Patents by Inventor Michael Waidner

Michael Waidner has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20200296109
    Abstract: A method to validate ownership of a resource within a network, comprising selecting a group of at least two validation agents such that network routes between a validation agent of the group and entities of a group of one or more entities associated to the resource do not intersect. The method further comprises transmitting a property of the resource to be validated and an address indicator for the resource from a coordinating agent to the group of validation agents. Also, the method comprises querying the property of the resource from the entities using the validation agents of the group to determine queried properties; and evaluating the queried properties to validate ownership of the resource.
    Type: Application
    Filed: October 11, 2019
    Publication date: September 17, 2020
    Inventors: Haya SHULMAN, Michael WAIDNER, Markus BRANDT
  • Publication number: 20200167130
    Abstract: A method for generating a random number comprises selecting a group of at least two servers within a network; receiving a server specific string from at least two servers of the group; and using the server specific strings to generate the random number.
    Type: Application
    Filed: October 23, 2019
    Publication date: May 28, 2020
    Inventors: Haya SHULMAN, Michael WAIDNER
  • Patent number: 10425396
    Abstract: A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: September 24, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Birgit M. Pfitzmann, Michael Waidner
  • Publication number: 20170048237
    Abstract: A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information.
    Type: Application
    Filed: October 28, 2016
    Publication date: February 16, 2017
    Inventors: BIRGIT M. PFITZMANN, MICHAEL WAIDNER
  • Patent number: 9501634
    Abstract: A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information.
    Type: Grant
    Filed: June 2, 2011
    Date of Patent: November 22, 2016
    Assignee: International Business Machines Corporation
    Inventors: Birgit Pfitzmann, Michael Waidner
  • Patent number: 8650406
    Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.
    Type: Grant
    Filed: February 27, 2012
    Date of Patent: February 11, 2014
    Assignee: International Business Machines Corporation
    Inventors: Michael Backes, Shmuel S Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
  • Publication number: 20120331285
    Abstract: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM}, and comprises the following steps. First, the computing platform (P) receives configuration values (PCRI . . . PCRn). Then, by means of the trusted platform module (TPM}, a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCRI . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp}} on one of the received configuration values (PCRI . . . PCRn).
    Type: Application
    Filed: September 2, 2012
    Publication date: December 27, 2012
    Applicant: International Business Machines Corporation
    Inventors: Endre Bangerter, Matthias Schunter, Michael Waidner, Jan Camenisch
  • Patent number: 8312271
    Abstract: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM), and comprises the following steps. First, the computing platform (P) receives configuration values (PCR1 . . . PCRn). Then, by means of the trusted platform module (TPM), a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCR1 . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp)) on one of the received configuration values (PCR1 . . . PCRn).
    Type: Grant
    Filed: May 26, 2008
    Date of Patent: November 13, 2012
    Assignee: International Business Machines Corporation
    Inventors: Endre Bangerter, Matthias Schunter, Michael Waidner, Jan Camenisch
  • Publication number: 20120159610
    Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.
    Type: Application
    Filed: February 27, 2012
    Publication date: June 21, 2012
    Applicant: International Business Machine Corporation
    Inventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
  • Patent number: 8161287
    Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.
    Type: Grant
    Filed: June 3, 2010
    Date of Patent: April 17, 2012
    Assignee: International Business Machines Corporation
    Inventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, Michael Waidner
  • Publication number: 20110302273
    Abstract: A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information.
    Type: Application
    Filed: June 2, 2011
    Publication date: December 8, 2011
    Applicant: International Business Machines Corporation
    Inventors: Birgit Pfitzmann, Michael Waidner
  • Patent number: 7992195
    Abstract: The invention allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a method and system are presented for providing an identity-related information about a user to a requesting entity. The method comprises a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information.
    Type: Grant
    Filed: March 26, 2003
    Date of Patent: August 2, 2011
    Assignee: International Business Machines Corporation
    Inventors: Birgit Pfitzmann, Michael Waidner
  • Patent number: 7962962
    Abstract: In a computer, a first set of object classes are provided representing active entities in an information-handling process and a second set of object classes are provided representing data and rules in the information-handling process. At least one object class has rules associated with data. The above-mentioned objects are used in constructing a model of an information-handling process, and to provide an output that identifies at least one way in which the information-handling process could be improved. One aspect is a method for handling personally identifiable information. Another aspect is a system for executing the method of the present invention. A third aspect is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.
    Type: Grant
    Filed: June 19, 2001
    Date of Patent: June 14, 2011
    Assignee: International Business Machines Corporation
    Inventors: Steven B. Adler, Endre Felix Bangerter, Kathryn Ann Bohrer, Nigel Howard Julian Brown, Jan Camenisch, Arthur M. Gilbert, Dogan Kesdogan, Matthew P. Leonard, Xuan Liu, Michael Robert McCullough, Adam Charles Nelson, Charles Campbell Palmer, Calvin Stacy Powers, Michael Schnyder, Edith Schonberg, Matthias Schunter, Elsie Van Herreweghen, Michael Waidner
  • Publication number: 20100242108
    Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.
    Type: Application
    Filed: June 3, 2010
    Publication date: September 23, 2010
    Applicant: International Business Machines Corporation
    Inventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
  • Patent number: 7770000
    Abstract: Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.
    Type: Grant
    Filed: May 21, 2008
    Date of Patent: August 3, 2010
    Assignee: International Business Machines Corporation
    Inventors: Matthias Schunter, Jonathan A. Poritz, Michael Waidner, Elsie A. Van Herreweghen
  • Patent number: 7757280
    Abstract: A computer-implemented method for protecting a memory is provided. The method includes responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to the memory, the request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB), forming a credential from CAP and CAPB, appending the credential to the IO command, configuring the IO device according to the credential and the IO command, transmitting the data from the IO device to the memory and prior to allowing execution of the DMA, authenticating that the credential is valid, further includes regenerating CAPB from a key available to an authenticating entity and from the CAP (included in CAPB) and verifying that the memory region information described in the cryptographically signed capability is the same as the requested region that was originally created, and that the cryptographically signed capability encompasses the IO command.
    Type: Grant
    Filed: January 17, 2006
    Date of Patent: July 13, 2010
    Assignee: International Business Machines Corporation
    Inventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
  • Patent number: 7603317
    Abstract: The invention entails identifying the parties involved in a process of handling personally identifiable information; identifying the data involved in said process; classifying the data; expressing each relationship between each pair of said parties in terms of a privacy agreement; and representing the parties, data, and privacy agreements graphically in one or more privacy agreement relationship diagrams. The invention has the advantage of identifying opportunities to reduce privacy-related risks, including identifying unnecessary exchanges of data, for possible elimination, and identifying opportunities to transform data into a less sensitive form. Privacy agreements are based on a limited set of privacy-related actions: access, disclose, release, notify, utilize, update, withdrawConsent, giveConsent, delete, anonymize, depersonalize, and repersonalize. One aspect of the present invention is a method for improving the handling of personally identifiable information.
    Type: Grant
    Filed: June 19, 2001
    Date of Patent: October 13, 2009
    Assignee: International Business Machines Corporation
    Inventors: Steven B. Adler, Nigel Howard Julian Brown, Arthur M. Gilbert, Charles Campbell Palmer, Michael Schnyder, Michael Waidner
  • Publication number: 20080313736
    Abstract: The invention provides a data network, systems and methods for checking nodes of a data network that are used for detecting whether a privacy policy concerning an information is maintained. The information comprises a mark corresponding to the privacy policy. The mark defines the storage place or the accessing paths or the transferring paths of the information. The mark is automatically searchable. The mark is searched, analyzed and checked as to whether the privacy policy is maintained. The advantage of the system is that vulnerabilities of systems for protecting confidential information may be detected a long time before an attack on the confidential information occurs.
    Type: Application
    Filed: July 31, 2008
    Publication date: December 18, 2008
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Birgit Baum-Waidner, Michael Waidner, Christopher Kenyon
  • Publication number: 20080294480
    Abstract: The present invention provides methods and apparatus for creating a privacy policy from a process model, and methods and apparatus for checking the compliance of a privacy policy. An example of a method for creating a privacy policy from a process model according to the invention comprises the following steps. First, a task from the process model is chosen. Then one or more of the elements role, data, purpose, action, obligation, and condition are gathered from the task and a rule is build up by means of these elements. Finally the rule is added to the privacy policy.
    Type: Application
    Filed: August 5, 2008
    Publication date: November 27, 2008
    Inventors: Michael Backes, Guenter Karioth, Birgit Pfitzmann, Matthias Schunter, Michael Waidner
  • Publication number: 20080256595
    Abstract: Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.
    Type: Application
    Filed: May 21, 2008
    Publication date: October 16, 2008
    Applicant: International Business Machines Corporation
    Inventors: Matthias Schunter, Jonathan A. Poritz, Michael Waidner, Elsie A. Van Herreweghen