Patents by Inventor Patricia M. Sagmeister

Patricia M. Sagmeister has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240064130
    Abstract: A computer-implemented method according to one embodiment includes using a first symmetric key to encrypt a second symmetric key. The first symmetric key is securely loaded inside a hardware security module (HSM) by a key management service before the encryption of the second symmetric key, and a cloud provider only has access to encrypted bits of the first symmetric key. Key data of a key-value-pair of the second symmetric key is used as additional authenticated data (AAD) for the encryption of the second symmetric key. The second symmetric key is used to encrypt value data of the key-value-pair. The method further includes storing the encrypted second symmetric key, the AAD used in the encryption of the second symmetric key, and tag bits created during the encryption of the second symmetric key, to thereafter use for verifying node related data.
    Type: Application
    Filed: August 17, 2022
    Publication date: February 22, 2024
    Inventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister
  • Publication number: 20230394150
    Abstract: A computer-implemented method according to one embodiment includes performing an attestation of code of a logic loader in a trusted execution environment (TEE) and receiving a request for the logic loader to load service logic code to the TEE. An integrity check of the service logic code associated with the request is performed. In response to the service logic code associated with the request passing the integrity check, the logic loader is allowed to load the service logic code associated with the request to the TEE. A computer program product according to another embodiment includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and/or executable by a computer to cause the computer to perform the foregoing method.
    Type: Application
    Filed: June 3, 2022
    Publication date: December 7, 2023
    Inventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister
  • Patent number: 11575508
    Abstract: Methods and systems for unified HSM and key management services are disclosed. According to certain embodiments, an encryption service request is issued by a client instance to a key management service (KMS) logic in a KMS cloud instance. The KMS logic parses the request to verify authorization for the request, identify the instance ID, and provide additional information to the request needed by hardware security management (HSM) middleware and hardware. A router receives the request from the KMS logic and routes the request to a service based on the instance ID, that transfers the request to HSM middleware. The HSM middleware parses HSM type from the request, translates the request to HSM vendor-specific instructions and routes the translated request to an HSM. The HSM according to certain embodiments is in a cloud computing environment separate from the KMS cloud instance, and in some embodiments the HSM is on-prem at a physical client site.
    Type: Grant
    Filed: June 2, 2021
    Date of Patent: February 7, 2023
    Assignee: International Business Machines Corporation
    Inventors: Vaijayanthimala K. Anand, Martin Schmatz, Navaneeth Rameshan, Mathew Richard Odden, Bruno Henriques, Patricia M. Sagmeister
  • Publication number: 20220393857
    Abstract: Methods and systems for unified HSM and key management services are disclosed. According to certain embodiments, an encryption service request is issued by a client instance to a key management service (KMS) logic in a KMS cloud instance. The KMS logic parses the request to verify authorization for the request, identify the instance ID, and provide additional information to the request needed by hardware security management (HSM) middleware and hardware. A router receives the request from the KMS logic and routes the request to a service based on the instance ID, that transfers the request to HSM middleware. The HSM middleware parses HSM type from the request, translates the request to HSM vendor-specific instructions and routes the translated request to an HSM. The HSM according to certain embodiments is in a cloud computing environment separate from the KMS cloud instance, and in some embodiments the HSM is on-prem at a physical client site.
    Type: Application
    Filed: June 2, 2021
    Publication date: December 8, 2022
    Inventors: Vaijayanthimala K. ANAND, Martin SCHMATZ, Navaneeth RAMESHAN, Mathew Richard ODDEN, Bruno HENRIQUES, Patricia M. SAGMEISTER
  • Patent number: 11456867
    Abstract: A method manages cryptographic objects (COs). The method includes accessing an entropy-based random number and instructing to store this random number. The method includes generating one or more COs based on a deterministic algorithm that causes to interact with a security module (SM), such as a hardware security module (HSM), to generate a seed according to both a reference key of the SM and the random number accessed. A random number generator is seeded with the generated seed to generate the desired COs.
    Type: Grant
    Filed: October 25, 2019
    Date of Patent: September 27, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister
  • Patent number: 11416633
    Abstract: In a computer-implemented method for providing obfuscated data to users, first, a user request to access data is received; then, an authorization level associated with the request received is identified. Next, obfuscated data is accessed in a protected enclave, which data corresponds to the request received. The data accessed has been obfuscated with an obfuscation algorithm that yields a level of obfuscation compatible with the authorization level identified. Finally, the obfuscated data accessed is provided to the user, from the protected enclave. Related systems and computer program products are also disclosed.
    Type: Grant
    Filed: February 15, 2019
    Date of Patent: August 16, 2022
    Assignee: International Business Machines Corporation
    Inventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister, Yiyu Chen, Mitch Gusat
  • Patent number: 11096290
    Abstract: The present invention is notably directed to a printed circuit board, or PCB. This PCB has two main surfaces, each delimited by lateral edges, as well as lateral surfaces, each meeting each of the two main surfaces at one lateral edge. The present PCB further comprises a row of solder pads, which extends along a lateral edge of the PCB. Each solder pad is formed directly at the lateral edge and/or directly on a lateral surface (meeting one of the two main surfaces at said lateral edge). I.e., each pad interrupts a lateral edge and/or an adjoining lateral surface. One or more chips, e.g., memory chips, can be mounted on such a PCB to form an IC package. The above solder pad arrangement allows particularly dense arrangements of IC packages to be obtained. The present invention is further directed to related devices and methods of fabrication thereof.
    Type: Grant
    Filed: October 3, 2018
    Date of Patent: August 17, 2021
    Assignee: International Business Machines Corporation
    Inventors: Thomas Brunschwiler, Andreas Doering, Ronald P. Luijten, Stefano S. Oggioni, Joerg-Eric Sagmeister, Patricia M. Sagmeister, Martin Schmatz
  • Publication number: 20210126781
    Abstract: A method manages cryptographic objects (COs). The method includes accessing an entropy-based random number and instructing to store this random number. The method includes generating one or more COs based on a deterministic algorithm that causes to interact with a security module (SM), such as a hardware security module (HSM), to generate a seed according to both a reference key of the SM and the random number accessed. A random number generator is seeded with the generated seed to generate the desired COs.
    Type: Application
    Filed: October 25, 2019
    Publication date: April 29, 2021
    Inventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister
  • Patent number: 10931443
    Abstract: A computer-implemented method manages cryptographic objects in a hierarchical key management system including a hardware security module (HSM), which institutes a key hierarchy extending from a ground level l0. Clients interact with the HSM to obtain cryptographic objects. A request is received from one of the clients for an object at a given level ln of the hierarchy (above the ground level l0). A binary representation of the object is accessed as a primary bit pattern p0, at the HSM and said pattern is scrambled via a bitwise XOR operation. The latter operates, on the one hand, on the primary bit pattern p0 and, on the other hand, on a control bit pattern pc that is a binary representation of an access code of the same length as said primary bit pattern p0. The pattern pc is obtained based on that given level ln of the hierarchy.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: February 23, 2021
    Assignee: International Business Machines Corporation
    Inventors: Martin Schmatz, Navaneeth Rameshan, Yiyu Chen, Patricia M. Sagmeister
  • Publication number: 20200265159
    Abstract: In a computer-implemented method for providing obfuscated data to users, first, a user request to access data is received; then, an authorization level associated with the request received is identified. Next, obfuscated data is accessed in a protected enclave, which data corresponds to the request received. The data accessed has been obfuscated with an obfuscation algorithm that yields a level of obfuscation compatible with the authorization level identified. Finally, the obfuscated data accessed is provided to the user, from the protected enclave. Related systems and computer program products are also disclosed.
    Type: Application
    Filed: February 15, 2019
    Publication date: August 20, 2020
    Inventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister, Yiyu Chen, Mitch Gusat
  • Publication number: 20200067698
    Abstract: A computer-implemented method manages cryptographic objects in a hierarchical key management system including a hardware security module (HSM), which institutes a key hierarchy extending from a ground level l0. Clients interact with the HSM to obtain cryptographic objects. A request is received from one of the clients for an object at a given level ln of the hierarchy (above the ground level l0). A binary representation of the object is accessed as a primary bit pattern p0, at the HSM and said pattern is scrambled via a bitwise XOR operation. The latter operates, on the one hand, on the primary bit pattern p0 and, on the other hand, on a control bit pattern pc that is a binary representation of an access code of the same length as said primary bit pattern p0. The pattern pc is obtained based on that given level ln of the hierarchy.
    Type: Application
    Filed: August 23, 2018
    Publication date: February 27, 2020
    Inventors: Martin Schmatz, Navaneeth Rameshan, Yiyu Chen, Patricia M. Sagmeister
  • Publication number: 20190037707
    Abstract: The present invention is notably directed to a printed circuit board, or PCB. This PCB has two main surfaces, each delimited by lateral edges, as well as lateral surfaces, each meeting each of the two main surfaces at one lateral edge. The present PCB further comprises a row of solder pads, which extends along a lateral edge of the PCB. Each solder pad is formed directly at the lateral edge and/or directly on a lateral surface (meeting one of the two main surfaces at said lateral edge). I.e., each pad interrupts a lateral edge and/or an adjoining lateral surface. One or more chips, e.g., memory chips, can be mounted on such a PCB to form an IC package. The above solder pad arrangement allows particularly dense arrangements of IC packages to be obtained. The present invention is further directed to related devices and methods of fabrication thereof.
    Type: Application
    Filed: October 3, 2018
    Publication date: January 31, 2019
    Inventors: Thomas Brunschwiler, Andreas Doering, Ronald P. Luijten, Stefano S. Oggioni, Joerg-Eric Sagmeister, Patricia M. Sagmeister, Martin Schmatz
  • Patent number: 9892050
    Abstract: A device for multi-stage translation of prefetch requests includes a prefetch queue for providing queued prefetch requests, each of the queued prefetch requests including N different control entries; N serial-connected translation stages for the translation of N control entries of one of the queued prefetch requests into a translated prefetch request, wherein a translation in a i-th translation stage is dependent on a translation in a (i?1)-th translation stage, i?[1, . . . , N]; and a prefetch issuer which is configured to control an index for each of the N different control entries in the prefetch queue and to issue a prefetch of the indexed control entry of the N different control entries for the highest non-stalled translation stage.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: February 13, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Florian A. Auernhammer, Patricia M. Sagmeister
  • Patent number: 9760378
    Abstract: Embodiments include methods, computer systems and computer program products for performing superscalar out-of-order processing in software in a computer system. Aspects include: loading opcodes into an analysis thread of the computer system, analyzing opcodes to identify certain non-independent opcode snippets, distributing non-independent opcode snippets to separate threads of computer system, instructing each of separate threads to execute each of non-independent opcode snippets, respectively, and collecting results of executions of each of separate threads by a consolidation thread.
    Type: Grant
    Filed: August 4, 2016
    Date of Patent: September 12, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia M. Sagmeister, Martin L. Schmatz
  • Publication number: 20170168838
    Abstract: Embodiments include methods, computer systems and computer program products for performing superscalar out-of-order processing in software in a computer system. Aspects include: loading opcodes into an analysis thread of the computer system, analyzing opcodes to identify certain non-independent opcode snippets, distributing non-independent opcode snippets to separate threads of computer system, instructing each of separate threads to execute each of non-independent opcode snippets, respectively, and collecting results of executions of each of separate threads by a consolidation thread.
    Type: Application
    Filed: August 4, 2016
    Publication date: June 15, 2017
    Inventors: Patricia M. Sagmeister, MARTIN L. SCHMATZ
  • Publication number: 20170103021
    Abstract: A device for multi-stage translation of prefetch requests includes a prefetch queue for providing queued prefetch requests, each of the queued prefetch requests including N different control entries; N serial-connected translation stages for the translation of N control entries of one of the queued prefetch requests into a translated prefetch request, wherein a translation in a i-th translation stage is dependent on a translation in a (i-1)-th translation stage, i?[1, . . . ,N]; and a prefetch issuer which is configured to control an index for each of the N different control entries in the prefetch queue and to issue a prefetch of the indexed control entry of the N different control entries for the highest non-stalled translation stage.
    Type: Application
    Filed: December 20, 2016
    Publication date: April 13, 2017
    Inventors: Florian A. Auernhammer, Patricia M. Sagmeister
  • Patent number: 9563563
    Abstract: A device for multi-stage translation of prefetch requests includes a prefetch queue for providing queued prefetch requests, each of the queued prefetch requests including N different control entries; N serial-connected translation stages for the translation of N control entries of one of the queued prefetch requests into a translated prefetch request, wherein a translation in a i-th translation stage is dependent on a translation in a (i?1)-th translation stage, i?[1, . . . , N]; and a prefetch issuer which is configured to control an index for each of the N different control entries in the prefetch queue and to issue a prefetch of the indexed control entry of the N different control entries for the highest non-stalled translation stage.
    Type: Grant
    Filed: October 29, 2013
    Date of Patent: February 7, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Florian A. Auernhammer, Patricia M. Sagmeister
  • Patent number: 9547540
    Abstract: A computer-implemented method includes managing function calls between a plurality of nodes and a super node of a rack system having a distributed operating system (OS). The OS includes a plurality of functions divided into first class and a second class, and each of the plurality of nodes excludes functions in the second class. Managing the function calls includes detecting a call to a first function on a first node of the plurality of nodes. It is determined that the first function belongs to the second class of functions and is not available on the first node. The call to the first function is routed to the super node, responsive to determining that the first function belongs to the second class, where the super node includes code for the functions in the second class.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: January 17, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Francois Abel, Rolf Clauberg, Andreas C. Doering, Patricia M. Sagmeister, Martin L. Schmatz
  • Patent number: 9496006
    Abstract: The memory module having a plurality of memory chips and a plurality of connections for connecting the memory module to a processor. At least part of the connections is configurable to be grouped into N sets of address and control connections for N separatively controllable groups of memory chips of the plurality of memory chips (N?2).
    Type: Grant
    Filed: November 9, 2012
    Date of Patent: November 15, 2016
    Assignee: GLOBALFOUNDRIES INC.
    Inventors: Andreas C Doering, Patricia M Sagmeister, Martin L Schmatz
  • Patent number: 9454373
    Abstract: Embodiments include methods, computer systems and computer program products for performing superscalar out-of-order processing in software in a computer system. Aspects include: loading opcodes into an analysis thread of the computer system, analyzing opcodes to identify certain non-independent opcode snippets, distributing non-independent opcode snippets to separate threads of computer system, instructing each of separate threads to execute each of non-independent opcode snippets, respectively, and collecting results of executions of each of separate threads by a consolidation thread.
    Type: Grant
    Filed: December 10, 2015
    Date of Patent: September 27, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia M. Sagmeister, Martin L. Schmatz