Patents by Inventor James Peter Ward

James Peter Ward has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8549592
    Abstract: A method and apparatus are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement key, which is stored only within a corresponding virtual TPM. Using the virtual endorsement key, each virtual TPM also generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.
    Type: Grant
    Filed: July 12, 2005
    Date of Patent: October 1, 2013
    Assignee: International Business Machines Corporation
    Inventors: Steven A. Bade, James Patrick Hoff, Siegfried Sutter, James Peter Ward, Helmut H. Weber
  • Patent number: 7653819
    Abstract: A method, computer program, and system for paging platform configuration registers in and out of a trusted platform module. In a trusted computing platform, an unlimited number of platform configuration registers can be obtained through paging. The trust platform module encrypts and decrypts platform configuration registers for storage outside the trusted platform module.
    Type: Grant
    Filed: October 1, 2004
    Date of Patent: January 26, 2010
    Assignee: Lenovo Singapore Pte Ltd.
    Inventors: Steven A. Bade, Charles Douglas Ball, Ryan Charles Catherman, James Patrick Hoff, James Peter Ward
  • Patent number: 7590845
    Abstract: A method for a plurality of key cache managers for a plurality of localities to share cryptographic key storage resources of a security chip, includes: loading an application key into the key storage; and saving a restoration data for the application key by a key cache manager, where the restoration data can be used by the key cache manager to re-load the application key into the key storage if the application key is evicted from the key storage by another key cache manager. The method allows each of a plurality of key cache managers to recognize that its key had been removed from the security chip and to restore its key. The method also allows each key cache manager to evict or destroy any key currently loaded on the security chip without affecting the functionality of other localities.
    Type: Grant
    Filed: December 22, 2003
    Date of Patent: September 15, 2009
    Assignee: Lenovo Singapore Pte. Ltd.
    Inventors: Charles Douglas Ball, Ryan Charles Catherman, James Patrick Hoff, James Peter Ward
  • Patent number: 7590870
    Abstract: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
    Type: Grant
    Filed: April 10, 2003
    Date of Patent: September 15, 2009
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Ryan Charles Catherman, Steven Dale Goodman, James Patrick Hoff, Randall Scott Springfield, James Peter Ward
  • Patent number: 7581097
    Abstract: An apparatus, system and method of secure communications from a human interface device are provided. The apparatus, system, and method receive input data and calculate encrypted data from the input data using a secure credential. In one embodiment the apparatus, system, and method request and receive a single instance credential and calculate the encrypted data using the secure credential and the single instance credential. The encrypted data may be a secure authorization that may be valid for one use. Communication of the encrypted data through networks and communicating devices is secure. The encrypted data may not be decrypted even if intercepted without the secure credential. The apparatus, system, and method enable secure communications from the human interface device.
    Type: Grant
    Filed: December 23, 2003
    Date of Patent: August 25, 2009
    Assignee: Lenovo Pte Ltd
    Inventors: Ryan Charles Catherman, Dave Carroll Challener, Akira Hino, James Patrick Hoff, James Peter Ward
  • Patent number: 7484105
    Abstract: An update utility requests a signature verification of the utility's signature along with a request to unlock the flash memory stored in the utility. A trusted platform module (“TPM”) performs a signature verification of the utility using a previously stored public key. Upon verification of the signature, the TPM unlocks the flash memory to permit update of the utility. Upon completion of the update, the flash utility issues a lock request to the TPM to relock the flash memory.
    Type: Grant
    Filed: August 16, 2001
    Date of Patent: January 27, 2009
    Assignee: Lenovo (Singapore) Ptd. Ltd.
    Inventors: Steven Dale Goodman, James Patrick Hoff, Randall Scott Springfield, James Peter Ward
  • Patent number: 7412596
    Abstract: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
    Type: Grant
    Filed: October 16, 2004
    Date of Patent: August 12, 2008
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: David Carroll Challener, Daryl Carvis Cromer, Joseph Wayne Freeman, Steven Dale Goodman, James Patrick Hoff, Howard Jeffrey Locker, Randall Scott Springfield, James Peter Ward
  • Patent number: 7389536
    Abstract: Access to secure data through a portable computing system is provided only when a timer within the system is running. The timer is reset with the portable system connected to a base system, either directly, as by a cable, or indirectly, as through a telephone network. In an initialization process, the portable and base systems exchange data, such as public cryptographic keys, which are later used to confirm that the portable system is connected to the same base system. In one embodiment, the initialization process also includes storing a password transmitted from the portable system within the base system, with this password later being required within the reset process.
    Type: Grant
    Filed: November 14, 2001
    Date of Patent: June 17, 2008
    Assignee: Lenovo Singapore Pte Ltd.
    Inventors: David Carroll Challener, Ernest Nelson Mandese, Hernando Ovies, James Peter Ward
  • Patent number: 7269747
    Abstract: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
    Type: Grant
    Filed: April 10, 2003
    Date of Patent: September 11, 2007
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Ryan Charles Catherman, Steven Dale Goodman, James Patrick Hoff, Randall Scott Springfield, James Peter Ward
  • Patent number: 7263608
    Abstract: A Trusted Computing Platform Alliance (TCPA) endorsement certificate is provided by comparing a trusted platform module (TPM) public key transmitted by an owner of the computing device to which the TPM belongs to a copy of the key as originally stored in a remote database prior to vending the device. If a match is found the certificate is created using the public key, and then sent to the owner of the computing device.
    Type: Grant
    Filed: December 12, 2003
    Date of Patent: August 28, 2007
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: David Carroll Challener, James Patrick Hoff, Randall Scott Springfield, James Peter Ward
  • Patent number: 7257108
    Abstract: A network includes a plurality of wall plates, each of the wall plates couples a network resource such as a computer or a network attached device to the network and includes an RFID circuit to detect proximate devices having an RFID tag. The proximate devices can be network attached devices or non network attached devices such as desks, phones, and artwork. Logic is included within each wall plate which includes wall plate physical location information. The logic is designed to respond to a broadcast signal. In so doing, the physical location of any resource can be determined. The physical location of all known resources are provided to an inventory application in the network, thereby allowing network administrators and users to remotely determine the physical location (room, floor, building, etc.) of any and all known resources attached to the network. Likewise, local computer users are able to identify the network resources located in their vicinity.
    Type: Grant
    Filed: July 28, 2004
    Date of Patent: August 14, 2007
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Richard W. Cheston, Daryl Carvis Cromer, Dhruv Manmohandas Desai, Howard Jeffrey Locker, James Peter Ward
  • Patent number: 7257701
    Abstract: A method and system for configuring an operating system in a computer system including language selection during bootup rather than at manufacture. A first aspect of the method and system comprises providing a plurality of operating system images in the computer system, each of the plurality of operating system images being based upon a particular language, selecting one of the plurality of operating system images based on the language supported by the computer system and loading the selected operating system image into the computer system. A second aspect of the method and system comprises providing a language-independent operating system image in the computer system, determining a language supported by the computer system, loading the language-independent operating system image into the computer system, and associating the language supported by the computer system with the language-independent operating system image.
    Type: Grant
    Filed: November 21, 2001
    Date of Patent: August 14, 2007
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Richard Wayne Cheston, Daryl Carvis Cromer, Howard Jeffrey Locker, David Benson Rhoades, Randall Scott Springfield, James Peter Ward
  • Patent number: 7254722
    Abstract: A motherboard for a computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the motherboard is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset on the motherboard.
    Type: Grant
    Filed: April 10, 2003
    Date of Patent: August 7, 2007
    Assignee: Lenovo (Singapore) Pte. Ltd
    Inventors: Ryan Charles Catherman, Steven Dale Goodman, James Patrick Hoff, Randall Scott Springfield, James Peter Ward
  • Patent number: 7218944
    Abstract: A wireless communication network comprising: (1) a plurality of mobile devices each configured to receive a beacon being broadcasted within the network and determine based on information transmitted within the beacon whether the mobile device is supported within the network; and (2) one or more access devices configured to broadcast the beacon within the network. Each of the mobile devices has a transmitting mechanism for communicating with the one or more access device. However, only those mobile devices that are supported by the network respond to the receipt of the beacon. Thus, no transmission occurs from the mobile devices until the device is identified as being supported by the network. These mobile devices instantiating a communication path with the one or more access devices and request an authentication from the one or more access devices. In this manner, a handshake mechanism is established between the access devices and the mobile devices that are supported by the network.
    Type: Grant
    Filed: March 21, 2002
    Date of Patent: May 15, 2007
    Assignee: International Business Machines Corporation
    Inventors: Daryl Carvis Cromer, Philip John Jakes, Howard Jeffrey Locker, James Peter Ward
  • Patent number: 7203183
    Abstract: Apparatus and method provides dynamic load balancing of network bandwidth between access points in an 802.11 wireless LAN. The access point generates and monitors average bandwidth utilization of client devices connected to said access point. The average bandwidth utilization for each client device is aggregated and selected clients are forced to roam to other access points if the aggregate bandwidth is equal or exceeds a threshold.
    Type: Grant
    Filed: June 26, 2002
    Date of Patent: April 10, 2007
    Assignee: International Business Machines Corporation
    Inventors: Daryl Carvis Cromer, Philip John Jakes, Howard Jeffrey Locker, James Peter Ward
  • Patent number: 7200652
    Abstract: A method and system for providing automatic notification of an end of lease of a computer system and its location within a computer network is disclosed. The computer network includes a server computer system and multiple client computer systems. A message is initially sent from the server computer system to all the client computer systems to inquire the lease status of each of the client computer systems. At each of the client computer systems, a determination is made as to whether or not a current date falls within a predetermined amount of days from the end of lease date for the client computer system. If the current date falls within the predetermined amount of days from the end of lease date for the client computer system, the physical location of the client computer system is obtained from a storage device located at an Ethernet wall plate to which the client computer system is attached.
    Type: Grant
    Filed: July 16, 2001
    Date of Patent: April 3, 2007
    Assignee: International Business Machines Corporation
    Inventors: Richard Wayne Cheston, Daryl Carvis Cromer, Howard Jeffrey Locker, James Peter Ward
  • Patent number: 7174463
    Abstract: A method for authentication in a computer system includes registering a biometric template in the computer system, thereafter, verifying the authenticity of the registered biometric template and then comparing the biometric template with a biometric image of a user if the biometric template is authentic. If the user's biometric image matches the biometric template, the computer system will continue to boot.
    Type: Grant
    Filed: October 4, 2001
    Date of Patent: February 6, 2007
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Daryl Carvis Cromer, Joshua James Jankowsky, Howard Jeffrey Locker, Andy Lloyd Trotte, James Peter Ward
  • Patent number: 7167982
    Abstract: A method, system and computer program product for securing decrypted files in a shared environment. A filter driver in a kernel space may be configured to control service requests to encrypted files stored in a shared area, e.g., a shared directory on a disk unit, accessible by multiple users. The filter driver may receive a service request to open an encrypted document in the shared area issued from an authorized user. Upon receiving the encrypted data, the filter driver may decrypt the encrypted data. The filter driver may subsequently store the decrypted data in a file in a non-shared area, e.g., a non-shared directory. The non-shared area may be accessible only by the authorized user that requested access to the encrypted file. By storing the decrypted data in a file in the non-shared area, a file once decrypted may be protected in a file sharing environment.
    Type: Grant
    Filed: September 14, 2001
    Date of Patent: January 23, 2007
    Assignee: Lenovo (Singapore) Pte Ltd.
    Inventors: Scott Thomas Elliott, James Patrick Hoff, Christopher Scott Long, David Rivera, James Peter Ward
  • Patent number: 7155605
    Abstract: A data processing system and method are disclosed for maintaining a secure data block within the system. A block of data is established within the system. The block of data is associated with a particular user and a particular application. A hardware master key pair is established for the system. The hardware master key pair includes a master private key and a master public key. The hardware master key pair is associated with the system for which it was established so that the master private key is known to only that system. The block of data is encrypted utilizing the master public key. The master private key is required to decrypt the encrypted block of data. This data processing system is the only system capable of decrypting the encrypted block of data.
    Type: Grant
    Filed: March 31, 1999
    Date of Patent: December 26, 2006
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Daryl Carvis Cromer, Howard Locker, Andy Lloyd Trotter, James Peter Ward
  • Patent number: 7146433
    Abstract: A remote mobile unit (MU) including a radio device is provided with an ability to communicate through a LAN by remote association with an access point (AP) that is out of range for communication with the radio device of the remote MU. The remote MU transmits a quest frames that is received and retransmitted by one or more intermediate MUs until a connection is made with the AP. Each of the intermediate MUs adds an identifying address to the request, forming a path that is used in both directions to transmit a response from the AP to the remote MU and to transmit data between the AP and the MU.
    Type: Grant
    Filed: February 1, 2002
    Date of Patent: December 5, 2006
    Assignee: Lenovo Singapore Pte. Ltd
    Inventors: Daryl Carvis Cromer, Howard Jeffrey Locker, Andy Lloyd Trotter, James Peter Ward