Patents by Inventor Erlander Lo
Erlander Lo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11418327Abstract: A key management service creates a key upon user request. The key management service receives a request for a first cryptographic operation. The key management service performs the first cryptographic operation. The key management service returns results of the first cryptographic operation to a dependent service. The key management service receives a notification of key rotation. The key management service receives a request for a second cryptographic operation. The key management service performs the second cryptographic operation. The key management service returns results of the second cryptographic operation to the dependent service. The key management service returns updated key metadata to the dependent service.Type: GrantFiled: November 14, 2019Date of Patent: August 16, 2022Assignee: International Business Machines CorporationInventors: Mark Duane Seaborn, Karunakar Bojjireddy, Erlander Lo
-
Publication number: 20220108015Abstract: A method includes: federating, by a computer device, a proxy hardware security module from a physical hardware security module; storing, by the computer device, the proxy hardware security module; receiving, by the computer device, a first one of a plurality of periodic identifying communications from the physical hardware security module; and erasing, by the computer device, the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications.Type: ApplicationFiled: December 16, 2021Publication date: April 7, 2022Inventors: Erlander LO, Karunakar BOJJIREDDY, Angel NUNEZ MENCIAS, Marco PAVONE
-
Patent number: 11222117Abstract: A computer program product, the computer program product including a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer device to cause the computer device to: federate a proxy hardware security module from a physical hardware security module; store the proxy hardware security module; receive a first one of a plurality of periodic identifying communications from the physical hardware security module; and erase the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications.Type: GrantFiled: September 27, 2018Date of Patent: January 11, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Erlander Lo, Karunakar Bojjireddy, Angel Nunez Mencias, Marco Pavone
-
Patent number: 11176253Abstract: A method includes: federating, by a computer device, a proxy hardware security module from a physical hardware security module; storing, by the computer device, the proxy hardware security module; receiving, by the computer device, a first one of a plurality of periodic identifying communications from the physical hardware security module; and erasing, by the computer device, the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications.Type: GrantFiled: July 12, 2019Date of Patent: November 16, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Erlander Lo, Karunakar Bojjireddy, Angel Nunez Mencias, Marco Pavone
-
Publication number: 20210152336Abstract: A key management service creates a key upon user request. The key management service receives a request for a first cryptographic operation. The key management service performs the first cryptographic operation. The key management service returns results of the first cryptographic operation to a dependent service. The key management service receives a notification of key rotation. The key management service receives a request for a second cryptographic operation. The key management service performs the second cryptographic operation. The key management service returns results of the second cryptographic operation to the dependent service. The key management service returns updated key metadata to the dependent service.Type: ApplicationFiled: November 14, 2019Publication date: May 20, 2021Inventors: Mark Duane Seaborn, Karunakar Bojjireddy, Erlander Lo
-
Patent number: 10887293Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device generates a sub-key identifier based on a data ID, which is based on unique ID value(s) associated with an encrypted data object, and a requester secret. The computing device processes the sub-key identifier in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded input and an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., Key Management System (KMS) service) and receives a blinded sub-key therefrom. The computing device processes the blinded sub-key in accordance with an OPRF unblinding operation to generate the key and accesses secure data thereby.Type: GrantFiled: March 20, 2018Date of Patent: January 5, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jason K. Resch, Hugo M. Krawczyk, Mark D. Seaborn, Nataraj Nagaratnam, Erlander Lo
-
Publication number: 20200106607Abstract: A computer program product, the computer program product including a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer device to cause the computer device to: federate a proxy hardware security module from a physical hardware security module; store the proxy hardware security module; receive a first one of a plurality of periodic identifying communications from the physical hardware security module; and erase the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications.Type: ApplicationFiled: September 27, 2018Publication date: April 2, 2020Inventors: Erlander LO, Karunakar BOJJIREDDY, Angel NUNEZ MENCIAS, Marco PAVONE
-
Publication number: 20200106608Abstract: A method includes: federating, by a computer device, a proxy hardware security module from a physical hardware security module; storing, by the computer device, the proxy hardware security module; receiving, by the computer device, a first one of a plurality of periodic identifying communications from the physical hardware security module; and erasing, by the computer device, the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications.Type: ApplicationFiled: July 12, 2019Publication date: April 2, 2020Inventors: Erlander LO, Karunakar BOJJIREDDY, Angel NUNEZ MENCIAS, Marco PAVONE
-
Publication number: 20190297064Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device generates a sub-key identifier based on a data ID, which is based on unique ID value(s) associated with an encrypted data object, and a requester secret. The computing device processes the sub-key identifier in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded input and an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., Key Management System (KMS) service) and receives a blinded sub-key therefrom. The computing device processes the blinded sub-key in accordance with an OPRF unblinding operation to generate the key and accesses secure data thereby.Type: ApplicationFiled: March 20, 2018Publication date: September 26, 2019Inventors: Jason K. Resch, Hugo M. Krawczyk, Mark D. Seaborn, Nataraj Nagaratnam, Erlander Lo
-
Patent number: 8010838Abstract: Disclosed is a computer implemented method, data processing system, and apparatus to respond to detection of a hardware interface error on a system bus, for example, during a concurrent maintenance operation. The service processor may receive an error on the system bus. The error identifies at least one field replaceable unit and may inhibit the suppression of clock signal to the field replaceable unit. The service processor adds an identifier of the field replaceable unit to an eligible Field Replaceable Unit (FRU) list. The service processor recursively adds at least one field replaceable unit that the field replaceable unit depends upon. The service processor suppresses the clock signal to the field replaceable unit. The service processor inhibits tagging the field replaceable unit as unusable for next initial program load.Type: GrantFiled: November 20, 2008Date of Patent: August 30, 2011Assignee: International Business Machines CorporationInventors: Sheldon Ray Bailey, Bradley W. Bishop, Alongkorn Kitamorn, Erlander Lo, Allegra R. Segura
-
Patent number: 8001287Abstract: During an initial generation/assignment of location codes for field replaceable units (FRUs) that are and/or may be attached to the computer system, the service processor provides an alias location code for each FRU not currently attached. When the service processor later detects a concurrent install of the FRU, the service processor's firmware generates the correct location code from data retrieved from the FRU, and replaces the alias location code stored within the service processor's internal data structures with the correct location code. The firmware also forwards the correct location code back to a serviceability application, and the application utilizes the new location code in all remaining concurrent install commands to maintain a single, consistent view of the system.Type: GrantFiled: October 10, 2006Date of Patent: August 16, 2011Assignee: International Business Machines CorporationInventors: Nicholas E. Bofferding, Erlander Lo, Kanisha Patel
-
Publication number: 20100125747Abstract: Disclosed is a computer implemented method, data processing system, and apparatus to respond to detection of a hardware interface error on a system bus, for example, during a concurrent maintenance operation. The service processor may receive an error on the system bus. The error identifies at least one field replaceable unit and may inhibit the suppression of clock signal to the field replaceable unit. The service processor adds an identifier of the field replaceable unit to an eligible Field Replaceable Unit (FRU) list. The service processor recursively adds at least one field replaceable unit that the field replaceable unit depends upon. The service processor suppresses the clock signal to the field replaceable unit. The service processor inhibits tagging the field replaceable unit as unusable for next initial program load.Type: ApplicationFiled: November 20, 2008Publication date: May 20, 2010Applicant: International Business Machines CorporationInventors: Sheldon Ray Bailey, Bradley W. Bishop, Alongkorn Kitamorn, Erlander Lo, Allegra R. Segura
-
Publication number: 20080155368Abstract: During an initial generation/assignment of location codes for field replaceable units (FRUs) that are and/or may be attached to the computer system, the service processor provides an alias location code for each FRU not currently attached. When the service processor later detects a concurrent install of the FRU, the service processor's firmware generates the correct location code from data retrieved from the FRU, and replaces the alias location code stored within the service processor's internal data structures with the correct location code. The firmware also forwards the correct location code back to a serviceability application, and the application utilizes the new location code in all remaining concurrent install commands to maintain a single, consistent view of the system.Type: ApplicationFiled: October 10, 2006Publication date: June 26, 2008Inventors: Nicholas E. Bofferding, Erlander Lo, Kanisha Patel
-
Publication number: 20080133962Abstract: A method of preventing failed field replaceable units (FRUs) directly connected to an interprocessor bus or fabric from interfering with the operation of a computer system during concurrent maintenance operations. When a FRU fails a concurrent maintenance operation, the service processor stores identification information corresponding to the failed FRU in an alert fail registry or a hot add fail registry and reports the failure status to a user. When a user attempts to perform a new concurrent maintenance operation on a FRU, the service processor compares that FRU to the alert fail registry or the hot add fail registry. If a concurrent maintenance operation on the requested FRU would cause a system crash due to interference with the failed FRU, the service processor notifies the repair and verify application (which notifies the user) and prevents concurrent maintenance operations from occurring on the new FRU.Type: ApplicationFiled: December 4, 2006Publication date: June 5, 2008Inventors: Nicholas E. Bofferding, Erlander Lo, Kanisha Patel, Timothy A. Smith