Patents by Inventor Radia J. Perlman

Radia J. Perlman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11128460
    Abstract: An apparatus in an illustrative embodiment comprises a client device configured for communication with a storage system, with the client device comprising a processor coupled to a memory. The client device is further configured to identify a data item to be stored in the storage system, and to generate a data encryption key for the data item as a function of a first secret key and the data item. For example, the function may comprise hashing at least the data item. The client device is further configured to encrypt the data item using the data encryption key for the data item, and to send the encrypted data item to the storage system for storage therein. The client device in some embodiments is further configured to encrypt the data encryption key using a second secret key, and to send the encrypted data encryption key to the storage system for storage therein as metadata of the data item.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: September 21, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Charles Kaufman, Xuan Tang
  • Publication number: 20210271763
    Abstract: In a cloud-based multiple client encryption and deduplication environment, secret plaintext data of a client is encrypted to produce ciphertext in an enclave comprising a trusted execution environment which is inaccessible by unauthorized entities and processes even with administrator privileges. Encryption is performed with an initialization vector and an encryption key calculated in the enclave. The encrypted ciphertext is deduplicated prior to storage by comparing a hash of the corresponding plaintext data to hashes of previously stored plaintext data.
    Type: Application
    Filed: February 27, 2020
    Publication date: September 2, 2021
    Applicant: EMC IP Holding Company, LLC
    Inventors: Radia J. Perlman, Charles W. Kaufman
  • Patent number: 11042629
    Abstract: An authentication server in an illustrative embodiment is configured to communicate with one or more client devices over a network. Responsive to a successful login to a user account by a client device, the authentication server provides the client device with a login cookie for the user account for potential utilization in one or more subsequent logins to the user account. The authentication server initializes a cookie-specific counter for the login cookie, and increments the cookie-specific counter for each of one or more unsuccessful logins to the user account made utilizing the login cookie. Responsive to the cookie-specific counter reaching a specified value, the authentication server locks the user account for any subsequent logins to the user account made utilizing the login cookie. The authentication server resets the cookie-specific counter responsive to a successful login to the user account made utilizing the login cookie.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: June 22, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Benjamin S. Smith
  • Patent number: 11019033
    Abstract: An apparatus comprises at least one processing device that includes a processor coupled to a memory. The processing device is configured to establish a secure enclave in cloud infrastructure as part of a trust domain, to load the secure enclave with a program for execution in the secure enclave, and to provide the secure enclave with information sufficient to allow the secure enclave to prove to one or more clients of the trust domain that the secure enclave was established within the trust domain. The provided information customizes the secure enclave for the trust domain in a manner that is detectable by the one or more clients of the trust domain. The establishing, loading and providing are illustratively performed at least in part by an orchestrator component that is part of the trust domain and is implemented using a first physical machine that is separate from a second physical machine used to implement the secure enclave.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: May 25, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Charles Kaufman
  • Patent number: 11018859
    Abstract: Plaintext data is encrypted to produce ciphertext which is transmitted along with a hash of the plaintext data and corresponding metadata comprising an initialization vector and information about the encryption key version used to encrypt the plaintext data to a backend storage system. The encrypted ciphertext is deduplicated at the backend storage system (without first decrypting it) using the hash and stored based upon the metadata.
    Type: Grant
    Filed: December 30, 2018
    Date of Patent: May 25, 2021
    Assignee: EMC IP Holding Company, LLC
    Inventors: Radia J. Perlman, Senthilkumar Ponnuswamy
  • Publication number: 20200409571
    Abstract: One example method includes accessing stored data, associating a unique identifier with the data, creating a hash by hashing a combination that comprises the unique identifier and the data, transmitting the hash to a notary service, receiving, from the notary service, a digital signature that corresponds to the hash, appending the digital signature to the data, and storing, as an object, a combination that comprises the digital signature, the data, and the unique identifier.
    Type: Application
    Filed: June 27, 2019
    Publication date: December 31, 2020
    Inventors: Yossef Saad, Radia J. Perlman, Charles William Kaufman
  • Publication number: 20200351104
    Abstract: An apparatus in one embodiment includes at least one processing device comprising a processor coupled to a memory. The processing device is configured to implement a first ledger maintenance node. The first ledger maintenance node is configured to communicate over one or more networks with a plurality of additional ledger maintenance nodes, to identify a block for proposed addition to a distributed ledger collectively maintained by the first and additional ledger maintenance nodes, to apply a digital signature of the first ledger maintenance node to the block, and to receive digital signatures on the block from at least a subset of the additional ledger maintenance nodes. Responsive to receipt of sufficient digital signatures from respective ones of the additional ledger maintenance nodes to meet a specified quorum of digital signatures required for addition of the block to the distributed ledger, the first ledger maintenance node adds the block to the distributed ledger.
    Type: Application
    Filed: July 20, 2020
    Publication date: November 5, 2020
    Inventors: Radia J. Perlman, Charles Kaufman
  • Patent number: 10819700
    Abstract: An apparatus in one embodiment comprises a client configured to perform client-side portions of one or more user authentication protocols carried out between the client and one or more authentication servers over a network. The client stores, for one or more instances of a given one of the user authentication protocols carried out for a particular user, an incorrect password history comprising identifiers of one or more passwords previously entered by the user and indicated as being incorrect passwords by at least one of the authentication servers, and determines, for an additional password entered by the user but not yet submitted by the client to the authentication servers, whether or not the additional password is part of the incorrect password history. Responsive to the additional password being part of the incorrect password history, the client generates an alert for presentation to the user to indicate that the additional password may be an incorrect password.
    Type: Grant
    Filed: February 12, 2018
    Date of Patent: October 27, 2020
    Assignee: EMC IP Holding Company LLC
    Inventor: Radia J. Perlman
  • Patent number: 10764068
    Abstract: A challenge/response authentication procedure determines whether a response is a correct response, a unique incorrect response, or a non-unique incorrect response, the unique incorrect response and non-unique incorrect response being differentiated by comparing the response value with a store of unique incorrect response values. For the correct response, client access to protected computer system resources is allowed, and the challenge value is discarded so as not to be used again. For the unique incorrect response, (1) when a predetermined limit of unique incorrect responses has not been reached, then the response value is added to the store of unique incorrect response values and the process is repeated with reuse of the challenge value, and (2) when the predetermined limit has been reached, then the client is locked out. For the non-unique incorrect response, the process is repeated with reuse of the challenge value.
    Type: Grant
    Filed: January 30, 2018
    Date of Patent: September 1, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Charles W. Kaufman, Xuan Tang
  • Patent number: 10756904
    Abstract: An apparatus in one embodiment includes at least one processing device comprising a processor coupled to a memory. The processing device is configured to implement a first ledger maintenance node. The first ledger maintenance node is configured to communicate over one or more networks with a plurality of additional ledger maintenance nodes, to identify a block for proposed addition to a distributed ledger collectively maintained by the first and additional ledger maintenance nodes, to apply a digital signature of the first ledger maintenance node to the block, and to receive digital signatures on the block from at least a subset of the additional ledger maintenance nodes. Responsive to receipt of sufficient digital signatures from respective ones of the additional ledger maintenance nodes to meet a specified quorum of digital signatures required for addition of the block to the distributed ledger, the first ledger maintenance node adds the block to the distributed ledger.
    Type: Grant
    Filed: February 22, 2018
    Date of Patent: August 25, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Charles Kaufman
  • Publication number: 20200213109
    Abstract: Plaintext data is encrypted to produce ciphertext which is transmitted along with a hash of the plaintext data and corresponding metadata comprising an initialization vector and information about the encryption key version used to encrypt the plaintext data to a backend storage system. The encrypted ciphertext is deduplicated at the backend storage system (without first decrypting it) using the hash and stored based upon the metadata.
    Type: Application
    Filed: December 30, 2018
    Publication date: July 2, 2020
    Applicant: EMC IP HOLDING COMPANY, LLC
    Inventors: Radia J. Perlman, Senthilkumar Ponnuswamy
  • Publication number: 20200177382
    Abstract: An apparatus in an illustrative embodiment comprises a client device configured for communication with a storage system, with the client device comprising a processor coupled to a memory. The client device is further configured to identify a data item to be stored in the storage system, and to generate a data encryption key for the data item as a function of a first secret key and the data item. For example, the function may comprise hashing at least the data item. The client device is further configured to encrypt the data item using the data encryption key for the data item, and to send the encrypted data item to the storage system for storage therein. The client device in some embodiments is further configured to encrypt the data encryption key using a second secret key, and to send the encrypted data encryption key to the storage system for storage therein as metadata of the data item.
    Type: Application
    Filed: December 4, 2018
    Publication date: June 4, 2020
    Inventors: Radia J. Perlman, Charles Kaufman, Xuan Tang
  • Publication number: 20200110871
    Abstract: An authentication server in an illustrative embodiment is configured to communicate with one or more client devices over a network. Responsive to a successful login to a user account by a client device, the authentication server provides the client device with a login cookie for the user account for potential utilization in one or more subsequent logins to the user account. The authentication server initializes a cookie-specific counter for the login cookie, and increments the cookie-specific counter for each of one or more unsuccessful logins to the user account made utilizing the login cookie. Responsive to the cookie-specific counter reaching a specified value, the authentication server locks the user account for any subsequent logins to the user account made utilizing the login cookie. The authentication server resets the cookie-specific counter responsive to a successful login to the user account made utilizing the login cookie.
    Type: Application
    Filed: October 9, 2018
    Publication date: April 9, 2020
    Inventors: Radia J. Perlman, Benjamin S. Smith
  • Patent number: 10394646
    Abstract: Described are techniques for performing data validation processing. An expected sequence of characters is determined that includes a plurality of groups. Each of the plurality of groups includes a first expected sequence of one or more characters representing encoded information and a second expected sequence of one or more data validation characters determined in accordance with a corresponding portion of the expected sequence. The portion includes at least the first expected sequence of one or more characters of the group. Data validation processing is incrementally performed as data for each of the plurality of groups is received. The data validation processing performed as data for each group is received uses a received sequence of one or more data validation characters corresponding to the second expected sequence of one or more data validation characters of each group.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: August 27, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Charles W. Kaufman, Radia J. Perlman
  • Publication number: 20190238346
    Abstract: A challenge/response authentication procedure determines whether a response is a correct response, a unique incorrect response, or a non-unique incorrect response, the unique incorrect response and non-unique incorrect response being differentiated by comparing the response value with a store of unique incorrect response values. For the correct response, client access to protected computer system resources is allowed, and the challenge value is discarded so as not to be used again. For the unique incorrect response, (1) when a predetermined limit of unique incorrect responses has not been reached, then the response value is added to the store of unique incorrect response values and the process is repeated with reuse of the challenge value, and (2) when the predetermined limit has been reached, then the client is locked out. For the non-unique incorrect response, the process is repeated with reuse of the challenge value.
    Type: Application
    Filed: January 30, 2018
    Publication date: August 1, 2019
    Inventors: Radia J. Perlman, Charles W. Kaufman, Xuan Tang
  • Patent number: 8635284
    Abstract: A method for processing packets that includes receiving a packet from a network, analyzing the packet to obtain packet information used to determine to which temporary data structure to forward the packet, if a first list includes the packet information forwarding the packet to a first temporary data structure, and processing the packet from the first temporary data structure, and if the first list does not include the packet information forwarding the packet to a second temporary data structure, processing the packet, wherein processing the packet comprises: sending a first test to a source of the packet using the packet information, placing the packet information on the first list, if a successful response to the first test is received, and placing the packet information on a second list, if an unsuccessful response to the first test is received.
    Type: Grant
    Filed: October 21, 2005
    Date of Patent: January 21, 2014
    Assignee: Oracle Amerca, Inc.
    Inventors: Sunay Tripathi, Radia J. Perlman, Nicolas G. Droux
  • Patent number: 8538014
    Abstract: Some embodiments of the present invention provide a system that computes a target secret St in a sequence of secrets S0 . . . Sn. During operation, the system obtains k hash functions h1, . . . , hk, where h1 is known as the “lowest order hash function”, and hk is known as the “highest order hash function.” Associated with each hash function hi is a seed value seed comprising a pair (seedindexi, seedvaluei). Hash function hi operates on a pair (indexi, valuei) to produce a pair (newindexi, newvaluei), where newindexi>indexi. To compute target secret St, the hash functions are applied successively, starting with the highest order hash function whose associated seed's index value is largest without being greater than t, applying that hash function as many times as possible without having that hash function's output's index value become greater than t, and then applying each successive hash function in turn as many times as possible, until St has been computed.
    Type: Grant
    Filed: May 12, 2008
    Date of Patent: September 17, 2013
    Assignee: Oracle America, Inc.
    Inventor: Radia J. Perlman
  • Patent number: 8488782
    Abstract: Some embodiments provide systems and techniques for performing parameterizable cryptography. An encryption key can be determined based at least on a string associated with an authorization policy. The encryption key can then be used to encrypt information. The decryption key can also be determined based at least on the string associated with the authorization policy. Note that the authorization policy must be satisfied to decrypt information. In some embodiments, the systems and techniques for performing parameterizable cryptography are blindable. These blindable embodiments can be used to preserve privacy.
    Type: Grant
    Filed: October 20, 2009
    Date of Patent: July 16, 2013
    Assignee: Oracle America, Inc.
    Inventor: Radia J. Perlman
  • Patent number: 8315395
    Abstract: Some embodiments provide a system to generate a key pair. During operation, the system can receive a request to generate the key pair, wherein the key pair is generated by a key assigner, and wherein the key pair is associated with a user. Next, the system can determine a secret associated with the key assigner. Specifically, the system can determine the secret by determining an initial secret associated with the key assigner, and by applying a one-way hash function to the initial secret one or more times. The system can then determine a seed based on the secret. Specifically, the system can determine the seed by cryptographically combining the secret with information associated with the user. Next, the system can generate the key pair by using the seed as an input to a key generator. The system can then return the key pair to a requestor.
    Type: Grant
    Filed: December 10, 2008
    Date of Patent: November 20, 2012
    Assignee: Oracle America, Inc.
    Inventor: Radia J. Perlman
  • Patent number: 8200964
    Abstract: One embodiment of the present invention provides a system for accessing an encrypted file through a file system. During operation, the system receives a request to access the encrypted file. In response to the request, the system sends an encrypted file key for the encrypted file from the file system to a tamper-resistant module. Next, the tamper-resistant module uses a master secret to decrypt the encrypted file key to restore the file key, wherein the master secret is obtained from an external source by the tamper-resistant module. The system then uses the file key to access the encrypted file.
    Type: Grant
    Filed: September 22, 2006
    Date of Patent: June 12, 2012
    Assignee: Oracle America, Inc.
    Inventors: Radia J. Perlman, Sunay Tripathi