Patents by Inventor Elsie A. Van Herreweghen
Elsie A. Van Herreweghen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8122484Abstract: Methods and apparatus are provided for generating an access control policy data structure for a single-authorization-query access control system from a source policy data structure of an access control system in which primary authorizations can be subject to auxiliary constraints. Authorizations in the data structures are defined in terms of subject, resource and action elements. For each resource in a set of resources in the source policy data structure, the data structure is analyzed to identify primary authorizations relating to that resource. For each primary authorization, policy data which represents a policy defining an access rule expressing that authorization is generated and stored in system memory and analyzed to identify any auxiliary constraints associated with that primary authorization. For each auxiliary constraint so identified, policy data is generated and stored in system memory.Type: GrantFiled: April 11, 2008Date of Patent: February 21, 2012Assignee: International Business Machines CorporationInventors: Guenter Karjoth, Elsie A. Van Herreweghen
-
Patent number: 8060941Abstract: A method and system for verifying authenticity of an application in a computing-platform operating in a Trusted Computing Group (TCG) domain is provided. The method includes computing one or more integrity measurements corresponding to one or more of the application, a plurality of precedent-applications, and an output file. The output file includes an output of the application, the application is executing on the computing-platform. Each precedent-application is executed before the application. The method further includes comparing one or more integrity measurements with re-computed integrity measurements. The re-computed integrity measurements are determined corresponding to one or more of the application, the plurality of precedent-applications, and the computing-platform.Type: GrantFiled: December 14, 2007Date of Patent: November 15, 2011Assignee: International Business Machines CorporationInventors: Bernhard Jansen, Luke J. O'Connor, Jonathan A. Poritz, Elsie A. Van Herreweghen
-
Patent number: 7962962Abstract: In a computer, a first set of object classes are provided representing active entities in an information-handling process and a second set of object classes are provided representing data and rules in the information-handling process. At least one object class has rules associated with data. The above-mentioned objects are used in constructing a model of an information-handling process, and to provide an output that identifies at least one way in which the information-handling process could be improved. One aspect is a method for handling personally identifiable information. Another aspect is a system for executing the method of the present invention. A third aspect is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.Type: GrantFiled: June 19, 2001Date of Patent: June 14, 2011Assignee: International Business Machines CorporationInventors: Steven B. Adler, Endre Felix Bangerter, Kathryn Ann Bohrer, Nigel Howard Julian Brown, Jan Camenisch, Arthur M. Gilbert, Dogan Kesdogan, Matthew P. Leonard, Xuan Liu, Michael Robert McCullough, Adam Charles Nelson, Charles Campbell Palmer, Calvin Stacy Powers, Michael Schnyder, Edith Schonberg, Matthias Schunter, Elsie Van Herreweghen, Michael Waidner
-
Patent number: 7770000Abstract: Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.Type: GrantFiled: May 21, 2008Date of Patent: August 3, 2010Assignee: International Business Machines CorporationInventors: Matthias Schunter, Jonathan A. Poritz, Michael Waidner, Elsie A. Van Herreweghen
-
Publication number: 20090178107Abstract: Methods and apparatus are provided for generating an access control policy data structure for a single-authorization-query access control system from a source policy data structure of an access control system in which primary authorizations can be subject to auxiliary constraints. Authorizations in the data structures are defined in terms of subject, resource and action elements. For each resource in a set of resources in the source policy data structure, the data structure is analyzed to identify primary authorizations relating to that resource. For each primary authorization, policy data which represents a policy defining an access rule expressing that authorization is generated and stored in system memory and analyzed to identify any auxiliary constraints associated with that primary authorization. For each auxiliary constraint so identified, policy data is generated and stored in system memory.Type: ApplicationFiled: April 11, 2008Publication date: July 9, 2009Applicant: International Business Machines CorporationInventors: Guenter Karjoth, Elsie A. Van Herreweghen
-
Publication number: 20080288783Abstract: A method and system for verifying authenticity of an application in a computing-platform operating in a Trusted Computing Group (TCG) domain is provided. The method includes computing one or more integrity measurements corresponding to one or more of the application, a plurality of precedent-applications, and an output file. The output file includes an output of the application, the application is executing on the computing-platform. Each precedent-application is executed before the application. The method further includes comparing one or more integrity measurements with re-computed integrity measurements. The re-computed integrity measurements are determined corresponding to one or more of the application, the plurality of precedent-applications, and the computing-platform.Type: ApplicationFiled: December 14, 2007Publication date: November 20, 2008Inventors: Bernhard Jansen, Luke J. O'Connor, Jonathan A. Poritz, Elsie A. Van Herreweghen
-
Publication number: 20080256595Abstract: Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.Type: ApplicationFiled: May 21, 2008Publication date: October 16, 2008Applicant: International Business Machines CorporationInventors: Matthias Schunter, Jonathan A. Poritz, Michael Waidner, Elsie A. Van Herreweghen
-
Patent number: 7069427Abstract: The present invention is a system and method for handling personally identifiable information, using a rules model. The invention involves defining a limited number of privacy-related actions regarding personally identifiable information; constructing a rule for each circumstance in which one of said privacy-related actions may be taken or must be taken; allowing for the input of dynamic contextual information to precisely specify the condition for evaluation of a rule; creating a programming object containing at least one of said rules; associating the programming object with personally identifiable information; processing a request; and providing an output. The invention does not merely give a “yes-or-no answer. The invention has the advantage of being able to specify additional actions that must be taken. The invention may use a computer system and network. One aspect of the present invention is a method for handling personally identifiable information.Type: GrantFiled: June 19, 2001Date of Patent: June 27, 2006Assignee: International Business Machines CorporationInventors: Steven B. Adler, Endre Felix Bangerter, Nigel Howard Julian Brown, Jan Camenisch, Arthur M. Gilbert, Guenter Karjoth, Dogan Kesdogan, Michael Robert McCullough, Adam Charles Nelson, Charles Campbell Palmer, Martin Joseph Clayton Presler-Marshall, Michael Schnyder, Elsie Van Herreweghen, Michael Waidner
-
Publication number: 20050251857Abstract: Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.Type: ApplicationFiled: May 2, 2005Publication date: November 10, 2005Applicant: International Business Machines CorporationInventors: Matthias Schunter, Jonathan Poritz, Michael Waidner, Elsie Van Herreweghen
-
Publication number: 20040230593Abstract: A method, system and computer program product for delivering electronic information anonymously from a first party to a user, in particular to the delivery of advertisement via the Internet. The method for delivering electronic information anonymously from the first party via a second party to a third party as user includes the operations of providing the information received from the first party, receiving a preference request from the user via the second party comprising a session key and a request that applies the session key, and responsive to the request and in the event that the request matches with the provided information, providing to the third party a response comprising a matching information that applies the session key.Type: ApplicationFiled: May 3, 2004Publication date: November 18, 2004Inventors: Harry R. Rudin, Markus G. Stolze, Elsie A. Van Herreweghen
-
Publication number: 20040078475Abstract: A method and a system for providing an anonymous access to a service within a network is disclosed. Thereby a user entity sends a user request comprising access-service information and requested service information to an anonymous-access service. The anonymous-access service verifies whether the access-service information are valid. In the event that the access-service information are valid, the anonymous-access service assigns the access-service information to subscription information and connects to the service by sending a verified request comprising the subscription information and the requested service information. The anonymous-access service receives response-service information from the service and forwards it to the user entity. By doing so, the user's instances of access to the services are not linkable to each other nor are they linkable to the user's real identity.Type: ApplicationFiled: November 17, 2003Publication date: April 22, 2004Inventors: Jan Camenisch, Michael Waidner, Elsie A. Van Herreweghen
-
Publication number: 20030014654Abstract: The present invention is a system and method for handling personally identifiable information, using a rules model. The invention involves defining a limited number of privacy-related actions regarding personally identifiable information; constructing a rule for each circumstance in which one of said privacy-related actions may be taken or must be taken; allowing for the input of dynamic contextual information to precisely specify the condition for evaluation of a rule; creating a programming object containing at least one of said rules; associating the programming object with personally identifiable information; processing a request; and providing an output. The invention does not merely give a “yes-or-no answer. The invention has the advantage of being able to specify additional actions that must be taken. The invention may use a computer system and network. One aspect of the present invention is a method for handling personally identifiable information.Type: ApplicationFiled: June 19, 2001Publication date: January 16, 2003Applicant: International Business Machines CorporationInventors: Steven B. Adler, Endre Felix Bangerter, Nigel Howard Julian Brown, Jan Camenisch, Arthur M. Gilbert, Guenter Karjoth, Dogan Kesdogan, Michael Robert McCullough, Adam Charles Nelson, Charles Campbell Palmer, Martin Joseph Clayton Presler-Marshall, Michael Schnyder, Elsie Van Herreweghen, Michael Waidner
-
Publication number: 20030004734Abstract: The present invention involves providing in a computer a first set of object classes representing active entities in an information-handling process, wherein a limited number of privacy-related actions represent operations performed on data, and providing in the computer a second set of object classes representing data and rules in the information-handling process, wherein at least one object class has rules associated with data. The invention also involves using the above-mentioned objects in constructing a model of an information-handling process, and providing output that identifies at least one way in which the information-handling process could be improved. One aspect of the present invention is a method for handling personally identifiable information. Another aspect of the present invention is a system for executing the method of the present invention.Type: ApplicationFiled: June 19, 2001Publication date: January 2, 2003Applicant: International Business Machines CorporationInventors: Steven B. Adler, Endre Felix Bangerter, Kathryn Ann Bohrer, Nigel Howard Julian Brown, Jan Camenisch, Arthur M. Gilbert, Dogan Kesdogan, Matthew P. Leonard, Xuan Liu, Michael Robert McCullough, Adam Charles Nelson, Charles Campbell Palmer, Calvin Stacy Powers, Michael Schnyder, Edith Schonberg, Matthias Schunter, Elsie Van Herreweghen, Michael Waidner
-
Publication number: 20020049681Abstract: A method, apparatus and system is provided for secure anonymous proof of ownership of electronic receipts, wherein a sender sends a first message including a transaction request and referencing an owner of a receipt to be generated to a first addressee. The first addressee returns a signed receipt including the reference and details for what the receipt has been given. The sender sends a signed second message including the receipt to a second addressee. The second addressee obtains a public signature verification key on the basis of the reference to the owner of the receipt and authenticates the second message. A major advantage of the invention is that in a pseudonymous or anonymous transaction based system it is now possible to remain anonymous or pseudonymous when presenting electronic receipts, while securely proving ownership of the receipt.Type: ApplicationFiled: July 5, 2001Publication date: April 25, 2002Applicant: International Business Machines CorporationInventor: Elsie Van Herreweghen
-
Patent number: 5778065Abstract: A robust and secure password (or key) change method between a user and an authentication server in a distributed communication network is disclosed. The protocol requires the exchange of only two messages between the user desiring the key change and the server, the user's request including, at least partly encrypted, an identification of the sending user, old and new keys, and two nonces, at least one including a time indication. The authentication server's response includes a possibly encrypted accept/reject indication and the regularly encrypted request from the user.Type: GrantFiled: February 8, 1996Date of Patent: July 7, 1998Assignee: International Business Machines CorporationInventors: Ralf Hauser, Philippe Janson, Refik Molva, Gene Tsudik, Elsie Van Herreweghen