Patents by Inventor Stephen J. McKenzie
Stephen J. McKenzie has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11778037Abstract: In an approach to efficient concurrent TLS data streams, a parent connection is established by performing a normal TLS handshake. A concurrent mode of operation is negotiated, where one or more child connections are established without using the TLS handshake. The one or more child connections are associated to the parent connection. Child application traffic secrets are derived for each child connection of the one or more child connections from application traffic secrets of the parent.Type: GrantFiled: September 8, 2021Date of Patent: October 3, 2023Assignee: International Business Machines CorporationInventors: Michael W. Gray, Narayana Aditya Madineni, Leigh S. McLean, Stephen J. McKenzie
-
Patent number: 11683182Abstract: A method, a computer program product, and a system for embedding a message in a random value. The method includes generating a random value and applying a hash function to the random value to produce a hash value. Starting with the hash value, the method further includes reapplying the hash function in an iterative or recursive manner, with a new hash value produced by the hash function acting as an initial value that is applied to the hash function for a next iteration, until a bit sequence representing a message is produced in a message hash value. The method further includes utilizing the message hash value as a new random value that can be used by an encryption algorithm.Type: GrantFiled: May 8, 2020Date of Patent: June 20, 2023Assignee: International Business Machines CorporationInventors: Michael W. Gray, Narayana Aditya Madineni, Simon D. McMahon, Matthew Green, Stephen J. McKenzie, Michael James Thomas
-
Patent number: 11647014Abstract: A computer-implemented method for identity authentication in a data processing system, including: receiving, by the processor, an authentication request from a user; receiving, by the processor, real-time data from one or more Internet of Things (IoT) devices associated with the user; generating, by the processor, one or more questions based on the real-time data; receiving, by the processor, one or more responses to the one or more questions from the user; comparing, by the processor, the one or more responses from the user with one or more correct answers identified by the processor. If the one or more responses match the one or more correct answers, providing, by the processor, the user with a successful identity authentication.Type: GrantFiled: February 18, 2020Date of Patent: May 9, 2023Assignee: International Business Machines CorporationInventors: Stephen J. McKenzie, Narayana A. Madineni, Simon D. McMahon, Pranab Agarwal
-
Publication number: 20230070421Abstract: In an approach to efficient concurrent TLS data streams, a parent connection is established by performing a normal TLS handshake. A concurrent mode of operation is negotiated, where one or more child connections are established without using the TLS handshake. The one or more child connections are associated to the parent connection. Child application traffic secrets are derived for each child connection of the one or more child connections from application traffic secrets of the parent.Type: ApplicationFiled: September 8, 2021Publication date: March 9, 2023Inventors: Michael W. Gray, Narayana Aditya Madineni, Leigh S. McLean, Stephen J. MCKENZIE
-
Publication number: 20220038278Abstract: Transport Layer Security (TLS) connection establishment between a client and a server for a new session is enabled using an ephemeral (temporary) key pair. In response to a request, the server generates a temporary certificate by signing an ephemeral public key using the server's private key. A certificate chain comprising at least the temporary certificate that includes the ephemeral public key, together with a server certificate, is output to the client by the server, which acts as a subordinate Certificate Authority. The client validates the certificates, generates a session key and outputs the session key wrapped by the ephemeral public key. To complete the connection establishment, the server applies the ephemeral private key to recover the session key derived at the client for the new session. The client and server thereafter use the session key to encrypt and decrypt data over the link. The ephemeral key pair is not reused.Type: ApplicationFiled: October 15, 2021Publication date: February 3, 2022Applicant: International Business Machines CorporationInventors: Michael W. Gray, Narayana Aditya Madineni, Matthew Green, Simon D. McMahon, Leigh S. McLean, Stephen J. McKenzie, Luvita Burgess, Peter T. Waltenberg
-
Patent number: 11206135Abstract: Transport Layer Security (TLS) connection establishment between a client and a server for a new session is enabled using an ephemeral (temporary) key pair. In response to a request, the server generates a temporary certificate by signing an ephemeral public key using the server's private key. A certificate chain comprising at least the temporary certificate that includes the ephemeral public key, together with a server certificate, is output to the client by the server, which acts as a subordinate Certificate Authority. The client validates the certificates, generates a session key and outputs the session key wrapped by the ephemeral public key. To complete the connection establishment, the server applies the ephemeral private key to recover the session key derived at the client for the new session. The client and server thereafter use the session key to encrypt and decrypt data over the link. The ephemeral key pair is not reused.Type: GrantFiled: November 11, 2019Date of Patent: December 21, 2021Assignee: International Business Machines CorporationInventors: Michael W. Gray, Narayana Aditya Madineni, Matthew Green, Simon D. McMahon, Leigh S. McLean, Stephen J. McKenzie, Luvita Burgess, Peter T. Waltenberg
-
Publication number: 20210351932Abstract: A method, a computer program product, and a system for embedding a message in a random value. The method includes generating a random value and applying a hash function to the random value to produce a hash value. Starting with the hash value, the method further includes reapplying the hash function in an iterative or recursive manner, with a new hash value produced by the hash function acting as an initial value that is applied to the hash function for a next iteration, until a bit sequence representing a message is produced in a message hash value. The method further includes utilizing the message hash value as a new random value that can be used by an encryption algorithm.Type: ApplicationFiled: May 8, 2020Publication date: November 11, 2021Inventors: Michael W. Gray, Narayana Aditya Madineni, Simon D. McMahon, Matthew Green, Stephen J. McKenzie, Michael James Thomas
-
Patent number: 11153299Abstract: A method, computer system, and a computer program product for secure transport of data is provided. The present invention may include defining a trust relationship based on a secret. The present invention may also include associating a trusted transport key identity (TTKI) based on the defined trust relationship. The present invention may then include receiving a trusted transport key (TTK), wherein the TTK is digitally signed and encrypted with the TTKI. The present invention may further include verifying the digitally signed TTK. The present invention may also include enveloping the secret with the TTK.Type: GrantFiled: March 11, 2019Date of Patent: October 19, 2021Assignee: International Business Machines CorporationInventors: Michael W. Gray, Narayana A. Madineni, Simon D. McMahon, Leigh S. McLean, Luvita Burgess, Stephen J. McKenzie, Matthew Green, Peter T. Waltenberg
-
Publication number: 20210258296Abstract: A computer-implemented method for identity authentication in a data processing system, including: receiving, by the processor, an authentication request from a user; receiving, by the processor, real-time data from one or more Internet of Things (IoT) devices associated with the user; generating, by the processor, one or more questions based on the real-time data; receiving, by the processor, one or more responses to the one or more questions from the user; comparing, by the processor, the one or more responses from the user with one or more correct answers identified by the processor. If the one or more responses match the one or more correct answers, providing, by the processor, the user with a successful identity authentication.Type: ApplicationFiled: February 18, 2020Publication date: August 19, 2021Inventors: Stephen J. McKenzie, Narayana A. Madineni, Simon D. McMahon, Pranab Agarwal
-
Publication number: 20210144004Abstract: Transport Layer Security (TLS) connection establishment between a client and a server for a new session is enabled using an ephemeral (temporary) key pair. In response to a request, the server generates a temporary certificate by signing an ephemeral public key using the server's private key. A certificate chain comprising at least the temporary certificate that includes the ephemeral public key, together with a server certificate, is output to the client by the server, which acts as a subordinate Certificate Authority. The client validates the certificates, generates a session key and outputs the session key wrapped by the ephemeral public key. To complete the connection establishment, the server applies the ephemeral private key to recover the session key derived at the client for the new session. The client and server thereafter use the session key to encrypt and decrypt data over the link. The ephemeral key pair is not reused.Type: ApplicationFiled: November 11, 2019Publication date: May 13, 2021Applicant: International Business Machines CorporationInventors: Michael W. Gray, Narayana Aditya Madineni, Matthew Green, Simon D. McMahon, Leigh S. McLean, Stephen J. McKenzie, Luvita Burgess, Peter T. Waltenberg
-
Patent number: 10812267Abstract: Secure password lock and recovery is provided. A user password is received to access a secure resource protected by a data processing system. It is determined whether a match exists between a retrieved user password verification string corresponding to a valid user password from a storage of a software token and a generated user password verification string corresponding to the user password. In response to determining that a match does not exist between the retrieved user password verification string and the generated user password verification string, it is determined whether a defined number of user password authentication attempts has been exceeded. In response to determining that the defined number of user password authentication attempts has been exceeded, the retrieved user password verification string is set to a preestablished sequence of values locking the valid user password on the storage of the software token. Access to the secure resource is denied.Type: GrantFiled: November 5, 2018Date of Patent: October 20, 2020Assignee: International Business Machines CorporationInventors: Simon McMahon, Narayana Madineni, Michael W. Gray, Leigh McLean, Matthew Green, Luvita Burgess, Stephen J. McKenzie, Peter Waltenberg
-
Publication number: 20200296086Abstract: A method, computer system, and a computer program product for secure transport of data is provided. The present invention may include defining a trust relationship based on a secret. The present invention may also include associating a trusted transport key identity (TTKI) based on the defined trust relationship. The present invention may then include receiving a trusted transport key (TTK), wherein the TTK is digitally signed and encrypted with the TTKI. The present invention may further include verifying the digitally signed TTK. The present invention may also include enveloping the secret with the TTK.Type: ApplicationFiled: March 11, 2019Publication date: September 17, 2020Inventors: Michael W. Gray, Narayana A. Madineni, Simon D. McMahon, Leigh S. McLean, Luvita Burgess, Stephen J. McKenzie, Matthew Green, Peter T. Waltenberg
-
Publication number: 20200145215Abstract: Secure password lock and recovery is provided. A user password is received to access a secure resource protected by a data processing system. It is determined whether a match exists between a retrieved user password verification string corresponding to a valid user password from a storage of a software token and a generated user password verification string corresponding to the user password. In response to determining that a match does not exist between the retrieved user password verification string and the generated user password verification string, it is determined whether a defined number of user password authentication attempts has been exceeded. In response to determining that the defined number of user password authentication attempts has been exceeded, the retrieved user password verification string is set to a preestablished sequence of values locking the valid user password on the storage of the software token. Access to the secure resource is denied.Type: ApplicationFiled: November 5, 2018Publication date: May 7, 2020Inventors: Simon McMahon, Narayana Madineni, Michael W. Gray, Leigh McLean, Matthew Green, Luvita Burgess, Stephen J. McKenzie, Peter Waltenberg