Patents by Inventor Enriquillo Valdez

Enriquillo Valdez has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220374762
    Abstract: Techniques for distributed federated learning leverage a multi-layered defense strategy to provide for reduced information leakage. In lieu of aggregating model updates centrally, an aggregation function is decentralized into multiple independent and functionally-equivalent execution entities, each running within its own trusted executed environment (TEE). The TEEs enable confidential and remote-attestable federated aggregation. Preferably, each aggregator entity runs within an encrypted virtual machine that support runtime in-memory encryption. Each party remotely authenticates the TEE before participating in the training. By using multiple decentralized aggregators, parties are enabled to partition their respective model updates at model-parameter granularity, and can map single weights to a specific aggregator entity. Parties also can dynamically shuffle fragmentary model updates at each training iteration to further obfuscate the information dispatched to each aggregator execution entity.
    Type: Application
    Filed: May 18, 2021
    Publication date: November 24, 2022
    Applicant: International Business Machines Corporation
    Inventors: Jayaram Kallapalayam Radhakrishnan, Ashish Verma, Zhongshu Gu, Enriquillo Valdez, Pau-Chen Cheng, Hani Talal Jamjoom
  • Publication number: 20220374763
    Abstract: Techniques for distributed federated learning leverage a multi-layered defense strategy to provide for reduced information leakage. In lieu of aggregating model updates centrally, an aggregation function is decentralized into multiple independent and functionally-equivalent execution entities, each running within its own trusted executed environment (TEE). The TEEs enable confidential and remote-attestable federated aggregation. Preferably, each aggregator entity runs within an encrypted virtual machine that support runtime in-memory encryption. Each party remotely authenticates the TEE before participating in the training. By using multiple decentralized aggregators, parties are enabled to partition their respective model updates at model-parameter granularity, and can map single weights to a specific aggregator entity. Parties also can dynamically shuffle fragmentary model updates at each training iteration to further obfuscate the information dispatched to each aggregator execution entity.
    Type: Application
    Filed: May 18, 2021
    Publication date: November 24, 2022
    Applicant: International Business Machines Corporation
    Inventors: Zhongshu Gu, Jayaram Kallapalayam Radhakrishnan, Ashish Verma, Enriquillo Valdez, Pau-Chen Cheng, Hani Talal Jamjoom, Kevin Eykholt
  • Patent number: 11455569
    Abstract: Handshake protocol layer features are extracted from training data associated with encrypted network traffic of a plurality of classified devices. Record protocol layer features are extracted from the training data. One or more models are trained based on the extracted handshake protocol layer features and the extracted record protocol layer features. The one or more models are applied to an observed encrypted network traffic stream associated with a device to determine a predicted device classification of the device.
    Type: Grant
    Filed: January 9, 2019
    Date of Patent: September 27, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Enriquillo Valdez, Pau-Chen Cheng, Ian Michael Molloy, Dimitrios Pendarakis
  • Patent number: 11356275
    Abstract: A method verifies an authenticity, integrity, and provenance of outputs from steps in a process flow. One or more processor(s) validate one or more inputs to each step in a process flow by verifying at least one of a hash and a digital signature of each of the one or more inputs. The processor(s) then generate digital signatures that cover outputs of each step and the one or more inputs to each step, such that the digital signatures result in a chain of digital signatures that are used to verify an authenticity, an integrity and a provenance of outputs of the one or more steps in the process flow.
    Type: Grant
    Filed: May 27, 2020
    Date of Patent: June 7, 2022
    Assignee: International Business Machines Corporation
    Inventors: Enriquillo Valdez, Richard H. Boivie, Venkata Sitaramagiridharganesh Ganapavarapu, Jinwook Jung, Gi-Joon Nam, Roman Vaculin, James Thomas Rayfield
  • Publication number: 20210377042
    Abstract: A method verifies an authenticity, integrity, and provenance of outputs from steps in a process flow. One or more processor(s) validate one or more inputs to each step in a process flow by verifying at least one of a hash and a digital signature of each of the one or more inputs. The processor(s) then generate digital signatures that cover outputs of each step and the one or more inputs to each step, such that the digital signatures result in a chain of digital signatures that are used to verify an authenticity, an integrity and a provenance of outputs of the one or more steps in the process flow.
    Type: Application
    Filed: May 27, 2020
    Publication date: December 2, 2021
    Inventors: ENRIQUILLO VALDEZ, RICHARD H. BOIVIE, VENKATA SITARAMAGIRIDHARGANESH GANAPAVARAPU, JINWOOK JUNG, GI-JOON NAM, ROMAN VACULIN, JAMES THOMAS RAYFIELD
  • Patent number: 11095635
    Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: August 17, 2021
    Assignee: International Business Machines Corporation
    Inventors: Dimitrios Pendarakis, Enriquillo Valdez
  • Patent number: 10904226
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Grant
    Filed: November 20, 2019
    Date of Patent: January 26, 2021
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
  • Publication number: 20200219005
    Abstract: Handshake protocol layer features are extracted from training data associated with encrypted network traffic of a plurality of classified devices. Record protocol layer features are extracted from the training data. One or more models are trained based on the extracted handshake protocol layer features and the extracted record protocol layer features. The one or more models are applied to an observed encrypted network traffic stream associated with a device to determine a predicted device classification of the device.
    Type: Application
    Filed: January 9, 2019
    Publication date: July 9, 2020
    Applicant: International Business Machines Corporation
    Inventors: Enriquillo Valdez, Pau-Chen Cheng, Ian Michael Molloy, Dimitrios Pendarakis
  • Publication number: 20200218799
    Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.
    Type: Application
    Filed: March 17, 2020
    Publication date: July 9, 2020
    Inventors: Richard Harold Boivie, Kattamuri Ekanadham, Kenneth Alan Goldman, William Eric Hall, Guerney D. Hunt, Bhushan Pradip Jain, Mohit Kapur, Dimitrios Pendarakis, David Robert Safford, Peter Anthony Sandon, Enriquillo Valdez
  • Publication number: 20200127998
    Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.
    Type: Application
    Filed: December 18, 2019
    Publication date: April 23, 2020
    Applicant: International Business Machines Corporation
    Inventors: Dimitrios Pendarakis, Enriquillo Valdez
  • Patent number: 10628579
    Abstract: A processor in a computer system, the processor including a mechanism supporting a Secure Object that comprises information that is protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information while making the Secure Object information available to the Secure Object itself during execution of the Secure Object. The mechanism includes a crypto mechanism that decrypts and integrity-checks Secure Object information as said Secure Object information moves into the computer system from an external storage system, and encrypts and updates an integrity value for Secure Object information as said Secure Object information moves out of the computer system to the external storage system, and a memory protection mechanism that protects the confidentiality and integrity of Secure Object information when that information is in the memory of the computer system.
    Type: Grant
    Filed: August 28, 2015
    Date of Patent: April 21, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Richard Harold Boivie, Kattamuri Ekanadham, Kenneth Alan Goldman, William Eric Hall, Guerney Douglass Holloway Hunt, Bhushan Pradip Jain, Mohit Kapur, Dimitrios Pendarakis, David Robert Safford, Peter Anthony Sandon, Enriquillo Valdez
  • Publication number: 20200092267
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Application
    Filed: November 20, 2019
    Publication date: March 19, 2020
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
  • Patent number: 10547596
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Grant
    Filed: April 5, 2019
    Date of Patent: January 28, 2020
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
  • Patent number: 10523659
    Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: December 31, 2019
    Assignee: International Business Machines Corporation
    Inventors: Dimitrios Pendarakis, Enriquillo Valdez
  • Patent number: 10523640
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Grant
    Filed: December 6, 2018
    Date of Patent: December 31, 2019
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
  • Publication number: 20190230069
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Application
    Filed: April 5, 2019
    Publication date: July 25, 2019
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
  • Patent number: 10298545
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Grant
    Filed: September 12, 2013
    Date of Patent: May 21, 2019
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
  • Publication number: 20190132310
    Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.
    Type: Application
    Filed: December 13, 2018
    Publication date: May 2, 2019
    Applicant: International Business Machines Corporation
    Inventors: Dimitrios Pendarakis, Enriquillo Valdez
  • Publication number: 20190116164
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Application
    Filed: December 6, 2018
    Publication date: April 18, 2019
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
  • Patent number: 10242192
    Abstract: A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications.
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: March 26, 2019
    Assignee: International Business Machines Corporation
    Inventors: Stefan Berger, Kenneth Goldman, Trent R. Jaeger, Ronald Perez, Reiner Sailer, Enriquillo Valdez