IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 10685106 B1

PDFFull Text
Date of Patent:
Jun. 16, 2020

Filed:

Mar. 10, 2018

Protecting cognitive code and client data in a public cloud via deployment of data and executables into a stateless secure partition

Applicant:

International Business Machines Corporation, Armonk, NY (US);

Inventors:

Richard H. Boivie, Monroe, CT (US);

Jonathan D. Bradbury, Poughkeepsie, NY (US);

William E. Hall, Clinton, CT (US);

Guerney D. H. Hunt, Yorktown Heights, NY (US);

Jentje Leenstra, Bondorf, DE;

Jeb R. Linton, Manassas, VA (US);

James A. O'Connor, Jr., Ulster Park, NY (US);

Elaine R. Palmer, Hanover, NH (US);

Dimitrios Pendarakis, Westport, CT (US);

Assignee:

International Business Machines Corporation, Armonk, NY (US);

Attorneys:

Jeffrey S. LaBaw

Jack V. Musgrove

Primary Examiner:

Peter C Shaw

Int. Cl.
CPC ...
G06F 21/53 (2013.01); H04L 29/08 (2006.01); H04L 29/06 (2006.01); H04L 9/30 (2006.01); G06F 21/78 (2013.01); G06F 21/12 (2013.01); H04L 9/32 (2006.01);
U.S. Cl.
CPC ...
G06F 21/53 (2013.01); G06F 21/12 (2013.01); G06F 21/78 (2013.01); H04L 9/30 (2013.01); H04L 9/3213 (2013.01); H04L 63/10 (2013.01); H04L 67/10 (2013.01); G06F 2221/2143 (2013.01);
Abstract

A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory. The appliance SVM processes the commands without ever saving any persistent state of the application data. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

Find Patent Forward Citations

Loading…