Patents by Inventor John C. Dayka
John C. Dayka has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9998459Abstract: Technical solutions are described for securely deploying a shrouded virtual server. An example method includes sending, by a host manager, authentication information of a hosting system to a client device in response to a request from the client device. The \method also includes receiving a request to deploy a virtual server using a shrouded mode. The method also includes deploying a preconfigured hypervisor on the hosting system, where the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor. The method also includes deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor. The method also includes sending, by the host manager, an identifier of the virtual server for receipt by the client device.Type: GrantFiled: November 17, 2017Date of Patent: June 12, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Khary J. Alexander, Utz Bacher, Reinhard T. Buendgen, Patrick J. Callaghan, John C. Dayka, Thomas B. Mathias, K. Paul Muller, James A. O'Connor, William J. Rooney, Kurt N. Schroeder, Peter G. Spera, Tiberiu Suto, Sean Swehla, Stefan Usenbinz, Craig R. Walters
-
Publication number: 20180152423Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: ApplicationFiled: January 8, 2018Publication date: May 31, 2018Inventors: John C. DAYKA, Michael Charles OSBORNE, Tamas VISEGRADY
-
Patent number: 9973480Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: GrantFiled: September 30, 2015Date of Patent: May 15, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Publication number: 20180097813Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: ApplicationFiled: November 30, 2017Publication date: April 5, 2018Inventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Patent number: 9922069Abstract: Embodiments include a method, system, and computer program product for acquiring a data repository, the data repository being associated with a log configured to receive metadata. Then, a content of the log with respect to at least one manipulation of the data repository is modified by adding first metadata of the metadata.Type: GrantFiled: March 16, 2015Date of Patent: March 20, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Mark A. Nelson, Kevin H. Peters
-
Publication number: 20180063136Abstract: Technical solutions are described for securely deploying a shrouded virtual server. An example method includes sending, by a host manager, authentication information of a hosting system to a client device in response to a request from the client device. The \method also includes receiving a request to deploy a virtual server using a shrouded mode. The method also includes deploying a preconfigured hypervisor on the hosting system, where the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor. The method also includes deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor. The method also includes sending, by the host manager, an identifier of the virtual server for receipt by the client device.Type: ApplicationFiled: November 17, 2017Publication date: March 1, 2018Inventors: Khary J. Alexander, Utz Bacher, Reinhard T. Buendgen, Patrick J. Callaghan, John C. Dayka, Thomas B. Mathias, K. Paul Muller, James A. O'Connor, William J. Rooney, Kurt N. Schroeder, Peter G. Spera, Tiberiu Suto, Sean Swehla, Stefan Usenbinz, Craig R. Walters
-
Patent number: 9906517Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: GrantFiled: June 10, 2016Date of Patent: February 27, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Patent number: 9906531Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: GrantFiled: November 23, 2015Date of Patent: February 27, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Patent number: 9882901Abstract: Technical solutions are described for securely deploying a shrouded virtual server. An example method includes sending, by a host manager, authentication information of a hosting system to a client device in response to a request from the client device. The \method also includes receiving a request to deploy a virtual server using a shrouded mode. The method also includes deploying a preconfigured hypervisor on the hosting system, where the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor. The method also includes deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor. The method also includes sending, by the host manager, an identifier of the virtual server for receipt by the client device.Type: GrantFiled: December 14, 2015Date of Patent: January 30, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Khary J. Alexander, Utz Bacher, Reinhard T. Buendgen, Patrick J. Callaghan, John C. Dayka, Thomas B. Mathias, K. Paul Muller, James A. O'Connor, William J. Rooney, Kurt N. Schroeder, Peter G. Spera, Tiberiu Suto, Sean Swehla, Stefan Usenbinz, Craig R. Walters
-
Patent number: 9858436Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.Type: GrantFiled: September 3, 2015Date of Patent: January 2, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, John C. Dayka, Steven R. Hart, Geoffrey G. Jackson, Eysha S. Powers, James W. Sweeny
-
Patent number: 9798893Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.Type: GrantFiled: January 29, 2015Date of Patent: October 24, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, John C. Dayka, Steven R. Hart, Geoffrey G. Jackson, Eysha S. Powers, James W. Sweeny
-
Patent number: 9729327Abstract: A system for generating a digital signature may include a record management facility configured to group a first record with a second record and to generate a first digital signature based at least in part on the first record and the second record.Type: GrantFiled: October 29, 2013Date of Patent: August 8, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Anthony T. Sofia
-
Patent number: 9722797Abstract: A method for generating a digital signature includes grouping, with a processing device, a first record with a second record, and generating a first digital signature based at least in part on the first record and the second record.Type: GrantFiled: September 29, 2014Date of Patent: August 1, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Anthony T. Sofia
-
Publication number: 20170171197Abstract: Technical solutions are described for securely deploying a shrouded virtual server. An example method includes sending, by a host manager, authentication information of a hosting system to a client device in response to a request from the client device. The \method also includes receiving a request to deploy a virtual server using a shrouded mode. The method also includes deploying a preconfigured hypervisor on the hosting system, where the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor. The method also includes deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor. The method also includes sending, by the host manager, an identifier of the virtual server for receipt by the client device.Type: ApplicationFiled: December 14, 2015Publication date: June 15, 2017Inventors: Khary J. Alexander, Utz Bacher, Reinhard T. Buendgen, Patrick J. Callaghan, John C. Dayka, Thomas B. Mathias, K. Paul Muller, James A. O'Connor, William J. Rooney, Kurt N. Schroeder, Peter G. Spera, Tiberiu Suto, Sean Swehla, Stefan Usenbinz, Craig R. Walters
-
Publication number: 20170149783Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: ApplicationFiled: November 23, 2015Publication date: May 25, 2017Inventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Publication number: 20170149768Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: ApplicationFiled: June 10, 2016Publication date: May 25, 2017Inventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Publication number: 20170093879Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: ApplicationFiled: September 30, 2015Publication date: March 30, 2017Inventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Publication number: 20170093818Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: ApplicationFiled: June 28, 2016Publication date: March 30, 2017Inventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Patent number: 9471119Abstract: An automated secure record management system and method that receives a plurality of digitally signed records subsequent to a resetting of a running counter. In response to each received digitally signed record, the automated secure record management system and method increments the running counter. Further, upon receiving an accumulation record, automated secure record management system and method compares a value of the running counter and a signature record number of the accumulation record, such that a notification is generated whenever the comparison detects that the value of the running counter is not equal to the signature record number.Type: GrantFiled: May 13, 2014Date of Patent: October 18, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Mark A. Nelson, Donald W. Schmidt, Anthony T. Sofia
-
Publication number: 20160275129Abstract: Embodiments include a method, system, and computer program product for acquiring a data repository, the data repository being associated with a log configured to receive metadata. Then, a content of the log with respect to at least one manipulation of the data repository is modified by adding first metadata of the metadata.Type: ApplicationFiled: September 3, 2015Publication date: September 22, 2016Inventors: John C. Dayka, Mark A. Nelson, Kevin H. Peters