Patents by Inventor Peter Morjan
Peter Morjan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11824984Abstract: Aspects of the invention include loading an image of a virtual server onto a boot partition of a trusted execution environment (TEE), wherein a first key is embedded in the image. A second key is received from an end customer of an application. Data is received from an independent software vendor (ISV) of the application, wherein the data includes a third key. The second key and the third key are combined inside the TEE to create a fourth key. An available memory space in an independent memory device is encrypted using the fourth key to create a secure data volume. Encrypted data is stored in the secure data volume.Type: GrantFiled: January 11, 2022Date of Patent: November 21, 2023Assignee: International Business Machines CorporationInventors: Angel Nunez Mencias, Nicolas Maeding, Peter Morjan, Dirk Herrendoerfer, James Robert Magowan, Anbazhagan Mani
-
Patent number: 11755721Abstract: The present disclosure relates to a computer implemented method for executing an application. The method comprises: executing a bootloader in a trusted execution environment, wherein the executing comprises: decrypting received encrypted secrets using decryption keys of the boot loader, storing the decrypted secrets in a storage accessible by the application, creating a proof record indicating the application, the secrets and the trusted execution environment, storing the proof record in the storage, and deleting the decryption keys. The application may be executed in the trusted execution environment using the decrypted secrets. The proof record may be provided by the application for proving authenticity.Type: GrantFiled: October 25, 2021Date of Patent: September 12, 2023Assignee: International Business Machines CorporationInventors: Angel Nunez Mencias, Nicolas Maeding, Peter Morjan, Dirk Herrendoerfer
-
Publication number: 20230224156Abstract: Aspects of the invention include loading an image of a virtual server onto a boot partition of a trusted execution environment (TEE), wherein a first key is embedded in the image. A second key is received from an end customer of an application. Data is received from an independent software vendor (ISV) of the application, wherein the data includes a third key. The second key and the third key are combined inside the TEE to create a fourth key. An available memory space in an independent memory device is encrypted using the fourth key to create a secure data volume. Encrypted data is stored in the secure data volume.Type: ApplicationFiled: January 11, 2022Publication date: July 13, 2023Inventors: Angel Nunez Mencias, Nicolas Maeding, Peter Morjan, Dirk Herrendoerfer, James Robert Magowan, ANBAZHAGAN Mani
-
Patent number: 11645092Abstract: The present disclosure relates to a method for deploying an application in an execution environment using a first and second sets of key pairs. The method comprises: creating a sequence of tasks comprising build tasks followed by a deploy task. The tasks are configured to receive a task input for performing the tasks. The task input comprises a contribution input and an output of a task preceding at least one of the build tasks. The contribution input comprises secrets. The output of the build tasks is encrypted with a respective encryption key of the first set of key pairs, wherein the contribution input of a task subsequent to the first task is encrypted with a respective encryption key of the second set of keys. The tasks may be executed in the execution environment using unencrypted content of the task inputs.Type: GrantFiled: October 25, 2021Date of Patent: May 9, 2023Assignee: International Business Machines CorporationInventors: Nicolas Maeding, Dirk Herrendoerfer, Peter Morjan, Angel Nunez Mencias
-
Publication number: 20230128099Abstract: The present disclosure relates to a computer implemented method for executing an application. The method comprises: executing a bootloader in a trusted execution environment, wherein the executing comprises: decrypting received encrypted secrets using decryption keys of the boot loader, storing the decrypted secrets in a storage accessible by the application, creating a proof record indicating the application, the secrets and the trusted execution environment, storing the proof record in the storage, and deleting the decryption keys. The application may be executed in the trusted execution environment using the decrypted secrets. The proof record may be provided by the application for proving authenticity.Type: ApplicationFiled: October 25, 2021Publication date: April 27, 2023Inventors: Angel Nunez Mencias, Nicolas Maeding, Peter Morjan, Dirk Herrendoerfer
-
Publication number: 20230127956Abstract: The present disclosure relates to a method for deploying an application in an execution environment using a first and second sets of key pairs. The method comprises: creating a sequence of tasks comprising build tasks followed by a deploy task. The tasks are configured to receive a task input for performing the tasks. The task input comprises a contribution input and an output of a task preceding at least one of the build tasks. The contribution input comprises secrets. The output of the build tasks is encrypted with a respective encryption key of the first set of key pairs, wherein the contribution input of a task subsequent to the first task is encrypted with a respective encryption key of the second set of keys. The tasks may be executed in the execution environment using unencrypted content of the task inputs.Type: ApplicationFiled: October 25, 2021Publication date: April 27, 2023Inventors: Nicolas Maeding, Dirk Herrendoerfer, Peter Morjan, Angel Nunez Mencias
-
Patent number: 11475138Abstract: A computer-implemented method for creating a secure software container. The method comprises providing a first layered software container image, transforming all files, except corresponding metadata, of each layer of the first layered software container image into a volume, the volume comprises a set of blocks, wherein each layer comprises an incremental difference to a next lower layer, encrypting each block of the set of blocks of a portion of the layers, and storing each encrypted set of the blocks as a layer of an encrypted container image along with unencrypted metadata for rebuilding an order of the set of blocks equal to an order of the first layered software container image, so that a secure encrypted software container is created.Type: GrantFiled: January 9, 2020Date of Patent: October 18, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Utz Bacher, Reinhard Theodor Buendgen, Peter Morjan, Janosch Andreas Frank
-
Patent number: 11176245Abstract: Aspects of the invention include obtaining, via a processor, an original docker image from a customer, encrypting a disk image using content from the original docker image and encrypting a bootloader. A re-packaged image is created using the encrypted disk image and the secure encrypted bootloader. The re-packaged image is deployed by inserting the re-package image into a pod container and by means of using a mutating webhook, granting elevated privileges to said container and creating a secured Kubernetes pod for protecting workloads, wherein the secured Kubernetes pod has at least one virtual machine containing the pod container.Type: GrantFiled: September 30, 2019Date of Patent: November 16, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Angel Nunez Mencias, Peter Morjan, Dirk Herrendoerfer, Preethi Polepalli Yeshwanth
-
Publication number: 20210097169Abstract: Aspects of the invention include obtaining, via a processor, an original docker image from a customer, encrypting a disk image using content from the original docker image and encrypting a bootloader. A re-packaged image is created using the encrypted disk image and the secure encrypted bootloader. The re-packaged image is deployed by inserting the re-package image into a pod container and by means of using a mutating webhook, granting elevated privileges to said container and creating a secured Kubernetes pod for protecting workloads, wherein the secured Kubernetes pod has at least one virtual machine containing the pod container.Type: ApplicationFiled: September 30, 2019Publication date: April 1, 2021Inventors: Angel Nunez Mencias, Peter Morjan, Dirk Herrendoerfer, Preethi Polepalli Yeshwanth
-
Publication number: 20200250319Abstract: A computer-implemented method for creating a secure software container. The method comprises providing a first layered software container image, transforming all files, except corresponding metadata, of each layer of the first layered software container image into a volume, the volume comprises a set of blocks, wherein each layer comprises an incremental difference to a next lower layer, encrypting each block of the set of blocks of a portion of the layers, and storing each encrypted set of the blocks as a layer of an encrypted container image along with unencrypted metadata for rebuilding an order of the set of blocks equal to an order of the first layered software container image, so that a secure encrypted software container is created.Type: ApplicationFiled: January 9, 2020Publication date: August 6, 2020Inventors: Utz Bacher, Reinhard Theodor Buendgen, Peter Morjan, Janosch Andreas Frank
-
Publication number: 20120005683Abstract: Data processing workload control in a data center is provided, where the data center includes computers whose operations consume power and a workload controller composed of automated computing machinery that controls the overall data processing workload in the data center. The data processing workload is composed of a plurality of specific data processing jobs, including scheduling, by the workload controller in dependence upon power performance information, the data processing jobs for execution upon the computers in the data center, the power performance information including power consumption at a plurality of power-conserving states for each computer in the data center that executes data processing jobs and dispatching by the workload controller the data processing jobs as scheduled for execution on computers in the data center.Type: ApplicationFiled: July 2, 2010Publication date: January 5, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Fred A. Bower, III, Deepak W. Elias, Nikhil Hegde, Jason M. Heim, Sandhya Kapoor, Gregory J. McKnight, Peter Morjan, Tony W. Offer