Patents by Inventor Richard Henry Guski
Richard Henry Guski has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9141819Abstract: Access to encrypted data on a removable computer media such as a computer tape is controlled via a uniquely-structured header on the medium having a symmetrical key wrapped by asymmetrical encryption plus a public key associated with the asymmetrical encryption. The data on the medium is encrypted using the symmetrical key. Prior to automated reading of the data by a reader, a challenge is issued to a host system including the public key and preferably a nonce value. The host responds by signing the nonce using a private key associated with the public key in order to prove it has rights to decrypt the data. The symmetrical key is unwrapped using the private key, and finally the unwrapped symmetrical key is used to decrypt the data on the medium, thereby allowing automated reading of the tape data without the need or risk of two administrators sharing a symmetrical key value.Type: GrantFiled: November 8, 2006Date of Patent: September 22, 2015Assignee: International Business Machines CorporationInventors: Steven A. Bade, John C. Dayka, Glen Alan Jaquette, Richard Henry Guski
-
Patent number: 9122864Abstract: A method, apparatus and program storage device for program verification in an information handling system in which an application program runs on an operating system having a signature verification function for verifying a digital signature of the application program. Upon loading of the application program, the signature verification function of the operating system verifies the digital signature of the application program and, if the digital signature is verified, initiates execution of the application program. Upon initiation of execution of the application program, a verification testing function associated with the application program tests the signature verification function of the operating system by presenting to it a sequence of test digital signatures in a specified pattern of true and false signatures. If its test of the signature verification function of the operating system is successful, the application program initiates normal execution.Type: GrantFiled: August 5, 2008Date of Patent: September 1, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Walter Barlett Farrell, Richard Henry Guski, James W. Sweeny
-
Patent number: 8645715Abstract: Provided are a method, system, and article of manufacture for configuring host settings to specify encryption and a key label referencing a key encrypting key to use to encrypt an encryption key provided to a storage drive to use to encrypt data from the host. User settings are received to configure a data class having data attributes with encryption settings. The data class is stored with the received user encryption settings. A job is received indicating a data set to store to a removable storage medium. A data class is determined having data class attributes matching data attributes of the data set indicated in the job. A determination is made from the determined data class whether to encrypt the data.Type: GrantFiled: September 11, 2007Date of Patent: February 4, 2014Assignee: International Business Machines CorporationInventors: Erika Marianna Dawson, Richard Henry Guski, Michael James Kelly, Cecelia Carranza Lewis, Jon Arthur Lynds, Wayne Erwin Rhoten, Peter Grimm Sutton
-
Publication number: 20100180329Abstract: An authenticated identity propagation and translation technique is provided in a transaction processing environment including distributed and mainframe computing components. Identified and authenticated user identification and authentication information is forwarded in association with transaction requests from a distributed component to a mainframe component, facilitating the selection of the appropriate mainframe user identity with which to execute the mainframe portion of the transaction, and creating the appropriate runtime security context. The forwarded user identification and authentication information contains a plurality of sections with identifying information about an authenticated client end-user identity as known at the initial authentication component and a mask specifying a subset of the sections.Type: ApplicationFiled: January 9, 2009Publication date: July 15, 2010Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard Henry Guski, Deborah Mapes, William O'Donnell, Ira Steven Ringle
-
Publication number: 20100037065Abstract: A method, apparatus and program storage device for program verification in an information handling system in which an application program runs on an operating system having a signature verification function for verifying a digital signature of the application program. Upon loading of the application program, the signature verification function of the operating system verifies the digital signature of the application program and, if the digital signature is verified, initiates execution of the application program. Upon initiation of execution of the application program, a verification testing function associated with the application program tests the signature verification function of the operating system by presenting to it a sequence of test digital signatures in a specified pattern of true and false signatures. If its test of the signature verification function of the operating system is successful, the application program initiates normal execution.Type: ApplicationFiled: August 5, 2008Publication date: February 11, 2010Applicant: INTERNATIONAL BUISNESS MACHINES CORPORATIONInventors: John C. Dayka, Walter Barlett Farrell, Richard Henry Guski, James W. Sweeny
-
Publication number: 20090067633Abstract: Provided are a method, system, and article of manufacture for configuring host settings to specify encryption and a key label referencing a key encrypting key to use to encrypt an encryption key provided to a storage drive to use to encrypt data from the host. User settings are received to configure a data class having data attributes with encryption settings. The data class is stored with the received user encryption settings. A job is received indicating a data set to store to a removable storage medium. A data class is determined having data class attributes matching data attributes of the data set indicated in the job. A determination is made from the determined data class whether to encrypt the data.Type: ApplicationFiled: September 11, 2007Publication date: March 12, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Erika Marianna Dawson, Richard Henry Guski, Michael James Kelly, Cecilia Carranza Lewis, Jon Arthur Lynds, Wayne Erwin Rhoten, Peter Grimm Sutton
-
Publication number: 20080123863Abstract: Access to encrypted data on a removable computer media such as a computer tape is controlled via a uniquely-structured header on the medium having a symmetrical key wrapped by asymmetrical encryption plus a public key associated with the asymmetrical encryption. The data on the medium is encrypted using the symmetrical key. Prior to automated reading of the data by a reader, a challenge is issued to a host system including the public key and preferably a nonce value. The host responds by signing the nonce using a private key associated with the public key in order to prove it has rights to decrypt the data. The symmetrical key is unwrapped using the private key, and finally the unwrapped symmetrical key is used to decrypt the data on the medium, thereby allowing automated reading of the tape data without the need or risk of two administrators sharing a symmetrical key value.Type: ApplicationFiled: November 8, 2006Publication date: May 29, 2008Inventors: STEVEN A. BADE, John C. Dayka, Glen Alan Jaquette, Richard Henry Guski
-
Patent number: 6377994Abstract: In a client/server system, a method and apparatus for handing requests for access to a host resource purportedly on behalf of a client from an untrusted application server that may be capable of operating as a “rogue” server. Upon receiving a service request from a client, an untrusted application server creates a new thread within its address space for the client and obtains from the security server a client security context, which is anchored to the task control block (TCB) for that thread. The client security context specifies the client and indicates whether the client is an authenticated client or an unauthenticated client. When the application server makes a request for access to a host resource purportedly on behalf of the client, the security server examines the security context created for the requesting thread.Type: GrantFiled: April 15, 1996Date of Patent: April 23, 2002Assignee: International Business Machines CorporationInventors: Donald Fred Ault, John Carr Dayka, Eric Charles Finkelstein, Richard Henry Guski
-
Patent number: 6292896Abstract: A system for authenticating a first entity to a second entity and for simultaneously generating a session key for encrypting communications between the entities. The first entity generates an authentication value by encrypting time-dependent information using a long-lived secret key shared by the entities and transmits the authentication value to the second entity. The first entity independently encrypts other time-dependent information using the long-lived key to generate a session key that cannot be derived from the authentication value without the long-lived key. Upon receiving the transmitted authentication value, the second entity checks the transmitted authentication value using the shared long-lived key to determine whether it is valid. If the authentication value is valid, the second entity authenticates the first entity and generates an identical session key from the same shared secret information and time-dependent information.Type: GrantFiled: January 22, 1997Date of Patent: September 18, 2001Assignee: International Business Machines CorporationInventors: Richard Henry Guski, John Carr Dayka, Harvey Tildon McGee, Bruce Robert Wells
-
Patent number: 5661807Abstract: A system for authenticating a user located at a requesting node to a resource such as a host application located at an authenticating node using one-time passwords that change pseudorandomly with each request for authentication. At the requesting node a non-time-dependent value is generated from nonsecret information identifying the user and the host application, using a secret encryption key shared with the authenticating node. The non-time-dependent value is combined with a time-dependent value to generate a composite value that is encrypted to produce an authentication parameter. The authentication parameter is reversibly transformed into an alphanumeric character string that is transmitted as a one-time password to the authenticating node. At the authenticating node the received password is transformed back into the corresponding authentication parameter, which is decrypted to regenerate the composite value.Type: GrantFiled: August 18, 1995Date of Patent: August 26, 1997Assignee: International Business Machines CorporationInventors: Richard Henry Guski, Raymond Craig Larson, Stephen Michael Matyas, Jr., Donald Byron Johnson, Don Coppersmith