Patents by Inventor Jakob C. Lang
Jakob C. Lang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11429733Abstract: A method for sharing secret data between multiple containers. In response to the initial booting of an operating system instance in a container, a unique operating system identifier is generated for the operating system instance. A grant authority stores the unique operating system identifier in a reserved area of a secure storage device. In response to a request from the operating system instance to access secret data in the secure storage device, the grant authority determines whether the unique operating system identifier is stored in the secure storage device. The operating system instance may be granted access to secret data in the non-reserved area of the secure storage device.Type: GrantFiled: November 15, 2018Date of Patent: August 30, 2022Assignee: International Business Machines CorporationInventors: Klaus Werner, Jakob C. Lang, Joerg Schmidbauer, Angel Nunez Mencias
-
Patent number: 11204881Abstract: Technology for decrypting and using a security module in a processor cache in a secure mode such that dynamic address translation prevents access to portions of the volatile memory outside of a secret store in a volatile memory.Type: GrantFiled: November 27, 2019Date of Patent: December 21, 2021Assignee: International Business Machines CorporationInventors: Angel Nunez Mencias, Jakob C. Lang, Martin Recktenwald, Ulrich Mayer
-
Patent number: 11082232Abstract: Auditably proving a usage history of an asset, in which the asset includes a hardware security module with at least a public key and a private key. A client application logs hash values of a pair of request data and response data. Usage history of the asset is proved. The proving includes verifying, using the public key, a signature of other hash values of the pair of request data and response data. The other hash values are signed with the private key. The proving further includes comparing the hash values logged by the client application with the other hash values.Type: GrantFiled: June 24, 2019Date of Patent: August 3, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Klaus Werner, Jakob C. Lang, Joerg Schmidbauer, Angel Nunez Mencias
-
Patent number: 10936325Abstract: A computer-implemented method, for booting a computer system, that provides a list with entries of startup processes. Each startup process defines a resource of the computer system. For each startup process a requirement is defined. The method further comprises fetching one of the entries of the list with entries of startup processes; determining whether the requirement is satisfied for the one of the entries of the list with entries of startup processes; fetching, in case the requirement is not fulfilled, a next one of the entries of the list with entries of startup processes; starting, in case the required resource is fulfilled, the startup process; and repeating the fetching a next one of the entries, the determining and the starting until all startup processes of the list of startup processes have been started.Type: GrantFiled: September 4, 2019Date of Patent: March 2, 2021Assignee: International Business Machines CorporationInventors: Reinhard T. Buendgen, Jakob C. Lang, Volker Boenisch, Angel Nunez Mencias
-
Patent number: 10891170Abstract: In an approach to grouping related tasks, one or more computer processors receive a first task initialization by a first user. The one or more computer processors determine whether one or more additional tasks contained in one or more task groups are in use by the first user. Responsive to determining one or more additional tasks contained in one or more task groups are in use, the one or more computer processors determine whether the first task is related to at least one task of the one or more additional tasks. Responsive to determining the first task is related to at least one task of the one or more additional tasks, the one or more computer processors add the first task to the task group containing the at least one related task of the one or more additional tasks.Type: GrantFiled: July 20, 2016Date of Patent: January 12, 2021Assignee: International Business Machines CorporationInventors: Volker M. Boenisch, Reinhard Buendgen, Franziska Geisert, Jakob C. Lang, Mareike Lattermann, Angel Nunez Mencias
-
Publication number: 20200403803Abstract: Auditably proving a usage history of an asset, in which the asset includes a hardware security module with at least a public key and a private key. A client application logs hash values of a pair of request data and response data. Usage history of the asset is proved. The proving includes verifying, using the public key, a signature of other hash values of the pair of request data and response data. The other hash values are signed with the private key. The proving further includes comparing the hash values logged by the client application with the other hash values.Type: ApplicationFiled: June 24, 2019Publication date: December 24, 2020Inventors: Klaus Werner, Jakob C. Lang, Joerg Schmidbauer, Angel Nunez Mencias
-
Patent number: 10735294Abstract: Integrating a further communication bridge into a running data processing system. The data processing system includes a communication client running a first operating system having no own communication stack and at least a first communication bridge running a second operating system having an own communication stack. The first communication bridge is configured as a master communication bridge. The further communication bridge announces itself as a slave communication bridge at an announcement time. The master communication bridge executes a quiesce process on the network adapter and on the API of the communication client when there are no data packets in the queue with a sending time earlier than the announcement time. The master communication bridge extracts the state of its communication stack and sends it to the further communication bridge. The master communication bridge resumes the network adapter and the API.Type: GrantFiled: October 24, 2019Date of Patent: August 4, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jakob C. Lang, Andreas Maier, Rene Trumpp, Angel Nunez Mencias
-
Patent number: 10691356Abstract: A secure storage device is connected to a computer system. The secure storage device has a memory including a domain and a subdomain storing first and second data, respectively. The computer system includes a first level hypervisor managing a first level virtual machine, which supports a first operating system, and a second level hypervisor. The second level hypervisor manages a second level virtual machine, which supports a second level operating system. A first authentication process for the first level operating system uses first profile data sent by the computer system and a portion of the first data. A second authentication process for the second level operating system uses second profile data sent by the computer system and a portion of the second data. The first data is not accessible by the second level operating system. The second data is not accessible by the first level operating system.Type: GrantFiled: November 26, 2018Date of Patent: June 23, 2020Assignee: International Business Machines CorporationInventors: Klaus Werner, Joerg Schmidbauer, Jakob C. Lang
-
Patent number: 10686685Abstract: A method is provided for suspending and resuming virtual machines in a network in dependence of network activity. The method includes providing a virtual machine manager. The virtual machine manager monitors network traffic of the virtual machines on a network bridge in a network layer using data packet analysis to detect dedicated network protocol traffic. More particularly, the monitoring of network traffic of the virtual machines may include: logging network addresses of the virtual machines of the network; combining logged network addresses with information about suspending or resuming virtual machines based on filtering rules being provided for such combination; and sending information about the network addresses of active and suspended virtual machines for virtual network adapters assigned to the virtual machines to the virtual machine manager.Type: GrantFiled: March 7, 2019Date of Patent: June 16, 2020Assignee: International Business Machines CorporationInventors: Jakob C. Lang, Angel Nunez-Mencias, Thomas Pohl, Martin Troester
-
Patent number: 10685126Abstract: A method for operating a secure storage device with a non-volatile memory on a computer system which executes multiple operating system instances. The non-volatile memory comprises one or more domains which are used by the operating system instances. A separate trusted key entry system is used to configure secret data of an operating system instance stored in the non-volatile memory. The method comprises setting a domain to either secure or non-secure mode; generating a unique identifier of the operating system instance; generating a secure hash for the operating system instance; and storing the secure hash in the domain.Type: GrantFiled: January 22, 2018Date of Patent: June 16, 2020Assignee: International Business Machines CorporationInventors: Jakob C. Lang, Joerg Schmidbauer, Klaus Werner
-
Publication number: 20200167085Abstract: A secure storage device is connected to a computer system. The secure storage device has a memory including a domain and a subdomain storing first and second data, respectively. The computer system includes a first level hypervisor managing a first level virtual machine, which supports a first operating system, and a second level hypervisor. The second level hypervisor manages a second level virtual machine, which supports a second level operating system. A first authentication process for the first level operating system uses first profile data sent by the computer system and a portion of the first data. A second authentication process for the second level operating system uses second profile data sent by the computer system and a portion of the second data. The first data is not accessible by the second level operating system. The second data is not accessible by the first level operating system.Type: ApplicationFiled: November 26, 2018Publication date: May 28, 2020Inventors: Klaus Werner, Joerg Schmidbauer, Jakob C. Lang
-
Publication number: 20200159940Abstract: A method for sharing secret data between multiple containers. In response to the initial booting of an operating system instance in a container, a unique operating system identifier is generated for the operating system instance. A grant authority stores the unique operating system identifier in a reserved area of a secure storage device. In response to a request from the operating system instance to access secret data in the secure storage device, the grant authority determines whether the unique operating system identifier is stored in the secure storage device. The operating system instance may be granted access to secret data in the non-reserved area of the secure storage device.Type: ApplicationFiled: November 15, 2018Publication date: May 21, 2020Inventors: Klaus Werner, Jakob C. Lang, Joerg Schmidbauer, Angel Nunez Mencias
-
Publication number: 20200110712Abstract: Technology for decrypting and using a security module in a processor cache in a secure mode such that dynamic address translation prevents access to portions of the volatile memory outside of a secret store in a volatile memory.Type: ApplicationFiled: November 27, 2019Publication date: April 9, 2020Inventors: Angel Nunez Mencias, Jakob C. Lang, Martin Recktenwald, Ulrich Mayer
-
Patent number: 10606681Abstract: Methods and systems for executing dumping of main memory content and CPU states and for an adaptive boot. The methods and the systems provide a configuration list of the computer system comprising a pre-defined set of dedicated resources for the dumping, provide threshold values for a pre-defined set of minimum resources for executing a reboot of the computer system, assign the pre-defined set of the dedicated resources for executing the dumping, start the dumping, release ones of the dedicated resources after content of the ones of the dedicated resources has been dumped, start a reboot process of the computer system in response to determining that the ones of the dedicated resources exceeds the threshold values for the pre-defined set of the minimum resources for executing the reboot process, and continue to release others of the dedicated resources to the reboot process until the dumping is completed.Type: GrantFiled: November 10, 2017Date of Patent: March 31, 2020Assignee: International Business Machines CorporationInventors: Volker Boenisch, Reinhard T. Buendgen, Franziska Geisert, Michael Holzheu, Jakob C. Lang, Angel Nunez Mencias
-
Patent number: 10601692Abstract: Integrating a further communication bridge into a running data processing system. The data processing system includes a communication client running a first operating system having no own communication stack and at least a first communication bridge running a second operating system having an own communication stack. The first communication bridge is configured as a master communication bridge. The further communication bridge announces itself as a slave communication bridge at an announcement time. The master communication bridge executes a quiesce process on the network adapter and on the API of the communication client when there are no data packets in the queue with a sending time earlier than the announcement time. The master communication bridge extracts the state of its communication stack and sends it to the further communication bridge. The master communication bridge resumes the network adapter and the API.Type: GrantFiled: December 28, 2018Date of Patent: March 24, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jakob C. Lang, Andreas Maier, Rene Trumpp, Angel Nunez Mencias
-
Patent number: 10592255Abstract: A computer-implemented method, for booting a computer system, that provides a list with entries of startup processes. Each startup process defines a resource of the computer system. For each startup process a requirement is defined. The method further comprises fetching one of the entries of the list with entries of startup processes; determining whether the requirement is satisfied for the one of the entries of the list with entries of startup processes; fetching, in case the requirement is not fulfilled, a next one of the entries of the list with entries of startup processes; starting, in case the required resource is fulfilled, the startup process; and repeating the fetching a next one of the entries, the determining and the starting until all startup processes of the list of startup processes have been started.Type: GrantFiled: October 24, 2017Date of Patent: March 17, 2020Assignee: International Business Machines CorporationInventors: Reinhard T. Buendgen, Jakob C. Lang, Volker Boenisch, Angel Nunez Mencias
-
Patent number: 10585671Abstract: A computer-implemented method, for booting a computer system, that provides a list with entries of startup processes. Each startup process defines a resource of the computer system. For each startup process a requirement is defined. The method further comprises fetching one of the entries of the list with entries of startup processes; determining whether the requirement is satisfied for the one of the entries of the list with entries of startup processes; fetching, in case the requirement is not fulfilled, a next one of the entries of the list with entries of startup processes; starting, in case the required resource is fulfilled, the startup process; and repeating the fetching a next one of the entries, the determining and the starting until all startup processes of the list of startup processes have been started.Type: GrantFiled: July 17, 2017Date of Patent: March 10, 2020Assignee: International Business Machines CorporationInventors: Reinhard T. Buendgen, Jakob C. Lang, Volker Boenisch, Angel Nunez Mencias
-
Patent number: 10585736Abstract: Methods and systems for executing dumping of main memory content and CPU states and for an adaptive boot. The methods and the systems provide a configuration list of the computer system comprising a pre-defined set of dedicated resources for the dumping, provide threshold values for a pre-defined set of minimum resources for executing a reboot of the computer system, assign the pre-defined set of the dedicated resources for executing the dumping, start the dumping, release ones of the dedicated resources after content of the ones of the dedicated resources has been dumped, start a reboot process of the computer system in response to determining that the ones of the dedicated resources exceeds the threshold values for the pre-defined set of the minimum resources for executing the reboot process, and continue to release others of the dedicated resources to the reboot process until the dumping is completed.Type: GrantFiled: August 1, 2017Date of Patent: March 10, 2020Assignee: International Business Machines CorporationInventors: Volker Boenisch, Reinhard T. Buendgen, Franziska Geisert, Michael Holzheu, Jakob C. Lang, Angel Nunez Mencias
-
Patent number: 10572931Abstract: Approving a group purchase request for a group of articles. A sub-group of articles is selected, wherein a unique article approval index is assigned to each of the articles and a highest article approval index is determined among the unique article approval indexes of the articles of the group, wherein the article of the group is selected into the sub-group if the article of the group complies with at least one of following article selection criteria: the unique article approval index of the article of the group is above a predetermined approval index threshold and the unique approval index of the article of the group is equal to the highest article approval index; approving the group purchase request for the group if the group purchase request for the sub-group is approved; and rejecting the group purchase request for the group if the group purchase request for the sub-group is rejected.Type: GrantFiled: December 12, 2017Date of Patent: February 25, 2020Assignee: International Business Machines CorporationInventors: Victor Rafael Escobar Olmos, Jakob C. Lang, Tomas Libal, Angel Nunez Mencias, Fabian Romanowski, Sven Sterbling
-
Publication number: 20200059427Abstract: Integrating a further communication bridge into a running data processing system. The data processing system includes a communication client running a first operating system having no own communication stack and at least a first communication bridge running a second operating system having an own communication stack. The first communication bridge is configured as a master communication bridge. The further communication bridge announces itself as a slave communication bridge at an announcement time. The master communication bridge executes a quiesce process on the network adapter and on the API of the communication client when there are no data packets in the queue with a sending time earlier than the announcement time. The master communication bridge extracts the state of its communication stack and sends it to the further communication bridge. The master communication bridge resumes the network adapter and the API.Type: ApplicationFiled: October 24, 2019Publication date: February 20, 2020Inventors: Jakob C. Lang, Andreas Maier, Rene Trumpp, Angel Nunez Mencias