Patents by Inventor Richard V. Kisley
Richard V. Kisley has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10382199Abstract: Embodiments are directed to a computer-implemented method and system, and for setting a minimum key strength in a key hierarchy. The method and system can include the use of a key strength keyword that set a minimum key strength for a plurality of key classes. The setting of a key strength lower than that set forth in the key strength command is prohibited. The key classes can include DES keys, AES keys, HMAC keys, RSA PKI keys, RSA usage keys, RSA key generation keys, ECC PKI keys, ECC usage keys, and ECC key generation keys. A multi-dimension key hierarchy, including a master key and a key that is derived through the use of a key derivation function is also described herein.Type: GrantFiled: September 30, 2016Date of Patent: August 13, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard V. Kisley, Michael J. Miele
-
Patent number: 10333703Abstract: Embodiments are directed to a computer-implemented method and system for generating a transport key. A method can include generating, using a processor, a key agreement pair comprising a public agreement key and a private agreement key in a second element. Thereafter, generating, using the processor, a transport key based on the public agreement key in a first element. Then sending, using the processor, an information blob to the second element. Finally, independently generating, using the processor, the transport key in the second element using the information blob and the private agreement key. The transport key can thereafter be used to send information securely between the first and second elements.Type: GrantFiled: March 1, 2017Date of Patent: June 25, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Richard V. Kisley, Michael J. Miele
-
Patent number: 10298390Abstract: Embodiments are directed to a computer-implemented method, computer system, and computer program product for creating a public key token. A public key and private key are generated, using a master key. A set of permissions is received for the public key and private key that note the allowable uses for the public key and private key. Thereafter, the set of permissions, encrypted public key, and other associated information is placed in a public key token.Type: GrantFiled: November 7, 2017Date of Patent: May 21, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard V. Kisley, Michael J. Miele
-
Patent number: 10256981Abstract: Embodiments include method, systems and computer program products for secure logging of host security module. In some embodiments, an event may be received. The event may include data to be written to a secure log file. A hash may be generated using data of the event. The hash may be stored in a first field of an event record associated with the event. The event record may be stored in the secure log file. The hash may be stored in a second field of a next event record in the secure log file.Type: GrantFiled: September 27, 2016Date of Patent: April 9, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard V. Kisley, Mark D. Marik, Michael J. Miele, Tamas Visegrady
-
Patent number: 10095419Abstract: Method, apparatus and program storage device that provides a distributed file serving architecture with metadata storage virtualization and data access at the data server connection speed is provided. A host issues a file access request including data target locations. The file access request including data target locations is processed. Remote direct memory access (RDMA) channel endpoint connection are issued in response to the processing of the file access request. An RDMA transfer of the file-block data associated with the file access request is made directly between a memory at the host and a data server.Type: GrantFiled: January 4, 2016Date of Patent: October 9, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard V. Kisley, Philip D. Knight
-
Publication number: 20180254894Abstract: Embodiments are directed to a computer-implemented method and system for generating a transport key. A method can include generating, using a processor, a key agreement pair comprising a public agreement key and a private agreement key in a second element. Thereafter, generating, using the processor, a transport key based on the public agreement key in a first element. Then sending, using the processor, an information blob to the second element. Finally, independently generating, using the processor, the transport key in the second element using the information blob and the private agreement key. The transport key can thereafter be used to send information securely between the first and second elements.Type: ApplicationFiled: March 1, 2017Publication date: September 6, 2018Inventors: Todd W. Arnold, Richard V. Kisley, Michael J. Miele
-
Patent number: 10042561Abstract: Method, apparatus and program storage device that provides a distributed file serving architecture with metadata storage virtualization and data access at the data server connection speed is provided. A host issues a file access request including data target locations. The file access request including data target locations is processed. Remote direct memory access (RDMA) channel endpoint connection are issued in response to the processing of the file access request. An RDMA transfer of the file-block data associated with the file access request is made directly between a memory at the host and a data server.Type: GrantFiled: July 8, 2016Date of Patent: August 7, 2018Assignee: International Business Machines CorporationInventors: Richard V. Kisley, Philip D. Knight
-
Publication number: 20180097620Abstract: Embodiments are directed to a computer-implemented method and system, and for setting a minimum key strength in a key hierarchy. The method and system can include the use of a key strength keyword that set a minimum key strength for a plurality of key classes. The setting of a key strength lower than that set forth in the key strength command is prohibited. The key classes can include DES keys, AES keys, HMAC keys, RSA PKI keys, RSA usage keys, RSA key generation keys, ECC PKI keys, ECC usage keys, and ECC key generation keys. A multi-dimension key hierarchy, including a master key and a key that is derived through the use of a key derivation function is also described herein.Type: ApplicationFiled: September 30, 2016Publication date: April 5, 2018Inventors: Richard V. Kisley, Michael J. Miele
-
Publication number: 20180091299Abstract: Embodiments are directed to a computer-implemented method, computer system, and computer program product for creating a public key token. A public key and private key are generated, using a master key. A set of permissions is received for the public key and private key that note the allowable uses for the public key and private key. Thereafter, the set of permissions, encrypted public key, and other associated information is placed in a public key token.Type: ApplicationFiled: November 7, 2017Publication date: March 29, 2018Inventors: Richard V. Kisley, Michael J. Miele
-
Publication number: 20180091311Abstract: Embodiments include method, systems and computer program products for secure logging of host security module. In some embodiments, an event may be received. The event may include data to be written to a secure log file. A hash may be generated using data of the event. The hash may be stored in a first field of an event record associated with the event. The event record may be stored in the secure log file. The hash may be stored in a second field of a next event record in the secure log file.Type: ApplicationFiled: September 27, 2016Publication date: March 29, 2018Inventors: Richard V. Kisley, Mark D. Marik, Michael J. Miele, Tamas Visegrady
-
Patent number: 9838203Abstract: Embodiments are directed to a computer-implemented method, computer system, and computer program product for creating a public key token. A public key and private key are generated, using a master key. A set of permissions is received for the public key and private key that note the allowable uses for the public key and private key. Thereafter, the set of permissions, encrypted public key, and other associated information is placed in a public key token.Type: GrantFiled: September 28, 2016Date of Patent: December 5, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard V. Kisley, Michael J. Miele
-
Patent number: 9647842Abstract: A session key is negotiated to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.Type: GrantFiled: September 9, 2016Date of Patent: May 9, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Richard V. Kisley, Michael J. Miele
-
Patent number: 9633212Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.Type: GrantFiled: August 26, 2016Date of Patent: April 25, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Elizabeth A. Dames, Charles D. Helfenberger, Richard V. Kisley, Jimmie R. Mayfield, Jr.
-
Patent number: 9607159Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.Type: GrantFiled: December 10, 2014Date of Patent: March 28, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Elizabeth A. Dames, Charles D. Helfenberger, Richard V. Kisley, Jimmie R. Mayfield, Jr.
-
Publication number: 20170010825Abstract: Method, apparatus and program storage device that provides a distributed file serving architecture with metadata storage virtualization and data access at the data server connection speed is provided. A host issues a file access request including data target locations. The file access request including data target locations is processed. Remote direct memory access (RDMA) channel endpoint connection are issued in response to the processing of the file access request. An RDMA transfer of the file-block data associated with the file access request is made directly between a memory at the host and a data server.Type: ApplicationFiled: July 8, 2016Publication date: January 12, 2017Inventors: Richard V. Kisley, Philip D. Knight
-
Publication number: 20160373259Abstract: A session key is negotiated to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.Type: ApplicationFiled: September 9, 2016Publication date: December 22, 2016Inventors: Todd W. Arnold, Richard V. Kisley, Michael J. Miele
-
Publication number: 20160357974Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.Type: ApplicationFiled: August 26, 2016Publication date: December 8, 2016Inventors: Todd W. Arnold, Elizabeth A. Dames, Charles D. Helfenberger, Richard V. Kisley, Jimmie R. Mayfield, Jr.
-
Patent number: 9485091Abstract: Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.Type: GrantFiled: May 1, 2014Date of Patent: November 1, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Richard V. Kisley, Michael J. Miele
-
Patent number: 9471796Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.Type: GrantFiled: March 7, 2016Date of Patent: October 18, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Elizabeth A. Dames, Charles D. Helfenberger, Richard V. Kisley, Jimmie R. Mayfield, Jr.
-
Patent number: 9473299Abstract: Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.Type: GrantFiled: March 7, 2016Date of Patent: October 18, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Todd W. Arnold, Richard V. Kisley, Michael J. Miele