Patents by Inventor Glen A. Jaquette

Glen A. Jaquette has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12047492
    Abstract: Device-implemented methodology for enabling and/or performing crypto-erase via internal action and external action. In one illustrative aspect, a request to read data is received at a device configured to perform data operations on a storage medium, the data being stored on the storage medium in encrypted form. In one approach, a first key stored within the device is accessed. In another approach, a first key stored on and/or with the storage medium is retrieved. A second key is received from an external source. A media encryption key is generated using the first and second keys. The encrypted form of the data is read from the storage medium. The encrypted form of the data is decrypted using the media encryption key. The decrypted data is output. Methodology for writing encrypted data is also presented.
    Type: Grant
    Filed: March 3, 2020
    Date of Patent: July 23, 2024
    Assignee: International Business Machines Corporation
    Inventor: Glen Jaquette
  • Patent number: 11748196
    Abstract: A method for more efficiently utilizing storage space in a redundant array of independent disks (RAID) is disclosed. In one embodiment, such a method implements a RAID from multiple storage drives. The RAID utilizes data striping with distributed parity values to provide desired data protection/redundancy. The distributed parity values are placed on selected storage drives of the RAID in accordance with a designated parity rotation. The method further adaptively alters the parity rotation of the RAID to provide an increased concentration of parity values in certain storage drives of the RAID compared to other storage drives of the RAID. This parity rotation may be adapted based on residual storage capacity in each storage drive, consumed space in each storage drive, or the like. A corresponding system and computer program product are also disclosed.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: September 5, 2023
    Assignee: International Business Machines Corporation
    Inventors: Glen Jaquette, Jacob Smalts, David Mullen, Van Smith
  • Patent number: 11630839
    Abstract: Provided are a computer program product, system, and method for merging multiple point-in-time copies into a merged point-in-time copy. A repository maintains a full copy of the source data and point-in-time copies at point-in-times of the source data. Each of the point-in-time copies have change information indicating changed data in the source data that changed between the point-in-time of the point-in-time copy and a subsequent point-in-time and changed point-in-time data comprising data in the source data as of the point-in-time of the point-in-time copy indicated in the change information as changed. At least two selected of the point-in-time copies in the repository are merged into a merged point-in-time copy by: forming merged change information in the merged point-in-time copy indicating changed data indicated in change information for the selected point-in-time copies; and forming merged changed data in the merged point-in-time copy from the changed data in the selected point-in-time copies.
    Type: Grant
    Filed: June 21, 2019
    Date of Patent: April 18, 2023
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Glen A. Jaquette, Gregory T. Kishi, Alistair L. Symon
  • Patent number: 11563588
    Abstract: A path is secured from one node to another node of the computing environment. The one node obtains a first encryption key and a second encryption key. A shared key is obtained by the one node from a key server, and the shared key is used to encrypt a message. The encrypted message includes the first encryption key and the second encryption key. The encrypted message and an identifier of the shared key is sent from the one node to the other node, and a response message is received by the one node. The response message at least provides an indication that the other node received the encrypted message and obtained the shared key.
    Type: Grant
    Filed: May 10, 2021
    Date of Patent: January 24, 2023
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11522681
    Abstract: A path for a node of a computing environment is secured. The securing includes obtaining, by the node, a message that includes an identifier of a shared key and an encrypted message. The node obtains the shared key from a key server and uses it to decrypt the encrypted message to obtain an encryption key and one or more parameters. A security parameters index to be associated with the encryption key and the one or more parameters is obtained. The node sends a response message to another node, the response message including the security parameters index.
    Type: Grant
    Filed: December 30, 2020
    Date of Patent: December 6, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11194667
    Abstract: Provided are a computer program product, system, and method for creating a restore copy from a copy of a full copy of source data in a repository that is at a different point-in-time than a restore point-in-time of a restore request. A repository has a full copy of source data as of a full copy point-in-time and for each of a plurality of point-in-time copies at different point-in-times of the source data, change information indicating changed data in the source data that changed between the point-in-time of the point-in-time copy and a subsequent point-in-time, and changed point-in-time data comprising data in the source data as of the point-in-time of the point-in-time copy indicated in the change information as changed. A point-in-time copy of the full copy is created in response to a restore request and returned as a restore copy to the restore request.
    Type: Grant
    Filed: February 7, 2014
    Date of Patent: December 7, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Glen A. Jaquette, Gregory T. Kishi
  • Patent number: 11169958
    Abstract: Provided are a computer program product, system, and method for using a repository having a full copy of source data and point-in-time information from point-in-time copies of the source data to restore the source data at different points-in-time. The source data is copied to a full copy in the repository. Point-in-time copies are initiated at different point-in-times of the source data. In response to completing each of the point-in-time copies, transmitting to the repository change information indicating changed data in the source data that changed between the point-in-time and the subsequent point-in-time and changed point-in-time data comprising data in the source data as of the point-in-time of the point-in-time copy. In response to a restore request having a restore time, applying the changed point-in-time data from at least one of the point-in-time copies to the data of the full copy to restore the full copy to the restore time.
    Type: Grant
    Filed: February 7, 2014
    Date of Patent: November 9, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Glen A. Jaquette, Gregory T. Kishi
  • Patent number: 11157420
    Abstract: A system includes a processor and logic integrated with the processor, executable by the processor, or integrated with and executable by the processor, or integrated with and executable by the processor. The logic is configured to receive a request to store data on media and obtain a data key. The logic is configured to generate an encryption encapsulated data key using the data key and generate a session encrypted data key using the data key. The logic is further configured to provide the session encrypted data key to a machine configured to write encrypted data to the data storage media for use by the machine in writing encrypted data to the data storage media. The logic is configured to provide the encryption encapsulated data key to the machine for enabling the machine to store the encryption encapsulated data key with the data on the data storage media.
    Type: Grant
    Filed: July 31, 2019
    Date of Patent: October 26, 2021
    Assignee: International Business Machines Corporation
    Inventors: Paul M. Greco, Glen A. Jaquette
  • Patent number: 11157361
    Abstract: A method for more efficiently utilizing storage space in a set of storage drives is disclosed. In one embodiment, such a method implements, in a set of storage drives, a first RAID utilizing data striping with distributed parity values. The method further implements, in a subset of the set of storage drives, a second RAID using residual storage space in storage drives belonging to the subset. Storage drives belonging to the subset may have a storage capacity that is larger than storage drives not belonging to the subset. In certain embodiments, the method adaptively alters a parity rotation of the first RAID to provide an increased concentration of parity values in certain storage drives of the first RAID compared to other storage drives of the first RAID. A corresponding system and computer program product are also disclosed.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: October 26, 2021
    Assignee: International Business Machines Corporation
    Inventors: Glen Jaquette, Jacob Smalts, David Mullen, Van Smith
  • Patent number: 11150994
    Abstract: Provided are a computer program product, system, and method for creating a restore copy from a copy of source data in a repository having source data at different point-in-times. All the source data as of an initial point-in-time is copied to a repository. In response to completing point-in-time copies following the initial point-in-time, change information is transmitted to the repository indicating changed data in the source data that changed between the point-in-time of the point-in-time copy and a subsequent point-in-time. For each point-in-time copy, copying changed source data comprising source data indicated in the change information for the point-in-time copy as changed to the repository. A restore request is received to restore the source data as of a restore point-in-time. The source data in the repository as of the restore point-in-time is copied from the repository to a restore copy.
    Type: Grant
    Filed: February 15, 2019
    Date of Patent: October 19, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Glen A. Jaquette, Gregory T. Kishi
  • Publication number: 20210266182
    Abstract: A path is secured from one node to another node of the computing environment. The one node obtains a first encryption key and a second encryption key. A shared key is obtained by the one node from a key server, and the shared key is used to encrypt a message. The encrypted message includes the first encryption key and the second encryption key. The encrypted message and an identifier of the shared key is sent from the one node to the other node, and a response message is received by the one node. The response message at least provides an indication that the other node received the encrypted message and obtained the shared key.
    Type: Application
    Filed: May 10, 2021
    Publication date: August 26, 2021
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11088829
    Abstract: A path for a node of a computing environment is secured. The securing includes obtaining, by the node, a message that includes an identifier of a shared key and an encrypted message, the encrypted message including a first encryption key, a second encryption key, one or more first parameters and one or more second parameters. The node obtains the shared key from a key server and uses it to decrypt the encrypted message to obtain the first encryption key, the second encryption key, the one or more first parameters and the one or more second parameters. A second security parameters index, to be associated with the second encryption key and the one or more second parameters, is obtained. The node sends a response message to another node, the response message including the second security parameters index.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: August 10, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11038698
    Abstract: A path is secured from one node to another node of the computing environment. The one node obtains a first encryption key and one or more first parameters for transmission of data, and a second encryption key and one or more second parameters for reception of data. A shared key is obtained by the one node from a key server, and the shared key is used to encrypt a message. The encrypted message includes the first encryption key, the one or more first parameters, the second encryption key and the one or more second parameters. The encrypted message and an identifier of the shared key is sent from the one node to the other node, and a response message is received by the one node. The response message at least provides an indication that the other node received the encrypted message and obtained the shared key.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: June 15, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11038671
    Abstract: Authentication is performed on a plurality of links to be used to couple one node of the computing environment and another node of the computing environment. The performing authentication includes obtaining, by the other node from the one node via one link of the plurality of links, an identifier of a shared key maintained by a key server. The other node uses the identifier to obtain the shared key from the key server. An indication that the other node decrypted a message received from the one node using the shared key is sent from the other node via the one link. The sending the indication on one or more other links of the plurality of links is repeated for subsequent messages decrypted by the other node using the shared key previously obtained.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: June 15, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11025413
    Abstract: Authentication is performed on a plurality of links coupling one node of the computing environment and another node of the computing environment. The performing authentication includes obtaining by the one node a shared key from a key server coupled to the one node and another node of the computing environment. A message encrypted with the shared key is sent from the one node to the other node via one link of the plurality of links. An indication that the other node decrypted the message using the shared key obtained by the other node is received from the other node via the one link. The sending and the receiving are repeated on one or more other links of the plurality of links using the shared key previously obtained.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: June 1, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette, Peter G. Sutton
  • Publication number: 20210119784
    Abstract: A path for a node of a computing environment is secured. The securing includes obtaining, by the node, a message that includes an identifier of a shared key and an encrypted message. The node obtains the shared key from a key server and uses it to decrypt the encrypted message to obtain an encryption key and one or more parameters. A security parameters index to be associated with the encryption key and the one or more parameters is obtained. The node sends a response message to another node, the response message including the security parameters index.
    Type: Application
    Filed: December 30, 2020
    Publication date: April 22, 2021
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Publication number: 20210083858
    Abstract: Device-implemented methodology for enabling and/or performing crypto-erase via internal action and external action. In one illustrative aspect, a request to read data is received at a device configured to perform data operations on a storage medium, the data being stored on the storage medium in encrypted form. In one approach, a first key stored within the device is accessed. In another approach, a first key stored on and/or with the storage medium is retrieved. A second key is received from an external source. A media encryption key is generated using the first and second keys. The encrypted form of the data is read from the storage medium. The encrypted form of the data is decrypted using the media encryption key. The decrypted data is output. Methodology for writing encrypted data is also presented.
    Type: Application
    Filed: March 3, 2020
    Publication date: March 18, 2021
    Inventor: Glen Jaquette
  • Patent number: 10833860
    Abstract: Authentication is performed on a plurality of links of a computing environment. One node requests generation of a shared key by a key server coupled to the one node. The one node obtains the shared key and an identifier of the shared key and sends the identifier from the one node to another node. A message encrypted with the shared key is sent from the one node to the other node via one link of the plurality of links. The one node receives via the one link an indication that the other node decrypted the encrypted message using the shared key obtained by the other node. The sending the encrypted message and the receiving the indication that the other node decrypted the encrypted message are repeated on one or more other links of the plurality of links using the shared key previously obtained.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: November 10, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 10785024
    Abstract: A data handling system includes a block-based storage device. An encryption key structure block includes key structure locations that may store encryption key structures. A key structure may take on at least three states: an erased state, an active state, and a zeroized state. The key structure includes error control data fields that are configured to contain error control data that independently protect data of the key structure in the active and the zeroized state. Key structures may be stored to key structure locations within a first encryption key block until each key structure location has stored a key structure in the active or zeroized state. Subsequently, the key structures in the active state may be copied and stored in key structure locations within a second encryption key block.
    Type: Grant
    Filed: June 20, 2018
    Date of Patent: September 22, 2020
    Assignee: International Business Machines Corporation
    Inventor: Glen Jaquette
  • Patent number: 10764291
    Abstract: Access between a plurality of nodes of the computing environment is controlled by a key server. The key server receives from one node of the plurality of nodes, a request for a shared key, in which the shared key is created for a selected node pair. A determination is made by the key server as to whether the one node is a node of the selected node pair. In one example, the determining checks an alternate name of the one node to determine whether it matches an alternate name associated with the shared key. Based on determining the one node is a node of the selected node pair, the key server provides the shared key to the one node.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: September 1, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette, Jacob L. Sheppard, Peter G. Sutton