Patents by Inventor Elli Androulaki
Elli Androulaki has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20170262461Abstract: A key-value store for storing and retrieving user files based on key-value pairs, hereafter referred to as KVPs. For each user of the key-value store, each file of a set of files of said each user is stored as one or more pairs of KVPs. Each of said one or more pairs comprises a KVP of a first type and a KVP of a second type. The KVP of the first type comprises at least a part of contents of said each file, whereas the KVP of the second type comprises metadata (and possibly attributes) of said each file. Each KVP of the second type links to one or more KVPs of the first type. Further provided are related method and computer program products.Type: ApplicationFiled: March 8, 2016Publication date: September 14, 2017Inventors: Elli Androulaki, Robert Basham, Nikola Knezevic, Martin Petermann, Harold J. Roberson, II, Wayne A. Sawdon, Alessandro Sorniotti
-
Publication number: 20170169236Abstract: A multi-tiered file locking service provides file locking at the thread and process level, and can optionally include locking at the file system level. A local locking mechanism maintains a list of local locks for threads within a process. When a thread requests a lock for a file, and a local lock is obtained, a process lock for the file may be requested. When no file system locking is used, when the process lock is obtained, the thread receives the lock for the file. When file system locking is used, when the process lock is obtained, a file system lock for the file may be requested. When the file system lock for the file is obtained, the thread receives the lock for the file. The result is a file locking service that functions across threads, processes and nodes in a distributed computing environment.Type: ApplicationFiled: December 11, 2015Publication date: June 15, 2017Inventors: Elli Androulaki, Robert B. Basham, Martin Petermann, Harold J. Roberson, II, Alessandro Sorniotti
-
Publication number: 20170170961Abstract: Embodiments relate to processing streams of encrypted data received from multiple users. A received encrypted data stream is separated into one or more encrypted data chunks, placing the data chunk(s) into a sub-stream, and decrypting the data chunks into plaintext. One or more advanced data functions are applied to the plaintext, thereby effectively transforming the plaintext. The transformed plaintext is organized into one or more data units, and each data unit is encrypted with a wrapped encryption key. The aspect of encrypting the data unit includes creating a fixed size encryption unit, whereby the wrapped encryption key comprises a master key and a private key.Type: ApplicationFiled: February 28, 2017Publication date: June 15, 2017Applicant: International Business Machines CorporationInventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
-
Publication number: 20170155515Abstract: The system, method, and computer program product described herein may provide the capability to handle a variety of types of transactions, not just payment transactions. In addition, system, method, and computer program product described herein may provide the capability for users to be able to control the confidentiality of their transactions, for the system to control access to transactions, for the system to be capable of auditing transactions, and to provide accountability of the validating entities.Type: ApplicationFiled: December 3, 2015Publication date: June 1, 2017Inventors: Elli Androulaki, Angelo DeCaro, Thorsten Kramp, Alessandro Sorniotti, Marko Vukolic
-
Patent number: 9667422Abstract: Embodiments relate to processing streams of encrypted data received from multiple users. As a stream is received, smaller partitions in the form of data chunks, including a first data chunk, are created and subject to individual decryption. The first data chunk is placed into sub-stream according to a first master key associated with a first owning entity. Prior to processing, the first data chunk is decrypted into plaintext, and the plaintext is transformed by applying one or more advanced data functions. The transformed plaintext is organized into a first data unit, and a first encryption unit is created from the first data unit. The first encryption unit has a space allocation in persistent storage. Accordingly, confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.Type: GrantFiled: May 23, 2016Date of Patent: May 30, 2017Assignee: International Business Machines CorporationInventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
-
Publication number: 20170149819Abstract: Embodiments of the present invention may provide techniques by which replay attacks in a blockchain network may be efficiently resisted, while preserving valid user permissions and privacy in the blockchain network. For example, in an embodiment of the present invention, in a network of computer systems, a method of communication may comprise at a user computer system, generating a security value that is to be used only once, generating a message signed with a security certificate and including the security value, and transmitting the message over the network of computer systems.Type: ApplicationFiled: October 21, 2016Publication date: May 25, 2017Inventors: Elli Androulaki, Angelo De Caro, Thorsten Kramp, David W. Kravitz, Alessandro Sorniotti, Marko Vukolic
-
Publication number: 20170141928Abstract: Embodiments of the present invention may include issuing certificates in a network of computer systems by receiving a request for a certificate from a user, the request including a public key having a private key having at least one other corresponding public key, determining a user of the public key is authorized using the private key, incrementing a count of certificates for the user, generating a message including the incremented count of certificates for the user, encrypting the generated message, and issuing and transmitting to the user a certificate have the encrypted message as a serial number.Type: ApplicationFiled: October 17, 2016Publication date: May 18, 2017Inventors: Elli Androulaki, Angelo DeCaro, Thorsten Kramp, Alessandro Somiotti
-
Publication number: 20170134166Abstract: Embodiments relate to processing streams of encrypted data received from multiple users. As a stream is received, smaller partitions in the form of data chunks, including a first data chunk, are created and subject to individual decryption. The first data chunk is placed into sub-stream according to a first master key associated with a first owning entity. Prior to processing, the first data chunk is decrypted into plaintext, and the plaintext is transformed by applying one or more advanced data functions. The transformed plaintext is organized into a first data unit, and a first encryption unit is created from the first data unit. The first encryption unit has a space allocation in persistent storage. Accordingly, confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.Type: ApplicationFiled: May 23, 2016Publication date: May 11, 2017Applicant: International Business Machines CorporationInventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
-
Publication number: 20170093573Abstract: Embodiments relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Encrypted data to be written to a storage system is separated into one or more data chunks. For a data chunk, a master encryption key for an owning entity associated with the data chunk is retrieved. The data chunk is decrypted into plaintext, and the plaintext is transformed by performing one or more advanced data functions. A private key is created and used to encrypt the transformed plaintext, which is stored as a first encryption unit. A wrapped key is created by encrypting the private key with the master key, limits data access to the owning entity, and is stored as metadata for the encryption unit.Type: ApplicationFiled: December 9, 2016Publication date: March 30, 2017Applicant: International Business Machines CorporationInventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
-
Patent number: 9608816Abstract: Embodiments relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Encrypted data to be written to a storage system is separated into one or more data chunks. For a data chunk, a master encryption key for an owning entity associated with the data chunk is retrieved. The data chunk is decrypted into plaintext, and the plaintext is transformed by performing one or more advanced data functions. A private key is created and used to encrypt the transformed plaintext, which is stored as a first encryption unit. A wrapped key is created by encrypting the private key with the master key, and is stored as metadata for the encryption unit to limit data access to the owning entity.Type: GrantFiled: May 23, 2016Date of Patent: March 28, 2017Assignee: International Business Machines CorporationInventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
-
Patent number: 9576127Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.Type: GrantFiled: July 21, 2014Date of Patent: February 21, 2017Assignee: The Trustees of Columbia University in the City of New YorkInventors: Salvatore J. Stolfo, Wei-Jen Li, Angelos D. Keromytis, Elli Androulaki
-
Publication number: 20160358169Abstract: The present invention is notably directed to methods, systems and computer program products for securing data operations in a computerized system comprising interconnected nodes, wherein the nodes are configured to transmit, receive and store data, and wherein the method comprises executing computerized cryptographic methods to implement two or more proofs of work that comprises: provably crawling, from each node of at least a subset of the interconnected nodes, a respective subset of data stored on nodes of the system; and provably acquiring, at each node of the subset, data in the subset of data.Type: ApplicationFiled: March 12, 2015Publication date: December 8, 2016Inventors: Elli Androulaki, Mircea Gusat, Ioannis Koltsidas, Maria Soimu
-
Publication number: 20160267291Abstract: Embodiments relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Encrypted data to be written to a storage system is separated into one or more data chunks. For a data chunk, a master encryption key for an owning entity associated with the data chunk is retrieved. The data chunk is decrypted into plaintext, and the plaintext is transformed by performing one or more advanced data functions. A private key is created and used to encrypt the transformed plaintext, which is stored as a first encryption unit. A wrapped key is created by encrypting the private key with the master key, and is stored as metadata for the encryption unit to limit data access to the owning entity.Type: ApplicationFiled: May 23, 2016Publication date: September 15, 2016Applicant: International Business Machines CorporationInventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
-
Patent number: 9397833Abstract: Embodiments of the invention relate to processing streams of encrypted data received from multiple users. As the streams are processed, smaller partitions in the form of data chunks are created and subject to individual decryption. The data chunks are placed into sub-stream based on a master key associated with its owning entity. Prior to processing, the data chunks in each stream are decrypted, and advanced functions, including but not limited to de-duplication and compression, are individually applied to the data chunks, followed by aggregation of processed data chunks into data units and encryption of the individual data units including use of a master key from the data's owning entity. Individual encryption units are created by encrypting the data unit(s) with an encryption key, thereby limiting access to the data unit. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.Type: GrantFiled: August 27, 2014Date of Patent: July 19, 2016Assignee: International Business Machines CorporationInventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
-
Patent number: 9397832Abstract: Embodiments of the invention relate to processing streams of encrypted data received from multiple users. As the streams are processed, smaller partitions in the form of data chunks are created and subject to individual decryption. The data chunks are placed into sub-stream based on a master key associated with its owning entity. Prior to processing, the data chunks in each stream are decrypted, and advanced functions, including but not limited to de-duplication and compression, are individually applied to the data chunks, followed by aggregation of processed data chunks into data units and encryption of the individual data units including use of a master key from the data's owning entity. Individual encryption units are created by encrypting the data unit(s) with an encryption key, thereby limiting access to the data unit. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.Type: GrantFiled: August 27, 2014Date of Patent: July 19, 2016Assignee: International Business Machines CorporationInventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
-
Publication number: 20160180338Abstract: A user computing device generates a token while the user computing device is in an offline mode and not connected to an external network. The token includes information of an amount of cryptocurrency to be transferred from a user account to a receiving account and information of a first password for enabling the transfer. The token is signed by the user computing device with a private key while in the offline mode and the signed token is stored by the user computing device on a portable device. A receiving device receiving the signed token from the portable user storage device, authenticates a user corresponding to the user account based on the signed token, receives a second password, compares the first and second passwords for enabling the transfer, and transfers the amount of cryptocurrency from the user account to the receiving account based on the information included in the token.Type: ApplicationFiled: December 16, 2015Publication date: June 23, 2016Inventors: Elli ANDROULAKI, Andreas KIND, loannis KOLTSIDAS
-
Publication number: 20160065540Abstract: Embodiments of the invention relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Data to be written to a storage system is separated into data chunks. Each data chunk is decrypted into a plaintext data format with a master encryption key of an owning entity. Once decrypted, one or more advanced data functions may be performed on the plaintext. A private key is created and used to encrypt the plaintext of the data chunk(s), which are stored as an encryption unit. Thereafter, a first wrapped key is created by encrypting the private key with the master key. The wrapped key is stored as metadata of the data chunk. Access to each data chunk is limited to one or more entities that have been granted access.Type: ApplicationFiled: August 27, 2014Publication date: March 3, 2016Applicant: International Business Machines CorporationInventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
-
Publication number: 20160062918Abstract: Embodiments of the invention relate to processing streams of encrypted data received from multiple users. As the streams are processed, smaller partitions in the form of data chunks are created and subject to individual decryption. The data chunks are placed into sub-stream based on a master key associated with its owning entity. Prior to processing, the data chunks in each stream are decrypted, and advanced functions, including but not limited to de-duplication and compression, are individually applied to the data chunks, followed by aggregation of processed data chunks into data units and encryption of the individual data units including use of a master key from the data's owning entity. Individual encryption units are created by encrypting the data unit(s) with an encryption key, thereby limiting access to the data unit. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.Type: ApplicationFiled: August 27, 2014Publication date: March 3, 2016Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
-
Publication number: 20140331324Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.Type: ApplicationFiled: July 21, 2014Publication date: November 6, 2014Inventors: Salvatore J. Stolfo, Wei-Jen Li, Angelos D. Keromytis, Elli Androulaki
-
Patent number: 8789172Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.Type: GrantFiled: March 18, 2009Date of Patent: July 22, 2014Assignee: The Trustees of Columbia University in the City of New YorkInventors: Salvatore J. Stolfo, Wei-Jen Li, Angelos D. Keromylis, Elli Androulaki