专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20220269942A1 Privacy Enhancing Deep Learning Cloud Service Using a Trusted Execution Environment 有权
公开(公告)号：US20220269942A1
公开(公告)日：2022-08-25
申请号：US17743571
申请日：2022-05-13
申请人： International Business Machines Corporation
发明人： Zhongshu Gu , Heqing Huang , Jialong Zhang , Dong Su , Dimitrios Pendarakis , Ian M. Molloy
IPC分类号： G06N3/08 , G06F21/53 , G06F21/60 , G06N3/063
摘要： Mechanisms are provided to implement an enhanced privacy deep learning system framework (hereafter “framework”). The framework receives, from a client computing device, an encrypted first subnet model of a neural network, where the first subnet model is one partition of multiple partitions of the neural network. The framework loads the encrypted first subnet model into a trusted execution environment (TEE) of the framework, decrypts the first subnet model, within the TEE, and executes the first subnet model within the TEE. The framework receives encrypted input data from the client computing device, loads the encrypted input data into the TEE, decrypts the input data, and processes the input data in the TEE using the first subnet model executing within the TEE.

2. 发明授权

US11178237B2 Geolocation-based activation and de-activation of hardware and software functionalities in the cloud 有权
公开(公告)号：US11178237B2
公开(公告)日：2021-11-16
申请号：US16514286
申请日：2019-07-17
申请人： International Business Machines Corporation
发明人： Ashish Kundu , Dimitrios Pendarakis
IPC分类号： H04L29/08 , G06F9/50 , G06F16/215 , G06F16/9537 , H04L12/911 , H04W4/021 , H04W28/02
摘要： A method alters a computer resource while in a particular geolocation. One or more processors detect that a geolocation of a computer resource has changed from an initial geolocation to a new geolocation, where the computer resource is a virtual machine (VM). In response to detecting that the geolocation of the VM has changed from the initial geolocation to the new geolocation, the processor(s) reduce a functionality of the VM by reducing a quantity of processors and storage space available to the VM at the new geolocation as compared to the initial geolocation.

3. 发明授权

US11095454B2 Releasing secret information in a computer system 有权
公开(公告)号：US11095454B2
公开(公告)日：2021-08-17
申请号：US16139479
申请日：2018-09-24
申请人： International Business Machines Corporation
发明人： Kenneth A. Goldman , Dimitrios Pendarakis
IPC分类号： H04L29/06 , H04L9/32 , G06F9/455 , G06F21/55
摘要： A method, apparatus, computer system, and computer program product for releasing secret information. A client on a computer system performing an attestation to a server on another computer system. The client receives an authorization that authorizes releasing the secret information. The client releases the secret information from a co-processor on the computer system using the authorization received from the server.

4. 发明授权

US10671325B2 Selective secure deletion of data in distributed systems and cloud 审中-公开
公开(公告)号：US10671325B2
公开(公告)日：2020-06-02
申请号：US14925300
申请日：2015-10-28
申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION
发明人： Ashish Kundu , Dimitrios Pendarakis
IPC分类号： G06F3/06 , G06F21/60
摘要： A processor-implemented method, system, and/or computer program product deletes data from a storage device. One or more processors identify a component sensitivity level of a component, an input sensitivity level of a data input to the component, and an output sensitivity level of a data output from the component, where the data output is stored in a storage device. The processor(s) average the component sensitivity level, the input sensitivity level, and the output sensitivity level to establish a composite sensitivity level, determine a deletion mode for deleting the output data from the storage device based on the composite sensitivity level, and delete the output data from the storage device by utilizing the deletion mode.

5. 发明申请

US20190278907A1 PROTECTING COGNITIVE CODE AND CLIENT DATA IN A PUBLIC CLOUD VIA DEPLOYMENT OF DATA AND EXECUTABLES INTO A STATELESS SECURE PARTITION 审中-公开
公开(公告)号：US20190278907A1
公开(公告)日：2019-09-12
申请号：US15917619
申请日：2018-03-10
申请人： International Business Machines Corporation
发明人： Richard H. Boivie , Jonathan D. Bradbury , William E. Hall , Guerney D. H. Hunt , Jentje Leenstra , Jeb R. Linton , James A. O'Connor, JR. , Elaine R. Palmer , Dimitrios Pendarakis
IPC分类号： G06F21/53 , H04L29/08 , H04L29/06 , H04L9/32 , H04L9/30 , G06F21/78 , G06F21/12
摘要： A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory. The appliance SVM processes the commands without ever saving any persistent state of the application data. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

6. 发明授权

US10171452B2 Server authentication using multiple authentication chains 有权
公开(公告)号：US10171452B2
公开(公告)日：2019-01-01
申请号：US15087486
申请日：2016-03-31
申请人： International Business Machines Corporation
发明人： Dimitrios Pendarakis , Enriquillo Valdez
IPC分类号： H04L29/06
摘要： A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.

7. 发明申请

US20180300479A1 SECURITY WITHIN A SOFTWARE-DEFINED INFRASTRUCTURE 审中-公开
公开(公告)号：US20180300479A1
公开(公告)日：2018-10-18
申请号：US16015766
申请日：2018-06-22
申请人： International Business Machines Corporation
发明人： Brad L. Brech , Scott W. Crowder , Hubertus Franke , Nagui Halim , Matt R. Hogstrom , Chung-Sheng Li , Pratap C. Pattnaik , Dimitrios Pendarakis , Josyula R. Rao , Radha P. Ratnaparkhi , Michael D. Williams
IPC分类号： G06F21/55 , G06F9/50 , G06F9/455
CPC分类号： G06F21/554 , G06F9/45558 , G06F9/5083 , G06F21/55 , G06F2009/4557 , G06F2009/45587 , G06F2221/034
摘要： There is a computer program product and computer system that includes program instructions programmed to establish a security container describing a workload and a set of resources in a software-defined environment, the security container including a set of sub-containers that are self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container, each sub-container of the set of sub-containers respectively corresponds to a resource-divisible portion of the workload, the set of resources being required by the workload, wherein a sub-container of the set of sub-containers is an operating system sub-container; monitor the workload and the set of resources for security events; and responsive to identifying a security event, adjust isolation mechanisms provided by the plurality of sub-containers at various layers of a stack. The set of sub-containers represents an end-to-end run time environment for processing the workload using the set of resources.

8. 发明申请

US20180300478A1 SECURITY WITHIN A SOFTWARE-DEFINED INFRASTRUCTURE 审中-公开
公开(公告)号：US20180300478A1
公开(公告)日：2018-10-18
申请号：US16015619
申请日：2018-06-22
申请人： International Business Machines Corporation
发明人： Brad L. Brech , Scott W. Crowder , Hubertus Franke , Nagui Halim , Matt R. Hogstrom , Chung-Sheng Li , Pratap C. Pattnaik , Dimitrios Pendarakis , Josyula R. Rao , Radha P. Ratnaparkhi , Michael D. Williams
IPC分类号： G06F21/55 , G06F9/50 , G06F9/455
CPC分类号： G06F21/554 , G06F9/45558 , G06F9/5083 , G06F21/55 , G06F2009/4557 , G06F2009/45587 , G06F2221/034
摘要： There is a computer program product and computer system that includes program instructions programmed to identify, in a software-defined environment, a security container describing a workload and a set of resources required by the workload, the security container including self-describing sub-containers having associated metadata describing content of a respectively corresponding sub-container; determine, for the workload, a set of resource-divisible portions of the workload including a compute-resource portion; generate a plurality of sub-containers within the security container, a sub-container within the plurality of sub-containers being a self-describing sub-container having associated metadata describing the content of the sub-container representing only one resource-divisible portion, the sub-container being an operating system sub-container; and responsive to identifying a security event while processing the workload, adjust a security mechanism associated with the security container. The plurality of sub-containers represents an end-to-end run time environment for processing the workload.

9. 发明申请

US20160283713A1 SECURITY WITHIN A SOFTWARE-DEFINED INFRASTRUCTURE 有权
标题翻译：在软件定义的基础设施中的安全性
公开(公告)号：US20160283713A1
公开(公告)日：2016-09-29
申请号：US14667877
申请日：2015-03-25
申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION
发明人： Brad L. Brech , Scott W. Crowder , Hubertus Franke , Nagui Halim , Matt R. Hogstrom , Chung-Sheng Li , Pratap C. Pattnaik , Dimitrios Pendarakis , Josyula R. Rao , Radha P. Ratnaparkhi , Michael D. Williams
IPC分类号： G06F21/55 , G06F9/50
CPC分类号： G06F21/554 , G06F9/45558 , G06F9/5083 , G06F21/55 , G06F2009/4557 , G06F2009/45587 , G06F2221/034
摘要： There is a method and system that includes establishing a security container that describes a workload and a set of resources that corresponds to the workload in a software-defined environment, determining a set of security criteria for the security container, monitoring the workload and the set of resources for security events based, at least in part, upon the set of security criteria, and responsive to identifying a security event, adjusting one or more security mechanisms. The steps of monitoring and adjusting are operated within the software-defined environment.
摘要翻译：存在一种方法和系统，其包括建立一个安全容器，其描述与软件定义的环境中的工作负载对应的工作负载和一组资源，确定安全容器的一组安全标准，监视工作负载和集合至少部分地基于所述一组安全标准，以及响应于识别安全事件，调整一个或多个安全机制的用于安全事件的资源。监控和调整的步骤在软件定义的环境中运行。

10. 发明申请

US20160234250A1 SYSTEM AND METHOD FOR SOFTWARE DEFINED DEPLOYMENT OF SECURITY APPLIANCES USING POLICY TEMPLATES 有权
标题翻译：使用政策模板定义安全设备部署的软件的系统和方法
公开(公告)号：US20160234250A1
公开(公告)日：2016-08-11
申请号：US14618943
申请日：2015-02-10
申请人： International Business Machines Corporation
发明人： Paul Anthony ASHLEY , Stefan Berger , Tian Cheng Liu , He Yuan Huang , Sreekanth Ramakrishna Iyer , Ashish Kundu , Nataraj Nagaratnam , Dimitrios Pendarakis , Ronald Becker Williams
IPC分类号： H04L29/06
CPC分类号： H04L63/20 , H04L63/105
摘要： A method includes retrieving, from a memory accessible by a computer, a document comprising a workload definition document that defines an intended virtual configuration to include at least one virtual machine and at least one network appliance to be associated with at least one of the virtual machines in the intended virtual configuration, each network appliance respectively serving a role in the intended virtual configuration of transforming, inspecting, filtering, or otherwise manipulating all the network traffic, before it reaches an intended virtual machine, for purpose other than a data packet forwarding in a virtual configuration. The workload definition document is parsed to extract attributes of each of the network appliances, including one or more security policy to be applied to each network appliance. Configuration data is extracted from the parsed workload definition document that is related to any security policy of any of the network appliances to be deployed. A security template library is accessed to select a security template for each network appliance that will implement the one or more security policy for that network appliance to be deployed.
摘要翻译：一种方法包括从可由计算机访问的存储器检索包括工作负载定义文档的文档，所述工作负载定义文档定义预期的虚拟配置以包括至少一个虚拟机和至少一个要与所述虚拟机中的至少一个相关联的网络设备在预期的虚拟配置中，每个网络设备分别在预期的虚拟配置中起作用以在其到达预期的虚拟机之前转换，检查，过滤或以其他方式操纵所有网络业务，以用于除了数据分组转发之外的目的虚拟配置。解析工作负载定义文档以提取每个网络设备的属性，包括要应用于每个网络设备的一个或多个安全策略。从与要部署的任何网络设备的任何安全策略相关的解析的工作负载定义文档中提取配置数据。访问安全模板库以为每个网络设备选择一个安全模板，以实现要部署的该网络设备的一个或多个安全策略。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式