Patents by Inventor George Robert Blakley, III
George Robert Blakley, III has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8561161Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.Type: GrantFiled: December 31, 2002Date of Patent: October 15, 2013Assignee: International Business Machines CorporationInventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin, Ajamu Akinwunmi Wesley
-
Patent number: 8554930Abstract: A method, apparatus, system, and computer program product are presented in which federated domains interact within a federated environment. Domains within a federation are able to initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. To enhance security, domains may also require users to re-prove their identity through proof-of-possession challenges that are executed after a user has initiated a single-sign-on operation.Type: GrantFiled: December 31, 2002Date of Patent: October 8, 2013Assignee: International Business Machines CorporationInventors: George Robert Blakley, III, Heather Maria Hinton
-
Patent number: 8122138Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.Type: GrantFiled: July 22, 2010Date of Patent: February 21, 2012Assignee: International Business Machines CorporationInventors: George Robert Blakley, III, Heather Maria Hinton, Birgit Monika Pfitzmann
-
Patent number: 8060632Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.Type: GrantFiled: July 22, 2010Date of Patent: November 15, 2011Assignee: International Business Machines CorporationInventors: George Robert Blakley, III, Heather Maria Hinton, Birgit Monika Pfitzmann
-
Patent number: 8042162Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.Type: GrantFiled: June 12, 2007Date of Patent: October 18, 2011Assignee: International Business Machines CorporationInventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin
-
Publication number: 20100287235Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.Type: ApplicationFiled: July 22, 2010Publication date: November 11, 2010Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: George Robert Blakley, III, Heather Maria Hinton, Birgit Monika Pfitzmann
-
Publication number: 20100287291Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.Type: ApplicationFiled: July 22, 2010Publication date: November 11, 2010Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: George Robert Blakley, III, Heather Maria Hinton, Birgit Monika Pfitzmann
-
Patent number: 7827318Abstract: An Internet user transfers directly to a domain within an e-community without returning to a home domain or reauthenticating by providing to a web browser by a home domain server a home identity cookie with an extensible data area and an enrollment token; performing enrollment through an e-community for a web-browser user by redirecting the home identity cookie via the web browser to each affiliated domain in the e-community until each has been visited once; responsive to each visit to each affiliated domain, sending an affiliated domain identity cookie to the web browser including an enrollment successful indicator; accumulating received enrollment success indicators in the extensible data area of the home identity cookie; and subsequently, vouching for an identity of the user at an affiliated domain through exchange of a vouch-for request and vouch-for response between the home domain server and an affiliated domain server.Type: GrantFiled: November 20, 2008Date of Patent: November 2, 2010Assignee: International Business Machines CorporationInventors: Heather Maria Hinton, George Robert Blakley, III, Greg Clark
-
Patent number: 7797434Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPS, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.Type: GrantFiled: December 31, 2002Date of Patent: September 14, 2010Assignee: International Business Machines CorporationInventors: George Robert Blakley, III, Heather Maria Hinton, Birgit Monika Pfitzmann
-
Patent number: 7725562Abstract: A computer system is presented for facilitating storage and retrieval of user attribute information within a federated environment at entities that manage such information as a service. Through enrollment processes, certain domains inform online service providers of identities of attribute information providers that may be used to retrieve user attribute information for a particular user. When performing a user-specific operation with respect to a requested resource, e.g., for personalizing documents using user attribute information or for determining user access privileges for the resource, an e-commerce service provider requires user attribute information, which is retrieved from an attribute information provider that has been previously specified through an enrollment operation. The e-commerce service provider may store the identity of the user's attribute information providers in a persistent token, e.g., an HTTP cookie, that is available when the user sends a request for access to a resource.Type: GrantFiled: December 31, 2002Date of Patent: May 25, 2010Assignee: International Business Machines CorporationInventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin, Birgit Monika Pfitzmann
-
Publication number: 20090094383Abstract: An Internet user transfers directly to a domain within an e-community without returning to a home domain or re-authenticating. The user's home domain server prepares and forwards a home domain identity cookie (DIDC) with an enrollment request to a user's browser, with the enrollment request being redirected to an affiliated domain server in the e-community. The affiliated domain server prepares and sends an affiliated DIDC with an enrollment confirmation to the user's browser, redirecting the enrollment confirmation to the home domain server. The home domain server modifies the home DIDC to include a symbol which indicates successful enrollment at the affiliated site. The process may be repeated for a plurality of affiliated domains to achieve automatic enrollment a portion of or an entire e-community.Type: ApplicationFiled: November 20, 2008Publication date: April 9, 2009Inventors: Heather Maria Hinton, George Robert Blakley, III, Greg Clark
-
Patent number: 7484012Abstract: An Internet user transfers directly to a domain within an e-community by providing a home identity cookie having an extensible data area and enrollment token to a web browser by a home domain server, and enrolling through an e-community for a user of the web browser by redirecting the home identity cookie via the web browser to each of the affiliated domains in the e-community until each affiliated domain has been visited once by the web browser. Upon each visit to each affiliated domain, an affiliated domain identity cookie is sent to the web browser including an enrollment successful indicator. Enrollment success indicators are accumulated and persistently stored received in the extensible data area of said home identity cookie. Subsequently, the identity of the user is vouched for at an affiliated domain through exchange of a vouch-for request and vouch-for response between the home domain server and an affiliated domain server.Type: GrantFiled: October 6, 2005Date of Patent: January 27, 2009Assignee: International Business Machines CorporationInventors: Heather Maria Hinton, George Robert Blakley, III, Greg Clark
-
Patent number: 7219154Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user requests to logoff from a domain that has initiated federated single-sign-on operations for the user at other federated domains, the domain initiates a consolidated logoff operation by requesting logoff operations at those other federated domains, which may also initiate logoff operations in a cascaded fashion to the domains at which they have initiated federated single-sign-on operations.Type: GrantFiled: December 31, 2002Date of Patent: May 15, 2007Assignee: International Business Machines CorporationInventors: George Robert Blakley, III, Heather Maria Hinton, Anthony Joseph Nadalin, Ajamu Akinwunmi Wesley
-
Patent number: 6993596Abstract: An Internet user transfers directly to a domain within an e-community without returning to a home domain or re-authenticating. The user's home domain server prepares and forwards a home domain identity cookie (DIDC) with an enrollment request to a user's browser, with the enrollment request being redirected to an affiliated domain server in the e-community. The affiliated domain server prepares and sends an affiliated DIDC with an enrollment confirmation to the user's browser, redirecting the enrollment confirmation to the home domain server. The home domain server modifies the home DIDC to include a symbol which indicates successful enrollment at the affiliated site. The process may be repeated for a plurality of affiliated domains to achieve automatic enrollment a portion of or an entire e-community.Type: GrantFiled: December 19, 2001Date of Patent: January 31, 2006Assignee: International Business Machines CorporationInventors: Heather Maria Hinton, George Robert Blakley, III, Greg Clark
-
Patent number: 6253251Abstract: A system, method and article of manufacture for integrating object security service authorization in a distributed computing environment, includes one or more processors, a storage system, a system bus, a display sub-system controlling a display device, a cursor control device, an I/O controller for controlling I/O devices, all connected by system bus an operating system such as the OS/2* operating system program (OS/2 is a registered trademark of International Business Machines Corporation), one or more application programs for executing user tasks and an object oriented control program, such as, DSOM Objects program, which is a commercially available product of International Business Machines Corporation, the object oriented control program including mapping a set of methods defined by a given class to a finite and a fixed set of access rights from which a method required access rights set is assigned, and selecting the access rights set by examining two components, first, a family right type and, second, aType: GrantFiled: January 3, 1996Date of Patent: June 26, 2001Assignee: International Business Machines Corp.Inventors: Messaoud Benantar, George Robert Blakley, III, Anthony Joseph Nadalin
-
Patent number: 6067623Abstract: A system and method for controlling client access to enterprise resources through a middle tier server. Enterprise resource authorizations are maintained in a middle tier server. Users authenticate with the server causing it to map and transform the client access authorization into enterprise resource credentials. Enterprise resources are accessed after authorizing using the transformed credentials.Type: GrantFiled: November 21, 1997Date of Patent: May 23, 2000Assignee: International Business Machines Corp.Inventors: George Robert Blakley, III, Richard Jay Cohen, Ivan Matthew Milman
-
Patent number: 5862323Abstract: A network system server that provides password synchronization between a main data store and a plurality of secondary data stores is disclosed. The network system server includes a security server, which is coupled to the main data store, a plurality of clients, which is coupled to the security server for accessing the main data store wherein each client maintains a unique, modifiable password, a password synchronization server, which is coupled to security server and the plurality of secondary data stores, and a password repository, which is coupled to the password synchronization server, that stores the passwords. One of the secondary data stores can retrieve the passwords via the password synchronization server so that each client is able to maintain a single, unique password among the plurality of secondary data stores. Password retrieval is instigated by at least one of the plurality of secondary data stores regardless of the current password status of the secondary data stores.Type: GrantFiled: November 13, 1995Date of Patent: January 19, 1999Assignee: International Business Machines CorporationInventors: George Robert Blakley, III, Ivan Matthew Milman, Wayne Dube Sigler
-
Patent number: 5832211Abstract: A network system server that provides password synchronization between a main data store and a plurality of secondary data stores is disclosed. The network server further includes a security server, which is coupled to the main data store, a plurality of clients, coupled to the security server for accessing the main data store wherein each client maintains a unique, modifiable password, and a password synchronization server, coupled to the security server and the plurality of secondary data stores, that provides password propagation synchronization to each of the secondary data stores from a user associated with one of the plurality of clients so that user is able to maintain a single, unique password among plurality of secondary data stores. The password propagation is imposed on the plurality of secondary data stores regardless of the current password status of the secondary data stores.Type: GrantFiled: November 13, 1995Date of Patent: November 3, 1998Assignee: International Business Machines CorporationInventors: George Robert Blakley, III, Ivan Matthew Milman, Wayne Dube Sigler
-
Patent number: 5802276Abstract: A system, method and article of manufacture for improving object security in distributed object systems, in an information handling system employing object oriented technology, includes one or more workstations, each workstation having one or more processors, a memory system, an input/output subsystem which may include one or more input/output controllers, each controlling one or more input/output devices, such as communications devices, cursor control devices, keyboards, and display devices, an operating system program such as the OS/2 multi-tasking operating system (OS/2 is a registered trademark of International Business Machines Corporation), and an object oriented control program such as the Distributed System Object Method (DSOM) program available from International Business Machines Corporation, wherein the object oriented control program includes a vault object containing security credentials for objects in the distributed system.Type: GrantFiled: January 3, 1996Date of Patent: September 1, 1998Assignee: International Business Machines CorporationInventors: Messaoud Benantar, George Robert Blakley, III, Anthony Joseph Nadalin
-
Patent number: 5787427Abstract: A system, method and article of manufacture, for improving object security in an object oriented system, includes one or more processors, a memory system, one or more I/O controllers, each controlling one or more I/O devices, a bus connecting the processors, the memory system and the I/O controllers, an operating system controlling operation of the processors, the memory system and the I/O controllers, and an object oriented control means which includes means for grouping objects which share common access control policies, where an access control list becomes associated with each object group and the policy applicable to the members of the group. An object may be part of multiple groups, and based upon an environment's policy, granting access to the object may be based on a single default object group or on the access granted by the union of all of its object groups.Type: GrantFiled: January 3, 1996Date of Patent: July 28, 1998Assignee: International Business Machines CorporationInventors: Messaoud Benantar, George Robert Blakley, III, Anthony Joseph Nadalin