Patents by Inventor John C. Dayka
John C. Dayka has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11475147Abstract: A computer-implemented method according to one embodiment includes identifying a creation of a container within a system, selecting a security policy for the container, based on one or more attributes, identifying a key label associated with the security policy for the container, retrieving a data encryption key, utilizing the key label, and encrypting the container, utilizing the data encryption key. This may enable a highly granular level of automatic container-level security within the system that may be transparently implemented within the system, which may streamline container security and reduce an amount of stored data and processing necessary for implementing container security, and may thereby improve the performance of the system.Type: GrantFiled: February 20, 2018Date of Patent: October 18, 2022Assignee: International Business Machines CorporationInventors: Cecilia C. Lewis, Wayne E. Rhoten, Eric D. Rossman, Mark A. Nelson, John C. Dayka
-
Patent number: 11095652Abstract: A computer-implemented method according to one embodiment includes identifying a first request from a user to access a container, determining whether the user has a first authorization to access the container, allowing the user to access the container, in response to determining that the user has the first authorization to access the container, identifying a second request from the user to access content within the container, where the content is encrypted, retrieving a key label associated with the container, determining whether the user has a second authorization to access the key label, retrieving a data encryption key, utilizing the key label, in response to determining that the user has the second authorization to access the key label, and allowing the user to access the content that is encrypted by performing one or more decryption actions, utilizing the data encryption key.Type: GrantFiled: February 20, 2018Date of Patent: August 17, 2021Assignee: International Business Machines CorporationInventors: Cecilia C. Lewis, Wayne E. Rhoten, Eric D. Rossman, Mark A. Nelson, John C. Dayka
-
Patent number: 10903979Abstract: Batched execution of encryption operations is performed. A batched set of data for which format-preserving encryption is to be performed is obtained. The batched set of data includes a plurality of fields of data, which are independent of one another. Multiple rounds of format-preserving encryption are performed on the plurality of fields of data to provide an output of format-preserved encrypted data. A round of format-preserving encryption includes calling an encryption function to perform one or more encryption operations on the plurality of fields of data in parallel.Type: GrantFiled: November 30, 2018Date of Patent: January 26, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael J. Jordan, Tamas Visegrady, John C. Dayka, Michael C. Osborne
-
Patent number: 10904226Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: GrantFiled: November 20, 2019Date of Patent: January 26, 2021Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Publication number: 20200177370Abstract: Batched execution of encryption operations is performed. A batched set of data for which format-preserving encryption is to be performed is obtained. The batched set of data includes a plurality of fields of data, which are independent of one another. Multiple rounds of format- preserving encryption are performed on the plurality of fields of data to provide an output of format-preserved encrypted data. A round of format-preserving encryption includes calling an encryption function to perform one or more encryption operations on the plurality of fields of data in parallel.Type: ApplicationFiled: November 30, 2018Publication date: June 4, 2020Inventors: Michael J. Jordan, Tamas Visegrady, John C. Dayka, Michael C. Osborne
-
Patent number: 10652244Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: GrantFiled: November 30, 2017Date of Patent: May 12, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Publication number: 20200092267Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: ApplicationFiled: November 20, 2019Publication date: March 19, 2020Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Patent number: 10547596Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: GrantFiled: April 5, 2019Date of Patent: January 28, 2020Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Patent number: 10523640Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: GrantFiled: December 6, 2018Date of Patent: December 31, 2019Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Publication number: 20190258813Abstract: A computer-implemented method according to one embodiment includes identifying a creation of a container within a system, selecting a security policy for the container, based on one or more attributes, identifying a key label associated with the security policy for the container, retrieving a data encryption key, utilizing the key label, and encrypting the container, utilizing the data encryption key. This may enable a highly granular level of automatic container-level security within the system that may be transparently implemented within the system, which may streamline container security and reduce an amount of stored data and processing necessary for implementing container security, and may thereby improve the performance of the system.Type: ApplicationFiled: February 20, 2018Publication date: August 22, 2019Inventors: Cecilia C. Lewis, Wayne E. Rhoten, Eric D. Rossman, Mark A. Nelson, John C. Dayka
-
Publication number: 20190260753Abstract: A computer-implemented method according to one embodiment includes identifying a first request from a user to access a container, determining whether the user has a first authorization to access the container, allowing the user to access the container, in response to determining that the user has the first authorization to access the container, identifying a second request from the user to access content within the container, where the content is encrypted, retrieving a key label associated with the container, determining whether the user has a second authorization to access the key label, retrieving a data encryption key, utilizing the key label, in response to determining that the user has the second authorization to access the key label, and allowing the user to access the content that is encrypted by performing one or more decryption actions, utilizing the data encryption key.Type: ApplicationFiled: February 20, 2018Publication date: August 22, 2019Inventors: Cecilia C. Lewis, Wayne E. Rhoten, Eric D. Rossman, Mark A. Nelson, John C. Dayka
-
Patent number: 10389727Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: GrantFiled: January 8, 2018Date of Patent: August 20, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Patent number: 10389728Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: GrantFiled: April 4, 2018Date of Patent: August 20, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Publication number: 20190230069Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: ApplicationFiled: April 5, 2019Publication date: July 25, 2019Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Patent number: 10298545Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: GrantFiled: September 12, 2013Date of Patent: May 21, 2019Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Publication number: 20190116164Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: ApplicationFiled: December 6, 2018Publication date: April 18, 2019Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
-
Patent number: 10229151Abstract: Embodiments include a method, system, and computer program product for acquiring a data repository, the data repository being associated with a log configured to receive metadata. Then, a content of the log with respect to at least one manipulation of the data repository is modified by adding first metadata of the metadata. Further, signatures that identify control statements configured to govern the at least one manipulation of the data repository are collected by adding second metadata of the metadata into the log.Type: GrantFiled: September 3, 2015Date of Patent: March 12, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Mark A. Nelson, Kevin H. Peters
-
Patent number: 10158607Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.Type: GrantFiled: September 15, 2015Date of Patent: December 18, 2018Assignee: International Business Machines CorporationInventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquilo Valdez
-
Patent number: 10110611Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: GrantFiled: June 28, 2016Date of Patent: October 23, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Publication number: 20180227310Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: ApplicationFiled: April 4, 2018Publication date: August 9, 2018Inventors: John C. DAYKA, Michael Charles OSBORNE, Tamas VISEGRADY