Patents by Inventor Patricia G. Driever

Patricia G. Driever has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11088829
    Abstract: A path for a node of a computing environment is secured. The securing includes obtaining, by the node, a message that includes an identifier of a shared key and an encrypted message, the encrypted message including a first encryption key, a second encryption key, one or more first parameters and one or more second parameters. The node obtains the shared key from a key server and uses it to decrypt the encrypted message to obtain the first encryption key, the second encryption key, the one or more first parameters and the one or more second parameters. A second security parameters index, to be associated with the second encryption key and the one or more second parameters, is obtained. The node sends a response message to another node, the response message including the second security parameters index.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: August 10, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11068565
    Abstract: A selected system obtains from a selected location software features information relating to another system. Using the software features information obtained from the selected location, a determination is made as to whether a selected license tier has been obtained. Based on determining that the selected license tier has been obtained, the selected system dispatches work of the other system into a container of the selected system.
    Type: Grant
    Filed: June 13, 2019
    Date of Patent: July 20, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Louis P. Gomes, Patricia G. Driever
  • Patent number: 11038671
    Abstract: Authentication is performed on a plurality of links to be used to couple one node of the computing environment and another node of the computing environment. The performing authentication includes obtaining, by the other node from the one node via one link of the plurality of links, an identifier of a shared key maintained by a key server. The other node uses the identifier to obtain the shared key from the key server. An indication that the other node decrypted a message received from the one node using the shared key is sent from the other node via the one link. The sending the indication on one or more other links of the plurality of links is repeated for subsequent messages decrypted by the other node using the shared key previously obtained.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: June 15, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11038698
    Abstract: A path is secured from one node to another node of the computing environment. The one node obtains a first encryption key and one or more first parameters for transmission of data, and a second encryption key and one or more second parameters for reception of data. A shared key is obtained by the one node from a key server, and the shared key is used to encrypt a message. The encrypted message includes the first encryption key, the one or more first parameters, the second encryption key and the one or more second parameters. The encrypted message and an identifier of the shared key is sent from the one node to the other node, and a response message is received by the one node. The response message at least provides an indication that the other node received the encrypted message and obtained the shared key.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: June 15, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11030136
    Abstract: An aspect includes memory access optimization for an I/O adapter in a processor complex. A memory block distance is determined between the I/O adapter and a memory block location in the processor complex and determining one or more memory movement type criteria between the I/O adapter and the memory block location based on the memory block distance. A memory movement operation type is selected based on a memory movement process parameter and the one or more memory movement type criteria. A memory movement process is initiated between the I/O adapter and the memory block location using the memory movement operation type.
    Type: Grant
    Filed: September 23, 2019
    Date of Patent: June 8, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Jerry W. Stevens
  • Patent number: 11025413
    Abstract: Authentication is performed on a plurality of links coupling one node of the computing environment and another node of the computing environment. The performing authentication includes obtaining by the one node a shared key from a key server coupled to the one node and another node of the computing environment. A message encrypted with the shared key is sent from the one node to the other node via one link of the plurality of links. An indication that the other node decrypted the message using the shared key obtained by the other node is received from the other node via the one link. The sending and the receiving are repeated on one or more other links of the plurality of links using the shared key previously obtained.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: June 1, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette, Peter G. Sutton
  • Publication number: 20210135885
    Abstract: In response to receiving a login request message with a security indicator enabled for security, a storage port establishes a security association by transmitting a response indicating a login accept with the security indicator enabled for security. In response to establishing the security association, the storage port modifies a protocol behavior for transmitting and receiving information units.
    Type: Application
    Filed: October 30, 2019
    Publication date: May 6, 2021
    Inventors: Roger G. Hathorn, Patricia G. Driever, Christopher J. Colonna, John R. Flanagan
  • Publication number: 20210119784
    Abstract: A path for a node of a computing environment is secured. The securing includes obtaining, by the node, a message that includes an identifier of a shared key and an encrypted message. The node obtains the shared key from a key server and uses it to decrypt the encrypted message to obtain an encryption key and one or more parameters. A security parameters index to be associated with the encryption key and the one or more parameters is obtained. The node sends a response message to another node, the response message including the security parameters index.
    Type: Application
    Filed: December 30, 2020
    Publication date: April 22, 2021
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Publication number: 20210091944
    Abstract: Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. The responder maintains a first security association with the initiator having a first key to use to encrypt and decrypt messages transmitted with the initiator. The responder receives a message from the initiator for a rekey operation to establish a second security association with the initiator using a second key. The responder queues Input/Output (I/O) for transmission using the second key after completing the rekey operation. After activating the second security association, the responder receives a revert message from the initiator to revert back to using the first security association and first key in response to a failure of the rekey operation.
    Type: Application
    Filed: September 25, 2019
    Publication date: March 25, 2021
    Inventors: Roger G. Hathorn, Patricia G. Driever, Christopher J. Colonna, Mooheng Zee, Mikel William Welsh, Alol Antony Crasta, John R. Flanagan
  • Publication number: 20210091943
    Abstract: Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. An initiator maintains a first security association with the responder having a first key to use to encrypt and decrypt data transmitted with the responder. The initiator initiates a rekey operation to establish a second security association with the responder using a second key. The initiator detects a failure of the rekey operation after the responder started using the second key for transmissions. A revert message is sent to the responder to revert back to using the first security association and first key in response to detecting the failure of the rekey operation.
    Type: Application
    Filed: September 25, 2019
    Publication date: March 25, 2021
    Inventors: Roger G. Hathorn, Patricia G. Driever, Christopher J. Colonna, Mooheng Zee, John R. Flanagan, Alol Antony Crasta, Mikel William Welsh
  • Publication number: 20210073395
    Abstract: A host port is enabled for security. The host port performs Input/Output (I/O) in plaintext on a path between the host port and a storage port, in response to determining that an audit mode indicator has been enabled to allow I/O even if authentication or security association negotiation between the host port and the storage port cannot be completed successfully. Concurrently with performing of I/O in plaintext on the path, the host port enables encryption of data for I/O on the path.
    Type: Application
    Filed: September 11, 2019
    Publication date: March 11, 2021
    Inventors: Roger G. HATHORN, Patricia G. DRIEVER, Christopher J. COLONNA, Mooheng ZEE, John R. FLANAGAN
  • Publication number: 20210073422
    Abstract: A host port is enabled for security. In response to a determination by the host port that authentication or security association negotiation with a storage port cannot be completed successfully, the host port determines whether an audit mode indicator has been enabled in a login response from the storage port. The host port preserves input/output (I/O) access to the storage port based on determining whether the audit mode indicator has been enabled in the login response from the storage port.
    Type: Application
    Filed: September 11, 2019
    Publication date: March 11, 2021
    Inventors: Roger G. Hathorn, Patricia G. Driever, Christopher J. Colonna, Evan Rivera, John R. Flanagan
  • Publication number: 20210073423
    Abstract: A storage port receives a login request. The storage port configures an audit mode indicator as enabled in a login response to a host port to enter a security enabled mode to indicate to the host port that Input/Output (I/O) operations are to be transmitted from the host port to the storage port even if authentication or security association negotiation with the storage port cannot be completed successfully.
    Type: Application
    Filed: September 11, 2019
    Publication date: March 11, 2021
    Inventors: Roger G. Hathorn, Patricia G. Driever, John Flanagan, Christopher J. Colonna, Evan Rivera
  • Publication number: 20210075627
    Abstract: Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The responder receives, from the initiator, a security association initialization message to establish a security association with the responder including key material used to generate a key for the security association. The responder receives an authentication message from the initiator to program the responder to establish authentication between the responder and the initiator after establishing the security association. The responder sends an authentication message response to the initiator to establish authentication with the responder in response to the authentication message. The responder sends an authentication done message to the initiator after sending the authentication message response to cause the initiator to activate using the security association and the key to encrypt and decrypt communication between the responder and initiator.
    Type: Application
    Filed: September 11, 2019
    Publication date: March 11, 2021
    Inventors: Roger G. Hathorn, Patricia G. Driever, Christopher J. Colonna, Mooheng Zee, Mikel William Welsh, Richard Mark Sczepczenski, John R. Flanagan
  • Publication number: 20210073394
    Abstract: A storage port is enabled for security. The storage port performs Input/Output (I/O) in plaintext on a path between the storage port and a host port, in response to determining that an audit mode indicator has been enabled to allow I/O even if authentication or security association negotiation between the storage port and the host port cannot be completed successfully. Concurrently with performing of I/O in plaintext on the path, the storage port enables encryption of data for I/O on the path.
    Type: Application
    Filed: September 11, 2019
    Publication date: March 11, 2021
    Inventors: Roger G. HATHORN, Patricia G. DRIEVER, Mooheng ZEE, Christopher J. COLONNA, John R. FLANAGAN
  • Publication number: 20210075621
    Abstract: Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The initiator sends a security association initialization message to the responder to establish a security association including key material used to generate a key for the security association. In response to receiving a security association initialization response to accept the security association, the initiator sends an authentication message to the responder to establish authentication between the responder and the initiator. In response to receiving an authentication message response to the authentication message, the initiator is programmed with the security association. An authentication done message is received from the responder after receiving the authentication message response.
    Type: Application
    Filed: September 11, 2019
    Publication date: March 11, 2021
    Inventors: Roger G. Hathorn, Patricia G. Driever, Christopher J. Colonna, Mooheng Zee, Richard Mark Sczepczenski, Mikel William Welsh, John R. Flanagan
  • Publication number: 20200394283
    Abstract: A selected system obtains from a selected location software features information relating to another system. Using the software features information obtained from the selected location, a determination is made as to whether a selected license tier has been obtained. Based on determining that the selected license tier has been obtained, the selected system dispatches work of the other system into a container of the selected system.
    Type: Application
    Filed: June 13, 2019
    Publication date: December 17, 2020
    Inventors: Louis P. Gomes, Patricia G. Driever
  • Publication number: 20200396182
    Abstract: Techniques for inter-switch link (ISL) identification and monitoring are described herein. An aspect includes sending a query fabric path command to a switch, the query fabric path command including an origin address and a destination address. Another aspect includes receiving a query fabric path response from the switch based on the query fabric path command, the query fabric path response including a plurality of port identifiers. Another aspect includes monitoring a plurality of ports, each of the plurality of ports corresponding to a respective port identifier of the plurality of port identifiers in the query fabric path response.
    Type: Application
    Filed: June 11, 2019
    Publication date: December 17, 2020
    Inventors: Christopher Colonna, Pasquale A. Catalano, Stephen Robert Guendert, Michael James Becht, Patricia G. Driever
  • Patent number: 10846125
    Abstract: An aspect includes memory access optimization in a processor complex. A non-limiting example includes determining one or more offload criteria for offloading memory movement in the processor complex. A memory movement process parameter corresponding to the one or more offload criteria is identified. Movement of a block of memory from a first block location at a first host to a second block location at a second host is scheduled as the memory movement process performed by an offload engine based on determining that the memory movement process parameter exceeds at least one of the offload criteria. The block of memory is moved from the first block location at the first host to the second block location at the second host as the memory movement process performed by the first host based on determining that the memory movement process parameter does not exceed at least one of the offload criteria.
    Type: Grant
    Filed: September 12, 2019
    Date of Patent: November 24, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Jerry W. Stevens
  • Patent number: 10833856
    Abstract: A shared key, used by one node and another node of a computing environment in authentication of one or more links coupling the one node and the other node, is determined to be within an expiration range. Based on determining the shared key is within the expiration range, re-authentication of at least one link is automatically initiated. The automatically initiating re-authentication includes obtaining, by the one node, a new shared key from a key server, sending a message encrypted with the new shared key from the one node to the other node via one link of the one or more links, and receiving by the one node via the one link an indication that the other node decrypted the message using the new shared key.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: November 10, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Roger G. Hathorn, John Flanagan, Christopher Colonna, George P. Kuch, Richard M. Sczepczenski, Patricia G. Driever