Patents by Inventor Viktor Mihajlovski
Viktor Mihajlovski has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11829495Abstract: A secure guest of a computing environment requests confidential data. The confidential data is included in metadata of the secure guest, which is stored in a trusted execution environment of the computing environment. Based on the request, the confidential data is obtained from the metadata of the secure guest that is stored in the trusted execution environment.Type: GrantFiled: August 5, 2021Date of Patent: November 28, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jonathan D. Bradbury, Reinhard Theodor Buendgen, Janosch Andreas Frank, Marc Hartmayer, Viktor Mihajlovski
-
Publication number: 20230043503Abstract: A secure guest of a computing environment requests confidential data. The confidential data is included in metadata of the secure guest, which is stored in a trusted execution environment of the computing environment. Based on the request, the confidential data is obtained from the metadata of the secure guest that is stored in the trusted execution environment.Type: ApplicationFiled: August 5, 2021Publication date: February 9, 2023Inventors: Jonathan D. Bradbury, Reinhard Theodor Buendgen, Janosch Andreas Frank, Marc Hartmayer, Viktor Mihajlovski
-
Patent number: 11574060Abstract: An initial program load of a system component of a computing environment is performed. A determination is made as to whether one or more signatures of one or more signed binary code components relating to the system component are verified. Based on determining that the one or more signatures are verified, additional verification is performed. The additional verification includes obtaining a select binary code component of one or more binary code components relating to the system component and determining whether the select binary code component is a particular signed binary code component. Based on determining that the select binary code component is the particular signed binary code component, a check is performed. The initial program load is continued based on a successful check.Type: GrantFiled: April 24, 2019Date of Patent: February 7, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Louis P. Gomes, Martin Schwidefsky, Reinhard T. Buendgen, Viktor Mihajlovski
-
Patent number: 11354418Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.Type: GrantFiled: March 8, 2019Date of Patent: June 7, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Reinhard T. Buendgen, Christian Borntraeger, Jonathan D. Bradbury, Fadi Y. Busaba, Lisa C. Heller, Viktor Mihajlovski
-
Patent number: 11075980Abstract: Operating a node cluster system with a plurality of nodes in a network, wherein the cluster system appears to be a single node with only one specific network address to its network environment. Providing a shared socket database for linking network connection port identifications of a common set of network connection port identifications to the individual nodes, assigning a master function to one of the nodes, sending incoming traffic to all nodes of the cluster system wherein each node verifies its responsibility for this traffic individually, exclusive assignment of a network connection port to the responsible node for the duration of a connection of the corresponding application process by means of the corresponding network connection port identification and the link established by the shared socket database and processing of the traffic by the responsible node or otherwise by the node having the master function.Type: GrantFiled: April 23, 2012Date of Patent: July 27, 2021Assignee: International Business Machines CorporationInventors: Utz Bacher, Einar Lueck, Viktor Mihajlovski
-
Patent number: 10970100Abstract: A method for starting a secure guest includes receiving, by a hypervisor that is executing on a host server, a request to dispatch a virtual machine (VM) on the host server. The VM is dispatched on the host server by the hypervisor. The VM includes a reboot instruction. The reboot instruction is triggered by the hypervisor to restart the VM in a secure mode.Type: GrantFiled: March 8, 2019Date of Patent: April 6, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Viktor Mihajlovski, Claudio Imbrenda
-
Publication number: 20200342111Abstract: An initial program load of a system component of a computing environment is performed. A determination is made as to whether one or more signatures of one or more signed binary code components relating to the system component are verified. Based on determining that the one or more signatures are verified, additional verification is performed. The additional verification includes obtaining a select binary code component of one or more binary code components relating to the system component and determining whether the select binary code component is a particular signed binary code component. Based on determining that the select binary code component is the particular signed binary code component, a check is performed. The initial program load is continued based on a successful check.Type: ApplicationFiled: April 24, 2019Publication date: October 29, 2020Inventors: Louis P. Gomes, Martin Schwidefsky, Reinhard T. Buendgen, Viktor Mihajlovski
-
Publication number: 20200285492Abstract: A method for starting a secure guest includes receiving, by a hypervisor that is executing on a host server, a request to dispatch a virtual machine (VM) on the host server. The VM is dispatched on the host server by the hypervisor. The VM includes a reboot instruction. The reboot instruction is triggered by the hypervisor to restart the VM in a secure mode.Type: ApplicationFiled: March 8, 2019Publication date: September 10, 2020Inventors: Viktor Mihajlovski, Claudio Imbrenda
-
Publication number: 20200285753Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.Type: ApplicationFiled: March 8, 2019Publication date: September 10, 2020Inventors: Reinhard T. BUENDGEN, Christian BORNTRAEGER, Jonathan D. BRADBURY, Fadi Y. BUSABA, Lisa C. HELLER, Viktor MIHAJLOVSKI
-
Patent number: 8972538Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.Type: GrantFiled: April 28, 2012Date of Patent: March 3, 2015Assignee: International Business Machines CorporationInventors: Ingo Adlung, Stefan Amann, Christine Axnix, Friedemann Baitinger, Jeffrey A. Frey, Joseph M. Gdaniec, Carl Mayer, Viktor Mihajlovski, Jerry W. Stevens, Friedrich M. Welter
-
Patent number: 8966020Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.Type: GrantFiled: November 2, 2010Date of Patent: February 24, 2015Assignee: International Business Machines CorporationInventors: Ingo Adlung, Stefan Amann, Christine Axnix, Friedemann Baitinger, Jeff A. Frey, Joseph M. Gdaniec, Carl Mayer, Viktor Mihajlovski, Jerry W. Stevens, Friedrich M. Welter
-
Publication number: 20120215921Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.Type: ApplicationFiled: April 28, 2012Publication date: August 23, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ingo Adlung, Stefan Amann, Christine Axnix, Friedemann Baitinger, Jeffrey A. Frey, Joseph M. Gdaniec, Carl Mayer, Viktor Mihajlovski, Jerry W. Stevens, Friedrich M. Welter
-
Publication number: 20120209937Abstract: Operating a node cluster system with a plurality of nodes in a network, wherein the cluster system appears to be a single node with only one specific network address to its network environment. Providing a shared socket database for linking network connection port identifications of a common set of network connection port identifications to the individual nodes, assigning a master function to one of the nodes, sending incoming traffic to all nodes of the cluster system wherein each node verifies its responsibility for this traffic individually, exclusive assignment of a network connection port to the responsible node for the duration of a connection of the corresponding application process by means of the corresponding network connection port identification and the link established by the shared socket database and processing of the traffic by the responsible node or otherwise by the node having the master function.Type: ApplicationFiled: April 23, 2012Publication date: August 16, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Utz Bacher, Einar Lueck, Viktor Mihajlovski
-
Publication number: 20120151018Abstract: Operating a node cluster system with a plurality of nodes in a network, wherein the cluster system appears to be a single node with only one specific network address to its network environment. Providing a shared socket database for linking network connection port identifications of a common set of network connection port identifications to the individual nodes, assigning a master function to one of the nodes, sending incoming traffic to all nodes of the cluster system wherein each node verifies its responsibility for this traffic individually, exclusive assignment of a network connection port to the responsible node for the duration of a connection of the corresponding application process by means of the corresponding network connection port identification and the link established by the shared socket database and processing of the traffic by the responsible node or otherwise by the node having the master function.Type: ApplicationFiled: November 30, 2011Publication date: June 14, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Utz Bacher, Einar Lueck, Viktor Mihajlovski
-
Publication number: 20120110154Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.Type: ApplicationFiled: November 2, 2010Publication date: May 3, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ingo Adlung, Stefan Amann, Christine Axnix, Friedemann Baitinger, Jeffrey A. Frey, Joseph M. Gdaniec, Carl Mayer, Viktor Mihajlovski, Jerry W. Stevens, Friedrich M. Welter
-
Publication number: 20020019824Abstract: A method and system for generically describing and manipulating arbitrary data structures. The method comprises the steps of reading resource-specific information from a resource-specifying source (e.g., an XWL file); specifying the structure comprising the resources; generating hierarchical control information (for example, a tree reflecting the structure); and enabling an access to a desired resource by calling a resource access performer with a respective reference to the resource.Type: ApplicationFiled: April 11, 2001Publication date: February 14, 2002Applicant: International Business Machines CorporationInventors: Karl-Hans Holder, Ruediger Kirsch, Viktor Mihajlovski