Patents by Inventor Richard H. Boivie

Richard H. Boivie has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11520913
    Abstract: A method for securing Secure Objects that are protected from other software on a heterogeneous data processing system including a plurality of different types of processors wherein different portions of a Secure Object may run on different types of processors. A Secure Object may begin execution on a first processor then, depending on application requirements, the Secure Object may make a call to a second processor passing information to the second processor using a special inter-processor function call. The second processor performs the requested processing and then performs an inter-processor “function return” returning information as appropriate to the Secure Object on the first processor.
    Type: Grant
    Filed: May 11, 2018
    Date of Patent: December 6, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Richard H. Boivie
  • Publication number: 20220358116
    Abstract: Techniques facilitating hardware-based memory-error mitigation for heap-objects. In one example, a system can comprise a process that executes computer executable components stored in a non-transitory computer readable medium. The computer executable components comprise: an entry component; and a re-purpose component. The entry component can allocate an entry in a table to store bounds-information when an object is allocated in memory. The re-purpose component can re-purpose unused bits of an object address to store an index to the table entry.
    Type: Application
    Filed: July 20, 2022
    Publication date: November 10, 2022
    Inventors: Richard H. Boivie, Tong Chen, Alper Buyuktosunoglu, Gururaj Saileshwar
  • Publication number: 20220342830
    Abstract: A method, system and apparatus for protecting a program from making out of bounds memory references, including determining whether an instruction makes out of bound references where the instruction that loads data from or stores data to a buffer refers to addresses that are outside the bounds of the buffer, and responsive to the determining that the instruction refers to addresses that are partially out of bounds, changing an execution of the load or the store including modifying the starting address specified in the instruction, a length of data specified in the instruction, or a value for an out of bounds reference to load or store data that is within the bounds of the buffer.
    Type: Application
    Filed: April 21, 2021
    Publication date: October 27, 2022
    Inventors: Tong Chen, Alper Buyuktosunoglu, Richard H. Boivie, Gururaj Saileshwar
  • Patent number: 11429590
    Abstract: Techniques facilitating hardware-based memory-error mitigation for heap-objects. In one example, a system can comprise a process that executes computer executable components stored in a non-transitory computer readable medium. The computer executable components comprise: an entry component; and a re-purpose component. The entry component can allocate an entry in a table to store bounds-information when an object is allocated in memory. The re-purpose component can re-purpose unused bits of an object address to store an index to the table entry.
    Type: Grant
    Filed: October 15, 2020
    Date of Patent: August 30, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Richard H. Boivie, Tong Chen, Alper Buyuktosunoglu, Gururaj Saileshwar
  • Publication number: 20220206943
    Abstract: A method, system and apparatus for protecting against out-of-bounds references, including storing an address of a buffer in a general register and storing bounds information (BI) for the buffer in a bounds information register, and when a content of the general register is used as an address in a load or store operation, using a content of the bounds information register to determine if the load or store is out of bounds.
    Type: Application
    Filed: December 30, 2020
    Publication date: June 30, 2022
    Inventors: Tong Chen, Alper Buyuktosunoglu, Richard H. Boivie
  • Publication number: 20220206803
    Abstract: A method, system and apparatus for providing bound information accesses in buffer protection, including providing one-to-one mapping between a general-purpose register and bound information in a BI (bound information) register, saving loaded bound information in the BI register for future use, providing integrity of the bound information in the BI register that is maintained along program execution, and providing a pro-active load of the bound information with one-bit extra control on load instruction of the BI register.
    Type: Application
    Filed: December 30, 2020
    Publication date: June 30, 2022
    Inventors: Tong Chen, Richard H. Boivie, Alper Buyuktosunoglu
  • Patent number: 11356275
    Abstract: A method verifies an authenticity, integrity, and provenance of outputs from steps in a process flow. One or more processor(s) validate one or more inputs to each step in a process flow by verifying at least one of a hash and a digital signature of each of the one or more inputs. The processor(s) then generate digital signatures that cover outputs of each step and the one or more inputs to each step, such that the digital signatures result in a chain of digital signatures that are used to verify an authenticity, an integrity and a provenance of outputs of the one or more steps in the process flow.
    Type: Grant
    Filed: May 27, 2020
    Date of Patent: June 7, 2022
    Assignee: International Business Machines Corporation
    Inventors: Enriquillo Valdez, Richard H. Boivie, Venkata Sitaramagiridharganesh Ganapavarapu, Jinwook Jung, Gi-Joon Nam, Roman Vaculin, James Thomas Rayfield
  • Publication number: 20220121644
    Abstract: Techniques facilitating hardware-based memory-error mitigation for heap-objects. In one example, a system can comprise a process that executes computer executable components stored in a non-transitory computer readable medium. The computer executable components comprise: an entry component; and a re-purpose component. The entry component can allocate an entry in a table to store bounds-information when an object is allocated in memory. The re-purpose component can re-purpose unused bits of an object address to store an index to the table entry.
    Type: Application
    Filed: October 15, 2020
    Publication date: April 21, 2022
    Inventors: Richard H. Boivie, Tong Chen, Alper Buyuktosunoglu, Gururaj Saileshwar
  • Patent number: 11216595
    Abstract: A private key of a public-private key pair with a corresponding identity is written to an integrated circuit including a processor, a non-volatile memory, and a cryptographic engine coupled to the processor and the non-volatile memory. The private key is written to the non-volatile memory. The integrated circuit is implemented in complementary metal-oxide semiconductor 14 nm or smaller technology. The integrated circuit is permanently modified, subsequent to the writing, such that further writing to the non-volatile memory is disabled and such that the private key can be read only by the cryptographic engine and not off-chip. Corresponding integrated circuits and wafers are also disclosed.
    Type: Grant
    Filed: September 21, 2019
    Date of Patent: January 4, 2022
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Eduard A. Cartier, Daniel J. Friedman, Kohji Hosokawa, Charanjit Jutla, Wanki Kim, Chandrasekara Kothandaraman, Chung Lam, Frank R. Libsch, Seiji Munetoh, Ramachandran Muralidhar, Vijay Narayanan, Dirk Pfeiffer, Devendra K. Sadana, Ghavam G. Shahidi, Robert L. Wisnieff
  • Publication number: 20210377042
    Abstract: A method verifies an authenticity, integrity, and provenance of outputs from steps in a process flow. One or more processor(s) validate one or more inputs to each step in a process flow by verifying at least one of a hash and a digital signature of each of the one or more inputs. The processor(s) then generate digital signatures that cover outputs of each step and the one or more inputs to each step, such that the digital signatures result in a chain of digital signatures that are used to verify an authenticity, an integrity and a provenance of outputs of the one or more steps in the process flow.
    Type: Application
    Filed: May 27, 2020
    Publication date: December 2, 2021
    Inventors: ENRIQUILLO VALDEZ, RICHARD H. BOIVIE, VENKATA SITARAMAGIRIDHARGANESH GANAPAVARAPU, JINWOOK JUNG, GI-JOON NAM, ROMAN VACULIN, JAMES THOMAS RAYFIELD
  • Patent number: 11068607
    Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory and an encrypted persistent storage. The appliance SVM stores the application data in the persistent storage. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.
    Type: Grant
    Filed: March 10, 2018
    Date of Patent: July 20, 2021
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Jonathan D. Bradbury, William E. Hall, Guerney D. H. Hunt, Jentje Leenstra, Jeb R. Linton, James A. O'Connor, Jr., Elaine R. Palmer, Dimitrios Pendarakis
  • Patent number: 10997321
    Abstract: A private key of a public-private key pair with a corresponding identity is written to an integrated circuit including a processor, a non-volatile memory, and a cryptographic engine coupled to the processor and the non-volatile memory. The private key is written to the non-volatile memory. The integrated circuit is implemented in complementary metal-oxide semiconductor 14 nm or smaller technology. The integrated circuit is permanently modified, subsequent to the writing, such that further writing to the non-volatile memory is disabled and such that the private key can be read only by the cryptographic engine and not off-chip. Corresponding integrated circuits and wafers are also disclosed.
    Type: Grant
    Filed: September 21, 2019
    Date of Patent: May 4, 2021
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Eduard A. Cartier, Daniel J. Friedman, Kohji Hosokawa, Charanjit Jutla, Wanki Kim, Chandrasekara Kothandaraman, Chung Lam, Frank R. Libsch, Seiji Munetoh, Ramachandran Muralidhar, Vijay Narayanan, Dirk Pfeiffer, Devendra K. Sadana, Ghavam G. Shahidi, Robert L. Wisnieff
  • Publication number: 20210110040
    Abstract: In an approach to protecting against out-of-bounds buffer references, an apparatus comprises one or more processor cores and a bounds-checking functional unit in each processor core configured to manage bounds information for one or more memory buffers. When a buffer is allocated, an address range of the buffer is stored. When a pointer is assigned an address within the address range of the buffer, the address range of the buffer is associated with the pointer. When the pointer is used to compute an address for an operation, whether the address for the operation is within the address range associated with the pointer is determined. If the address is not within the address range associated with the pointer, signaling that an error has occurred.
    Type: Application
    Filed: October 15, 2019
    Publication date: April 15, 2021
    Inventors: Richard H. Boivie, Alper Buyuktosunoglu, Tong Chen
  • Patent number: 10901918
    Abstract: Server resources in a data center are disaggregated into shared server resource pools, which include a pool of secure processors. Advantageously, servers are constructed dynamically, on-demand and based on a tenant's workload requirements, by allocating from these resource pools. According to this disclosure, secure processor modules for new servers are allocated to provide security for data-in-use (and data-at-rest) in a dynamic fashion so that virtual and non-virtual capacity can be adjusted in the disaggregate compute system without any downtime, e.g., based on workload security requirements and data sensitivity characteristics. The approach herein optimizes an overall utilization of an available secure processors resource pool in the disaggregated environment. The resulting disaggregate compute system that is configured according to the approach cryptographically-protects workload data whenever it is outside the CPU chip.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: January 26, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: HariGovind V. Ramasamy, Eugen Schenfeld, Valentina Salapura, John A. Bivens, Yaoping Ruan, Min Li, Ashish Kundu, Ruchi Mahindru, Richard H. Boivie
  • Patent number: 10904226
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Grant
    Filed: November 20, 2019
    Date of Patent: January 26, 2021
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
  • Patent number: 10785240
    Abstract: Protection from malware download is provided. A first input is received to access one of an email attachment or a web site link using an application. A newly generated secure virtual machine is obtained from one of a network server or a cloud computing service. The one of the email attachment or the web site link is sent to the newly generated secure virtual machine for processing.
    Type: Grant
    Filed: May 2, 2019
    Date of Patent: September 22, 2020
    Assignee: International Business Machines Corporation
    Inventor: Richard H. Boivie
  • Patent number: 10685106
    Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory. The appliance SVM processes the commands without ever saving any persistent state of the application data. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.
    Type: Grant
    Filed: March 10, 2018
    Date of Patent: June 16, 2020
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Jonathan D. Bradbury, William E. Hall, Guerney D. H. Hunt, Jentje Leenstra, Jeb R. Linton, James A. O'Connor, Jr., Elaine R. Palmer, Dimitrios Pendarakis
  • Publication number: 20200174949
    Abstract: Server resources in a data center are disaggregated into shared server resource pools, which include a pool of secure processors. Advantageously, servers are constructed dynamically, on-demand and based on a tenant's workload requirements, by allocating from these resource pools. According to this disclosure, secure processor modules for new servers are allocated to provide security for data-in-use (and data-at-rest) in a dynamic fashion so that virtual and non-virtual capacity can be adjusted in the disaggregate compute system without any downtime, e.g., based on workload security requirements and data sensitivity characteristics. The approach herein optimizes an overall utilization of an available secure processors resource pool in the disaggregated environment. The resulting disaggregate compute system that is configured according to the approach cryptographically-protects workload data whenever it is outside the CPU chip.
    Type: Application
    Filed: November 29, 2018
    Publication date: June 4, 2020
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: HariGovind V. RAMASAMY, Eugen SCHENFELD, Valentina SALAPURA, John A. BIVENS, Yaoping RUAN, Min LI, Ashish KUNDU, Ruchi MAHINDRU, Richard H. BOIVIE
  • Publication number: 20200092267
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Application
    Filed: November 20, 2019
    Publication date: March 19, 2020
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez
  • Patent number: 10547596
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Grant
    Filed: April 5, 2019
    Date of Patent: January 28, 2020
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquillo Valdez