Patents by Inventor Eric D. Rossman
Eric D. Rossman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11475147Abstract: A computer-implemented method according to one embodiment includes identifying a creation of a container within a system, selecting a security policy for the container, based on one or more attributes, identifying a key label associated with the security policy for the container, retrieving a data encryption key, utilizing the key label, and encrypting the container, utilizing the data encryption key. This may enable a highly granular level of automatic container-level security within the system that may be transparently implemented within the system, which may streamline container security and reduce an amount of stored data and processing necessary for implementing container security, and may thereby improve the performance of the system.Type: GrantFiled: February 20, 2018Date of Patent: October 18, 2022Assignee: International Business Machines CorporationInventors: Cecilia C. Lewis, Wayne E. Rhoten, Eric D. Rossman, Mark A. Nelson, John C. Dayka
-
Patent number: 11095652Abstract: A computer-implemented method according to one embodiment includes identifying a first request from a user to access a container, determining whether the user has a first authorization to access the container, allowing the user to access the container, in response to determining that the user has the first authorization to access the container, identifying a second request from the user to access content within the container, where the content is encrypted, retrieving a key label associated with the container, determining whether the user has a second authorization to access the key label, retrieving a data encryption key, utilizing the key label, in response to determining that the user has the second authorization to access the key label, and allowing the user to access the content that is encrypted by performing one or more decryption actions, utilizing the data encryption key.Type: GrantFiled: February 20, 2018Date of Patent: August 17, 2021Assignee: International Business Machines CorporationInventors: Cecilia C. Lewis, Wayne E. Rhoten, Eric D. Rossman, Mark A. Nelson, John C. Dayka
-
Publication number: 20190260753Abstract: A computer-implemented method according to one embodiment includes identifying a first request from a user to access a container, determining whether the user has a first authorization to access the container, allowing the user to access the container, in response to determining that the user has the first authorization to access the container, identifying a second request from the user to access content within the container, where the content is encrypted, retrieving a key label associated with the container, determining whether the user has a second authorization to access the key label, retrieving a data encryption key, utilizing the key label, in response to determining that the user has the second authorization to access the key label, and allowing the user to access the content that is encrypted by performing one or more decryption actions, utilizing the data encryption key.Type: ApplicationFiled: February 20, 2018Publication date: August 22, 2019Inventors: Cecilia C. Lewis, Wayne E. Rhoten, Eric D. Rossman, Mark A. Nelson, John C. Dayka
-
Publication number: 20190258813Abstract: A computer-implemented method according to one embodiment includes identifying a creation of a container within a system, selecting a security policy for the container, based on one or more attributes, identifying a key label associated with the security policy for the container, retrieving a data encryption key, utilizing the key label, and encrypting the container, utilizing the data encryption key. This may enable a highly granular level of automatic container-level security within the system that may be transparently implemented within the system, which may streamline container security and reduce an amount of stored data and processing necessary for implementing container security, and may thereby improve the performance of the system.Type: ApplicationFiled: February 20, 2018Publication date: August 22, 2019Inventors: Cecilia C. Lewis, Wayne E. Rhoten, Eric D. Rossman, Mark A. Nelson, John C. Dayka
-
Patent number: 9306745Abstract: According to one embodiment, a method for implementing secure key management is provided. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted.Type: GrantFiled: October 15, 2012Date of Patent: April 5, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Patent number: 9288051Abstract: According to one embodiment, a method for implementing computer security is provided. The method includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information, wherein a structure of the key control information in the token is independent of the wrapping method. The method also includes wrapping the key material and binding key control information to the key material in the token, wherein the key control information includes information relating to usage and management of the key material.Type: GrantFiled: October 15, 2012Date of Patent: March 15, 2016Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Thomas J. Dewkett, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Patent number: 9264230Abstract: A system for implementing computer security is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information. A structure of the key control information in the token is independent of the wrapping method. Implementing computer security also includes wrapping the key material and binding key control information to the key material in the token. The key control information includes information relating to usage and management of the key material.Type: GrantFiled: March 14, 2011Date of Patent: February 16, 2016Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Thomas J. Dewkett, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Patent number: 8856520Abstract: Secure key management includes populating a section of information associated with a key, the section of information being populated with information relating to a level of protection of the key accumulated over time. Secure key management further includes securely binding the section of information to the key, wherein the key is encrypted.Type: GrantFiled: October 15, 2012Date of Patent: October 7, 2014Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Patent number: 8789210Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.Type: GrantFiled: May 4, 2011Date of Patent: July 22, 2014Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Patent number: 8755527Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.Type: GrantFiled: May 4, 2011Date of Patent: June 17, 2014Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Patent number: 8739297Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.Type: GrantFiled: October 19, 2012Date of Patent: May 27, 2014Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Patent number: 8713709Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.Type: GrantFiled: October 17, 2012Date of Patent: April 29, 2014Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Patent number: 8634561Abstract: A system for implementing secure key management is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted.Type: GrantFiled: May 4, 2011Date of Patent: January 21, 2014Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Kenneth B. Kerr, Richard V. Kisley, Michael J. Kelly, Eric D. Rossman, Eric B. Smith
-
Patent number: 8619990Abstract: A system for creating a secure key is provided that includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a key control information section of the token with a value to indicate a minimum number of key parts used to form a key. Creating the secure key also includes populating a payload section of the token with a first key part, binding the key control information section to the payload section, adding a second key part to the first key part and iterating the value and binding the key control information section to the payload section after the second key part has been added. Creating the secure key further includes indicating the key is complete, wherein the key comprises a combination of the first and second key parts.Type: GrantFiled: April 27, 2011Date of Patent: December 31, 2013Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Patent number: 8619992Abstract: Creating a secure key includes creating a token and populating a key control information section of the token with a value to indicate a minimum number of key parts used to form a key. Creating the secure key also includes populating a payload section of the token with a first key part, binding the key control information section to the payload section, adding a second key part to the first key part and iterating the value and binding the key control information section to the payload section after the second key part has been added. Creating the secure key further includes indicating the key is complete, wherein the key comprises a combination of the first and second key parts.Type: GrantFiled: October 11, 2012Date of Patent: December 31, 2013Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Patent number: 8566913Abstract: A system for secure key management is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method. The method includes populating a section of information associated with a key, the section of information being populated with information relating to a level of protection of the key accumulated over time. Secure key management further includes securely binding the section of information to the key, wherein the key is encrypted.Type: GrantFiled: May 4, 2011Date of Patent: October 22, 2013Assignee: International Business Machines CorporationInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Kenneth B. Kerr, Richard V. Kisley, Michael J. Kelly, Eric D. Rossman, Eric B. Smith
-
Publication number: 20120281836Abstract: A system for implementing secure key management is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted.Type: ApplicationFiled: May 4, 2011Publication date: November 8, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Publication number: 20120281837Abstract: A system for secure key management is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method. The method includes populating a section of information associated with a key, the section of information being populated with information relating to a level of protection of the key accumulated over time. Secure key management further includes securely binding the section of information to the key, wherein the key is encrypted.Type: ApplicationFiled: May 4, 2011Publication date: November 8, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Publication number: 20120281839Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.Type: ApplicationFiled: May 4, 2011Publication date: November 8, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
-
Publication number: 20120281838Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.Type: ApplicationFiled: May 4, 2011Publication date: November 8, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith