This column is dedicated to patents in IBM – and specifically to our inventors and inventions in the Benelux. In 2012, IBM topped the annual list of US patent recipients for the 20th consecutive year with a record 6,478 patents. But those intellectual properties don’t just come out of IBM’s US business, nor just out of R&D. In this blog, we present a short account of an invention developed by Johan Van Mengsel, an inventor and Distinguished IT Specialist at IBM Benelux, while he was on a project managed by IBM Global Technology Services.
By Johan van Menssel
IT Specialist IBM Benelux
While working on a particular project, we were confronted with a challenge around the monitoring of highly secured systems. Typically, in the event of a problem on an IT server, an alert is sent across the network to an operator’s console so that an intervention can be scheduled to fix it. That might sound like business as usual – nothing special; IBM has done it a million times before. However, in highly secured systems, the servers are isolated from the rest of the world by an encryption wall: All traffic from the servers is automatically encrypted when sent across the network. (This is mandatory to ensure strict confidentiality, by making sure no data can leak out.) Often this is done by IPSec encryption in transport mode. In this mode, all the data/payload in a network packet is encrypted, and only the network addresses are not. As a result, if an alert (such as a “Disk full” event) were sent out to the operator console, it would arrive at its destination as meaningless text (e.g., “jhfa498e%zf”), not understandable to the operator. My idea was to place the alert information not into the payload of the packet but into the destination address. In this solution, the alert “Disk full” would be sent as a packet to the IP-address 220.127.116.11. This packet would get encrypted when it traversed the encryption wall, but the destination address would remain untouched. A firewall outside the secured area would then be configured to monitor for traffic sent to IP address 18.104.22.168. The encrypted packet would then trigger a monitoring alert on the firewall to the operator, who would look up the meaning of 22.214.171.124 and thereby know that the disks were full.
As IBMers, we are used to picking up a problem like this, seeing how it is currently solved, thinking outside the box and coming up with a new and improved way of solving it. For our services business in Benelux, those ideas frequently lead to cutting-edge ideas that can end with patent filing and issuance. And that was the case with this idea: Not only has the solution been implemented to fix the problem, it has been filed at the US Patent Office under the title, “Computer systems, methods and program product for multi-level communications.” It’s a good demonstration of how IBM’s domination of global patents is not just about laboratory research. In the service business, projects often face technical challenges and each one is an opportunity for innovation.
The text of Johan Van Mengsel’s patent is available here.