Patents by Inventor Patricia M. Sagmeister
Patricia M. Sagmeister has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240064130Abstract: A computer-implemented method according to one embodiment includes using a first symmetric key to encrypt a second symmetric key. The first symmetric key is securely loaded inside a hardware security module (HSM) by a key management service before the encryption of the second symmetric key, and a cloud provider only has access to encrypted bits of the first symmetric key. Key data of a key-value-pair of the second symmetric key is used as additional authenticated data (AAD) for the encryption of the second symmetric key. The second symmetric key is used to encrypt value data of the key-value-pair. The method further includes storing the encrypted second symmetric key, the AAD used in the encryption of the second symmetric key, and tag bits created during the encryption of the second symmetric key, to thereafter use for verifying node related data.Type: ApplicationFiled: August 17, 2022Publication date: February 22, 2024Inventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister
-
Publication number: 20230394150Abstract: A computer-implemented method according to one embodiment includes performing an attestation of code of a logic loader in a trusted execution environment (TEE) and receiving a request for the logic loader to load service logic code to the TEE. An integrity check of the service logic code associated with the request is performed. In response to the service logic code associated with the request passing the integrity check, the logic loader is allowed to load the service logic code associated with the request to the TEE. A computer program product according to another embodiment includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and/or executable by a computer to cause the computer to perform the foregoing method.Type: ApplicationFiled: June 3, 2022Publication date: December 7, 2023Inventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister
-
Patent number: 11575508Abstract: Methods and systems for unified HSM and key management services are disclosed. According to certain embodiments, an encryption service request is issued by a client instance to a key management service (KMS) logic in a KMS cloud instance. The KMS logic parses the request to verify authorization for the request, identify the instance ID, and provide additional information to the request needed by hardware security management (HSM) middleware and hardware. A router receives the request from the KMS logic and routes the request to a service based on the instance ID, that transfers the request to HSM middleware. The HSM middleware parses HSM type from the request, translates the request to HSM vendor-specific instructions and routes the translated request to an HSM. The HSM according to certain embodiments is in a cloud computing environment separate from the KMS cloud instance, and in some embodiments the HSM is on-prem at a physical client site.Type: GrantFiled: June 2, 2021Date of Patent: February 7, 2023Assignee: International Business Machines CorporationInventors: Vaijayanthimala K. Anand, Martin Schmatz, Navaneeth Rameshan, Mathew Richard Odden, Bruno Henriques, Patricia M. Sagmeister
-
Publication number: 20220393857Abstract: Methods and systems for unified HSM and key management services are disclosed. According to certain embodiments, an encryption service request is issued by a client instance to a key management service (KMS) logic in a KMS cloud instance. The KMS logic parses the request to verify authorization for the request, identify the instance ID, and provide additional information to the request needed by hardware security management (HSM) middleware and hardware. A router receives the request from the KMS logic and routes the request to a service based on the instance ID, that transfers the request to HSM middleware. The HSM middleware parses HSM type from the request, translates the request to HSM vendor-specific instructions and routes the translated request to an HSM. The HSM according to certain embodiments is in a cloud computing environment separate from the KMS cloud instance, and in some embodiments the HSM is on-prem at a physical client site.Type: ApplicationFiled: June 2, 2021Publication date: December 8, 2022Inventors: Vaijayanthimala K. ANAND, Martin SCHMATZ, Navaneeth RAMESHAN, Mathew Richard ODDEN, Bruno HENRIQUES, Patricia M. SAGMEISTER
-
Patent number: 11456867Abstract: A method manages cryptographic objects (COs). The method includes accessing an entropy-based random number and instructing to store this random number. The method includes generating one or more COs based on a deterministic algorithm that causes to interact with a security module (SM), such as a hardware security module (HSM), to generate a seed according to both a reference key of the SM and the random number accessed. A random number generator is seeded with the generated seed to generate the desired COs.Type: GrantFiled: October 25, 2019Date of Patent: September 27, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister
-
Patent number: 11416633Abstract: In a computer-implemented method for providing obfuscated data to users, first, a user request to access data is received; then, an authorization level associated with the request received is identified. Next, obfuscated data is accessed in a protected enclave, which data corresponds to the request received. The data accessed has been obfuscated with an obfuscation algorithm that yields a level of obfuscation compatible with the authorization level identified. Finally, the obfuscated data accessed is provided to the user, from the protected enclave. Related systems and computer program products are also disclosed.Type: GrantFiled: February 15, 2019Date of Patent: August 16, 2022Assignee: International Business Machines CorporationInventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister, Yiyu Chen, Mitch Gusat
-
Patent number: 11096290Abstract: The present invention is notably directed to a printed circuit board, or PCB. This PCB has two main surfaces, each delimited by lateral edges, as well as lateral surfaces, each meeting each of the two main surfaces at one lateral edge. The present PCB further comprises a row of solder pads, which extends along a lateral edge of the PCB. Each solder pad is formed directly at the lateral edge and/or directly on a lateral surface (meeting one of the two main surfaces at said lateral edge). I.e., each pad interrupts a lateral edge and/or an adjoining lateral surface. One or more chips, e.g., memory chips, can be mounted on such a PCB to form an IC package. The above solder pad arrangement allows particularly dense arrangements of IC packages to be obtained. The present invention is further directed to related devices and methods of fabrication thereof.Type: GrantFiled: October 3, 2018Date of Patent: August 17, 2021Assignee: International Business Machines CorporationInventors: Thomas Brunschwiler, Andreas Doering, Ronald P. Luijten, Stefano S. Oggioni, Joerg-Eric Sagmeister, Patricia M. Sagmeister, Martin Schmatz
-
Publication number: 20210126781Abstract: A method manages cryptographic objects (COs). The method includes accessing an entropy-based random number and instructing to store this random number. The method includes generating one or more COs based on a deterministic algorithm that causes to interact with a security module (SM), such as a hardware security module (HSM), to generate a seed according to both a reference key of the SM and the random number accessed. A random number generator is seeded with the generated seed to generate the desired COs.Type: ApplicationFiled: October 25, 2019Publication date: April 29, 2021Inventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister
-
Patent number: 10931443Abstract: A computer-implemented method manages cryptographic objects in a hierarchical key management system including a hardware security module (HSM), which institutes a key hierarchy extending from a ground level l0. Clients interact with the HSM to obtain cryptographic objects. A request is received from one of the clients for an object at a given level ln of the hierarchy (above the ground level l0). A binary representation of the object is accessed as a primary bit pattern p0, at the HSM and said pattern is scrambled via a bitwise XOR operation. The latter operates, on the one hand, on the primary bit pattern p0 and, on the other hand, on a control bit pattern pc that is a binary representation of an access code of the same length as said primary bit pattern p0. The pattern pc is obtained based on that given level ln of the hierarchy.Type: GrantFiled: August 23, 2018Date of Patent: February 23, 2021Assignee: International Business Machines CorporationInventors: Martin Schmatz, Navaneeth Rameshan, Yiyu Chen, Patricia M. Sagmeister
-
Publication number: 20200265159Abstract: In a computer-implemented method for providing obfuscated data to users, first, a user request to access data is received; then, an authorization level associated with the request received is identified. Next, obfuscated data is accessed in a protected enclave, which data corresponds to the request received. The data accessed has been obfuscated with an obfuscation algorithm that yields a level of obfuscation compatible with the authorization level identified. Finally, the obfuscated data accessed is provided to the user, from the protected enclave. Related systems and computer program products are also disclosed.Type: ApplicationFiled: February 15, 2019Publication date: August 20, 2020Inventors: Martin Schmatz, Navaneeth Rameshan, Patricia M. Sagmeister, Yiyu Chen, Mitch Gusat
-
Publication number: 20200067698Abstract: A computer-implemented method manages cryptographic objects in a hierarchical key management system including a hardware security module (HSM), which institutes a key hierarchy extending from a ground level l0. Clients interact with the HSM to obtain cryptographic objects. A request is received from one of the clients for an object at a given level ln of the hierarchy (above the ground level l0). A binary representation of the object is accessed as a primary bit pattern p0, at the HSM and said pattern is scrambled via a bitwise XOR operation. The latter operates, on the one hand, on the primary bit pattern p0 and, on the other hand, on a control bit pattern pc that is a binary representation of an access code of the same length as said primary bit pattern p0. The pattern pc is obtained based on that given level ln of the hierarchy.Type: ApplicationFiled: August 23, 2018Publication date: February 27, 2020Inventors: Martin Schmatz, Navaneeth Rameshan, Yiyu Chen, Patricia M. Sagmeister
-
Publication number: 20190037707Abstract: The present invention is notably directed to a printed circuit board, or PCB. This PCB has two main surfaces, each delimited by lateral edges, as well as lateral surfaces, each meeting each of the two main surfaces at one lateral edge. The present PCB further comprises a row of solder pads, which extends along a lateral edge of the PCB. Each solder pad is formed directly at the lateral edge and/or directly on a lateral surface (meeting one of the two main surfaces at said lateral edge). I.e., each pad interrupts a lateral edge and/or an adjoining lateral surface. One or more chips, e.g., memory chips, can be mounted on such a PCB to form an IC package. The above solder pad arrangement allows particularly dense arrangements of IC packages to be obtained. The present invention is further directed to related devices and methods of fabrication thereof.Type: ApplicationFiled: October 3, 2018Publication date: January 31, 2019Inventors: Thomas Brunschwiler, Andreas Doering, Ronald P. Luijten, Stefano S. Oggioni, Joerg-Eric Sagmeister, Patricia M. Sagmeister, Martin Schmatz
-
Patent number: 9892050Abstract: A device for multi-stage translation of prefetch requests includes a prefetch queue for providing queued prefetch requests, each of the queued prefetch requests including N different control entries; N serial-connected translation stages for the translation of N control entries of one of the queued prefetch requests into a translated prefetch request, wherein a translation in a i-th translation stage is dependent on a translation in a (i?1)-th translation stage, i?[1, . . . , N]; and a prefetch issuer which is configured to control an index for each of the N different control entries in the prefetch queue and to issue a prefetch of the indexed control entry of the N different control entries for the highest non-stalled translation stage.Type: GrantFiled: December 20, 2016Date of Patent: February 13, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Florian A. Auernhammer, Patricia M. Sagmeister
-
Patent number: 9760378Abstract: Embodiments include methods, computer systems and computer program products for performing superscalar out-of-order processing in software in a computer system. Aspects include: loading opcodes into an analysis thread of the computer system, analyzing opcodes to identify certain non-independent opcode snippets, distributing non-independent opcode snippets to separate threads of computer system, instructing each of separate threads to execute each of non-independent opcode snippets, respectively, and collecting results of executions of each of separate threads by a consolidation thread.Type: GrantFiled: August 4, 2016Date of Patent: September 12, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Patricia M. Sagmeister, Martin L. Schmatz
-
Publication number: 20170168838Abstract: Embodiments include methods, computer systems and computer program products for performing superscalar out-of-order processing in software in a computer system. Aspects include: loading opcodes into an analysis thread of the computer system, analyzing opcodes to identify certain non-independent opcode snippets, distributing non-independent opcode snippets to separate threads of computer system, instructing each of separate threads to execute each of non-independent opcode snippets, respectively, and collecting results of executions of each of separate threads by a consolidation thread.Type: ApplicationFiled: August 4, 2016Publication date: June 15, 2017Inventors: Patricia M. Sagmeister, MARTIN L. SCHMATZ
-
Publication number: 20170103021Abstract: A device for multi-stage translation of prefetch requests includes a prefetch queue for providing queued prefetch requests, each of the queued prefetch requests including N different control entries; N serial-connected translation stages for the translation of N control entries of one of the queued prefetch requests into a translated prefetch request, wherein a translation in a i-th translation stage is dependent on a translation in a (i-1)-th translation stage, i?[1, . . . ,N]; and a prefetch issuer which is configured to control an index for each of the N different control entries in the prefetch queue and to issue a prefetch of the indexed control entry of the N different control entries for the highest non-stalled translation stage.Type: ApplicationFiled: December 20, 2016Publication date: April 13, 2017Inventors: Florian A. Auernhammer, Patricia M. Sagmeister
-
Patent number: 9563563Abstract: A device for multi-stage translation of prefetch requests includes a prefetch queue for providing queued prefetch requests, each of the queued prefetch requests including N different control entries; N serial-connected translation stages for the translation of N control entries of one of the queued prefetch requests into a translated prefetch request, wherein a translation in a i-th translation stage is dependent on a translation in a (i?1)-th translation stage, i?[1, . . . , N]; and a prefetch issuer which is configured to control an index for each of the N different control entries in the prefetch queue and to issue a prefetch of the indexed control entry of the N different control entries for the highest non-stalled translation stage.Type: GrantFiled: October 29, 2013Date of Patent: February 7, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Florian A. Auernhammer, Patricia M. Sagmeister
-
Patent number: 9547540Abstract: A computer-implemented method includes managing function calls between a plurality of nodes and a super node of a rack system having a distributed operating system (OS). The OS includes a plurality of functions divided into first class and a second class, and each of the plurality of nodes excludes functions in the second class. Managing the function calls includes detecting a call to a first function on a first node of the plurality of nodes. It is determined that the first function belongs to the second class of functions and is not available on the first node. The call to the first function is routed to the super node, responsive to determining that the first function belongs to the second class, where the super node includes code for the functions in the second class.Type: GrantFiled: December 21, 2015Date of Patent: January 17, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Francois Abel, Rolf Clauberg, Andreas C. Doering, Patricia M. Sagmeister, Martin L. Schmatz
-
Patent number: 9496006Abstract: The memory module having a plurality of memory chips and a plurality of connections for connecting the memory module to a processor. At least part of the connections is configurable to be grouped into N sets of address and control connections for N separatively controllable groups of memory chips of the plurality of memory chips (N?2).Type: GrantFiled: November 9, 2012Date of Patent: November 15, 2016Assignee: GLOBALFOUNDRIES INC.Inventors: Andreas C Doering, Patricia M Sagmeister, Martin L Schmatz
-
Patent number: 9454373Abstract: Embodiments include methods, computer systems and computer program products for performing superscalar out-of-order processing in software in a computer system. Aspects include: loading opcodes into an analysis thread of the computer system, analyzing opcodes to identify certain non-independent opcode snippets, distributing non-independent opcode snippets to separate threads of computer system, instructing each of separate threads to execute each of non-independent opcode snippets, respectively, and collecting results of executions of each of separate threads by a consolidation thread.Type: GrantFiled: December 10, 2015Date of Patent: September 27, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Patricia M. Sagmeister, Martin L. Schmatz