Patents by Inventor Nevenko Zunic

Nevenko Zunic has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7694136
    Abstract: A method to distribute and authenticate public encryption keys. A client concatenates its ID, its public key, and a secret password known to the client and a server, and hashes the result. The client forms an extended concatenation including the ID, the public key, and the hashed value, and sends the extended concatenation to the server. The server reads the ID and public key, and re-computes the hashed value based on its own knowledge of the password. If the received and the computed hashed values are the same, the server concludes that the client's public key is authentic. An analogous process enables the server to distribute its public key, and enables the client to authenticate the server's distributed public key.
    Type: Grant
    Filed: February 10, 2003
    Date of Patent: April 6, 2010
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Publication number: 20090276446
    Abstract: A system and method for classifying structured data by automatically suggesting classification labels. The system comprises a taxonomy configured to provide one or more normalized labels and a classification tool configured to automatically classify data across an enterprise system using the one or more normalized labels. The method comprises extracting metadata from one or more relational databases; suggesting classifications based on the metadata; and converting one or more names to normalized labels across an enterprise system based on the suggested classifications.
    Type: Application
    Filed: May 2, 2008
    Publication date: November 5, 2009
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION.
    Inventors: Marcel Graf, Morton G. Swimmer, Nevenko Zunic
  • Patent number: 7607009
    Abstract: A method to exchange and authenticate public cryptographic keys between parties that share a common but secret password. The parties exchange public keys, where the public keys are accompanied by hashed values based on the keys, the password, and random numbers. Each party then encrypts its random number using the public key of the other party, and the encryptions are exchanged. Based on the received encryptions and the known password, each party then re-computes the hashed value received from the other party, and compares the re-computed hashed value with the received hashed value. If the two are the same, the public key that accompanied the hashed value is judged authentic.
    Type: Grant
    Filed: February 10, 2003
    Date of Patent: October 20, 2009
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 7596222
    Abstract: A method for protecting data for access by a plurality of users. A server encrypts data using a master key and a symmetric encryption algorithm. For each authorized user, a key encryption key (KEK) is derived from a passphrase, and the master key is encrypted using the KEK. The server posts the encrypted data and an ancillary file that includes, for each user, a user identifier and the master key encrypted according to the user's KEK. To access the data, a user enters the passphrase into a client, which re-derives the user's KEK, and finds, in the ancillary file, the master key encrypted using the user's KEK. The client decrypts the master key and then decrypts the data. A KEK may be derived from a natural language passphrase by hashing the passphrase, concatenating the result and a predetermined text, hashing the concatenation, and truncating.
    Type: Grant
    Filed: June 21, 2007
    Date of Patent: September 29, 2009
    Assignee: International Business Machines Corporation
    Inventors: Per Erwin Jonas, Allen Leonid Roginsky, Nevenko Zunic
  • Publication number: 20090198697
    Abstract: A method and system for controlling access to data via a data-centric security model. A business data classification scheme is defined as a hierarchy that includes data types aligned with business operations. A data element is labeled with a data label. The data label includes multiple attributes associated with a data-centric security model. A first attribute is a data type of the data element. A second attribute includes security requirements. Data control rules are automatically generated for an enforcement of the security requirements. The enforcement grants or denies to a user an access to the data element via a predefined action. The enforcement is based on a predefined association among the predefined action, a predefined role that includes the user, the data type and, optionally, a purpose for performing the predefined action.
    Type: Application
    Filed: February 5, 2008
    Publication date: August 6, 2009
    Inventors: Michael P. Bilger, Hyman D. Chantz, Nevenko Zunic
  • Publication number: 20090169014
    Abstract: A system to exchange and authenticate public cryptographic keys between parties that share a common but secret password, using a pair of random numbers, a pair of Diffie-Hellman public keys computed from the random numbers and the password, a Diffie-Hellman symmetric secret key computed from the Diffie-Hellman public keys and the random numbers, and hashed values of arguments that depend upon these elements.
    Type: Application
    Filed: January 13, 2009
    Publication date: July 2, 2009
    Inventors: Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Publication number: 20090100498
    Abstract: A method and system are disclosed for analyzing policies for compliance with a specified policy. The method comprises the steps of creating a policy template representing said specified policy, and comparing a group of given policies to said policy template to determine whether said given policies conflict with said specified policy. In the preferred embodiment of the invention, the specified policy may include specified rules, the given policies include a plurality of given rules, and the policy template expresses said specified rules. In this preferred embodiment, the comparing step includes the step of comparing said plurality of given rules to the policy template to determine whether any of said given rules conflicts with said specified rules. In addition, preferably, if conflicts are found between said given policies and said specified policy, the given policies are modified to eliminate the conflicts.
    Type: Application
    Filed: October 12, 2007
    Publication date: April 16, 2009
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Aldo P. Grossi, Claire-Marie N. Karat, Peter K. Malkin, Nevenko Zunic
  • Patent number: 7519824
    Abstract: A method for time stamping a digital document employs a two-part time stamp receipt. The first part of the time stamp receipt includes identifying data associated with a document and a nonce. The second part of the time stamp receipt includes a time indication and the nonce. The nonce serves as a link between the first and second parts.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: April 14, 2009
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 7490241
    Abstract: A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt using the document and the current time. The time stamp receipt is submitted to a time stamping authority having a trusted clock. The time stamping authority validates the time stamp receipt by comparing the time value specified in the time stamp receipt to the current time. If the time value specified in the time stamp receipt is within a predetermined time window, the time stamping authority cryptographically binds the time value and document, or the time value and some representation of the document, e.g., by signing the time stamp receipt with its private signature key.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: February 10, 2009
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 7487359
    Abstract: A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document.
    Type: Grant
    Filed: August 29, 2007
    Date of Patent: February 3, 2009
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 7480384
    Abstract: A method to exchange and authenticate public cryptographic keys between parties that share a common but secret password, using a pair of random numbers, a pair of Diffie-Hellman public keys computed from the random numbers and the password, a Diffie-Hellman symmetric secret key computed from the Diffie-Hellman public keys and the random numbers, and hashed values of arguments that depend upon these elements.
    Type: Grant
    Filed: February 10, 2003
    Date of Patent: January 20, 2009
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 7315948
    Abstract: A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: January 1, 2008
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Publication number: 20070297608
    Abstract: A method for protecting data for access by a plurality of users. A server encrypts data using a master key and a symmetric encryption algorithm. For each authorized user, a key encryption key (KEK) is derived from a passphrase, and the master key is encrypted using the KEK. The server posts the encrypted data and an ancillary file that includes, for each user, a user identifier and the master key encrypted according to the user's KEK. To access the data, a user enters the passphrase into a client, which re-derives the user's KEK, and finds, in the ancillary file, the master key encrypted using the user's KEK. The client decrypts the master key and then decrypts the data. A KEK may be derived from a natural language passphrase by hashing the passphrase, concatenating the result and a predetermined text, hashing the concatenation, and truncating.
    Type: Application
    Filed: June 21, 2007
    Publication date: December 27, 2007
    Inventors: Per Jonas, Allen Roginsky, Nevenko Zunic
  • Publication number: 20070294537
    Abstract: A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator.
    Type: Application
    Filed: August 29, 2007
    Publication date: December 20, 2007
    Applicant: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen Matyas
  • Patent number: 7272231
    Abstract: A method for protecting data for access by a plurality of users. A server encrypts data using a master key and a symmetric encryption algorithm. For each authorized user, a key encryption key (KEK) is derived from a passphrase, and the master key is encrypted using the KEK. The server posts the encrypted data and an ancillary file that includes, for each user, a user identifier and the master key encrypted according to the user's KEK. To access the data, a user enters the passphrase into a client, which re-derives the user's KEK, and finds, in the ancillary file, the master key encrypted using the user's KEK. The client decrypts the master key and then decrypts the data. A KEK may be derived from a natural language passphrase by hashing the passphrase, concatenating the result and a predetermined text, hashing the concatenation, and truncating.
    Type: Grant
    Filed: January 27, 2003
    Date of Patent: September 18, 2007
    Assignee: International Business Machines Corporation
    Inventors: Per Erwin Jonas, Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 7051211
    Abstract: Methods, systems and computer program products are provide for controlling access to software is provided by the software to be controlled being divided into a first encrypted portion and a second unencrypted portion. The second unencrypted portion has access to, and may even incorporate, a first secret value and a software identification associated with a copy of the software. The first encrypted portion is encrypted with a first key value which is based on the first secret value and a second secret value. The second secret value is obtained and the first key value generated from the obtained second secret value and the first secret value. The first encrypted portion of the software may then be decrypted with the first key value. The software may be installed on a data processing system utilizing the decrypted first encrypted portion of the software.
    Type: Grant
    Filed: August 21, 2000
    Date of Patent: May 23, 2006
    Assignee: International Business Machines Corporation
    Inventors: Stephen Michael Matyas, Jr., Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 7010689
    Abstract: Methods, systems and computer program products are provided for controlling access to digital data in a file by obtaining a passphrase from a user and generating a personal key based on the obtained passphrase. A file encryption key is generated and the digital data in the file encrypted with the file encryption key to provide an encrypted file. The file encryption key is encrypted with the personal key to provide an encrypted file encryption key. A file header containing the encrypted file encryption key and associated with the encrypted file. The encrypted file and the file header associated with the encrypted file may be stored at a file server.
    Type: Grant
    Filed: August 21, 2000
    Date of Patent: March 7, 2006
    Assignee: International Business Machines Corporation
    Inventors: Stephen Michael Matyas, Jr., Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 6993656
    Abstract: A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt by combining the document or other identifying data and a digital time indication. The time stamp receipt is submitted to a time stamping authority having a trusted clock. The time stamping authority optionally validates the time stamp receipt and then computes the age of the time stamp receipt. The time stamping authority creates an aged time stamp receipt by combining the identifying data and time indication contained in the submitted time stamp receipt with the computed age of the time stamp receipt. The time stamping authority cryptographically binds the time information and identifying data in the aged time stamp receipt, e.g., by signing the combination of the identifying data, time indication, and computed age with a private signature generation key.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: January 31, 2006
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 6965998
    Abstract: A time-stamping protocol for time-stamping digital documents uses a time-based signature key. A document or other identifying data is sent to a time stamping authority TSA. The TSA has a time-based signature key that the TSA uses to sign time stamp receipts. The signature key is associated with a fixed time reference that is stored in a public key certificate also containing the public verification key. Upon receiving the document, the TSA creates a time stamp receipt by computing a time difference between the time reference associated with the signature key and the time the document was received. The time difference is appended to the document to create a time stamp receipt and the receipt is then signed by the TSA and transmitted to the requestor.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: November 15, 2005
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 6947556
    Abstract: Methods, systems and computer program products are provided which provide for controlling access to digital data in a file by encrypting the data with a first key, encrypting the first key with a second personal key generated from a password/passphrase associated with the file and further encrypting the encrypted first key with a control key which is managed by the system. In certain embodiments, user authentication may also be provided by issuing a ticket which is utilized to create, access and administer the files in the system.
    Type: Grant
    Filed: August 21, 2000
    Date of Patent: September 20, 2005
    Assignee: International Business Machines Corporation
    Inventors: Stephen Michael Matyas, Jr., Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic