Patents by Inventor Elaine R. Palmer
Elaine R. Palmer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11503030Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: August 6, 2019Date of Patent: November 15, 2022Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20220198064Abstract: A method, system and apparatus for provisioning a computation into a trusted execution environment, including verifying the trusted execution environment, generating integrity information of the computation, generating sealed data, sending information of the computation, the sealed data, and integrity information to the trusted execution environment, confirming the sealed data, and verifying integrity of the computation information from the integrity information and the computation information.Type: ApplicationFiled: December 22, 2020Publication date: June 23, 2022Inventors: Guerney D. H. Hunt, Dimitrios Pendarakis, Kenneth Alan Goldman, Elaine R. Palmer, Ramachandra Pai
-
Publication number: 20220198070Abstract: A method, system and apparatus for generating a computation such that it will execute in a target trusted execution environment (TEE), including selecting the target TEE, generating an authorization that is satisfied by a TEE, associating the authorization with the computation that executes in the TEE that is authorized, and generating the computation with the associated authorization.Type: ApplicationFiled: December 22, 2020Publication date: June 23, 2022Inventors: Guerney D. H. Hunt, Dimitrios Pendarakis, Kenneth Alan Goldman, Elaine R. Palmer, Ramachandra Pai
-
Merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates
Patent number: 11206141Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.Type: GrantFiled: September 21, 2018Date of Patent: December 21, 2021Assignee: International Business Machines CorporationInventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, Christopher J. Engel, William E. Hall -
Patent number: 11176255Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: December 13, 2019Date of Patent: November 16, 2021Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D. H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Patent number: 11165766Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.Type: GrantFiled: August 21, 2018Date of Patent: November 2, 2021Assignee: International Business Machines CorporationInventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, William E. Hall, Hugo M. Krawczyk, David D. Sanner, Christopher J. Engel, Peter A. Sandon, Alwood P. Williams, III
-
Patent number: 11165588Abstract: A key identifier that identifies a cryptographic key is transmitted to a cryptographic coprocessor. A first set of attributes is received from the cryptographic coprocessor. The first set of attributes and a second set of attributes are serialized into a first sequence of attributes. The first sequence of attributes are stored to an attribute frame. One or more attributes in the second set of attributes are associated with the cryptographic key and originate from a key attribute storage of the key management system. The second set of attributes is different from the first set of attributes. The first sequence of attributes is transmitted to the cryptographic coprocessor. A first message authentication code (MAC) calculated from the first sequence of attributes is received from the cryptographic coprocessor. The attribute frame is verified by comparing the first MAC, or a value derived from the first MAC, to a reference value.Type: GrantFiled: April 9, 2020Date of Patent: November 2, 2021Assignee: International Business Machines CorporationInventors: Tamas Visegrady, Silvio Dragone, Michael Charles Osborne, Elaine R. Palmer
-
Publication number: 20210320802Abstract: A key identifier that identifies a cryptographic key is transmitted to a cryptographic coprocessor. A first set of attributes is received from the cryptographic coprocessor. The first set of attributes and a second set of attributes are serialized into a first sequence of attributes. The first sequence of attributes are stored to an attribute frame. One or more attributes in the second set of attributes are associated with the cryptographic key and originate from a key attribute storage of the key management system. The second set of attributes is different from the first set of attributes. The first sequence of attributes is transmitted to the cryptographic coprocessor. A first message authentication code (MAC) calculated from the first sequence of attributes is received from the cryptographic coprocessor. The attribute frame is verified by comparing the first MAC, or a value derived from the first MAC, to a reference value.Type: ApplicationFiled: April 9, 2020Publication date: October 14, 2021Inventors: Tamas Visegrady, Silvio Dragone, Michael Charles Osborne, Elaine R. Palmer
-
Patent number: 11068607Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory and an encrypted persistent storage. The appliance SVM stores the application data in the persistent storage. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.Type: GrantFiled: March 10, 2018Date of Patent: July 20, 2021Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Jonathan D. Bradbury, William E. Hall, Guerney D. H. Hunt, Jentje Leenstra, Jeb R. Linton, James A. O'Connor, Jr., Elaine R. Palmer, Dimitrios Pendarakis
-
Publication number: 20210110037Abstract: An embodiment of the invention may include a method, computer program product, and computer system for monitoring a computing device. The embodiment includes retrieving data from physical components of the method. The embodiment includes converting the data to at least one spectral format. The embodiment includes analyzing the converted data with a spectral detector. The embodiment includes performing a remediation action of the code anomaly based on detecting a code anomaly by the spectral detector.Type: ApplicationFiled: October 10, 2019Publication date: April 15, 2021Inventors: Guerney D.H. Hunt, Elaine R. Palmer, Gregory A. Porpora, Aaron Potler
-
Patent number: 10885197Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.Type: GrantFiled: September 21, 2018Date of Patent: January 5, 2021Assignee: International Business Machines CorporationInventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, Christopher J. Engel, William E. Hall
-
Patent number: 10685106Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory. The appliance SVM processes the commands without ever saving any persistent state of the application data. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.Type: GrantFiled: March 10, 2018Date of Patent: June 16, 2020Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Jonathan D. Bradbury, William E. Hall, Guerney D. H. Hunt, Jentje Leenstra, Jeb R. Linton, James A. O'Connor, Jr., Elaine R. Palmer, Dimitrios Pendarakis
-
Publication number: 20200117806Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: December 13, 2019Publication date: April 16, 2020Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20200097661Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.Type: ApplicationFiled: September 21, 2018Publication date: March 26, 2020Inventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, Christopher J. Engel, William E. Hall
-
MERGING MULTIPLE COMPUTE NODES WITH TRUSTED PLATFORM MODULES UTILIZING PROVISIONED NODE CERTIFICATES
Publication number: 20200099536Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.Type: ApplicationFiled: September 21, 2018Publication date: March 26, 2020Inventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, Christopher J. Engel, William E. Hall -
Publication number: 20200067912Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.Type: ApplicationFiled: August 21, 2018Publication date: February 27, 2020Inventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, William E. Hall, Hugo M. Krawczyk, David D. Sanner, Christopher J. Engel, Peter A. Sandon, Alwood P. Williams, III
-
Patent number: 10528740Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: GrantFiled: June 15, 2017Date of Patent: January 7, 2020Assignee: International Business Machines CorporationInventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20190364048Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.Type: ApplicationFiled: August 6, 2019Publication date: November 28, 2019Inventors: Patrick J. Callaghan, Kenneth A. Goldman, Guerney D.H. Hunt, Elaine R. Palmer, Dimitrios Pendarakis, David R. Safford, Brian D. Valentine, George C. Wilson, Miriam Zohar
-
Publication number: 20190278918Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory and an encrypted persistent storage. The appliance SVM stores the application data in the persistent storage. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.Type: ApplicationFiled: March 10, 2018Publication date: September 12, 2019Inventors: Richard H. Boivie, Jonathan D. Bradbury, William E. Hall, Guerney D. H. Hunt, Jentje Leenstra, Jeb R. Linton, James A. O'Connor, Jr., Elaine R. Palmer, Dimitrios Pendarakis
-
Publication number: 20190278907Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory. The appliance SVM processes the commands without ever saving any persistent state of the application data. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.Type: ApplicationFiled: March 10, 2018Publication date: September 12, 2019Inventors: Richard H. Boivie, Jonathan D. Bradbury, William E. Hall, Guerney D. H. Hunt, Jentje Leenstra, Jeb R. Linton, James A. O'Connor, JR., Elaine R. Palmer, Dimitrios Pendarakis