Robert J. Paganetti - Scituate MA, US David S. Kern - Billerica MA, US
Assignee:
International Business Machines Corporation - Armonk NY
International Classification:
H04L 29/06
US Classification:
726 5
Abstract:
A method is provided for a enabling a user to initiate a password protected backup copy of the user's credentials. The method includes providing a user with a credential store containing information relating to the user's identity, generating a different recovery password of any length for each recovery authority, encrypting the recovery password for each recovery authority, storing the encrypted recovery passwords in the credential store, and sending a copy of the information by the user from the credential store to a central repository.
System And Method For Storing User Credentials On A Server Copyright Notice
Robert Paganetti - Scituate MA, US Alan Eldridge - Hollis NH, US Charles Kaufman - Sammamish WA, US Mary Zurko - Groton MA, US Katherine Emling - Woburn MA, US Richard Davies - Wayland MA, US
International Classification:
H04L009/00
US Classification:
713161000
Abstract:
The invention relates generally secure mail operations. More particularly, the invention provides a method for managing a user security credential, the method comprising: storing, in a file contained in a data store communicatively coupled to a mail server, a security credential associated with a user; authorizing a client to access the data store according to an access permission associated with the user; retrieving the security credential from the file; and initiating a security-related mail operation from the client using the security credential without the security credential leaving the server.
System And Method For Managing Cross-Certificates Copyright Notice
Robert Paganetti - Scituate MA, US Alan Eldridge - Hollis NH, US Charles Kaufman - Sammamish WA, US
International Classification:
H04K001/00
US Classification:
713185000
Abstract:
The invention provides a method for managing cryptographically generated data tokens, the method comprising: decoding a data file to retrieve a first cryptographically generated data token, identifying a second cryptographically generated data token associated with the first data token, and updating the second data token according to a security preference related to a characteristic of the first or the second data token.
Method For Enabling A User To Initiate A Password Protected Backup Of The User's Credentials
Robert Paganetti - Scituate MA, US David Kern - Billerica MA, US
International Classification:
H04L 9/00
US Classification:
713155000
Abstract:
A method is provided for a enabling a user to initiate a password protected backup copy of the user's credentials. The method includes providing a user with a credential store containing information relating to the user's identity, generating a different recovery password of any length for each recovery authority, encrypting the recovery password for each recovery authority, storing the encrypted recovery passwords in the credential store, and sending a copy of the information by the user from the credential store to a central repository.
Method And System For Automating The Recovery Of A Credential Store
David Kern - Billerica MA, US Shiu Poon - Cambridge MA, US Robert Paganetti - Scituate MA, US
International Classification:
H04L 9/00
US Classification:
713155000
Abstract:
A system for automating the recovery of a credential store, in which client software generates a temporary key pair based on a new password, and sends client information including the user's name, the public half of the temporary key pair, and the host name of the client computer system to a server system, from which the client information is passed to a recovery process. The client software process displays a prompt indicating that the user should call a help desk. A help desk administrator verifies the user's identity and approves the user's request by causing an approval message to be sent to the recovery process. The recovery process obtains recovery information consisting of either the decryption key(s) for the credential store, or a decrypted copy of the credential store, and encrypts the recovery information using the temporary public key. The client process downloads the recovery information from the server, and decrypts it using private key of the temporary key pair. The credential store can then be decrypted using the recovery information if necessary, then re-encrypted based on the new password. The encrypted recovery information is stored on the server and re-used for a certain period of time, after which it is deleted, thus allowing multiple copies of the credential store to be conveniently recovered.
Richard F. Annicchiarico - Nashua NH, US David S. Kern - Billerica MA, US Robert J. Paganetti - Scituate MA, US
Assignee:
INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY
International Classification:
H04L 9/00
US Classification:
713150
Abstract:
Embodiments of the present invention address deficiencies of the art in respect to seal list management in decrypting encrypted data and provide a method, system and computer program product for extensible seal management for encrypted data. In an embodiment of the invention, a method for extensible seal management for encrypted data can include identifying multiple different seal hints of different seal hint formats for different seals in a seal list associated with encrypted data and selecting from amongst the multiple different seal hints, seal hints of a recognizable seal hint format. The method also can include filtering the seals in the seal list according to the selected seal hints and attempting decryption of the filtered seals with a decryption key specified by the selected seal hints to decrypt one of the filtered seals in order to reveal a bulk key. Finally, the method can include decrypting the encrypted data with the bulk key.
System And Method For Normalizing And Merging Credential Stores
David Scott Kern - Billerica MA, US Richard Francis Annicchiarico - Nashua NH, US Nancy Ellen Kho - Belmont MA, US Robert John Paganetti - Scituate MA, US
International Classification:
G06F 17/30
US Classification:
707803, 707E17032, 707E17044
Abstract:
One or more data structures are received by a computing device, wherein the one or more data structures include at least one or more user credentials. The one or more user credentials are normalized by the computing device to generate a first graph. One or more nodes of the first graph and one or more nodes of at least a second graph are analyzed by the computing device, wherein analyzing includes at least identifying a logical correlation between the one or more nodes of the first graph and the one or more nodes of at least the second graph. A third graph is generated by the computing device based, at least in part, upon the analysis of the one or more nodes of the first graph and the one or more nodes of at least the second graph. An output data structure is generated by the computing device based, at least in part, upon the third graph.
Secure Configuration Catalog Of Trusted Identity Providers
Jane B. Marcus - Medford MA, US Alan D. Eldridge - Hollis NH, US David Scott Kern - Billerica MA, US Michael J. Kerrigan - Salem NH, US Patrick Charles Mancuso - Center Tuftonboro NH, US Robert John Paganetti - Scituate MA, US
Assignee:
INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY
International Classification:
G06F 21/00
US Classification:
726 8
Abstract:
A secure database includes a catalog of information about one or more identity providers (IdPs) that are trusted by a service provider (SP) to authenticate users on the SP's behalf. The catalog securely stores one or more IdP configurations. An entry in the database stores information associated with the trusted IdP including artifacts to identify the IdP, artifacts used by the IdP for cryptographic operations, and a specification of one or more website(s) serviced by the trusted identity provider. Upon receipt by the SP of identity information representing a user that has authenticated to an IdP, information in the catalog of information is used to determine whether the IdP is trusted to authenticate the user on the service provider's behalf. The determination verifies that the SP uses the IdP and that a binding between an IdP identifier and at least one IdP cryptographic artifact is valid.
Oct 2001 to 2000 Senior Software EngineerIris Associates Westford, MA Jul 2000 to Oct 2001 Software ArchitectIris Associates Westford, MA Jul 1996 to Jul 2000 Principal EngineerImagery Inc. Lowell, MA Jan 1994 to Jul 1996 Principal EngineerImagery, Inc. Lowell, MA Dec 1992 to Dec 1993 Senior Software EngineerWang Laboratories Lowell, MA Sep 1989 to Nov 1992 Senior Software EngineerWang Laboratories Lowell, MA Feb 1987 to Aug 1989 Software Engineer II
Education:
University of Lowell Lowell, MA Jan 1987 to Jan 1991 MS in Electrical Engineering with Computer Science concentrationUniversity of Lowell Lowell, MA Jan 1982 to Jan 1986 BS graduated summa cum laude in Electrical Engineering with Mathematics Minor