Patents by Inventor Enriquillo Valdez
Enriquillo Valdez has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11907361Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.Type: GrantFiled: March 17, 2020Date of Patent: February 20, 2024Assignee: International Business Machines CorporationInventors: Richard Harold Boivie, Kattamuri Ekanadham, Kenneth Alan Goldman, William Eric Hall, Guerney D. Hunt, Bhushan Pradip Jain, Mohit Kapur, Dimitrios Pendarakis, David Robert Safford, Peter Anthony Sandon, Enriquillo Valdez
-
Publication number: 20220374763Abstract: Techniques for distributed federated learning leverage a multi-layered defense strategy to provide for reduced information leakage. In lieu of aggregating model updates centrally, an aggregation function is decentralized into multiple independent and functionally-equivalent execution entities, each running within its own trusted executed environment (TEE). The TEEs enable confidential and remote-attestable federated aggregation. Preferably, each aggregator entity runs within an encrypted virtual machine that support runtime in-memory encryption. Each party remotely authenticates the TEE before participating in the training. By using multiple decentralized aggregators, parties are enabled to partition their respective model updates at model-parameter granularity, and can map single weights to a specific aggregator entity. Parties also can dynamically shuffle fragmentary model updates at each training iteration to further obfuscate the information dispatched to each aggregator execution entity.Type: ApplicationFiled: May 18, 2021Publication date: November 24, 2022Applicant: International Business Machines CorporationInventors: Zhongshu Gu, Jayaram Kallapalayam Radhakrishnan, Ashish Verma, Enriquillo Valdez, Pau-Chen Cheng, Hani Talal Jamjoom, Kevin Eykholt
-
Publication number: 20220374762Abstract: Techniques for distributed federated learning leverage a multi-layered defense strategy to provide for reduced information leakage. In lieu of aggregating model updates centrally, an aggregation function is decentralized into multiple independent and functionally-equivalent execution entities, each running within its own trusted executed environment (TEE). The TEEs enable confidential and remote-attestable federated aggregation. Preferably, each aggregator entity runs within an encrypted virtual machine that support runtime in-memory encryption. Each party remotely authenticates the TEE before participating in the training. By using multiple decentralized aggregators, parties are enabled to partition their respective model updates at model-parameter granularity, and can map single weights to a specific aggregator entity. Parties also can dynamically shuffle fragmentary model updates at each training iteration to further obfuscate the information dispatched to each aggregator execution entity.Type: ApplicationFiled: May 18, 2021Publication date: November 24, 2022Applicant: International Business Machines CorporationInventors: Jayaram Kallapalayam Radhakrishnan, Ashish Verma, Zhongshu Gu, Enriquillo Valdez, Pau-Chen Cheng, Hani Talal Jamjoom
-
Patent number: 11455569Abstract: Handshake protocol layer features are extracted from training data associated with encrypted network traffic of a plurality of classified devices. Record protocol layer features are extracted from the training data. One or more models are trained based on the extracted handshake protocol layer features and the extracted record protocol layer features. The one or more models are applied to an observed encrypted network traffic stream associated with a device to determine a predicted device classification of the device.Type: GrantFiled: January 9, 2019Date of Patent: September 27, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Enriquillo Valdez, Pau-Chen Cheng, Ian Michael Molloy, Dimitrios Pendarakis
-
Patent number: 11356275Abstract: A method verifies an authenticity, integrity, and provenance of outputs from steps in a process flow. One or more processor(s) validate one or more inputs to each step in a process flow by verifying at least one of a hash and a digital signature of each of the one or more inputs. The processor(s) then generate digital signatures that cover outputs of each step and the one or more inputs to each step, such that the digital signatures result in a chain of digital signatures that are used to verify an authenticity, an integrity and a provenance of outputs of the one or more steps in the process flow.Type: GrantFiled: May 27, 2020Date of Patent: June 7, 2022Assignee: International Business Machines CorporationInventors: Enriquillo Valdez, Richard H. Boivie, Venkata Sitaramagiridharganesh Ganapavarapu, Jinwook Jung, Gi-Joon Nam, Roman Vaculin, James Thomas Rayfield
-
Publication number: 20210377042Abstract: A method verifies an authenticity, integrity, and provenance of outputs from steps in a process flow. One or more processor(s) validate one or more inputs to each step in a process flow by verifying at least one of a hash and a digital signature of each of the one or more inputs. The processor(s) then generate digital signatures that cover outputs of each step and the one or more inputs to each step, such that the digital signatures result in a chain of digital signatures that are used to verify an authenticity, an integrity and a provenance of outputs of the one or more steps in the process flow.Type: ApplicationFiled: May 27, 2020Publication date: December 2, 2021Inventors: ENRIQUILLO VALDEZ, RICHARD H. BOIVIE, VENKATA SITARAMAGIRIDHARGANESH GANAPAVARAPU, JINWOOK JUNG, GI-JOON NAM, ROMAN VACULIN, JAMES THOMAS RAYFIELD
-
Patent number: 11095635Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.Type: GrantFiled: December 18, 2019Date of Patent: August 17, 2021Assignee: International Business Machines CorporationInventors: Dimitrios Pendarakis, Enriquillo Valdez
-
Patent number: 10904226Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: GrantFiled: November 20, 2019Date of Patent: January 26, 2021Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Publication number: 20200219005Abstract: Handshake protocol layer features are extracted from training data associated with encrypted network traffic of a plurality of classified devices. Record protocol layer features are extracted from the training data. One or more models are trained based on the extracted handshake protocol layer features and the extracted record protocol layer features. The one or more models are applied to an observed encrypted network traffic stream associated with a device to determine a predicted device classification of the device.Type: ApplicationFiled: January 9, 2019Publication date: July 9, 2020Applicant: International Business Machines CorporationInventors: Enriquillo Valdez, Pau-Chen Cheng, Ian Michael Molloy, Dimitrios Pendarakis
-
Publication number: 20200218799Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.Type: ApplicationFiled: March 17, 2020Publication date: July 9, 2020Inventors: Richard Harold Boivie, Kattamuri Ekanadham, Kenneth Alan Goldman, William Eric Hall, Guerney D. Hunt, Bhushan Pradip Jain, Mohit Kapur, Dimitrios Pendarakis, David Robert Safford, Peter Anthony Sandon, Enriquillo Valdez
-
Publication number: 20200127998Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.Type: ApplicationFiled: December 18, 2019Publication date: April 23, 2020Applicant: International Business Machines CorporationInventors: Dimitrios Pendarakis, Enriquillo Valdez
-
Patent number: 10628579Abstract: A processor in a computer system, the processor including a mechanism supporting a Secure Object that comprises information that is protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information while making the Secure Object information available to the Secure Object itself during execution of the Secure Object. The mechanism includes a crypto mechanism that decrypts and integrity-checks Secure Object information as said Secure Object information moves into the computer system from an external storage system, and encrypts and updates an integrity value for Secure Object information as said Secure Object information moves out of the computer system to the external storage system, and a memory protection mechanism that protects the confidentiality and integrity of Secure Object information when that information is in the memory of the computer system.Type: GrantFiled: August 28, 2015Date of Patent: April 21, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard Harold Boivie, Kattamuri Ekanadham, Kenneth Alan Goldman, William Eric Hall, Guerney Douglass Holloway Hunt, Bhushan Pradip Jain, Mohit Kapur, Dimitrios Pendarakis, David Robert Safford, Peter Anthony Sandon, Enriquillo Valdez
-
Publication number: 20200092267Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: ApplicationFiled: November 20, 2019Publication date: March 19, 2020Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Patent number: 10547596Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: GrantFiled: April 5, 2019Date of Patent: January 28, 2020Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Patent number: 10523659Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.Type: GrantFiled: December 13, 2018Date of Patent: December 31, 2019Assignee: International Business Machines CorporationInventors: Dimitrios Pendarakis, Enriquillo Valdez
-
Patent number: 10523640Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: GrantFiled: December 6, 2018Date of Patent: December 31, 2019Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Publication number: 20190230069Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: ApplicationFiled: April 5, 2019Publication date: July 25, 2019Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Patent number: 10298545Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: GrantFiled: September 12, 2013Date of Patent: May 21, 2019Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Publication number: 20190132310Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.Type: ApplicationFiled: December 13, 2018Publication date: May 2, 2019Applicant: International Business Machines CorporationInventors: Dimitrios Pendarakis, Enriquillo Valdez
-
Publication number: 20190116164Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: ApplicationFiled: December 6, 2018Publication date: April 18, 2019Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez