Patents by Inventor Fabio M. Tanada
Fabio M. Tanada has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11625360Abstract: A system and method for tailoring container images stored in a container image registry to a specific microarchitecture that a host operating system is running on in a virtualized environment. A container image fetch request is sent to the container image registry. Microarchitecture identification instructions are received from the image registry in response to the container image fetch request. Results from the microarchitecture identification instructions are transmitted to the container image registry to identify the specific microarchitecture that the host operating system is running on in the virtualized environment, and a container within the virtualized environment is started using an optimal container image received from the container image registry, the optimal container image being tailored to the specific microarchitecture to leverage the functionalities and capabilities of the specific microarchitecture of the computing system.Type: GrantFiled: June 20, 2018Date of Patent: April 11, 2023Assignee: Kyndryl, Inc.Inventors: Juscelino Candido De Lima, Jr., Breno H. Leitao, Fabio M. Tanada
-
Patent number: 11093272Abstract: A method and system for improving virtual machine allocation and migration is provided. The method includes initiating a migration process for migrating database files of a virtual machine from a first hardware device to a second hardware device. A checkpoint and restart command is transmitted to a first hypervisor of the first hardware device and a request for a cryptographic key from a memory encryption engine is received. The cryptographic key is transmitted to a first enclave and the first enclave is encrypted resulting in an encrypted enclave. A resulting a data file comprising the database files is generated and the encrypted enclave is disconnected from the first hardware device. The encrypted enclave is destroyed and checkpoint and restart code is executed for restarting the first hardware device.Type: GrantFiled: June 27, 2018Date of Patent: August 17, 2021Assignee: International Business Machines CorporationInventors: Juscelino C. Candido de Lima, Jr., Breno H. Leitao, Fabio M. Tanada
-
Patent number: 10972276Abstract: Aspects define a union mixed secure virtual machine image to include an encrypted code virtualization machine for code machine instructions of a first retrieved package; and an unsecure virtualization hypervisor that includes a non-encrypted code virtualization machine for code machine instructions of a second retrieved package and a non-encrypted data storage device.Type: GrantFiled: August 9, 2019Date of Patent: April 6, 2021Assignee: International Business Machines CorporationInventors: Juscelino Candido De Lima Junior, Breno H. Leitao, Fabio M. Tanada
-
Patent number: 10587412Abstract: Aspects provide for a virtual machine structure wherein processors are configured to create an encrypted code virtualization machine for code machine instructions of a retrieved package that has a security field value that indicates secure code, wherein the code machine instructions of the first retrieved package are allocated to encrypted code memory regions of a computer memory resource. Configured processors further create a non-encrypted code virtualization machine in non-encrypted code memory regions of a computer memory resource comprising code machine instructions of another retrieved package that has a security field value that does not indicate secure code; and define a union mixed secure virtual machine image to include (as a function of) the encrypted code virtualization machine and the non-encrypted code virtualization machine.Type: GrantFiled: November 7, 2017Date of Patent: March 10, 2020Assignee: International Business Machines CorporationInventors: Juscelino Candido De Lima Junior, Breno H. Leitao, Fabio M. Tanada
-
Publication number: 20200004568Abstract: A method and system for improving virtual machine allocation and migration is provided. The method includes initiating a migration process for migrating database files of a virtual machine from a first hardware device to a second hardware device. A checkpoint and restart command is transmitted to a first hypervisor of the first hardware device and a request for a cryptographic key from a memory encryption engine is received. The cryptographic key is transmitted to a first enclave and the first enclave is encrypted resulting in an encrypted enclave. A resulting a data file comprising the database files is generated and the encrypted enclave is disconnected from the first hardware device. The encrypted enclave is destroyed and checkpoint and restart code is executed for restarting the first hardware device.Type: ApplicationFiled: June 27, 2018Publication date: January 2, 2020Inventors: Juscelino C. Candido de Lima, JR., Breno H. Leitao, Fabio M. Tanada
-
Publication number: 20190392045Abstract: A system and method for tailoring container images stored in a container image registry to a specific microarchitecture that a host operating system is running on in a virtualized environment includes sending a container image fetch request to the container image registry, receiving microarchitecture identification instructions from the image registry in response to the container image fetch request, the microarchitecture identification instructions configured to be run on the host operating system, transmitting results from the microarchitecture identification instructions to the container image registry to identify the specific microarchitecture that the host operating system is running on in the virtualized environment, and starting a container within the virtualized environment using an optimal container image received from the container image registry, the optimal container image being tailored to the specific microarchitecture to leverage as many functionalities and capabilities of the specific microarcType: ApplicationFiled: June 20, 2018Publication date: December 26, 2019Inventors: Juscelino Candido De Lima Junior, Breno H. Leitao, Fabio M. Tanada
-
Publication number: 20190363887Abstract: Aspects define a union mixed secure virtual machine image to include an encrypted code virtualization machine for code machine instructions of a first retrieved package; and an unsecure virtualization hypervisor that includes a non-encrypted code virtualization machine for code machine instructions of a second retrieved package and a non-encrypted data storage device.Type: ApplicationFiled: August 9, 2019Publication date: November 28, 2019Inventors: JUSCELINO CANDIDO DE LIMA JUNIOR, BRENO H. LEITAO, FABIO M. TANADA
-
Publication number: 20190140831Abstract: Aspects provide for a virtual machine structure wherein processors are configured to create an encrypted code virtualization machine for code machine instructions of a retrieved package that has a security field value that indicates secure code, wherein the code machine instructions of the first retrieved package are allocated to encrypted code memory regions of a computer memory resource. Configured processors further create a non-encrypted code virtualization machine in non-encrypted code memory regions of a computer memory resource comprising code machine instructions of another retrieved package that has a security field value that does not indicate secure code; and define a union mixed secure virtual machine image to include (as a function of) the encrypted code virtualization machine and the non-encrypted code virtualization machine.Type: ApplicationFiled: November 7, 2017Publication date: May 9, 2019Inventors: JUSCELINO CANDIDO DE LIMA JUNIOR, BRENO H. LEITAO, FABIO M. TANADA
-
Patent number: 9940466Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.Type: GrantFiled: December 7, 2016Date of Patent: April 10, 2018Assignee: International Business Machines CorporationInventors: Constantin M. Adam, Nikolaos Anerousis, Vysakh K. Chandran, Milton H. Hernandez, Debasisha K. Padhi, Yaoping Ruan, Fabio M. Tanada, Frederick Y.-F. Wu, Sai Zeng
-
Patent number: 9727835Abstract: A method and system for remotely managing business processes via a mobile device is provided. The method includes enabling, for a user, an application integrated with analytic models and geo-positioning technology. The user and a location of the user are identified. Preferences associated with the user are identified and a status of business processes associated with the entity at the location is monitored. In response, a status of the entity at the location is determined. Status data associated with the status is presented to the user via the mobile device. The status data is based on the preferences. The user may initiate an escalation process based on the status provided.Type: GrantFiled: November 30, 2012Date of Patent: August 8, 2017Assignee: International Business Machines CorporationInventors: Max S. Bortolin, Guilherme S. Elias, Marcos Vinicius L. Paraiso, Marcos D. Sylos, Fabio M. Tanada, Sergio Varga
-
Publication number: 20170177878Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.Type: ApplicationFiled: December 7, 2016Publication date: June 22, 2017Inventors: Constantin M. Adam, Nikolaos Anerousis, Vysakh K. Chandran, Milton H. Hernandez, Debasisha K. Padhi, Yaoping Ruan, Fabio M. Tanada, Frederick Y.-F. Wu, Sai Zeng
-
Patent number: 9584378Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.Type: GrantFiled: December 22, 2015Date of Patent: February 28, 2017Assignee: International Business Machines CorporationInventors: Constantin M Adam, Nikolaos Anerousis, Vysakh K. Chandran, Milton H. Hernandez, Debasisha K. Padhi, Yaoping Ruan, Fabio M. Tanada, Frederick Y.-F. Wu, Sai Zeng
-
Publication number: 20140156354Abstract: A method and system for remotely managing business processes via a mobile device is provided. The method includes enabling, for a user, an application integrated with analytic models and geo-positioning technology. The user and a location of the user are identified. Preferences associated with the user are identified and a status of business processes associated with the entity at the location is monitored. In response, a status of the entity at the location is determined. Status data associated with the status is presented to the user via the mobile device. The status data is based on the preferences. The user may initiate an escalation process based on the status provided.Type: ApplicationFiled: November 30, 2012Publication date: June 5, 2014Applicant: International Business Machines CorporationInventors: Max S. Bortolin, Guilherme S. Elias, Marcos Vinicius L. Paraiso, Marcos D. Sylos, Fabio M. Tanada, Sergio Varga