Patents by Inventor Nataraj Nagaratnam

Nataraj Nagaratnam has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12160511
    Abstract: Hybrid encryption of imported key material is provided. A request to import key material is received from a user system. In response to the request, two public keys are sent to the user system. The two public keys include a classical cryptography (CC) public key and a quantum-safe cryptography (QSC) public key. At least one public key of the two public keys is retrieved from a hardware security module (HSM). Hybrid-encrypted key material is received from the user system. The hybrid-encrypted key material is key material that has been encrypted using the two public keys. The key material, at least partially encrypted by the at least one public key, is sent to the HSM.
    Type: Grant
    Filed: March 30, 2022
    Date of Patent: December 3, 2024
    Assignee: International Business Machines Corporation
    Inventors: Vaijayanthimala K. Anand, Jeffrey J. Feng, Priti Bavaria, Martin Schmatz, Nataraj Nagaratnam
  • Patent number: 12041164
    Abstract: A system, method, and computer program product for implementing encryption key management is provided. The method includes connecting a hardware device to a keystore agent comprising a system configured to manage one or more keystores holding one or more cryptographic key instances. A key template is configured to define an attribute for generating cryptographic keys. The key template is modified such that the keystore component is added to the key template and instances of associated cryptographic keys are generated. Each instance is installed within the keystore component and associated attributes associated with data for consumption are generated. A key event log defining all events associated with a given key of the associated cryptographic keys with respect to a lifetime of the given key is generated and a repository comprising key templates and associated key data is maintained.
    Type: Grant
    Filed: September 10, 2021
    Date of Patent: July 16, 2024
    Assignee: International Business Machines Corporation
    Inventors: Isabel Arnold, Søren Peen, Troels Nørgaard, Jakub Karol Jelonek, Blazej Pawlak, Christopher S. Smith, Nataraj Nagaratnam, Marco Pavone, Leo Moesgaard
  • Publication number: 20240126530
    Abstract: An example operation may include one or more of identifying, via a hybrid environment, components which are included in a software program within the hybrid environment, generating a software bill of materials (SBOM) for the software program which comprises names of the identified components, detecting that the software program does not comply with a predefined policy based on the names of the identified components within the SBOM, and displaying a notification via a user interface based on the detection.
    Type: Application
    Filed: October 17, 2022
    Publication date: April 18, 2024
    Inventors: Sudheesh S. Kairali, Rambabu Parvatina, Venkatesh Krishnan, Shanmukha Sai Ram Paran Parvathina, Nataraj Nagaratnam
  • Patent number: 11930044
    Abstract: An approach for dynamically transitioning mobile client devices from one location to another within edge computing is disclosed. The approach includes retrieving locations for near edges and far edges and collecting one or more SCC (security compliance center) rules. The approach includes identifying edge access from one or more client devices and determining mobility pattern associated with the edge access. The approach includes determining edge recommendation based on the mobility patterns and applying the edge recommendation.
    Type: Grant
    Filed: January 5, 2022
    Date of Patent: March 12, 2024
    Assignee: International Business Machines Corporation
    Inventors: Sudheesh S. Kairali, Sarbajit K. Rakshit, Vijay Kalangumvathakkal, Nataraj Nagaratnam
  • Publication number: 20230316184
    Abstract: A request to generate an automated compliance verification framework for an organization is received. A neural network analyzes industry and internal regulations of the organization, as well as existing record-keeping and data processing applications of the organization. The neural network determines a set of benchmarks derived from existing variables from the record-keeping and data processing applications to objectively verify compliance or non-compliance with the industry and internal regulations. The neural network determines these benchmarks by comparing data of the record-keeping and data processing applications against the industry and internal regulations. A compliance system is caused to execute an automated test of each of the set of benchmarks verifying whether the organization is objectively in compliance with the industry and internal regulations.
    Type: Application
    Filed: March 30, 2022
    Publication date: October 5, 2023
    Inventors: Anthony Erwin, Nataraj Nagaratnam
  • Publication number: 20230318826
    Abstract: Hybrid encryption of imported key material is provided. A request to import key material is received from a user system. In response to the request, two public keys are sent to the user system. The two public keys include a classical cryptography (CC) public key and a quantum-safe cryptography (QSC) public key. At least one public key of the two public keys is retrieved from a hardware security module (HSM). Hybrid-encrypted key material is received from the user system. The hybrid-encrypted key material is key material that has been encrypted using the two public keys. The key material, at least partially encrypted by the at least one public key, is sent to the HSM.
    Type: Application
    Filed: March 30, 2022
    Publication date: October 5, 2023
    Inventors: Vaijayanthimala K. Anand, Jeffrey J. Feng, Priti Bavaria, Martin Schmatz, Nataraj Nagaratnam
  • Patent number: 11755717
    Abstract: A method, apparatus, system, and computer program product for configuring a computing environment. A configuration profile is identified by a computer system for the computing environment that is to be deployed in which the computing environment meets a security policy to run an application in the computing environment. A determination is made, by the computer system, as to whether the configuration profile for the computing environment meets the security policy for running the application in the computing environment. The configuration profile for the computing environment is deployed, by the computer system, to configure the computing environment for the application in response to the configuration profile meeting the security policy.
    Type: Grant
    Filed: March 18, 2021
    Date of Patent: September 12, 2023
    Assignee: International Business Machines Corporation
    Inventors: Adam Robert Geiger, Nataraj Nagaratnam, Dinakaran Joseph, Michael S. Law, Priyank Narvekar, Hillery Hunter
  • Publication number: 20230216890
    Abstract: An approach for dynamically transitioning mobile client devices from one location to another within edge computing is disclosed. The approach includes retrieving locations for near edges and far edges and collecting one or more SCC(security compliance center) rules. The approach includes identifying edge access from one or more client devices and determining mobility pattern associated with the edge access. The approach includes determining edge recommendation based on the mobility patterns and applying the edge recommendation.
    Type: Application
    Filed: January 5, 2022
    Publication date: July 6, 2023
    Inventors: Sudheesh S. Kairali, Sarbajit K. Rakshit, VIJAY Kalangumvathakkal, Nataraj Nagaratnam
  • Patent number: 11689375
    Abstract: Certificate and key management is provided. A signed certificate corresponding to an enterprise is deployed to a plurality of cryptographic communication protocol endpoint proxies located in a heterogeneous distributed computing environment where a private key corresponding to the enterprise is not placed in any of the plurality of cryptographic communication protocol endpoint proxies. Offload of cryptographic communications from the plurality of cryptographic communication protocol endpoint proxies to the hardware security module is received by the hardware security module where the hardware security module verifies connection authenticity for the plurality of cryptographic communication protocol endpoint proxies across the heterogeneous distributed computing environment using the private key corresponding to the enterprise that remains within a security boundary of the hardware security module.
    Type: Grant
    Filed: May 21, 2021
    Date of Patent: June 27, 2023
    Assignee: International Business Machines Corporation
    Inventors: Nataraj Nagaratnam, Christopher S. Smith, David Nguyen, Martin Schmatz, Marco Pavone, Navaneeth Rameshan
  • Publication number: 20230176885
    Abstract: A method includes receiving, by a computing device, security definitions from an owner of a cloud deployment; receiving, by the computing device, a customer profile having intents to use the cloud deployment; assessing, by the computing device and using automated assessment tools, compliance of the cloud deployment with the security definitions in view of the intents; generating, by the computing device, a compliance posture using the assessment; and providing, by the computing device, the compliance posture to a reviewer.
    Type: Application
    Filed: December 7, 2021
    Publication date: June 8, 2023
    Inventors: Anca Sailer, Ramamurthy Vaidhyanathan, Nataraj Nagaratnam
  • Publication number: 20230119304
    Abstract: Post quantum secure network communication is provided. The process comprises sending, by a client in a first computing cluster, an outbound message to a quantum safe cryptographic (QSC) proxy server in the first computing cluster, wherein the outbound message is addressed to a target server in a second computing cluster. The QSC proxy server initiates a QSC transport layer security (TLS) connection with an ingress controller in the second computing cluster, wherein the ingress controller comprises a QSC algorithm. The QSC proxy server transfers the message to the ingress controller via the QSC TLS connection, and the ingress controller routes the message to the target server in the second computing cluster via a non-QSC connection.
    Type: Application
    Filed: October 18, 2021
    Publication date: April 20, 2023
    Inventors: Nataraj Nagaratnam, Martin Schmatz, Navaneeth Rameshan, Vaijayanthimala K. Anand, Jeffrey J. Feng
  • Publication number: 20230080445
    Abstract: A system, method, and computer program product for implementing encryption key management is provided. The method includes connecting a hardware device to a keystore agent comprising a system configured to manage one or more keystores holding one or more cryptographic key instances. A key template is configured to define an attribute for generating cryptographic keys. The key template is modified such that the keystore component is added to the key template and instances of associated cryptographic keys are generated. Each instance is installed within the keystore component and associated attributes associated with data for consumption are generated. A key event log defining all events associated with a given key of the associated cryptographic keys with respect to a lifetime of the given key is generated and a repository comprising key templates and associated key data is maintained.
    Type: Application
    Filed: September 10, 2021
    Publication date: March 16, 2023
    Inventors: ISABEL ARNOLD, Søren Peen, Troels Nørgaard, Jakub Karol Jelonek, Blazej Pawlak, Christopher S. Smith, Nataraj Nagaratnam, Marco Pavone, Leo Moesgaard
  • Publication number: 20220376929
    Abstract: Certificate and key management is provided. A signed certificate corresponding to an enterprise is deployed to a plurality of cryptographic communication protocol endpoint proxies located in a heterogeneous distributed computing environment where a private key corresponding to the enterprise is not placed in any of the plurality of cryptographic communication protocol endpoint proxies. Offload of cryptographic communications from the plurality of cryptographic communication protocol endpoint proxies to the hardware security module is received by the hardware security module where the hardware security module verifies connection authenticity for the plurality of cryptographic communication protocol endpoint proxies across the heterogeneous distributed computing environment using the private key corresponding to the enterprise that remains within a security boundary of the hardware security module.
    Type: Application
    Filed: May 21, 2021
    Publication date: November 24, 2022
    Inventors: Nataraj Nagaratnam, Christopher S. Smith, David Nguyen, Martin Schmatz, Marco Pavone, Navaneeth Rameshan
  • Publication number: 20220300603
    Abstract: A method, apparatus, system, and computer program product for configuring a computing environment. A configuration profile is identified by a computer system for the computing environment that is to be deployed in which the computing environment meets a security policy to run an application in the computing environment. A determination is made, by the computer system, as to whether the configuration profile for the computing environment meets the security policy for running the application in the computing environment. The configuration profile for the computing environment is deployed, by the computer system, to configure the computing environment for the application in response to the configuration profile meeting the security policy.
    Type: Application
    Filed: March 18, 2021
    Publication date: September 22, 2022
    Inventors: Adam Robert Geiger, Nataraj Nagaratnam, Dinakaran Joseph, Michael S. Law, Priyank Narvekar, Hillery Hunter
  • Patent number: 11119655
    Abstract: An embodiment of the invention may include a method, computer program product and system for optimizing data defragmentation. The embodiment may include collecting details related to contiguous storage space available on a disk drive. The embodiment may include identifying a type of object storage implementation utilized on the disk drive. The type of object storage implementation is based on how an object is stored within the disk drive. The embodiment may include identifying an important component of the object. The important component of the object is determined by a frequency of access. The embodiment may include identifying a non-important component of the object. The non-important component of the object is determined by a frequency of access. The embodiment may include moving the important component to an outer sector of the disk drive. The embodiment may include moving the non-important component to an inner sector of the disk drive.
    Type: Grant
    Filed: August 21, 2019
    Date of Patent: September 14, 2021
    Assignee: International Business Machines Corporation
    Inventors: Duane Baldwin, Abhishek Dave, Sasikanth Eda, Nataraj Nagaratnam, John T. Olson, Sandeep R. Patil
  • Patent number: 11095654
    Abstract: An approach is provided that enhances computer system security. In the approach, a set of users is authorized to be notified when any of a selected set of activities occurs on the user's account. When the system detects that one of the activities has occurred on the account, a notification is sent to the set of authorized users. The set of users may individually send a responsive security response to protect the user's account. Responsive to receiving the security response from one of the set of users, a security action is performed that is anticipated to protect the user's account.
    Type: Grant
    Filed: May 3, 2019
    Date of Patent: August 17, 2021
    Assignee: International Business Machines Corporation
    Inventors: Nataraj Nagaratnam, Kapil K. Singh
  • Patent number: 11082414
    Abstract: Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.
    Type: Grant
    Filed: March 24, 2017
    Date of Patent: August 3, 2021
    Assignee: International Business Machines Corporation
    Inventors: Manjeri R. Dharmarajan, Kaushal K. Kapadia, Vigneshwarnath Miriyala, Nataraj Nagaratnam, Darshini G. Swamy, Suyesh R. Tiwari
  • Patent number: 10984457
    Abstract: Embodiments of the present invention address deficiencies of the art in respect to privacy data management and provide a novel and non-obvious method, system and computer program product for trusted statement verification for data privacy. In one embodiment of the invention, a method for trusted statement verification for data privacy can be provided. The method can include deducing a claim from an attribute for personal data for an end user, receiving a request from a personal data consumer to vouch for an assertion based upon the attribute, comparing the assertion to the claim, and providing a voucher for the assertion to the personal data consumer on behalf of the end user if the claim supports the assertion without revealing the attribute to the personal data consumer.
    Type: Grant
    Filed: August 31, 2007
    Date of Patent: April 20, 2021
    Assignee: International Business Machines Corporation
    Inventors: Gregory T. Byrd, Michael G. McIntosh, Nataraj Nagaratnam, Anthony J. Nadalin
  • Patent number: 10887293
    Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device generates a sub-key identifier based on a data ID, which is based on unique ID value(s) associated with an encrypted data object, and a requester secret. The computing device processes the sub-key identifier in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded input and an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., Key Management System (KMS) service) and receives a blinded sub-key therefrom. The computing device processes the blinded sub-key in accordance with an OPRF unblinding operation to generate the key and accesses secure data thereby.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: January 5, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jason K. Resch, Hugo M. Krawczyk, Mark D. Seaborn, Nataraj Nagaratnam, Erlander Lo
  • Patent number: 10841315
    Abstract: An approach is provided that registers a wearable device in response to receiving a registration request that includes a set of acceptable user states and a corresponding set of acceptable times to perform a set of actions. When the approach receives a request from the user of the network-accessible site to perform a selected one of the set of actions, the approach transmits an inquiry to the wearable device registered to the user. Then, the approach receives a current state of the user from the wearable device responding to the transmitted state inquiry and determines a current time. In turn, the approach performs the selected action at the network-accessible site in response to determining that the received current state of the user matches one of the set of acceptable states and the current time matches one of the set of acceptable times.
    Type: Grant
    Filed: January 9, 2019
    Date of Patent: November 17, 2020
    Assignee: International Business Machines Corporation
    Inventors: Nataraj Nagaratnam, Pamela A. Nesbitt, Sandeep R. Patil, Sachin C. Punadikar