Patents by Inventor Michael Charles Osborne
Michael Charles Osborne has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11228457Abstract: The present invention discloses a method for managing priority-arbitrated access to a set of one or more computational engines of a physical computing device. The method includes providing a multiplexer module and a network bus in the physical computing device, wherein the multiplexer module is connected to the network bus. The method further includes receiving, by the multiplexer module, a first data processing request from a driver and inferring, by the multiplexer module, a first priority class from the first data processing request according to at least one property of the first data processing request. The method further includes manipulating, by the multiplexer module, a priority according to which the physical computing device handles data associated with the first data processing request in relation to data associated with other data processing requests, wherein the priority is determined by the first priority class.Type: GrantFiled: April 7, 2020Date of Patent: January 18, 2022Assignee: International Business Machines CorporationInventors: Silvio Dragone, Tamas Visegrady, Michael Charles Osborne, William Santiago-Fernandez
-
Patent number: 11165588Abstract: A key identifier that identifies a cryptographic key is transmitted to a cryptographic coprocessor. A first set of attributes is received from the cryptographic coprocessor. The first set of attributes and a second set of attributes are serialized into a first sequence of attributes. The first sequence of attributes are stored to an attribute frame. One or more attributes in the second set of attributes are associated with the cryptographic key and originate from a key attribute storage of the key management system. The second set of attributes is different from the first set of attributes. The first sequence of attributes is transmitted to the cryptographic coprocessor. A first message authentication code (MAC) calculated from the first sequence of attributes is received from the cryptographic coprocessor. The attribute frame is verified by comparing the first MAC, or a value derived from the first MAC, to a reference value.Type: GrantFiled: April 9, 2020Date of Patent: November 2, 2021Assignee: International Business Machines CorporationInventors: Tamas Visegrady, Silvio Dragone, Michael Charles Osborne, Elaine R. Palmer
-
Publication number: 20210320802Abstract: A key identifier that identifies a cryptographic key is transmitted to a cryptographic coprocessor. A first set of attributes is received from the cryptographic coprocessor. The first set of attributes and a second set of attributes are serialized into a first sequence of attributes. The first sequence of attributes are stored to an attribute frame. One or more attributes in the second set of attributes are associated with the cryptographic key and originate from a key attribute storage of the key management system. The second set of attributes is different from the first set of attributes. The first sequence of attributes is transmitted to the cryptographic coprocessor. A first message authentication code (MAC) calculated from the first sequence of attributes is received from the cryptographic coprocessor. The attribute frame is verified by comparing the first MAC, or a value derived from the first MAC, to a reference value.Type: ApplicationFiled: April 9, 2020Publication date: October 14, 2021Inventors: Tamas Visegrady, Silvio Dragone, Michael Charles Osborne, Elaine R. Palmer
-
Publication number: 20210314185Abstract: The present invention discloses a method for managing priority-arbitrated access to a set of one or more computational engines of a physical computing device. The method includes providing a multiplexer module and a network bus in the physical computing device, wherein the multiplexer module is connected to the network bus. The method further includes receiving, by the multiplexer module, a first data processing request from a driver and inferring, by the multiplexer module, a first priority class from the first data processing request according to at least one property of the first data processing request. The method further includes manipulating, by the multiplexer module, a priority according to which the physical computing device handles data associated with the first data processing request in relation to data associated with other data processing requests, wherein the priority is determined by the first priority class.Type: ApplicationFiled: April 7, 2020Publication date: October 7, 2021Inventors: Silvio Dragone, Tamas Visegrady, Michael Charles Osborne, William Santiago-Fernandez
-
Patent number: 11068411Abstract: A method including: receiving, via a processor, established upper bounds for dynamic structures in a multi-tenant system; creating, via the processor, arrays comprising related memory-management unit (MMU) mappings to be placed together; and placing the dynamic structures within the arrays, the placing comprising for each array: skipping an element of the array based on determining that placing a dynamic structure in that element would cause the array to become overcommitted and result in a layout where accessing all elements would impose a translation look aside buffer (TLB) replacement action; and scanning for an array-start entry by placing the start of a first element at an address from which an entire array can be placed without TLB contention, and accessing, via the processors, all non-skipped elements without incurring TLB replacements.Type: GrantFiled: July 29, 2019Date of Patent: July 20, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Elaine Palmer, Tamas Visegrady, Silvio Dragone, Michael Charles Osborne
-
Publication number: 20210034545Abstract: A method including: receiving, via a processor, established upper bounds for dynamic structures in a multi-tenant system; creating, via the processor, arrays comprising related memory-management unit (MMU) mappings to be placed together; and placing the dynamic structures within the arrays, the placing comprising for each array: skipping an element of the array based on determining that placing a dynamic structure in that element would cause the array to become overcommitted and result in a layout where accessing all elements would impose a translation look aside buffer (TLB) replacement action; and scanning for an array-start entry by placing the start of a first element at an address from which an entire array can be placed without TLB contention, and accessing, via the processors, all non-skipped elements without incurring TLB replacements.Type: ApplicationFiled: July 29, 2019Publication date: February 4, 2021Inventors: Elaine Palmer, Tamas Visegrady, Silvio Dragone, Michael Charles Osborne
-
Patent number: 10896140Abstract: The present disclosure relates to a computer-implemented method for controlling operation of multiple computational engines of a physical computing device. The computer-implemented method includes providing a multiplexer module in the device, the multiplexer module including a first and second memory region. The multiplexer module may receive from a first driver at the multiplexer module a data processing request to be processed by a first set of one or more computational engines of the computational engines. Subsequent to receiving the data processing request, the multiplexer module may assign a request sub-region of the first region and a response sub-region of the second region to the first driver. Data indicative of the request sub-region and the response sub-region may be submitted to the first driver. Results of processing the request may be received at the response sub-region.Type: GrantFiled: April 19, 2019Date of Patent: January 19, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: William Santiago-Fernandez, Tamas Visegrady, Silvio Dragone, Michael Charles Osborne
-
Publication number: 20200334175Abstract: The present disclosure relates to a computer-implemented method for controlling operation of multiple computational engines of a physical computing device. The computer-implemented method includes providing a multiplexer module in the device, the multiplexer module including a first and second memory region. The multiplexer module may receive from a first driver at the multiplexer module a data processing request to be processed by a first set of one or more computational engines of the computational engines. Subsequent to receiving the data processing request, the multiplexer module may assign a request sub-region of the first region and a response sub-region of the second region to the first driver. Data indicative of the request sub-region and the response sub-region may be submitted to the first driver. Results of processing the request may be received at the response sub-region.Type: ApplicationFiled: April 19, 2019Publication date: October 22, 2020Inventors: William Santiago-Fernandez, Tamas Visegrady, Silvio Dragone, Michael Charles Osborne
-
Patent number: 10614128Abstract: Graph data of a DAG is received. The data describes a module to be started by way of nodes connected by edges, wherein some nodes are submodule nodes that correspond to submodules of said module. Submodule nodes are connected via edge(s) that reflect a data dependency between the corresponding submodules. Each of said submodules is a hardware module or a software submodule, capable of producing and/or consuming data that can be consumed and/or produced, by other submodule(s) of said module, based on the DAG. Asynchronous execution is started of two of said submodules, respectively corresponding to two submodule nodes located in independent branches of the DAG. A third submodule node(s) is determined that is a descendant of each of said two submodule nodes, according to an outcome of the execution of the corresponding two submodules. Execution is started of a third submodule that corresponds to the determined third submodule node.Type: GrantFiled: January 23, 2017Date of Patent: April 7, 2020Assignee: International Business Machines CorporationInventors: Michael Charles Osborne, Elaine Rivette Palmer, Tamas Visegrady
-
Patent number: 10389728Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: GrantFiled: April 4, 2018Date of Patent: August 20, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Patent number: 10389727Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: GrantFiled: January 8, 2018Date of Patent: August 20, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Patent number: 10110611Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: GrantFiled: June 28, 2016Date of Patent: October 23, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Publication number: 20180227310Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: ApplicationFiled: April 4, 2018Publication date: August 9, 2018Inventors: John C. DAYKA, Michael Charles OSBORNE, Tamas VISEGRADY
-
Publication number: 20180152423Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: ApplicationFiled: January 8, 2018Publication date: May 31, 2018Inventors: John C. DAYKA, Michael Charles OSBORNE, Tamas VISEGRADY
-
Patent number: 9973480Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: GrantFiled: September 30, 2015Date of Patent: May 15, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Patent number: 9747129Abstract: Graph data of a DAG is received. The data describes a module to be started by way of nodes connected by edges, wherein some nodes are submodule nodes that correspond to submodules of said module. Submodule nodes are connected via edge(s) that reflect a data dependency between the corresponding submodules. Each of said submodules is a hardware module or a software submodule, capable of producing and/or consuming data that can be consumed and/or produced, by other submodule(s) of said module, based on the DAG. Asynchronous execution is started of two of said submodules, respectively corresponding to two submodule nodes located in independent branches of the DAG. A third submodule node(s) is determined that is a descendant of each of said two submodule nodes, according to an outcome of the execution of the corresponding two submodules. Execution is started of a third submodule that corresponds to the determined third submodule node.Type: GrantFiled: October 22, 2015Date of Patent: August 29, 2017Assignee: International Business Machines CorporationInventors: Michael Charles Osborne, Elaine Rivette Palmer, Tamas Visegrady
-
Publication number: 20170132330Abstract: Graph data of a DAG is received. The data describes a module to be started by way of nodes connected by edges, wherein some nodes are submodule nodes that correspond to submodules of said module. Submodule nodes are connected via edge(s) that reflect a data dependency between the corresponding submodules. Each of said submodules is a hardware module or a software submodule, capable of producing and/or consuming data that can be consumed and/or produced, by other submodule(s) of said module, based on the DAG. Asynchronous execution is started of two of said submodules, respectively corresponding to two submodule nodes located in independent branches of the DAG. A third submodule node(s) is determined that is a descendant of each of said two submodule nodes, according to an outcome of the execution of the corresponding two submodules. Execution is started of a third submodule that corresponds to the determined third submodule node.Type: ApplicationFiled: January 23, 2017Publication date: May 11, 2017Inventors: Michael Charles Osborne, Elaine Rivette Palmer, Tamas Visegrady
-
Publication number: 20170093879Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: ApplicationFiled: September 30, 2015Publication date: March 30, 2017Inventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Publication number: 20170093818Abstract: A computer-implemented method, a computer system, and a computer program product are provided for enforcing multi-level security (MLS) on a message transmitted over a network that may be insecure. The method includes the processor obtaining a request from a source to send a message to a target, where the request includes the message and a context indicating a requested security level for the message. The processor encrypts the message based on ascertaining the message received in the request is a plaintext. The processor authenticates the encrypted message based on ascertaining the encrypted message is a ciphertext, where the target is enabled to trace the authenticated ciphertext back to the source. The processor transmits the authenticated encrypted message to the target across the network.Type: ApplicationFiled: June 28, 2016Publication date: March 30, 2017Inventors: John C. Dayka, Michael Charles Osborne, Tamas Visegrady
-
Publication number: 20160117189Abstract: Graph data of a DAG is received. The data describes a module to be started by way of nodes connected by edges, wherein some nodes are submodule nodes that correspond to submodules of said module. Submodule nodes are connected via edge(s) that reflect a data dependency between the corresponding submodules. Each of said submodules is a hardware module or a software submodule, capable of producing and/or consuming data that can be consumed and/or produced, by other submodule(s) of said module, based on the DAG. Asynchronous execution is started of two of said submodules, respectively corresponding to two submodule nodes located in independent branches of the DAG. A third submodule node(s) is determined that is a descendant of each of said two submodule nodes, according to an outcome of the execution of the corresponding two submodules. Execution is started of a third submodule that corresponds to the determined third submodule node.Type: ApplicationFiled: October 22, 2015Publication date: April 28, 2016Inventors: Michael Charles Osborne, Elaine Rivette Palmer, Tamas Visegrady