-
公开(公告)号:US11892938B2
公开(公告)日:2024-02-06
申请号:US16819881
申请日:2020-03-16
Applicant: International Business Machines Corporation
Inventor: Matthew Green , Narayana Aditya Madineni , Michael W. Gray , Leigh S. McLean
CPC classification number: G06F11/3636 , G06F11/3664 , G06N3/045 , G06N3/088
Abstract: An analyzer system inputs parameter values from trace files of a software application into an autoencoder. The analyzer system adjusts weights of the edges between nodes in the autoencoder until reconstruction errors in outputs are minimized. The analyzer system receives a selection of a parameter represented in an autoencoder. In response, the analyzer system identifies hidden layer nodes connected to an output node corresponding to the selected parameter and identifies other output nodes connected to the hidden layer nodes. The analyzer system retrieves weights assigned to edges between the hidden layer nodes and the other output nodes. The analyzer system calculates correlation values between the output node corresponding to the selected parameter and each of the other output nodes and outputs the correlation values. A user can use the correlation values to better direct the root cause analysis.
-
公开(公告)号:US11757659B2
公开(公告)日:2023-09-12
申请号:US17108236
申请日:2020-12-01
Applicant: International Business Machines Corporation
Inventor: Michael W. Gray , Narayana Aditya Madineni , Simon D. McMahon , Matthew Green , Peter T. Waltenberg
CPC classification number: H04L9/3265 , H04L9/0825 , H04L9/0852 , H04L9/3247
Abstract: A method, a computer program product, and a system for binding post-quantum certificates to traditional certificates. The method includes selecting a traditional certificate in a certificate chain owned by an owner. The method also includes calculating a fingerprint of the traditional certificate. The method further includes generating a post-quantum certificate with identical information fields as the traditional certificate, and populating a serial number of the post-quantum certificate using the fingerprint. The post-quantum certificate acts as an extension of the first traditional certificate providing authentication and validation between a client and a server using post-quantum capable signing algorithms.
-
公开(公告)号:US20220209950A1
公开(公告)日:2022-06-30
申请号:US17137656
申请日:2020-12-30
Applicant: International Business Machines Corporation
Inventor: Michael W. Gray , Simon D. McMahon , Narayana Aditya Madineni , Matthew Green , Peter T. Waltenberg
Abstract: In an approach for securing data, a processor publishes a traditional public key in a traditional certificate and a PQC public key in a PQC certificate. A processor encrypts data with a hybrid shared secret, the hybrid shared secret generated with a key derivation function by using a traditional shared secret based on the traditional public key and a PQC shared secret based on the PQC public key. A processor decrypts the data with the hybrid shared secret based on a traditional private key and a PQC private key. A processor signs the data with a traditional signature followed by a PQC signature.
-
公开(公告)号:US11374975B2
公开(公告)日:2022-06-28
申请号:US16919254
申请日:2020-07-02
Applicant: International Business Machines Corporation
Inventor: Michael W. Gray , Narayana Aditya Madineni , Simon D. McMahon , Matthew Green , Leigh S. McLean , Peter T. Waltenberg
Abstract: A method and a system for integrating post quantum cryptographic algorithms into TLS. The method includes transmitting a client hello message to a server including a request for post quantum cryptographic (PQC) mode of operation and a PQC public client key, receiving a server hello message from the server in response to the client hello message including a PQC server key exchange generated from the PQC public client key. The method includes determining the server hello message includes an authorization to operate the PQC mode of operation. The method also includes transmitting a second client hello message to the server including a PQC encrypted client key share. The PQC encrypted client key share is encrypted using a client encryption key. The method includes receiving a second server hello message that includes a PQC encrypted server key share and decrypting the PQC encrypted server key share using a server encryption key.
-
公开(公告)号:US11153299B2
公开(公告)日:2021-10-19
申请号:US16297830
申请日:2019-03-11
Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
Inventor: Michael W. Gray , Narayana A. Madineni , Simon D. McMahon , Leigh S. McLean , Luvita Burgess , Stephen J. McKenzie , Matthew Green , Peter T. Waltenberg
Abstract: A method, computer system, and a computer program product for secure transport of data is provided. The present invention may include defining a trust relationship based on a secret. The present invention may also include associating a trusted transport key identity (TTKI) based on the defined trust relationship. The present invention may then include receiving a trusted transport key (TTK), wherein the TTK is digitally signed and encrypted with the TTKI. The present invention may further include verifying the digitally signed TTK. The present invention may also include enveloping the secret with the TTK.
-
Patent Agency Ranking
公开(公告)号:US20200145215A1
公开(公告)日:2020-05-07
申请号:US16180595
申请日:2018-11-05
Applicant: International Business Machines Corporation
Inventor: Simon McMahon , Narayana Madineni , Michael W. Gray , Leigh McLean , Matthew Green , Luvita Burgess , Stephen J. McKenzie , Peter Waltenberg
Abstract: Secure password lock and recovery is provided. A user password is received to access a secure resource protected by a data processing system. It is determined whether a match exists between a retrieved user password verification string corresponding to a valid user password from a storage of a software token and a generated user password verification string corresponding to the user password. In response to determining that a match does not exist between the retrieved user password verification string and the generated user password verification string, it is determined whether a defined number of user password authentication attempts has been exceeded. In response to determining that the defined number of user password authentication attempts has been exceeded, the retrieved user password verification string is set to a preestablished sequence of values locking the valid user password on the storage of the software token. Access to the secure resource is denied.
-
公开(公告)号:US11683182B2
公开(公告)日:2023-06-20
申请号:US16869783
申请日:2020-05-08
Applicant: International Business Machines Corporation
Inventor: Michael W. Gray , Narayana Aditya Madineni , Simon D. McMahon , Matthew Green , Stephen J. McKenzie , Michael James Thomas
CPC classification number: H04L9/3242 , H04L9/088 , H04L2209/08
Abstract: A method, a computer program product, and a system for embedding a message in a random value. The method includes generating a random value and applying a hash function to the random value to produce a hash value. Starting with the hash value, the method further includes reapplying the hash function in an iterative or recursive manner, with a new hash value produced by the hash function acting as an initial value that is applied to the hash function for a next iteration, until a bit sequence representing a message is produced in a message hash value. The method further includes utilizing the message hash value as a new random value that can be used by an encryption algorithm.
-
公开(公告)号:US20230080104A1
公开(公告)日:2023-03-16
申请号:US17445842
申请日:2021-08-25
Applicant: International Business Machines Corporation
Inventor: Michael W. Gray , Narayana Aditya Madineni , Leigh S. McLean , LUVITA BURGESS
Abstract: Establishing a transfer mode between devices for large bulk records over a TLS protocol by fragmenting an encrypted bulk record into a set of pre-defined block sizes for convenient transfer. The pre-defined block sizes are specifically sized to indicate a beginning and an end of the transfer of the associated blocks making up the large bulk record. A middle box is unaware of the association between the blocks and permits transfer according to the maximum transmission unit of the TLS protocol. The fragmented bulk record is reconstructed and decrypted for use after the transfer.
-
公开(公告)号:US20230070421A1
公开(公告)日:2023-03-09
申请号:US17469356
申请日:2021-09-08
Applicant: International Business Machines Corporation
Inventor: Michael W. Gray , Narayana Aditya Madineni , Leigh S. McLean , Stephen J. MCKENZIE
IPC: H04L29/08
Abstract: In an approach to efficient concurrent TLS data streams, a parent connection is established by performing a normal TLS handshake. A concurrent mode of operation is negotiated, where one or more child connections are established without using the TLS handshake. The one or more child connections are associated to the parent connection. Child application traffic secrets are derived for each child connection of the one or more child connections from application traffic secrets of the parent.
-
公开(公告)号:US20230044935A1
公开(公告)日:2023-02-09
申请号:US17397261
申请日:2021-08-09
Applicant: International Business Machines Corporation
Inventor: Narayana Aditya Madineni , Michael W. Gray , Matthew Green , LUVITA BURGESS
Abstract: A computer system determines stack usage. An intercept function is executed to store a stack marker in a stack, wherein the intercept function is invoked when a program enters or exits each function of a plurality of functions of the program. A plurality of stack markers are identified in the stack and a memory address is determined for each stack marker during execution of the program to obtain a plurality of memory addresses. The plurality of memory addresses are analyzed to identify a particular memory address associated with a greatest stack depth. A stack usage of the program is determined based on the greatest stack depth. Embodiments of the present invention further include a method and program product for determining stack usage in substantially the same manner described above.
-
-
-
-
-
-
-
-
-
Search Results
34
records
(took 0.021 seconds)
