Patents by Inventor Julian A. Cerruti
Julian A. Cerruti has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8353017Abstract: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.Type: GrantFiled: June 5, 2008Date of Patent: January 8, 2013Assignee: International Business Machines CorporationInventors: Julian A. Cerruti, Stefan Nusser, Jerald Thomas Schoudt, Gustavo Stefani, Eric Wilcox
-
Patent number: 8280043Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.Type: GrantFiled: June 5, 2008Date of Patent: October 2, 2012Assignee: International Business Machines CorporationInventors: Julian A. Cerruti, Sigfredo I Nin, Dulce B Ponceleon, Vladimir Zbarsky
-
Patent number: 7921454Abstract: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.Type: GrantFiled: October 22, 2007Date of Patent: April 5, 2011Assignee: International Business Machines CorporationInventors: Julian A. Cerruti, Stefan Nusser, Jerald Thomas Schoudt, Gustavo Stefani, Eric Wilcox
-
Patent number: 7864953Abstract: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.Type: GrantFiled: March 27, 2008Date of Patent: January 4, 2011Assignee: International Business Machines CorporationInventors: Julian A. Cerruti, Matthew Francis Rutkowski, Amal Ahmed Shaheen
-
Patent number: 7860246Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.Type: GrantFiled: November 1, 2006Date of Patent: December 28, 2010Assignee: International Business Machines CorporationInventors: Julian A Cerruti, Sigfredo I Nin, Dulce B Ponceleon, Vladimir Zbarsky
-
Patent number: 7778417Abstract: The present invention provides a means for managing title keys by establishing logical partitions of title keys encrypted with the same binding information. The invention supports delayed and background processing of title keys when binding information changes. This invention supports proper accounting for devices required to recover rebinding processing when devices fail or go offline unexpectedly during processing. The invention uses binding context which represents a set of data that can be used to determine if the binding information used to encrypt a set of title keys is outdated and allow for rebinding to the current cluster binding information level.Type: GrantFiled: May 17, 2005Date of Patent: August 17, 2010Assignee: International Business Machines CorporationInventors: Matt F. Rutkowski, Julian A. Cerruti, Robert B. Chumbley
-
Publication number: 20090323970Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.Type: ApplicationFiled: June 5, 2008Publication date: December 31, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Julian A. Cerruti, Sigfredo I. Nin, Dulce B. Ponceleon, Vladimir Zbarsky
-
Publication number: 20090106827Abstract: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.Type: ApplicationFiled: June 5, 2008Publication date: April 23, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Julian A. Cerruti, Stefan Nusser, Jerald Thomas Schoudt, Gustavo Stefani, Eric Wilcox
-
Publication number: 20090106825Abstract: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.Type: ApplicationFiled: October 22, 2007Publication date: April 23, 2009Inventors: Julian A. Cerruti, Stefan Nusser, Jerald Thomas Schoudt, Gustavo Stefani, Eric Wilcox
-
Publication number: 20090028342Abstract: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.Type: ApplicationFiled: March 27, 2008Publication date: January 29, 2009Inventors: Julian A. Cerruti, Matthew Francis Rutkowski, Amal Ahmed Shaheen
-
Publication number: 20080101596Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.Type: ApplicationFiled: November 1, 2006Publication date: May 1, 2008Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Julian A. CERRUTI, Sigfredo I. Nin, Dulce B. PONCELEON, Vladimir ZBARSKY
-
Publication number: 20060262927Abstract: The present invention provides a means for managing title keys by establishing logical partitions of title keys encrypted with the same binding information. The invention supports delayed and background processing of title keys when binding information changes. This invention supports proper accounting for devices required to recover rebinding processing when devices fail or go offline unexpectedly during processing. The invention uses binding context which represents a set of data that can be used to determine if the binding information used to encrypt a set of title keys is outdated and allow for rebinding to the current cluster binding information level.Type: ApplicationFiled: May 17, 2005Publication date: November 23, 2006Inventors: Matt Rutkowski, Julian Cerruti, Robert Chumbley
-
Publication number: 20060161502Abstract: A common mechanism that can be used in content encryption applications for binding content to a specific receiver, container or communication channel to separate application specific work from the cryptographic details, regardless of the binding scheme being used. This mechanism includes the definition of a secure binding state object which holds and manipulates all the keys that comprise the most sensitive information in any such a system. This information is fully encapsulated in the binding state object and is not accessible from outside the object, making the application less vulnerable to external attacks. The present invention allows applications to be changed quickly from one encryption scheme to another because they all use the same mechanism with only a difference in encryption calculation. Also, components implementing the proposed mechanism grow more stable over time as a result of reuse in multiple applications.Type: ApplicationFiled: January 18, 2005Publication date: July 20, 2006Inventors: Julian Cerruti, Matthew Rutkowski
-
Publication number: 20060126831Abstract: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.Type: ApplicationFiled: December 14, 2004Publication date: June 15, 2006Inventors: Julian Cerruti, Matthew Rutkowski, Amal Shaheen