Patents by Inventor Martin Schmatz
Martin Schmatz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10623183Abstract: Embodiments of the invention provide a computer-implemented method for managing cryptographic objects in a key management system. This system comprises a set of one or more hardware security modules (HSMs), as well as clients interacting with the HSMs on behalf of users who interact with the clients. The method comprises monitoring, for each HSM of the set, an entropy pool and/or a load at each HSM. The entropy pool of a HSM is the entropy that is available at this HSM for generating cryptographic objects. The load induced at a HSM is the load due to the users interacting with the clients to obtain cryptographic objects. Cryptographic objects are generated, at each HSM, according to the monitored entropy pool and/or load. The extent to which such objects are generated depends on the monitored entropy pool and/or load.Type: GrantFiled: November 1, 2017Date of Patent: April 14, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Robert Birke, Mathias Björkqvist, Yiyu Chen, Mitch Gusat, Navaneeth Rameshan, Martin Schmatz
-
Publication number: 20200067698Abstract: A computer-implemented method manages cryptographic objects in a hierarchical key management system including a hardware security module (HSM), which institutes a key hierarchy extending from a ground level l0. Clients interact with the HSM to obtain cryptographic objects. A request is received from one of the clients for an object at a given level ln of the hierarchy (above the ground level l0). A binary representation of the object is accessed as a primary bit pattern p0, at the HSM and said pattern is scrambled via a bitwise XOR operation. The latter operates, on the one hand, on the primary bit pattern p0 and, on the other hand, on a control bit pattern pc that is a binary representation of an access code of the same length as said primary bit pattern p0. The pattern pc is obtained based on that given level ln of the hierarchy.Type: ApplicationFiled: August 23, 2018Publication date: February 27, 2020Inventors: Martin Schmatz, Navaneeth Rameshan, Yiyu Chen, Patricia M. Sagmeister
-
Patent number: 10545871Abstract: A method for coordinating cache and memory reservation in a computerized system includes identifying at least one running application, recognizing the at least one application as a latency-critical application, monitoring information associated with a current cache access rate and a required memory bandwidth of the at least one application, allocating a cache partition, a size of the cache partition corresponds to the cache access rate and the required memory bandwidth of the at least one application, defining a threshold value including a number of cache misses per time unit, determining a reduction of cache misses per time unit, in response to the reduction of cache misses per time unit being above the threshold value, retaining the cache partition, assigning a priority of scheduling memory request including a medium priority level, and assigning a memory channel to the at least one application to avoid memory channel contention.Type: GrantFiled: April 22, 2019Date of Patent: January 28, 2020Assignee: International Business Machines CorporationInventors: Robert Birke, Yiyu Chen, Navaneeth Rameshan, Martin Schmatz
-
Patent number: 10540285Abstract: A method for coordinating cache and memory reservation in a computerized system includes identifying at least one running application, recognizing the at least one application as a latency-critical application, monitoring information associated with a current cache access rate and a required memory bandwidth of the at least one application, allocating a cache partition, a size of the cache partition corresponds to the cache access rate and the required memory bandwidth of the at least one application, defining a threshold value including a number of cache misses per time unit, determining a reduction of cache misses per time unit, in response to the reduction of cache misses per time unit being above the threshold value, retaining the cache partition, assigning a priority of scheduling memory request including a medium priority level, and assigning a memory channel to the at least one application to avoid memory channel contention.Type: GrantFiled: April 22, 2019Date of Patent: January 21, 2020Assignee: International Business Machines CorporationInventors: Robert Birke, Yiyu Chen, Navaneeth Rameshan, Martin Schmatz
-
Publication number: 20190356475Abstract: A computing device is configured to divide an Oblivious Pseudorandom Function (OPRF) key to generate a plurality of N partial keys, distribute a respective one of the plurality of N partial keys to a corresponding plurality of N Key Management System (KMS) units. The computing device receives from a threshold number T of KMS units, a plurality T partial blinded keys, wherein the plurality T partial blinded keys are based on processing of a value of a blinded key received by a respective KMS unit and a corresponding stored partial key of the N partial keys, combines the plurality T of partial blinded keys into the blinded key, processes the blinded key based on the blinding key in accordance with an OPRF unblinding operation to generate a key and accesses secure information based on the key.Type: ApplicationFiled: May 15, 2018Publication date: November 21, 2019Inventors: Jason K. Resch, Hugo M. Krawczyk, Patricia Sagmeister, Martin Schmatz, Mark D. Seaborn
-
Publication number: 20190311056Abstract: The present disclosure relates to a method of managing requests to a key-value database. A non-limiting example of the method includes receiving a request that includes a number of keys. The number of keys can be compared with a first threshold number and second threshold number. If the number of keys exceeds the first threshold number, the request can be split. If the number of keys is smaller than the second threshold number, the request can be merged with at least one previous or subsequent request. Requests resulting from the splitting and merging steps can be submitted to the key-value database for further processing of the submitted requests.Type: ApplicationFiled: April 9, 2018Publication date: October 10, 2019Inventors: Robert Birke, Navaneeth Rameshan, Yiyu Chen, Martin Schmatz
-
Publication number: 20190296897Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device processes an input value (e.g., associated with a key) based on a blinding key (e.g., homomorphic encryption) to generate a blinded value and generates an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., associated with a Key Management System (KMS) service) and receives a blinded key therefrom that is based on a Partially-Oblivious Pseudorandom Function (P-OPRF). The computing device processes the blinded key based on the blinding key (e.g., homomorphic decryption) to generate the key (e.g., associated with the input value). In some examples, the computing device accesses secure information based on the key.Type: ApplicationFiled: March 20, 2018Publication date: September 26, 2019Inventors: Jason K. Resch, Hugo M. Krawczyk, Martin Schmatz, Mark D. Seaborn, Patricia Sagmeister
-
Publication number: 20190280978Abstract: Methods and apparatus are provided for managing data flows in a switch connected in a network. Such a method includes monitoring a set of data flows traversing the switch for compliance with a predetermined resource-usage policy, and, in response to detection of a non-compliant data flow, mirroring a set of data packets of that flow to send respective mirror packets to a mirror port of the switch. The method further comprises using the mirror packets sent to the mirror port to construct a non-compliance notification for the non-compliant flow, and sending the non-compliance notification into the network. The resource-usage policy can be defined such that the switch is operable to send a non-compliance notification before occurrence of congestion due to the non-compliant flow.Type: ApplicationFiled: March 6, 2018Publication date: September 12, 2019Inventors: Martin Schmatz, Mitch Gusat, Alexander T. Iannicelli, Akos Mate
-
Publication number: 20190243762Abstract: A method for coordinating cache and memory reservation in a computerized system includes identifying at least one running application, recognizing the at least one application as a latency-critical application, monitoring information associated with a current cache access rate and a required memory bandwidth of the at least one application, allocating a cache partition, a size of the cache partition corresponds to the cache access rate and the required memory bandwidth of the at least one application, defining a threshold value including a number of cache misses per time unit, determining a reduction of cache misses per time unit, in response to the reduction of cache misses per time unit being above the threshold value, retaining the cache partition, assigning a priority of scheduling memory request including a medium priority level, and assigning a memory channel to the at least one application to avoid memory channel contention.Type: ApplicationFiled: April 22, 2019Publication date: August 8, 2019Inventors: Robert Birke, Yiyu Chen, Navaneeth Rameshan, Martin Schmatz
-
Publication number: 20190243763Abstract: A method for coordinating cache and memory reservation in a computerized system includes identifying at least one running application, recognizing the at least one application as a latency-critical application, monitoring information associated with a current cache access rate and a required memory bandwidth of the at least one application, allocating a cache partition, a size of the cache partition corresponds to the cache access rate and the required memory bandwidth of the at least one application, defining a threshold value including a number of cache misses per time unit, determining a reduction of cache misses per time unit, in response to the reduction of cache misses per time unit being above the threshold value, retaining the cache partition, assigning a priority of scheduling memory request including a medium priority level, and assigning a memory channel to the at least one application to avoid memory channel contention.Type: ApplicationFiled: April 22, 2019Publication date: August 8, 2019Inventors: Robert Birke, Yiyu Chen, Navaneeth Rameshan, Martin Schmatz
-
Patent number: 10318425Abstract: A method for coordinating cache and memory reservation in a computerized system includes identifying at least one running application, recognizing the at least one application as a latency-critical application, monitoring information associated with a current cache access rate and a required memory bandwidth of the at least one application, allocating a cache partition, a size of the cache partition corresponds to the cache access rate and the required memory bandwidth of the at least one application, defining a threshold value including a number of cache misses per time unit, determining a reduction of cache misses per time unit, in response to the reduction of cache misses per time unit being above the threshold value, retaining the cache partition, assigning a priority of scheduling memory request including a medium priority level, and assigning a memory channel to the at least one application to avoid memory channel contention.Type: GrantFiled: July 12, 2017Date of Patent: June 11, 2019Assignee: International Business Machines CorporationInventors: Robert Birke, Yiyu Chen, Navaneeth Rameshan, Martin Schmatz
-
Publication number: 20190132127Abstract: Embodiments of the invention provide a computer-implemented method for managing cryptographic objects in a key management system. This system comprises a set of one or more hardware security modules (HSMs), as well as clients interacting with the HSMs on behalf of users who interact with the clients. The method comprises monitoring, for each HSM of the set, an entropy pool and/or a load at each HSM. The entropy pool of a HSM is the entropy that is available at this HSM for generating cryptographic objects. The load induced at a HSM is the load due to the users interacting with the clients to obtain cryptographic objects. Cryptographic objects are generated, at each HSM, according to the monitored entropy pool and/or load. The extent to which such objects are generated depends on the monitored entropy pool and/or load.Type: ApplicationFiled: November 1, 2017Publication date: May 2, 2019Inventors: Robert Birke, Mathias Björkqvist, Yiyu Chen, Mitch Gusat, Navaneeth Rameshan, Martin Schmatz
-
Patent number: 10230792Abstract: The present invention is notably directed to a method for synchronizing proprietary data in an external cloud provided by a cloud service provider with data of a private storage system. The method comprises, at a synchronization system: copying outward data from a flow of outward data sent from a private cloud to the external cloud, the outward data being proprietary data of an entity that owns data of the private cloud. Next, and in parallel to copying outward data: the synchronization system compares copied outward data with data stored on the private storage system, to determine whether the compared outward data are already replicated in the private storage system. Finally, if it is determined that the compared outward data are not yet replicated in the private storage system, it instructs to store the compared outward data on the private storage system. The present invention is further directed to related systems and computer program products.Type: GrantFiled: October 23, 2015Date of Patent: March 12, 2019Assignee: International Business Machines CorporationInventors: Ton Engbersen, Martin Schmatz
-
Publication number: 20190037707Abstract: The present invention is notably directed to a printed circuit board, or PCB. This PCB has two main surfaces, each delimited by lateral edges, as well as lateral surfaces, each meeting each of the two main surfaces at one lateral edge. The present PCB further comprises a row of solder pads, which extends along a lateral edge of the PCB. Each solder pad is formed directly at the lateral edge and/or directly on a lateral surface (meeting one of the two main surfaces at said lateral edge). I.e., each pad interrupts a lateral edge and/or an adjoining lateral surface. One or more chips, e.g., memory chips, can be mounted on such a PCB to form an IC package. The above solder pad arrangement allows particularly dense arrangements of IC packages to be obtained. The present invention is further directed to related devices and methods of fabrication thereof.Type: ApplicationFiled: October 3, 2018Publication date: January 31, 2019Inventors: Thomas Brunschwiler, Andreas Doering, Ronald P. Luijten, Stefano S. Oggioni, Joerg-Eric Sagmeister, Patricia M. Sagmeister, Martin Schmatz
-
Publication number: 20190018774Abstract: A method for coordinating cache and memory reservation in a computerized system includes identifying at least one running application, recognizing the at least one application as a latency-critical application, monitoring information associated with a current cache access rate and a required memory bandwidth of the at least one application, allocating a cache partition, a size of the cache partition corresponds to the cache access rate and the required memory bandwidth of the at least one application, defining a threshold value including a number of cache misses per time unit, determining a reduction of cache misses per time unit, in response to the reduction of cache misses per time unit being above the threshold value, retaining the cache partition, assigning a priority of scheduling memory request including a medium priority level, and assigning a memory channel to the at least one application to avoid memory channel contention.Type: ApplicationFiled: July 12, 2017Publication date: January 17, 2019Inventors: Robert Birke, Yiyu Chen, Navaneeth Rameshan, Martin Schmatz
-
Patent number: 10098241Abstract: The present invention is notably directed to a printed circuit board, or PCB. This PCB has two main surfaces, each delimited by lateral edges, as well as lateral surfaces, each meeting each of the two main surfaces at one lateral edge. The present PCB further comprises a row of solder pads, which extends along a lateral edge of the PCB. Each solder pad is formed directly at the lateral edge and/or directly on a lateral surface (meeting one of the two main surfaces at said lateral edge). I.e., each pad interrupts a lateral edge and/or an adjoining lateral surface. One or more chips, e.g., memory chips, can be mounted on such a PCB to form an IC package. The above solder pad arrangement allows particularly dense arrangements of IC packages to be obtained. The present invention is further directed to related devices and methods of fabrication thereof.Type: GrantFiled: October 23, 2015Date of Patent: October 9, 2018Assignee: International Business Machines CorporationInventors: Thomas Brunschwiler, Andreas Doering, Ronald P. Luijten, Stefano S. Oggioni, Joerg-Eric Sagmeister, Patricia Sagmeister, Martin Schmatz
-
Patent number: 10095621Abstract: A method for coordinating cache and memory reservation in a computerized system includes identifying at least one running application, recognizing the at least one application as a latency-critical application, monitoring information associated with a current cache access rate and a required memory bandwidth of the at least one application, allocating a cache partition, a size of the cache partition corresponds to the cache access rate and the required memory bandwidth of the at least one application, defining a threshold value including a number of cache misses per time unit, determining a reduction of cache misses per time unit, in response to the reduction of cache misses per time unit being above the threshold value, retaining the cache partition, assigning a priority of scheduling memory request including a medium priority level, and assigning a memory channel to the at least one application to avoid memory channel contention.Type: GrantFiled: February 26, 2018Date of Patent: October 9, 2018Assignee: International Business Machines CorporationInventors: Robert Birke, Yiyu Chen, Navaneeth Rameshan, Martin Schmatz
-
Publication number: 20170118839Abstract: The present invention is notably directed to a printed circuit board, or PCB. This PCB has two main surfaces, each delimited by lateral edges, as well as lateral surfaces, each meeting each of the two main surfaces at one lateral edge. The present PCB further comprises a row of solder pads, which extends along a lateral edge of the PCB. Each solder pad is formed directly at the lateral edge and/or directly on a lateral surface (meeting one of the two main surfaces at said lateral edge). I.e., each pad interrupts a lateral edge and/or an adjoining lateral surface. One or more chips, e.g., memory chips, can be mounted on such a PCB to form an IC package. The above solder pad arrangement allows particularly dense arrangements of IC packages to be obtained. The present invention is further directed to related devices and methods of fabrication thereof.Type: ApplicationFiled: October 23, 2015Publication date: April 27, 2017Inventors: Thomas Brunschwiler, Andreas Doering, Ronald P. Luijten, Stefano S. Oggioni, Joerg-Eric Sagmeister, Patricia Sagmeister, Martin Schmatz
-
Publication number: 20170118279Abstract: The present invention is notably directed to a method for synchronizing proprietary data in an external cloud provided by a cloud service provider with data of a private storage system. The method comprises, at a synchronization system: copying outward data from a flow of outward data sent from a private cloud to the external cloud, the outward data being proprietary data of an entity that owns data of the private cloud. Next, and in parallel to copying outward data: the synchronization system compares copied outward data with data stored on the private storage system, to determine whether the compared outward data are already replicated in the private storage system. Finally, if it is determined that the compared outward data are not yet replicated in the private storage system, it instructs to store the compared outward data on the private storage system. The present invention is further directed to related systems and computer program products.Type: ApplicationFiled: October 23, 2015Publication date: April 27, 2017Inventors: Ton Engbersen, Martin Schmatz
-
Patent number: 8054867Abstract: An apparatus is provided for transmitting data signals and additional information signals having partially overlapping frequency bands simultaneously within a wire based communication system over the same wired medium using a spread spectrum technique for modulating the additional information signals.Type: GrantFiled: February 13, 2008Date of Patent: November 8, 2011Assignee: International Business Machines CorporationInventors: Hayden C. Cranford, Jr., Martin Schmatz