Patents by Inventor Utz Bacher
Utz Bacher has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11968169Abstract: One or more computer processors receive a domain name system (DNS) request in response to a client connecting to a compute resource. The one or more computer processors decoding the DNS request into one or more provision parameters. The one or more computer processors determining that the compute resource is unavailable for a connection with the client utilizing the identified IP address. The one or more computer processors, responsive to determining that the compute resource is not available or not ready, provisioning and deploying a new compute resource according to the one or more decoded provision parameters, wherein the new compute resource is available to the client under the identified IP address.Type: GrantFiled: June 14, 2023Date of Patent: April 23, 2024Assignee: International Business Machines CorporationInventors: Utz Bacher, Michael Behrendt, Ismael Faro Sertage
-
Publication number: 20240121273Abstract: A computer implemented method for generating a dispatch datagram is disclosed. The computer implemented method includes receiving, at a dispatcher, a request from a client. The method further includes generating an authorization header based on the received request. The authorization header includes one or more rules for handling the request. The method further includes wrapping the received request and the generated authorization header together to generate a dispatch datagram.Type: ApplicationFiled: December 20, 2023Publication date: April 11, 2024Inventors: Mansura HABIBA, Shyamal Kumar SAHA, Bashar AKIL, Utz BACHER
-
Patent number: 11902331Abstract: A computer implemented method for generating a dispatch datagram is disclosed. The computer implemented method includes receiving, at a dispatcher, a request from a client. The method further includes generating an authorization header based on the received request. The authorization header includes one or more rules for handling the request. The method further includes wrapping the received request and the generated authorization header together to generate a dispatch datagram.Type: GrantFiled: August 6, 2021Date of Patent: February 13, 2024Assignee: KYNDRYL, INC.Inventors: Mansura Habiba, Shyamal Kumar Saha, Bashar Akil, Utz Bacher
-
Publication number: 20230171089Abstract: A computer-implemented method for providing a secure data access service that encrypts data is disclosed. The method includes: wrapping a data encryption key by at least two customer root keys, wherein the at least two customer root keys are assigned to different user identifiers, and wherein the at least two customer root keys are stored in different hardware security modules, and wherein a wrapping structure for the at least two customer root keys is applied according to an access policy that defines which of the assigned user identifiers must concur to enable a data access to the encrypted data by the secure data access service; and encrypting the data by the secure data access service using the unwrapped data encryption key.Type: ApplicationFiled: November 29, 2021Publication date: June 1, 2023Inventors: Dwarkanath P. RAO, Utz BACHER
-
Patent number: 11635991Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving a query for an amount of storage in memory of a computer system to be donated to a secure interface control of the computer system. The secure interface control can determine the amount of storage to be donated based on a plurality of secure entities supported by the secure interface control as a plurality of predetermined values. The secure interface control can return a response to the query indicative of the amount of storage as a response to the query. A donation of storage to secure for use by the secure interface control can be received based on the response to the query.Type: GrantFiled: May 17, 2021Date of Patent: April 25, 2023Assignee: International Business Machines CorporationInventors: Utz Bacher, Reinhard Theodor Buendgen, Jonathan D. Bradbury, Lisa Cranton Heller, Fadi Y. Busaba
-
Publication number: 20230039176Abstract: A computer implemented method for generating a dispatch datagram is disclosed. The computer implemented method includes receiving, at a dispatcher, a request from a client. The method further includes generating an authorization header based on the received request. The authorization header includes one or more rules for handling the request. The method further includes wrapping the received request and the generated authorization header together to generate a dispatch datagram.Type: ApplicationFiled: August 6, 2021Publication date: February 9, 2023Inventors: Mansura Habiba, Shyamal Kumar Saha, Bashar Akil, Utz Bacher
-
Patent number: 11531627Abstract: An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.Type: GrantFiled: March 8, 2019Date of Patent: December 20, 2022Assignee: International Business Machines CorporationInventors: Jonathan D. Bradbury, Lisa Cranton Heller, Utz Bacher, Fadi Y. Busaba
-
Publication number: 20220391418Abstract: A method, computer system, and a computer program product for operating at least one storage server. The present invention may include receiving an access request for at least one storage volume of at least one storage server. The present invention may include collecting data for the at least one storage volume, wherein the at least one storage volume has a corresponding unique volume identifier. The present invention may include storing at least the data for the at least one storage volume and the unique volume identifier in a database, the data being comprised of metadata and subset data, wherein the metadata is comprised of configuration and status information for the at least one storage volume, and wherein the subset data is a set of predefined selection criteria based on a respective computer server.Type: ApplicationFiled: June 8, 2021Publication date: December 8, 2022Inventors: Armin Fritsch, Holger Wittmann, Marcus Roskosch, Rene Funk, Utz Bacher
-
Patent number: 11475138Abstract: A computer-implemented method for creating a secure software container. The method comprises providing a first layered software container image, transforming all files, except corresponding metadata, of each layer of the first layered software container image into a volume, the volume comprises a set of blocks, wherein each layer comprises an incremental difference to a next lower layer, encrypting each block of the set of blocks of a portion of the layers, and storing each encrypted set of the blocks as a layer of an encrypted container image along with unencrypted metadata for rebuilding an order of the set of blocks equal to an order of the first layered software container image, so that a secure encrypted software container is created.Type: GrantFiled: January 9, 2020Date of Patent: October 18, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Utz Bacher, Reinhard Theodor Buendgen, Peter Morjan, Janosch Andreas Frank
-
Patent number: 11212341Abstract: A source IT-infrastructure hosts a composite application including multiple functional modules connected to each other via communication links. An abstract pattern includes first nodes and first links representing the functional modules and communication links and lacks resource-related data enabling a deployment engine to instantiate a resource for providing a runtime environment. A target IT-infrastructure has assigned a resource catalog including, for each resource available in the target IT-infrastructure, a specification of the resource's capabilities, and includes second nodes and links, each second node being a representation of one or more of the resources of the target IT-infrastructure and including an indication of the capabilities of one or more resources represented by the second node. The first nodes and links of the abstract pattern are iteratively supplemented by the second nodes and second links.Type: GrantFiled: January 16, 2020Date of Patent: December 28, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Utz Bacher, Einar Lueck, Stefan Raspl, Thomas Spatzier
-
Publication number: 20210271518Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving a query for an amount of storage in memory of a computer system to be donated to a secure interface control of the computer system. The secure interface control can determine the amount of storage to be donated based on a plurality of secure entities supported by the secure interface control as a plurality of predetermined values. The secure interface control can return a response to the query indicative of the amount of storage as a response to the query. A donation of storage to secure for use by the secure interface control can be received based on the response to the query.Type: ApplicationFiled: May 17, 2021Publication date: September 2, 2021Inventors: Utz Bacher, Reinhard Theodor Buendgen, Jonathan D. Bradbury, Lisa Cranton Heller, Fadi Y. Busaba
-
Patent number: 11075980Abstract: Operating a node cluster system with a plurality of nodes in a network, wherein the cluster system appears to be a single node with only one specific network address to its network environment. Providing a shared socket database for linking network connection port identifications of a common set of network connection port identifications to the individual nodes, assigning a master function to one of the nodes, sending incoming traffic to all nodes of the cluster system wherein each node verifies its responsibility for this traffic individually, exclusive assignment of a network connection port to the responsible node for the duration of a connection of the corresponding application process by means of the corresponding network connection port identification and the link established by the shared socket database and processing of the traffic by the responsible node or otherwise by the node having the master function.Type: GrantFiled: April 23, 2012Date of Patent: July 27, 2021Assignee: International Business Machines CorporationInventors: Utz Bacher, Einar Lueck, Viktor Mihajlovski
-
Patent number: 11068310Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving a query for an amount of storage in memory of a computer system to be donated to a secure interface control of the computer system. The secure interface control can determine the amount of storage to be donated based on a plurality of secure entities supported by the secure interface control as a plurality of predetermined values. The secure interface control can return a response to the query indicative of the amount of storage as a response to the query. A donation of storage to secure for use by the secure interface control can be received based on the response to the query.Type: GrantFiled: March 8, 2019Date of Patent: July 20, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Utz Bacher, Reinhard Theodor Buendgen, Jonathan D. Bradbury, Lisa Cranton Heller, Fadi Y. Busaba
-
Patent number: 10838755Abstract: A method and system for transparent secure interception handling is provided. The method and system include deploying a virtual machine (VM) in an environment comprising a hypervisor and a firmware. The method and system include providing buffers in response to deploying the VM, and include executing VM instructions. The method and system include intercepting VM instructions which require access to instruction data and copying the VM state into a shadow VM state. Furthermore, the instruction data is copied to buffers, and the intercepted VM instruction is executed using the buffer. The method and system also include updating the shadow VM state buffer and the VM data in the VM memory using result data in the buffer in response to the executing of the intercepted VM instruction results. Furthermore execution of the VM instructions is resumed based on a state stored in the shadow VM state buffer.Type: GrantFiled: June 7, 2018Date of Patent: November 17, 2020Assignee: International Business Machines CorporationInventors: Utz Bacher, Christian Borntraeger, Reinhard T. Buendgen, Dominik Dingel
-
Publication number: 20200285595Abstract: An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.Type: ApplicationFiled: March 8, 2019Publication date: September 10, 2020Inventors: Jonathan D. Bradbury, Lisa Cranton Heller, Utz Bacher, Fadi Y. Busaba
-
Publication number: 20200285518Abstract: According to one or more embodiments of the present invention, a computer implemented method includes receiving a query for an amount of storage in memory of a computer system to be donated to a secure interface control of the computer system. The secure interface control can determine the amount of storage to be donated based on a plurality of secure entities supported by the secure interface control as a plurality of predetermined values. The secure interface control can return a response to the query indicative of the amount of storage as a response to the query. A donation of storage to secure for use by the secure interface control can be received based on the response to the query.Type: ApplicationFiled: March 8, 2019Publication date: September 10, 2020Inventors: Utz Bacher, Reinhard Theodor Buendgen, Jonathan D. Bradbury, Lisa Cranton Heller, Fadi Y. Busaba
-
Publication number: 20200285501Abstract: A method is provided. The method is implemented by a communication interface of a secure interface control executing between the secure interface control of a computer and hardware of the computer/In this regard, the communication interface receives an instruction and determines whether the instruction is a millicoded instruction. Further, the communication interface enters a millimode comprising enabling the secure interface control to engage millicode of the hardware through the communication interface based on the instruction being the millicoded instruction.Type: ApplicationFiled: March 8, 2019Publication date: September 10, 2020Inventors: Lisa Cranton Heller, Fadi Y. Busaba, Jonathan D. Bradbury, Christian Borntraeger, Utz Bacher, Reinhard Theodor Buendgen
-
Publication number: 20200250319Abstract: A computer-implemented method for creating a secure software container. The method comprises providing a first layered software container image, transforming all files, except corresponding metadata, of each layer of the first layered software container image into a volume, the volume comprises a set of blocks, wherein each layer comprises an incremental difference to a next lower layer, encrypting each block of the set of blocks of a portion of the layers, and storing each encrypted set of the blocks as a layer of an encrypted container image along with unencrypted metadata for rebuilding an order of the set of blocks equal to an order of the first layered software container image, so that a secure encrypted software container is created.Type: ApplicationFiled: January 9, 2020Publication date: August 6, 2020Inventors: Utz Bacher, Reinhard Theodor Buendgen, Peter Morjan, Janosch Andreas Frank
-
Patent number: 10719352Abstract: A system and method for sharing services provides for generating one or more trigger conditions associated with a process executable in a source container having a source namespace in a source pod, executing the process in the source container, and when a trigger condition occurs, interrupting the executed process and moving the process into a target pod by switching from the source namespace of the source container to a target namespace of the target pod. The trigger condition may be associated with a service executable in a target container having the target namespace in the target pod.Type: GrantFiled: January 22, 2018Date of Patent: July 21, 2020Assignee: International Business Machines CorporationInventors: Utz Bacher, Dominik Dingel, Karsten Graul, Michael Holzheu, Rene Trumpp
-
Publication number: 20200153893Abstract: A source IT-infrastructure hosts a composite application including multiple functional modules connected to each other via communication links. An abstract pattern includes first nodes and first links representing the functional modules and communication links and lacks resource-related data enabling a deployment engine to instantiate a resource for providing a runtime environment. A target IT-infrastructure has assigned a resource catalog including, for each resource available in the target IT-infrastructure, a specification of the resource's capabilities, and includes second nodes and links, each second node being a representation of one or more of the resources of the target IT-infrastructure and including an indication of the capabilities of one or more resources represented by the second node. The first nodes and links of the abstract pattern are iteratively supplemented by the second nodes and second links.Type: ApplicationFiled: January 16, 2020Publication date: May 14, 2020Inventors: Utz Bacher, Einar Lueck, Stefan Raspl, Thomas Spatzier