Patents by Inventor James W. Walker
James W. Walker has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10620936Abstract: Updating boot components in compliance with a chain of trust by loading a boot component update forming part of the chain of trust during a boot process in an execution environment. Boot component measurements are detected and stored as a revised set of attestation values for retrieval by an attestation system. Performing the boot component update upon determining a pass indication for the chain of trust including the boot component update.Type: GrantFiled: May 1, 2018Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: David A. Gilbert, David Haikney, James W. Walker
-
Patent number: 10108413Abstract: This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred.Type: GrantFiled: January 12, 2016Date of Patent: October 23, 2018Assignee: International Business Machines CorporationInventors: David A. Gilbert, David Haikney, James W. Walker
-
Publication number: 20180246709Abstract: Updating boot components in compliance with a chain of trust by loading a boot component update forming part of the chain of trust during a boot process in an execution environment. Boot component measurements are detected and stored as a revised set of attestation values for retrieval by an attestation system. Performing the boot component update upon determining a pass indication for the chain of trust including the boot component update.Type: ApplicationFiled: May 1, 2018Publication date: August 30, 2018Inventors: David A. Gilbert, David Haikney, James W. Walker
-
Patent number: 10007510Abstract: This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred.Type: GrantFiled: January 12, 2016Date of Patent: June 26, 2018Assignee: International Business Machines CorporationInventors: David A. Gilbert, David Haikney, James W. Walker
-
Patent number: 9898609Abstract: A method, system and program product for performing a trusted boot of a virtual machine comprises the steps of executing, in turn, a series of components of the trusted boot, performing a function on each component prior to the execution of the respective component, storing the output of the functions in a virtual trusted platform module, detecting that the virtual trusted platform module has not responded to the storing of the output of a function in the virtual trusted platform module, and generating a request that the virtual trusted platform module be disabled.Type: GrantFiled: September 28, 2015Date of Patent: February 20, 2018Assignee: International Business Machines CorporationInventors: David Sherwood, James W. Walker, Travis Walton
-
Patent number: 9721103Abstract: A method, system and program product for performing a trusted boot of a virtual machine comprises the steps of executing, in turn, a series of components of the trusted boot, performing a function on each component prior to the execution of the respective component, storing the output of the functions in a virtual trusted platform module, detecting that the virtual trusted platform module has not responded to the storing of the output of a function in the virtual trusted platform module, and generating a request that the virtual trusted platform module be disabled.Type: GrantFiled: June 27, 2013Date of Patent: August 1, 2017Assignee: International Business Machines CorporationInventors: David Sherwood, James W. Walker, Travis Walton
-
Patent number: 9436827Abstract: A method for attesting a component of a system during a boot process. The method includes steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.Type: GrantFiled: September 16, 2014Date of Patent: September 6, 2016Assignee: International Business Machines CorporationInventors: David N. Mackintosh, Jose J. P. Perez, James W. Walker
-
Publication number: 20160162396Abstract: This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred.Type: ApplicationFiled: January 12, 2016Publication date: June 9, 2016Inventors: David A. Gilbert, David Haikney, James W. Walker
-
Publication number: 20160162285Abstract: This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred.Type: ApplicationFiled: January 12, 2016Publication date: June 9, 2016Inventors: David A. Gilbert, David Haikney, James W. Walker
-
Patent number: 9317276Abstract: This invention relates to updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred. The installing of the new version of the component comprises: identifying an updater associated with new version of the component; measuring an identifying characteristic of the identified updater; loading and installing the new version of the component; and making both the identifying measurement of the updater and the new version of the component available to the attestation system.Type: GrantFiled: January 10, 2012Date of Patent: April 19, 2016Assignee: International Business Machines CorporationInventors: David A. Gilbert, David Haikney, James W. Walker
-
Patent number: 9251349Abstract: Attesting a virtual machine that is migrating from a first environment to a second environment includes in response to initiation of migration of the virtual machine from the first environment to the second environment, accessing one or more stored trust values generated during the trusted boot of the virtual machine in the first environment, determining if the accessed trust values define a security setting sufficient for the second environment, and if the accessed trust values do not define a security setting sufficient for the second environment, performing a predetermined action in relation to the migration of the virtual machine to the second environment.Type: GrantFiled: February 28, 2013Date of Patent: February 2, 2016Assignee: International Business Machines CorporationInventors: David Haikney, Shawn P. Mullen, James W. Walker
-
Publication number: 20160019393Abstract: A method, system and program product for performing a trusted boot of a virtual machine comprises the steps of executing, in turn, a series of components of the trusted boot, performing a function on each component prior to the execution of the respective component, storing the output of the functions in a virtual trusted platform module, detecting that the virtual trusted platform module has not responded to the storing of the output of a function in the virtual trusted platform module, and generating a request that the virtual trusted platform module be disabled.Type: ApplicationFiled: September 28, 2015Publication date: January 21, 2016Inventors: David Sherwood, James W. Walker, Travis Walton
-
Patent number: 9202062Abstract: A system, method, and computer program product for providing validation of the compliance of a trusted host environment with a requirement of a virtual machine (VM). The system includes: a store component for cryptographically storing configuration data associated with the trusted host environment in at least one cryptographic data structure; a send component, responsive to the store component storing the configuration data, for sending the at least one cryptographic data structure to a control component; an analyze component, responsive to the control component receiving the at least one cryptographic data structure, for analyzing the at least one cryptographic data structure; a compare component, responsive to the analyze component determining the configuration data, for comparing the configuration data with the requirement; and a verify component, responsive to the compare component determining that the configuration data matches the requirement, for allowing verification of the VM.Type: GrantFiled: September 26, 2013Date of Patent: December 1, 2015Assignee: International Business Machines CorporationInventors: David N. Mackintosh, James W. Walker, James C. Whitson
-
Patent number: 9081600Abstract: A system, method, and computer program product for providing validation of the compliance of a trusted host environment with a requirement of a virtual machine (VM). The system includes: a store component for cryptographically storing configuration data associated with the trusted host environment in at least one cryptographic data structure; a send component, responsive to the store component storing the configuration data, for sending the at least one cryptographic data structure to a control component; an analyze component, responsive to the control component receiving the at least one cryptographic data structure, for analyzing the at least one cryptographic data structure; a compare component, responsive to the analyze component determining the configuration data, for comparing the configuration data with the requirement; and a verify component, responsive to the compare component determining that the configuration data matches the requirement, for allowing verification of the VM.Type: GrantFiled: December 19, 2011Date of Patent: July 14, 2015Assignee: International Business Machines CorporationInventors: David N. Mackintosh, James W. Walker, James C. Whitson
-
Publication number: 20150135311Abstract: A system, method, and computer program product for providing validation of the compliance of a trusted host environment with a requirement of a virtual machine (VM). The system includes: a store component for cryptographically storing configuration data associated with the trusted host environment in at least one cryptographic data structure; a send component, responsive to the store component storing the configuration data, for sending the at least one cryptographic data structure to a control component; an analyse component, responsive to the control component receiving the at least one cryptographic data structure, for analysing the at least one cryptographic data structure; a compare component, responsive to the analyse component determining the configuration data, for comparing the configuration data with the requirement; and a verify component, responsive to the compare component determining that the configuration data matches the requirement, for allowing verification of the VM.Type: ApplicationFiled: September 26, 2013Publication date: May 14, 2015Inventors: David N. MacKintosh, James W. Walker, James C. Whitson
-
Publication number: 20150007313Abstract: A method for attesting a component of a system during a boot process. The method comprises the steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.Type: ApplicationFiled: September 16, 2014Publication date: January 1, 2015Inventors: David N. Mackintosh, Jose J.P. Perez, James W. Walker
-
Publication number: 20140361978Abstract: Disclosed is a method of predicting the condition of a portable computer comprising a motion sensor on a computer system, the method comprising collecting motion data from said motion sensor; periodically sending said collected motion data from the portable computer to the computer system; evaluating said motion data on the computer system; and predicting said condition from the evaluated motion data. Computer program products, a portable computer, and a system for implementing aspects of the method are also disclosed.Type: ApplicationFiled: May 2, 2014Publication date: December 11, 2014Applicant: International Business Machines CorporationInventors: Chris Malarky, Adam M. Nattrass, James W. Walker
-
Patent number: 8869264Abstract: A method, apparatus and program product for attesting a component of a system during a boot process. The method comprises the steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.Type: GrantFiled: September 23, 2011Date of Patent: October 21, 2014Assignee: International Business Machines CorporationInventors: David N. Mackintosh, Jose J. P. Perez, James W. Walker
-
Publication number: 20140173598Abstract: Attesting a virtual machine that is migrating from a first environment to a second environment includes in response to initiation of migration of the virtual machine from the first environment to the second environment, accessing one or more stored trust values generated during the trusted boot of the virtual machine in the first environment, determining if the accessed trust values define a security setting sufficient for the second environment, and if the accessed trust values do not define a security setting sufficient for the second environment, performing a predetermined action in relation to the migration of the virtual machine to the second environment.Type: ApplicationFiled: February 28, 2013Publication date: June 19, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: DAVID Haikney, Shawn P. Mullen, James W. Walker
-
Publication number: 20140025961Abstract: A system, method, and computer program product for providing validation of the compliance of a trusted host environment with a requirement of a virtual machine (VM). The system includes: a store component for cryptographically storing configuration data associated with the trusted host environment in at least one cryptographic data structure; a send component, responsive to the store component storing the configuration data, for sending the at least one cryptographic data structure to a control component; an analyse component, responsive to the control component receiving the at least one cryptographic data structure, for analysing the at least one cryptographic data structure; a compare component, responsive to the analyse component determining the configuration data, for comparing the configuration data with the requirement; and a verify component, responsive to the compare component determining that the configuration data matches the requirement, for allowing verification of the VM.Type: ApplicationFiled: December 19, 2011Publication date: January 23, 2014Inventors: David N. Mackintosh, James W. Walker, James C. Whitson