Robert John Paganetti

US Patent:

8296827, Oct 23, 2012

Filed:

Dec 29, 2005

Appl. No.:

11/323986

Inventors:

Robert J. Paganetti - Scituate MA, US
David S. Kern - Billerica MA, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 29/06

US Classification:

726 5

Abstract:

A method is provided for a enabling a user to initiate a password protected backup copy of the user's credentials. The method includes providing a user with a credential store containing information relating to the user's identity, generating a different recovery password of any length for each recovery authority, encrypting the recovery password for each recovery authority, storing the encrypted recovery passwords in the credential store, and sending a copy of the information by the user from the credential store to a central repository.

US Patent:

20050138367, Jun 23, 2005

Filed:

Dec 19, 2003

Appl. No.:

10/741669

Inventors:

Robert Paganetti - Scituate MA, US
Alan Eldridge - Hollis NH, US
Charles Kaufman - Sammamish WA, US
Mary Zurko - Groton MA, US
Katherine Emling - Woburn MA, US
Richard Davies - Wayland MA, US

International Classification:

H04L009/00

US Classification:

713161000

Abstract:

The invention relates generally secure mail operations. More particularly, the invention provides a method for managing a user security credential, the method comprising: storing, in a file contained in a data store communicatively coupled to a mail server, a security credential associated with a user; authorizing a client to access the data store according to an access permission associated with the user; retrieving the security credential from the file; and initiating a security-related mail operation from the client using the security credential without the security credential leaving the server.

US Patent:

20050138388, Jun 23, 2005

Filed:

Dec 19, 2003

Appl. No.:

10/741315

Inventors:

Robert Paganetti - Scituate MA, US
Alan Eldridge - Hollis NH, US
Charles Kaufman - Sammamish WA, US

International Classification:

H04K001/00

US Classification:

713185000

Abstract:

The invention provides a method for managing cryptographically generated data tokens, the method comprising: decoding a data file to retrieve a first cryptographically generated data token, identifying a second cryptographically generated data token associated with the first data token, and updating the second data token according to a security preference related to a characteristic of the first or the second data token.

US Patent:

20070168656, Jul 19, 2007

Filed:

Dec 29, 2005

Appl. No.:

11/324026

Inventors:

Robert Paganetti - Scituate MA, US
David Kern - Billerica MA, US

International Classification:

H04L 9/00

US Classification:

713155000

Abstract:

A method is provided for a enabling a user to initiate a password protected backup copy of the user's credentials. The method includes providing a user with a credential store containing information relating to the user's identity, generating a different recovery password of any length for each recovery authority, encrypting the recovery password for each recovery authority, storing the encrypted recovery passwords in the credential store, and sending a copy of the information by the user from the credential store to a central repository.

US Patent:

20070255943, Nov 1, 2007

Filed:

Apr 18, 2006

Appl. No.:

11/379088

Inventors:

David Kern - Billerica MA, US
Shiu Poon - Cambridge MA, US
Robert Paganetti - Scituate MA, US

International Classification:

H04L 9/00

US Classification:

713155000

Abstract:

A system for automating the recovery of a credential store, in which client software generates a temporary key pair based on a new password, and sends client information including the user's name, the public half of the temporary key pair, and the host name of the client computer system to a server system, from which the client information is passed to a recovery process. The client software process displays a prompt indicating that the user should call a help desk. A help desk administrator verifies the user's identity and approves the user's request by causing an approval message to be sent to the recovery process. The recovery process obtains recovery information consisting of either the decryption key(s) for the credential store, or a decrypted copy of the credential store, and encrypts the recovery information using the temporary public key. The client process downloads the recovery information from the server, and decrypts it using private key of the temporary key pair. The credential store can then be decrypted using the recovery information if necessary, then re-encrypted based on the new password. The encrypted recovery information is stored on the server and re-used for a certain period of time, after which it is deleted, thus allowing multiple copies of the credential store to be conveniently recovered.

US Patent:

20100115261, May 6, 2010

Filed:

Nov 6, 2008

Appl. No.:

12/266470

Inventors:

Richard F. Annicchiarico - Nashua NH, US
David S. Kern - Billerica MA, US
Robert J. Paganetti - Scituate MA, US

Assignee:

INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY

International Classification:

H04L 9/00

US Classification:

713150

Abstract:

Embodiments of the present invention address deficiencies of the art in respect to seal list management in decrypting encrypted data and provide a method, system and computer program product for extensible seal management for encrypted data. In an embodiment of the invention, a method for extensible seal management for encrypted data can include identifying multiple different seal hints of different seal hint formats for different seals in a seal list associated with encrypted data and selecting from amongst the multiple different seal hints, seal hints of a recognizable seal hint format. The method also can include filtering the seals in the seal list according to the selected seal hints and attempting decryption of the filtered seals with a decryption key specified by the selected seal hints to decrypt one of the filtered seals in order to reveal a bulk key. Finally, the method can include decrypting the encrypted data with the bulk key.

US Patent:

20100268747, Oct 21, 2010

Filed:

Apr 17, 2009

Appl. No.:

12/425860

Inventors:

David Scott Kern - Billerica MA, US
Richard Francis Annicchiarico - Nashua NH, US
Nancy Ellen Kho - Belmont MA, US
Robert John Paganetti - Scituate MA, US

International Classification:

G06F 17/30

US Classification:

707803, 707E17032, 707E17044

Abstract:

One or more data structures are received by a computing device, wherein the one or more data structures include at least one or more user credentials. The one or more user credentials are normalized by the computing device to generate a first graph. One or more nodes of the first graph and one or more nodes of at least a second graph are analyzed by the computing device, wherein analyzing includes at least identifying a logical correlation between the one or more nodes of the first graph and the one or more nodes of at least the second graph. A third graph is generated by the computing device based, at least in part, upon the analysis of the one or more nodes of the first graph and the one or more nodes of at least the second graph. An output data structure is generated by the computing device based, at least in part, upon the third graph.

US Patent:

20140068743, Mar 6, 2014

Filed:

Aug 30, 2012

Appl. No.:

13/599348

Inventors:

Jane B. Marcus - Medford MA, US
Alan D. Eldridge - Hollis NH, US
David Scott Kern - Billerica MA, US
Michael J. Kerrigan - Salem NH, US
Patrick Charles Mancuso - Center Tuftonboro NH, US
Robert John Paganetti - Scituate MA, US

Assignee:

INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY

International Classification:

G06F 21/00

US Classification:

726 8

Abstract:

A secure database includes a catalog of information about one or more identity providers (IdPs) that are trusted by a service provider (SP) to authenticate users on the SP's behalf. The catalog securely stores one or more IdP configurations. An entry in the database stores information associated with the trusted IdP including artifacts to identify the IdP, artifacts used by the IdP for cryptographic operations, and a specification of one or more website(s) serviced by the trusted identity provider. Upon receipt by the SP of identity information representing a user that has authenticated to an IdP, information in the catalog of information is used to determine whether the IdP is trusted to authenticate the user on the service provider's behalf. The determination verifies that the SP uses the IdP and that a binding between an IdP identifier and at least one IdP cryptographic artifact is valid.