Patents by Inventor Jacqueline Hegedus Wilson
Jacqueline Hegedus Wilson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 7577623Abstract: A computer implemented method, data processing system, and computer program product for monitoring system events and providing real-time response to security threats. System data is collected by monitors in the computing system. The expert system of the present invention compares the data against information in a knowledge base to identify a security threat to a system resource in a form of a system event and an action for mitigating effects of the system event. A determination is made as to whether a threat risk value of the system event is greater than an action risk value of the action for mitigating the system event. If the threat risk value is greater, a determination is made as to whether a trust value set by a user is greater than the action risk value. If the trust value is greater, the expert system executes the action against the security threat.Type: GrantFiled: April 28, 2008Date of Patent: August 18, 2009Assignee: International Business Machines CorporationInventors: Denise Marie Genty, Shawn Patrick Mullen, Bhargavi Bheemreddy Reddy, Jacqueline Hegedus Wilson
-
Patent number: 7461036Abstract: A computer implemented method for monitoring system events and providing real-time response to security threats. System data is collected by monitors in the computing system. The expert system of the present invention compares the data against information in a knowledge base to identify a security threat to a system resource in a form of a system event and an action for mitigating effects of the system event. A determination is made as to whether a threat risk value of the system event is greater than an action risk value of the action for mitigating the system event. If the threat risk value is greater, a determination is made as to whether a trust value set by a user is greater than the action risk value. If the trust value is greater, the expert system executes the action against the security threat.Type: GrantFiled: January 18, 2006Date of Patent: December 2, 2008Assignee: International Business Machines CorporationInventors: Denise Marie Genty, Shawn Patrick Mullen, Bhargavi Bheemreddy Reddy, Jacqueline Hegedus Wilson
-
Publication number: 20080229417Abstract: A computer implemented method, data processing system, and computer program product for monitoring system events and providing real-time response to security threats. System data is collected by monitors in the computing system. The expert system of the present invention compares the data against information in a knowledge base to identify a security threat to a system resource in a form of a system event and an action for mitigating effects of the system event. A determination is made as to whether a threat risk value of the system event is greater than an action risk value of the action for mitigating the system event. If the threat risk value is greater, a determination is made as to whether a trust value set by a user is greater than the action risk value. If the trust value is greater, the expert system executes the action against the security threat.Type: ApplicationFiled: April 28, 2008Publication date: September 18, 2008Inventors: Denise Marie Genty, Shawn Patrick Mullen, Bhargavi Bheemreddy Reddy, Jacqueline Hegedus Wilson
-
Patent number: 7171685Abstract: A data processing system, method, and product are disclosed for automatically configuring IP security tunnels. A security policy specification format is established that is capable of being utilized by any one of multiple different operating systems and any one of multiple different machine types. An IP security tunnel is automatically configured utilizing the security policy specification format.Type: GrantFiled: August 23, 2001Date of Patent: January 30, 2007Assignee: International Business Machines CorporationInventors: Gaurav Batra, Dave Kemper, Charles Kunzinger, Guha Prasad Venkataraman, Jacqueline Hegedus Wilson
-
Patent number: 7003662Abstract: A system and method for dynamically determining a CRL location and protocol. CRL location names and protocols are retrieved from a digital certificate data structure which includes a network servers that contain the CRL file. A determination is made as to whether any of the servers reside in the current domain, in which case the server is used because the data is more secure. If no locations are within the current domain, Internet servers outside the current domain are analyzed. Security parameters may be established that restrict which Internet servers can be used to retrieve the data. The security parameters may also include which access methods may be used to retrieve data since some access methods provide greater security than other access methods. A security parameter may also be based upon both the access method and the name, or address, of the Internet server.Type: GrantFiled: May 24, 2001Date of Patent: February 21, 2006Assignee: International Business Machines CorporationInventors: Denise Marie Genty, Guha Prasad Venkataraman, Jacqueline Hegedus Wilson
-
Patent number: 6938155Abstract: A system and method for providing multiple virtual private networks from a computer system. The computer system communicates with a remote computer system in order to allow encrypted data traffic to flow between the respective systems. Two phases are used to authenticate the computer systems to one another. During the first phase, digital certificates or pre-shared keys are used to authenticate the computer systems. A phase 1 ID rules list contains authentication rules for local-remote computer pairs. During the second phase, a hash value is used to authenticate the computer systems and a security association payload is created. The remote system's IP address is used for connecting. The phase 1 ID rules list corresponds to one or more phase 2 ID rules lists. If the remote ID is not found in the phase 2 ID rules list, a default rule is used based upon the phase 1 ID rules list.Type: GrantFiled: May 24, 2001Date of Patent: August 30, 2005Assignee: International Business Machines CorporationInventors: Ajit Clarence D'Sa, William Alton Fiveash, Denise Marie Genty, Guha Prasad Venkataraman, Jacqueline Hegedus Wilson
-
Patent number: 6823462Abstract: A method, network system and computer program product for establishing a server node in a virtual private network with a single tunnel definition and a single security policy for a plurality of tunnels associated with a group name. In one embodiment, a method comprises the step of configuring a group database in the server node. The group database in the server node comprises the group name and a list of members associated with the group name. The method further comprises configuring a rules database in the server node. The rules database associates the group name with a particular security policy. The method further comprises configuring a tunnel definition database in the server node. In the tunnel definition database, the remote ID is defined as the group name. In another embodiment of the present invention, the list of members associated with the group name comprises a non-contiguous list of ID types.Type: GrantFiled: September 7, 2000Date of Patent: November 23, 2004Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, Ajit Clarence D'Sa, Jian Hua Feng, Denise Marie Genty, Jacqueline Hegedus Wilson
-
Patent number: 6738909Abstract: A method and apparatus for use in data processing system for selecting rules to filter data for a tunnel. A request is received to create a tunnel to another data processing system. A granularity of information about the data processing system is identified to form an identified granularity. The identified granularity of the information about the data processing system is used to select a rule, which matches the identified granularity. This rule is placed in a filter, wherein the filter associates data packets with the tunnel.Type: GrantFiled: September 2, 1999Date of Patent: May 18, 2004Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, William Alton Fiveash, Vachaspathi Peter Kompella, Christiaan Blake Wenzel, Jacqueline Hegedus Wilson
-
Publication number: 20030135753Abstract: A data processing system, method, and product are disclosed for automatically configuring IP security tunnels. A security policy specification format is established that is capable of being utilized by any one of multiple different operating systems and any one of multiple different machine types. An IP security tunnel is automatically configured utilizing the security policy specification format.Type: ApplicationFiled: August 23, 2001Publication date: July 17, 2003Applicant: International Business Machines CorporationInventors: Gaurav Batra, Dave Kemper, Charles Kunzinger, Guha Prasad Venkataraman, Jacqueline Hegedus Wilson
-
Publication number: 20020178240Abstract: A system and method for providing multiple virtual private networks (VPNs) from a computer system. Configuration information is maintained for connections, or tunnels, established between a local computer system and a number of remote computer systems. The configuration information includes information about the endpoints, or local-remote computer pairs, policies used to determine preferred access methods for connecting a given pair of computers, pre-shared keys, and digital certificates for providing keys to encrypt and decipher data. A local-remote pair is selected from an endpoints table. A policy corresponding to the selected local-remote pair is selected determining the access method(s) to be attempted in securely connecting the two computer systems. If an access method uses a digital certificate, the corresponding information is retrieved from a digital certificate table. The decision whether to check the digital certification has been revoked is stored in the endpoints table.Type: ApplicationFiled: May 24, 2001Publication date: November 28, 2002Applicant: International Business Machines CorporationInventors: William Alton Fiveash, Denise Marie Genty, Guha Prasad Venkataraman, Jacqueline Hegedus Wilson
-
Publication number: 20020178361Abstract: A system and method for dynamically determining a CRL location and protocol. CRL location names and protocols are retrieved from a digital certificate data structure which includes a network servers that contain the CRL file. A determination is made as to whether any of the servers reside in the current domain, in which case the server is used because the data is more secure. If no locations are within the current domain, Internet servers outside the current domain are analyzed. Security parameters may be established that restrict which Internet servers can be used to retrieve the data. The security parameters may also include which access methods may be used to retrieve data since some access methods provide greater security than other access methods. A security parameter may also be based upon both the access method and the name, or address, of the Internet server.Type: ApplicationFiled: May 24, 2001Publication date: November 28, 2002Applicant: International Business Machines CorporationInventors: Denise Marie Genty, Guha Prasad Venkataraman, Jacqueline Hegedus Wilson
-
Publication number: 20020178355Abstract: A system and method for providing multiple virtual private networks from a computer system. The computer system communicates with a remote computer system in order to allow encrypted data traffic to flow between the respective systems. Two phases are used to authenticate the computer systems to one another. During the first phase, digital certificates or pre-shared keys are used to authenticate the computer systems. A phase 1 ID rules list contains authentication rules for local-remote computer pairs. During the second phase, a hash value is used to authenticate the computer systems and a security association payload is created. The remote system's IP address is used for connecting. The phase 1 ID rules list corresponds to one or more phase 2 ID rules lists. If the remote ID is not found in the phase 2 ID rules list, a default rule is used based upon the phase 1 ID rules list.Type: ApplicationFiled: May 24, 2001Publication date: November 28, 2002Applicant: International Business Machines CorporationInventors: Ajit Clarence D'Sa, William Alton Fiveash, Denise Marie Genty, Guha Prasad Venkataraman, Jacqueline Hegedus Wilson
-
Patent number: 6076168Abstract: A method of securing data traffic between a local and remote host systems is provided. The method includes autogenerating a filter having rules associated with a defined tunnel. The filter rules are used to permit or deny acceptance of transmitted data by the host system and to direct traffic to the tunnel. The tunnel, on the other hand, is used to keep data confidential. The method further includes autogeneration of a counterpart tunnel and associated filter to be used by the remote host when in communication with the local host. The method further autogenerates a new filter to reflect changes to any one of the tunnels and autodeactivates the filter associated with a deleted tunnel.Type: GrantFiled: October 3, 1997Date of Patent: June 13, 2000Assignee: International Business Machines CorporationInventors: William Alton Fiveash, Xinya Wang, Christiaan Blake Wenzel, Jacqueline Hegedus Wilson, Opral Vanan Wisham