Patents by Inventor Timothy R. Block

Timothy R. Block has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11206141
    Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: December 21, 2021
    Assignee: International Business Machines Corporation
    Inventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, Christopher J. Engel, William E. Hall
  • Patent number: 11165766
    Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.
    Type: Grant
    Filed: August 21, 2018
    Date of Patent: November 2, 2021
    Assignee: International Business Machines Corporation
    Inventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, William E. Hall, Hugo M. Krawczyk, David D. Sanner, Christopher J. Engel, Peter A. Sandon, Alwood P. Williams, III
  • Patent number: 10885197
    Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: January 5, 2021
    Assignee: International Business Machines Corporation
    Inventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, Christopher J. Engel, William E. Hall
  • Patent number: 10838816
    Abstract: A method, system and computer program product are provided for detecting state and sparing of optical Peripheral Component Interconnect Express (PCI-Express or PCIE) cable channels attached to an IO drawer. System firmware is provided for implementing health check functions and state detection and sparing functions. One or more optical cables are connected between a host bridge and an PCIE enclosure, each optical cable includes one or more spare optical channels. An identified failed optical channel is rerouted to the spare optical channel.
    Type: Grant
    Filed: November 29, 2017
    Date of Patent: November 17, 2020
    Assignee: International Business Machines Corporation
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Christoper J. Engel, Kaveh Naderi, Gregory M. Nordstrom, Harald Pross, Thomas R. Sand
  • Publication number: 20200099536
    Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a trusted platform module (TPM) provisioned with a platform certificate and a signed attestation key (AK) certificate and is accessible to firmware on the compute node. One compute node is assigned the role of master compute node (MCN), with the other compute node(s) each assigned the role of slave compute node (SCN). A quote request is sent from the MCN to each SCN under control of firmware on the MCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN under control of firmware on the respective SCN, wherein the quote response includes the AK certificate of the respective SCN's TPM.
    Type: Application
    Filed: September 21, 2018
    Publication date: March 26, 2020
    Inventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, Christopher J. Engel, William E. Hall
  • Publication number: 20200097661
    Abstract: Method, apparatus, and computer program product are provided for merging multiple compute nodes with trusted platform modules (TPMs) utilizing an authentication protocol with active TPM provisioning. In some embodiments, compute nodes are connected to be available for merger into a single multi-node system. Each compute node includes a TPM accessible to firmware on the node. One compute node is assigned the role of master compute node (MCN), with the other node(s) each assigned the role of slave compute node (SCN). Active TPM provisioning in each SCN produces key information that is sent to the MCN to enable use of a challenge/response exchange with each SCN. A quote request is sent from the MCN to each SCN. In response to receiving the quote request, a quote response is sent from each respective SCN to the MCN, wherein the quote response includes slave TPM content along with TPM logs and associated signatures.
    Type: Application
    Filed: September 21, 2018
    Publication date: March 26, 2020
    Inventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, Christopher J. Engel, William E. Hall
  • Publication number: 20200067912
    Abstract: A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.
    Type: Application
    Filed: August 21, 2018
    Publication date: February 27, 2020
    Inventors: Timothy R. Block, Elaine R. Palmer, Kenneth A. Goldman, William E. Hall, Hugo M. Krawczyk, David D. Sanner, Christopher J. Engel, Peter A. Sandon, Alwood P. Williams, III
  • Publication number: 20180081761
    Abstract: A method, system and computer program product are provided for detecting state and sparing of optical Peripheral Component Interconnect Express (PCI-Express or PCIE) cable channels attached to an IO drawer. System firmware is provided for implementing health check functions and state detection and sparing functions. One or more optical cables are connected between a host bridge and an PCIE enclosure, each optical cable includes one or more spare optical channels. An identified failed optical channel is rerouted to the spare optical channel.
    Type: Application
    Filed: November 29, 2017
    Publication date: March 22, 2018
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Christoper J. Engel, Kaveh Naderi, Gregory M. Nordstrom, Harald Pross, Thomas R. Sand
  • Patent number: 9891998
    Abstract: A method, system and computer program product are provided for detecting state and sparing of optical Peripheral Component Interconnect Express (PCI-Express or PCIE) cable channels attached to an IO drawer. System firmware is provided for implementing health check functions and state detection and sparing functions. One or more optical cables are connected between a host bridge and an PCIE enclosure, each optical cable includes one or more spare optical channels. An identified failed optical channel is rerouted to the spare optical channel.
    Type: Grant
    Filed: September 26, 2015
    Date of Patent: February 13, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Christopher J. Engel, Kaveh Naderi, Gregory M. Nordstrom, Harald Pross, Thomas R. Sand
  • Patent number: 9697166
    Abstract: A method, system and computer program product are provided for implementing health check for optical cable attached Peripheral Component Interconnect Express (PCIE) enclosures in a computer system. System firmware is provided for implementing health check functions. One or more optical cables are connected between a host bridge and a PCIE enclosure. A PCIE link to the PCIE enclosure is reset responsive to a predefined event. After a set delay, a PCIE link health check is performed verifying PCIE link width and speed.
    Type: Grant
    Filed: November 21, 2014
    Date of Patent: July 4, 2017
    Assignee: International Business Machines Corporation
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Christopher J. Engel, Kaveh Naderi, Harald Pross, Thomas R. Sand
  • Patent number: 9697167
    Abstract: A method, system and computer program product are provided for implementing health check for optical cable attached Peripheral Component Interconnect Express (PCIE) enclosures in a computer system. System firmware is provided for implementing health check functions. One or more optical cables are connected between a host bridge and a PCIE enclosure. A PCIE link to the PCIE enclosure is reset responsive to a predefined event. After a set delay, a PCIE link health check is performed verifying PCIE link width and speed.
    Type: Grant
    Filed: March 19, 2016
    Date of Patent: July 4, 2017
    Assignee: International Business Machines Corporation
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Christopher J. Engel, Kaveh Naderi, Harald Pross, Thomas R. Sand
  • Patent number: 9582366
    Abstract: A method, system and computer program product are provided for detecting state and sparing of optical Peripheral Component Interconnect Express (PCI-Express or PCIE) cable channels attached to an IO drawer. System firmware is provided for implementing health check functions and state detection and sparing functions. One or more optical cables are connected between a host bridge and a PCIE enclosure, each optical cable includes one or more spare optical channels. An identified failed optical channel is rerouted to the spare optical channel.
    Type: Grant
    Filed: November 21, 2014
    Date of Patent: February 28, 2017
    Assignee: International Business Machines Corporation
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Christopher J. Engel, Kaveh Naderi, Gregory M. Nordstrom, Harald Pross, Thomas R. Sand
  • Publication number: 20160203100
    Abstract: A method, system and computer program product are provided for implementing health check for optical cable attached Peripheral Component Interconnect Express (PCIE) enclosures in a computer system. System firmware is provided for implementing health check functions. One or more optical cables are connected between a host bridge and a PCIE enclosure. A PCIE link to the PCIE enclosure is reset responsive to a predefined event. After a set delay, a PCIE link health check is performed verifying PCIE link width and speed.
    Type: Application
    Filed: March 19, 2016
    Publication date: July 14, 2016
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Christopher J. Engel, Kaveh Naderi, Harald Pross, Thomas R. Sand
  • Publication number: 20160147705
    Abstract: A method, system and computer program product are provided for implementing health check for optical cable attached Peripheral Component Interconnect Express (PCIE) enclosures in a computer system. System firmware is provided for implementing health check functions. One or more optical cables are connected between a host bridge and a PCIE enclosure. A PCIE link to the PCIE enclosure is reset responsive to a predefined event. After a set delay, a PCIE link health check is performed verifying PCIE link width and speed.
    Type: Application
    Filed: November 21, 2014
    Publication date: May 26, 2016
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Christopher J. Engel, Kaveh Naderi, Harald Pross, Thomas R. Sand
  • Publication number: 20160147606
    Abstract: A method, system and computer program product are provided for detecting state and sparing of optical Peripheral Component Interconnect Express (PCI-Express or PCIE) cable channels attached to an IO drawer. System firmware is provided for implementing health check functions and state detection and sparing functions. One or more optical cables are connected between a host bridge and an PCIE enclosure, each optical cable includes one or more spare optical channels. An identified failed optical channel is rerouted to the spare optical channel.
    Type: Application
    Filed: September 26, 2015
    Publication date: May 26, 2016
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Christopher J. Engel, Kaveh Naderi, Gregory M. Nordstrom, Harald Pross, Thomas R. Sand
  • Publication number: 20160147628
    Abstract: A method, system and computer program product are provided for detecting state and sparing of optical Peripheral Component Interconnect Express (PCI-Express or PCIE) cable channels attached to an IO drawer. System firmware is provided for implementing health check functions and state detection and sparing functions. One or more optical cables are connected between a host bridge and a PCIE enclosure, each optical cable includes one or more spare optical channels. An identified failed optical channel is rerouted to the spare optical channel.
    Type: Application
    Filed: November 21, 2014
    Publication date: May 26, 2016
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Christopher J. Engel, Kaveh Naderi, Gregory M. Nordstrom, Harald Pross, Thomas R. Sand
  • Patent number: 9088569
    Abstract: Systems and methods to manage access to shared resources are provided. A particular method may include receiving a request to access a shared resource from a first client of a plurality of clients and determining whether the shared resource is being used. A first window credential associated with the first client may be retrieved. The first window credential may be one of a plurality of window credentials associated with the plurality of clients. The first window credential may be used to access the shared resource.
    Type: Grant
    Filed: May 12, 2011
    Date of Patent: July 21, 2015
    Assignee: International Business Machines Corporation
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Leonardo Letourneaut, Timothy J. Schimke
  • Patent number: 9081764
    Abstract: A method, system and computer program product are provided for implementing memory migration of large system memory pages in a computer system. A large page to be migrated from a current location to a target location is converted into a plurality of smaller subpages for a processor or system page table. The migrated page is divided into first, second and third segments, each segment composed of the smaller subpages and each respective segment changes as each individual subpage is migrated. CPU and I/O accesses to respective subpages of the first segment are directed to corresponding subpages of the target page or new page. I/O accesses to respective subpages of the second segment use a dual write mode targeting corresponding subpages of both the current page and the target page. CPU and I/O accesses to the subpages of the third segment access the corresponding subpages of the current page.
    Type: Grant
    Filed: June 21, 2011
    Date of Patent: July 14, 2015
    Assignee: International Business Machines Corporation
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Leonardo Letourneaut, Timothy J. Schimke
  • Publication number: 20140068734
    Abstract: Systems and methods to manage access to shared resources are provided. A particular method may include receiving a request to access a shared resource from a first client of a plurality of clients and determining whether the shared resource is being used. A first window credential associated with the first client may be retrieved. The first window credential may be one of a plurality of window credentials associated with the plurality of clients. The first window credential may be used to access the shared resource.
    Type: Application
    Filed: May 12, 2011
    Publication date: March 6, 2014
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jesse P. Arroyo, Ellen M. Bauman, Timothy R. Block, Leonardo Letourneaut, Timothy J. Schimke
  • Patent number: 8553690
    Abstract: Processing multicast messages in a data processing system that includes compute nodes, each of which includes a communications controller, the communications controllers operatively coupled for data communications amongst the compute nodes, each compute node in the data processing system executing at least one logical partition, the data processing system including a hypervisor, where multicast messages are processed by receiving, by more than one of the communications controllers, a multicast message; responsive to receipt of the multicast message, signaling, by one of the communications controllers, an interrupt in the hypervisor without signaling an interrupt by any other communications controller; determining, by the hypervisor, that the message received by the interrupt signaling communications controller is a multicast message; and providing, by the hypervisor, the multicast message to at least one logical partition configured to receive multicast messages.
    Type: Grant
    Filed: December 15, 2010
    Date of Patent: October 8, 2013
    Assignee: International Business Machines Corporation
    Inventors: Jesse P. Arroyo, Timothy R. Block, Leonardo Letourneaut, Timothy J. Schimke