Patents by Inventor Nataraj Nagaratnam
Nataraj Nagaratnam has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12160511Abstract: Hybrid encryption of imported key material is provided. A request to import key material is received from a user system. In response to the request, two public keys are sent to the user system. The two public keys include a classical cryptography (CC) public key and a quantum-safe cryptography (QSC) public key. At least one public key of the two public keys is retrieved from a hardware security module (HSM). Hybrid-encrypted key material is received from the user system. The hybrid-encrypted key material is key material that has been encrypted using the two public keys. The key material, at least partially encrypted by the at least one public key, is sent to the HSM.Type: GrantFiled: March 30, 2022Date of Patent: December 3, 2024Assignee: International Business Machines CorporationInventors: Vaijayanthimala K. Anand, Jeffrey J. Feng, Priti Bavaria, Martin Schmatz, Nataraj Nagaratnam
-
Patent number: 12041164Abstract: A system, method, and computer program product for implementing encryption key management is provided. The method includes connecting a hardware device to a keystore agent comprising a system configured to manage one or more keystores holding one or more cryptographic key instances. A key template is configured to define an attribute for generating cryptographic keys. The key template is modified such that the keystore component is added to the key template and instances of associated cryptographic keys are generated. Each instance is installed within the keystore component and associated attributes associated with data for consumption are generated. A key event log defining all events associated with a given key of the associated cryptographic keys with respect to a lifetime of the given key is generated and a repository comprising key templates and associated key data is maintained.Type: GrantFiled: September 10, 2021Date of Patent: July 16, 2024Assignee: International Business Machines CorporationInventors: Isabel Arnold, Søren Peen, Troels Nørgaard, Jakub Karol Jelonek, Blazej Pawlak, Christopher S. Smith, Nataraj Nagaratnam, Marco Pavone, Leo Moesgaard
-
Publication number: 20240126530Abstract: An example operation may include one or more of identifying, via a hybrid environment, components which are included in a software program within the hybrid environment, generating a software bill of materials (SBOM) for the software program which comprises names of the identified components, detecting that the software program does not comply with a predefined policy based on the names of the identified components within the SBOM, and displaying a notification via a user interface based on the detection.Type: ApplicationFiled: October 17, 2022Publication date: April 18, 2024Inventors: Sudheesh S. Kairali, Rambabu Parvatina, Venkatesh Krishnan, Shanmukha Sai Ram Paran Parvathina, Nataraj Nagaratnam
-
Patent number: 11930044Abstract: An approach for dynamically transitioning mobile client devices from one location to another within edge computing is disclosed. The approach includes retrieving locations for near edges and far edges and collecting one or more SCC (security compliance center) rules. The approach includes identifying edge access from one or more client devices and determining mobility pattern associated with the edge access. The approach includes determining edge recommendation based on the mobility patterns and applying the edge recommendation.Type: GrantFiled: January 5, 2022Date of Patent: March 12, 2024Assignee: International Business Machines CorporationInventors: Sudheesh S. Kairali, Sarbajit K. Rakshit, Vijay Kalangumvathakkal, Nataraj Nagaratnam
-
Publication number: 20230316184Abstract: A request to generate an automated compliance verification framework for an organization is received. A neural network analyzes industry and internal regulations of the organization, as well as existing record-keeping and data processing applications of the organization. The neural network determines a set of benchmarks derived from existing variables from the record-keeping and data processing applications to objectively verify compliance or non-compliance with the industry and internal regulations. The neural network determines these benchmarks by comparing data of the record-keeping and data processing applications against the industry and internal regulations. A compliance system is caused to execute an automated test of each of the set of benchmarks verifying whether the organization is objectively in compliance with the industry and internal regulations.Type: ApplicationFiled: March 30, 2022Publication date: October 5, 2023Inventors: Anthony Erwin, Nataraj Nagaratnam
-
Publication number: 20230318826Abstract: Hybrid encryption of imported key material is provided. A request to import key material is received from a user system. In response to the request, two public keys are sent to the user system. The two public keys include a classical cryptography (CC) public key and a quantum-safe cryptography (QSC) public key. At least one public key of the two public keys is retrieved from a hardware security module (HSM). Hybrid-encrypted key material is received from the user system. The hybrid-encrypted key material is key material that has been encrypted using the two public keys. The key material, at least partially encrypted by the at least one public key, is sent to the HSM.Type: ApplicationFiled: March 30, 2022Publication date: October 5, 2023Inventors: Vaijayanthimala K. Anand, Jeffrey J. Feng, Priti Bavaria, Martin Schmatz, Nataraj Nagaratnam
-
Patent number: 11755717Abstract: A method, apparatus, system, and computer program product for configuring a computing environment. A configuration profile is identified by a computer system for the computing environment that is to be deployed in which the computing environment meets a security policy to run an application in the computing environment. A determination is made, by the computer system, as to whether the configuration profile for the computing environment meets the security policy for running the application in the computing environment. The configuration profile for the computing environment is deployed, by the computer system, to configure the computing environment for the application in response to the configuration profile meeting the security policy.Type: GrantFiled: March 18, 2021Date of Patent: September 12, 2023Assignee: International Business Machines CorporationInventors: Adam Robert Geiger, Nataraj Nagaratnam, Dinakaran Joseph, Michael S. Law, Priyank Narvekar, Hillery Hunter
-
Publication number: 20230216890Abstract: An approach for dynamically transitioning mobile client devices from one location to another within edge computing is disclosed. The approach includes retrieving locations for near edges and far edges and collecting one or more SCC(security compliance center) rules. The approach includes identifying edge access from one or more client devices and determining mobility pattern associated with the edge access. The approach includes determining edge recommendation based on the mobility patterns and applying the edge recommendation.Type: ApplicationFiled: January 5, 2022Publication date: July 6, 2023Inventors: Sudheesh S. Kairali, Sarbajit K. Rakshit, VIJAY Kalangumvathakkal, Nataraj Nagaratnam
-
Patent number: 11689375Abstract: Certificate and key management is provided. A signed certificate corresponding to an enterprise is deployed to a plurality of cryptographic communication protocol endpoint proxies located in a heterogeneous distributed computing environment where a private key corresponding to the enterprise is not placed in any of the plurality of cryptographic communication protocol endpoint proxies. Offload of cryptographic communications from the plurality of cryptographic communication protocol endpoint proxies to the hardware security module is received by the hardware security module where the hardware security module verifies connection authenticity for the plurality of cryptographic communication protocol endpoint proxies across the heterogeneous distributed computing environment using the private key corresponding to the enterprise that remains within a security boundary of the hardware security module.Type: GrantFiled: May 21, 2021Date of Patent: June 27, 2023Assignee: International Business Machines CorporationInventors: Nataraj Nagaratnam, Christopher S. Smith, David Nguyen, Martin Schmatz, Marco Pavone, Navaneeth Rameshan
-
Publication number: 20230176885Abstract: A method includes receiving, by a computing device, security definitions from an owner of a cloud deployment; receiving, by the computing device, a customer profile having intents to use the cloud deployment; assessing, by the computing device and using automated assessment tools, compliance of the cloud deployment with the security definitions in view of the intents; generating, by the computing device, a compliance posture using the assessment; and providing, by the computing device, the compliance posture to a reviewer.Type: ApplicationFiled: December 7, 2021Publication date: June 8, 2023Inventors: Anca Sailer, Ramamurthy Vaidhyanathan, Nataraj Nagaratnam
-
Publication number: 20230119304Abstract: Post quantum secure network communication is provided. The process comprises sending, by a client in a first computing cluster, an outbound message to a quantum safe cryptographic (QSC) proxy server in the first computing cluster, wherein the outbound message is addressed to a target server in a second computing cluster. The QSC proxy server initiates a QSC transport layer security (TLS) connection with an ingress controller in the second computing cluster, wherein the ingress controller comprises a QSC algorithm. The QSC proxy server transfers the message to the ingress controller via the QSC TLS connection, and the ingress controller routes the message to the target server in the second computing cluster via a non-QSC connection.Type: ApplicationFiled: October 18, 2021Publication date: April 20, 2023Inventors: Nataraj Nagaratnam, Martin Schmatz, Navaneeth Rameshan, Vaijayanthimala K. Anand, Jeffrey J. Feng
-
Publication number: 20230080445Abstract: A system, method, and computer program product for implementing encryption key management is provided. The method includes connecting a hardware device to a keystore agent comprising a system configured to manage one or more keystores holding one or more cryptographic key instances. A key template is configured to define an attribute for generating cryptographic keys. The key template is modified such that the keystore component is added to the key template and instances of associated cryptographic keys are generated. Each instance is installed within the keystore component and associated attributes associated with data for consumption are generated. A key event log defining all events associated with a given key of the associated cryptographic keys with respect to a lifetime of the given key is generated and a repository comprising key templates and associated key data is maintained.Type: ApplicationFiled: September 10, 2021Publication date: March 16, 2023Inventors: ISABEL ARNOLD, Søren Peen, Troels Nørgaard, Jakub Karol Jelonek, Blazej Pawlak, Christopher S. Smith, Nataraj Nagaratnam, Marco Pavone, Leo Moesgaard
-
Publication number: 20220376929Abstract: Certificate and key management is provided. A signed certificate corresponding to an enterprise is deployed to a plurality of cryptographic communication protocol endpoint proxies located in a heterogeneous distributed computing environment where a private key corresponding to the enterprise is not placed in any of the plurality of cryptographic communication protocol endpoint proxies. Offload of cryptographic communications from the plurality of cryptographic communication protocol endpoint proxies to the hardware security module is received by the hardware security module where the hardware security module verifies connection authenticity for the plurality of cryptographic communication protocol endpoint proxies across the heterogeneous distributed computing environment using the private key corresponding to the enterprise that remains within a security boundary of the hardware security module.Type: ApplicationFiled: May 21, 2021Publication date: November 24, 2022Inventors: Nataraj Nagaratnam, Christopher S. Smith, David Nguyen, Martin Schmatz, Marco Pavone, Navaneeth Rameshan
-
Publication number: 20220300603Abstract: A method, apparatus, system, and computer program product for configuring a computing environment. A configuration profile is identified by a computer system for the computing environment that is to be deployed in which the computing environment meets a security policy to run an application in the computing environment. A determination is made, by the computer system, as to whether the configuration profile for the computing environment meets the security policy for running the application in the computing environment. The configuration profile for the computing environment is deployed, by the computer system, to configure the computing environment for the application in response to the configuration profile meeting the security policy.Type: ApplicationFiled: March 18, 2021Publication date: September 22, 2022Inventors: Adam Robert Geiger, Nataraj Nagaratnam, Dinakaran Joseph, Michael S. Law, Priyank Narvekar, Hillery Hunter
-
Patent number: 11119655Abstract: An embodiment of the invention may include a method, computer program product and system for optimizing data defragmentation. The embodiment may include collecting details related to contiguous storage space available on a disk drive. The embodiment may include identifying a type of object storage implementation utilized on the disk drive. The type of object storage implementation is based on how an object is stored within the disk drive. The embodiment may include identifying an important component of the object. The important component of the object is determined by a frequency of access. The embodiment may include identifying a non-important component of the object. The non-important component of the object is determined by a frequency of access. The embodiment may include moving the important component to an outer sector of the disk drive. The embodiment may include moving the non-important component to an inner sector of the disk drive.Type: GrantFiled: August 21, 2019Date of Patent: September 14, 2021Assignee: International Business Machines CorporationInventors: Duane Baldwin, Abhishek Dave, Sasikanth Eda, Nataraj Nagaratnam, John T. Olson, Sandeep R. Patil
-
Patent number: 11095654Abstract: An approach is provided that enhances computer system security. In the approach, a set of users is authorized to be notified when any of a selected set of activities occurs on the user's account. When the system detects that one of the activities has occurred on the account, a notification is sent to the set of authorized users. The set of users may individually send a responsive security response to protect the user's account. Responsive to receiving the security response from one of the set of users, a security action is performed that is anticipated to protect the user's account.Type: GrantFiled: May 3, 2019Date of Patent: August 17, 2021Assignee: International Business Machines CorporationInventors: Nataraj Nagaratnam, Kapil K. Singh
-
Patent number: 11082414Abstract: Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.Type: GrantFiled: March 24, 2017Date of Patent: August 3, 2021Assignee: International Business Machines CorporationInventors: Manjeri R. Dharmarajan, Kaushal K. Kapadia, Vigneshwarnath Miriyala, Nataraj Nagaratnam, Darshini G. Swamy, Suyesh R. Tiwari
-
Patent number: 10984457Abstract: Embodiments of the present invention address deficiencies of the art in respect to privacy data management and provide a novel and non-obvious method, system and computer program product for trusted statement verification for data privacy. In one embodiment of the invention, a method for trusted statement verification for data privacy can be provided. The method can include deducing a claim from an attribute for personal data for an end user, receiving a request from a personal data consumer to vouch for an assertion based upon the attribute, comparing the assertion to the claim, and providing a voucher for the assertion to the personal data consumer on behalf of the end user if the claim supports the assertion without revealing the attribute to the personal data consumer.Type: GrantFiled: August 31, 2007Date of Patent: April 20, 2021Assignee: International Business Machines CorporationInventors: Gregory T. Byrd, Michael G. McIntosh, Nataraj Nagaratnam, Anthony J. Nadalin
-
Patent number: 10887293Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device generates a sub-key identifier based on a data ID, which is based on unique ID value(s) associated with an encrypted data object, and a requester secret. The computing device processes the sub-key identifier in accordance with an Oblivious Pseudorandom Function (OPRF) blinding operation to generate a blinded input and an Oblivious Key Access Request (OKAR). The computing device transmits the OKAR to another computing device (e.g., Key Management System (KMS) service) and receives a blinded sub-key therefrom. The computing device processes the blinded sub-key in accordance with an OPRF unblinding operation to generate the key and accesses secure data thereby.Type: GrantFiled: March 20, 2018Date of Patent: January 5, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jason K. Resch, Hugo M. Krawczyk, Mark D. Seaborn, Nataraj Nagaratnam, Erlander Lo
-
Patent number: 10841315Abstract: An approach is provided that registers a wearable device in response to receiving a registration request that includes a set of acceptable user states and a corresponding set of acceptable times to perform a set of actions. When the approach receives a request from the user of the network-accessible site to perform a selected one of the set of actions, the approach transmits an inquiry to the wearable device registered to the user. Then, the approach receives a current state of the user from the wearable device responding to the transmitted state inquiry and determines a current time. In turn, the approach performs the selected action at the network-accessible site in response to determining that the received current state of the user matches one of the set of acceptable states and the current time matches one of the set of acceptable times.Type: GrantFiled: January 9, 2019Date of Patent: November 17, 2020Assignee: International Business Machines CorporationInventors: Nataraj Nagaratnam, Pamela A. Nesbitt, Sandeep R. Patil, Sachin C. Punadikar