt the encrypted data from the new geolocation, the processor(s) determine that the identifier of the new geolocation is false and apply a geolocation based resource policy to alter the computer resource at the new geolocation.Type: ApplicationFiled: January 3, 2017Publication date: July 5, 2018Inventors: ASHISH KUNDU, DIMITRIOS PENDARAKIS, DAVID R. SAFFORD
-
Publication number: 20180189308Abstract: A method, system, and/or computer program product modify a computer resource that has been moved to a new geolocation. One or more processors detect that a geolocation of a software resource has changed to a new geolocation. In response to detecting that the geolocation of the software resource has changed to the new geolocation, the processor(s) apply a geolocation based resource policy to alter the software resource.Type: ApplicationFiled: January 3, 2017Publication date: July 5, 2018Inventors: ASHISH KUNDU, DIMITRIOS PENDARAKIS, DAVID R. SAFFORD
-
Patent number: 9996709Abstract: A secure computer architecture is provided. With this architecture, data is received, in a component of an integrated circuit chip implementing the secure computer architecture, for transmission across a data communication link. The data is converted, by the component, to one or more first fixed length frames. The one or more first fixed length frames are then transmitted, by the component, on the data communication link in a continuous stream of frames. The continuous stream of frames includes one or more second fixed length frames generated when no data is available for inclusion in the frames of the continuous stream.Type: GrantFiled: September 13, 2012Date of Patent: June 12, 2018Assignee: International Business Machines CorporationInventors: William E. Hall, Guerney D. H. Hunt, Paul A. Karger, Mark F. Mergen, David R. Safford, David C. Toll
-
Publication number: 20170300309Abstract: Examples of techniques for deploying an application on a cloud environment satisfying integrity and geo-fencing constraints are disclosed herein. A computer implemented method may include: receiving a guest application for deployment on a cloud environment; receiving the integrity constraints on the integrity of each of the plurality of host where the application is to be deployed; receiving geo-fencing constraints identifying a geographic location where the guest application is to be deployed; determining for which of the plurality of hosts the integrity constraints and the geo-fencing constraints are satisfied; and deploying the guest application on at least one of the plurality of hosts that satisfy the integrity constraints and the geo-fencing constraints.Type: ApplicationFiled: April 19, 2016Publication date: October 19, 2017Inventors: STEFAN BERGER, KENNETH A. GOLDMAN, SIMON J. KOFKIN-HANSEN, HUI LEI, VIJAY K. NAIK, DIMITRIOS PENDARAKIS, JAYARAM KALLAPALAYAM RADHAKRISHNAN, DAVID R. SAFFORD, SHU TAO
-
Patent number: 9075644Abstract: A mechanism is provided for performing secure recursive virtualization of a computer system. A portion of memory is allocated by a virtual machine monitor (VMM) or an operating system (OS) to a new domain. An initial program for the new domain is loaded into the portion of memory. Secure recursive virtualization firmware (SVF) in the data processing system is called to request that the new domain be generated. A determination is made as to whether the call is from a privileged domain or a non-privileged domain. Responsive to the request being from a privileged domain, all access to the new domain is removed from any other domain in the data processing system. Responsive to receiving an indication that the new domain has been generated, an execution of the initial program is scheduled.Type: GrantFiled: September 5, 2012Date of Patent: July 7, 2015Assignee: International Business Machines CorporationInventors: William E. Hall, Guerney D. H. Hunt, Paul A. Karger, Suzanne K. McIntosh, Mark F. Mergen, David R. Safford, David C. Toll