Patents by Inventor James W. Sweeny

James W. Sweeny has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10061564
    Abstract: Aspects of present disclosure relate to random number generator, a method and a computer program product of improving entropy quality of the random number generator. The method may include: receiving, at an input/output interface module of the random number generator, a request to generate a random number having a predetermined number of random bits, and starting a random bit generating loop to generate each of the random bits of the random number to be generated. In certain embodiments, random bit generating loop may include: incorporating a CPU Time as a randomness factor in generating random number to improve entropy quality, including non-deterministic memory-subsystem latencies in entropy extraction, such as those introduced by unpredictable cache movements, generating a Candidate Bit by using a Clock Time, and generating a random bit for random number by using a von Neumann unbiasing analysis module, until every random bits of the random number is generated.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: August 28, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: James W. Sweeny, Tamas Visegrady
  • Patent number: 10057067
    Abstract: A method for verifying digital signatures in the presence of root key rollover includes issuing a cross-certificate to a rekeyed root certificate, validating the cross-certificate and the rekeyed root certificate with respect to an original trusted root certificate, and validating a digital media signature using the cross-certificate and the rekeyed root certificate. The method may also include adding the rekeyed root certificate to an end user's trusted root certificate store. The digital media signature validated via the method may correspond to a program signature. Validating the cross-certificate and the rekeyed root certificate may include verifying certificates within a program's certificate chain. A computer program product and a computer system corresponding to the method are also disclosed.
    Type: Grant
    Filed: May 27, 2015
    Date of Patent: August 21, 2018
    Assignee: International Business Machines Corporation
    Inventors: Wai F. Choi, James W. Sweeny
  • Patent number: 10015008
    Abstract: A computer-implemented method for encrypting binary data may include encoding raw binary data in Base64 format to generate Base64 binary data. The Base64 binary data may be encrypted, by a computer processor, using format-preserving encryption to generate Base64 ciphertext. The Base64 ciphertext may be validatable by a Base64 validator.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: July 3, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Steven R. Hart, Eysha S. Powers, James W. Sweeny
  • Publication number: 20180067726
    Abstract: Aspects of present disclosure relate to random number generator, a method and a computer program product of improving entropy quality of the random number generator. The method may include: receiving, at an input/output interface module of the random number generator, a request to generate a random number having a predetermined number of random bits, and starting a random bit generating loop to generate each of the random bits of the random number to be generated. In certain embodiments, random bit generating loop may include: incorporating a CPU Time as a randomness factor in generating random number to improve entropy quality, including non-deterministic memory-subsystem latencies in entropy extraction, such as those introduced by unpredictable cache movements, generating a Candidate Bit by using a Clock Time, and generating a random bit for random number by using a von Neumann unbiasing analysis module, until every random bits of the random number is generated.
    Type: Application
    Filed: November 10, 2017
    Publication date: March 8, 2018
    Inventors: James W. Sweeny, Tamas Visegrady
  • Patent number: 9891889
    Abstract: Aspects of present disclosure relate to random number generator, a method and a computer program product of improving entropy quality of the random number generator. The method may include: receiving, at an input/output interface module of the random number generator, a request to generate a random number having a predetermined number of random bits, and starting a random bit generating loop to generate each of the random bits of the random number to be generated. In certain embodiments, random bit generating loop may include: incorporating a CPU Time as a randomness factor in generating random number to improve entropy quality, including non-deterministic memory-subsystem latencies in entropy extraction, such as those introduced by unpredictable cache movements, generating a Candidate Bit by using a Clock Time, and generating a random bit for random number by using a von Neumann unbiasing analysis module, until every random bits of the random number is generated.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: February 13, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: James W. Sweeny, Tamas Visegrady
  • Publication number: 20180004486
    Abstract: Aspects of present disclosure relate to random number generator, a method and a computer program product of improving entropy quality of the random number generator. The method may include: receiving, at an input/output interface module of the random number generator, a request to generate a random number having a predetermined number of random bits, and starting a random bit generating loop to generate each of the random bits of the random number to be generated. In certain embodiments, random bit generating loop may include: incorporating a CPU_Time as a randomness factor in generating random number to improve entropy quality, including non-deterministic memory-subsystem latencies in entropy extraction, such as those introduced by unpredictable cache movements, generating a Candidate_Bit by using a Clock_Time, and generating a random bit for random number by using a von Neumann unbiasing analysis module, until every random bits of the random number is generated.
    Type: Application
    Filed: June 30, 2016
    Publication date: January 4, 2018
    Inventors: James W. Sweeny, Tamas Visegrady
  • Patent number: 9858436
    Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.
    Type: Grant
    Filed: September 3, 2015
    Date of Patent: January 2, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, John C. Dayka, Steven R. Hart, Geoffrey G. Jackson, Eysha S. Powers, James W. Sweeny
  • Patent number: 9798893
    Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.
    Type: Grant
    Filed: January 29, 2015
    Date of Patent: October 24, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, John C. Dayka, Steven R. Hart, Geoffrey G. Jackson, Eysha S. Powers, James W. Sweeny
  • Publication number: 20170170952
    Abstract: A computer-implemented method for encrypting binary data may include encoding raw binary data in Base64 format to generate Base64 binary data. The Base64 binary data may be encrypted, by a computer processor, using format-preserving encryption to generate Base64 ciphertext. The Base64 ciphertext may be validatable by a Base64 validator.
    Type: Application
    Filed: December 14, 2015
    Publication date: June 15, 2017
    Inventors: Steven R. Hart, Eysha S. Powers, James W. Sweeny
  • Publication number: 20160352521
    Abstract: A method for verifying digital signatures in the presence of root key rollover includes issuing a cross-certificate to a rekeyed root certificate, validating the cross-certificate and the rekeyed root certificate with respect to an original trusted root certificate, and validating a digital media signature using the cross-certificate and the rekeyed root certificate. The method may also include adding the rekeyed root certificate to an end user's trusted root certificate store. The digital media signature validated via the method may correspond to a program signature. Validating the cross-certificate and the rekeyed root certificate may include verifying certificates within a program's certificate chain. A computer program product and a computer system corresponding to the method are also disclosed.
    Type: Application
    Filed: May 27, 2015
    Publication date: December 1, 2016
    Inventors: Wai F. Choi, James W. Sweeny
  • Publication number: 20160224795
    Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.
    Type: Application
    Filed: January 29, 2015
    Publication date: August 4, 2016
    Inventors: Todd W. Arnold, John C. Dayka, Steven R. Hart, Geoffrey G. Jackson, Eysha S. Powers, James W. Sweeny
  • Publication number: 20160224802
    Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.
    Type: Application
    Filed: September 3, 2015
    Publication date: August 4, 2016
    Inventors: Todd W. Arnold, John C. Dayka, Steven R. Hart, Geoffrey G. Jackson, Eysha S. Powers, James W. Sweeny
  • Patent number: 9251337
    Abstract: A system for remapping subsets of host-centric application programming interfaces to commodity service providers includes a processor configured to receive a commodity service providers object, embed the commodity service providers object with a handle, transform the handle into a serialized object readable by a hardware security module, generate a virtualized handle from the transformed handle, select a target hardware security module based on characteristics of the serialized object and map the virtualized handle to the target hardware security module.
    Type: Grant
    Filed: April 27, 2011
    Date of Patent: February 2, 2016
    Assignee: International Business Machines Corporation
    Inventors: John C. Dayka, Michael J. Jordan, James W. Sweeny, Tamas Visegrady
  • Patent number: 9251338
    Abstract: Exemplary embodiments include a method for remapping subsets of host-centric application programming interfaces to commodity service providers, the method including receiving a commodity service providers object, embedding the commodity service providers object with a handle, transforming the handle into a serialized object readable by a hardware security module, generating a virtualized handle from the transformed handle, selecting a target hardware security module based on characteristics of the serialized object and mapping the virtualized handle to the target hardware security module.
    Type: Grant
    Filed: October 30, 2012
    Date of Patent: February 2, 2016
    Assignee: International Business Machines Corporation
    Inventors: John C. Dayka, Michael J. Jordan, James W. Sweeny, Tamas Visegrady
  • Patent number: 9225746
    Abstract: According to some exemplary embodiments, a computer-implemented timestamp method includes maintaining, at a cryptographic service provider (CSP), one or more timestamp policies specifying when digital timestamps should be issued. A timestamp request is received at the CSP from a timestamp authority that manages timestamping and is accompanied by a corresponding timestamp data structure. With a computer processor, a difference is determined between a first time specified in the timestamp data structure and a second time indicated by an internal clock of the CSP. The timestamp request is rejected if the first timestamp data structure fails to comply with a predetermined timestamp policy, where the predetermined timestamp policy requires that the difference between the first time and the second time be below a predetermined threshold.
    Type: Grant
    Filed: December 12, 2013
    Date of Patent: December 29, 2015
    Assignee: International Business Machines Corporation
    Inventors: Michael C. Osborne, James W. Sweeny, Tamas Visegrady
  • Patent number: 9122864
    Abstract: A method, apparatus and program storage device for program verification in an information handling system in which an application program runs on an operating system having a signature verification function for verifying a digital signature of the application program. Upon loading of the application program, the signature verification function of the operating system verifies the digital signature of the application program and, if the digital signature is verified, initiates execution of the application program. Upon initiation of execution of the application program, a verification testing function associated with the application program tests the signature verification function of the operating system by presenting to it a sequence of test digital signatures in a specified pattern of true and false signatures. If its test of the signature verification function of the operating system is successful, the application program initiates normal execution.
    Type: Grant
    Filed: August 5, 2008
    Date of Patent: September 1, 2015
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: John C. Dayka, Walter Barlett Farrell, Richard Henry Guski, James W. Sweeny
  • Publication number: 20150172317
    Abstract: According to some exemplary embodiments, a computer-implemented timestamp method includes maintaining, at a cryptographic service provider (CSP), one or more timestamp policies specifying when digital timestamps should be issued. A timestamp request is received at the CSP from a timestamp authority that manages timestamping and is accompanied by a corresponding timestamp data structure. With a computer processor, a difference is determined between a first time specified in the timestamp data structure and a second time indicated by an internal clock of the CSP. The timestamp request is rejected if the first timestamp data structure fails to comply with a predetermined timestamp policy, where the predetermined timestamp policy requires that the difference between the first time and the second time be below a predetermined threshold.
    Type: Application
    Filed: December 12, 2013
    Publication date: June 18, 2015
    Applicant: International Business Machines Corporation
    Inventors: Michael C. Osborne, James W. Sweeny, Tamas Visegrady
  • Patent number: 8615081
    Abstract: Key creation includes sending a first public key part from a first system to a second system, receiving a second public key part sent by the second system to the first system and establishing a first secret material in the first system using the first and second public key parts, wherein the first secret material is identical to a second secret material established on the second system using the first and second key parts. Key creation also includes binding key control information to the first secret material in the first system, wherein the key control information includes information relating to key type and key management and deriving a first key material from the combination of the key control information and the first secret material, wherein the first key material is identical to a second key material derived by the second system.
    Type: Grant
    Filed: June 1, 2011
    Date of Patent: December 24, 2013
    Assignee: International Business Machines Corporation
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Richard V. Kisley, Michael J. Miele, James W. Sweeny
  • Publication number: 20120308001
    Abstract: Key creation includes sending a first public key part from a first system to a second system, receiving a second public key part sent by the second system to the first system and establishing a first secret material in the first system using the first and second public key parts, wherein the first secret material is identical to a second secret material established on the second system using the first and second key parts. Key creation also includes binding key control information to the first secret material in the first system, wherein the key control information includes information relating to key type and key management and deriving a first key material from the combination of the key control information and the first secret material, wherein the first key material is identical to a second key material derived by the second system.
    Type: Application
    Filed: June 1, 2011
    Publication date: December 6, 2012
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Richard V. Kisley, Michael J. Miele, James W. Sweeny
  • Publication number: 20120278820
    Abstract: A system for remapping subsets of host-centric application programming interfaces to commodity service providers includes a processor configured to receive a commodity service providers object, embed the commodity service providers object with a handle, transform the handle into a serialized object readable by a hardware security module, generate a virtualized handle from the transformed handle, select a target hardware security module based on characteristics of the serialized object and map the virtualized handle to the target hardware security module.
    Type: Application
    Filed: April 27, 2011
    Publication date: November 1, 2012
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: John C. Dayka, Michael J. Jordan, James W. Sweeny, Tamas Visegrady