Patents by Inventor Linwood Hugh Overby
Linwood Hugh Overby has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10726145Abstract: Embodiments of the present disclosure relate to automatically and dynamically elevating permissions on a mainframe system. Initially, a user may request an elevation class which corresponds to elevated class resources of the mainframe system. The elevation class may enable the user to perform actions to datasets, files, applications, or systems of the mainframe system the user may not otherwise be able to perform. If the user has permission to the elevation class, a user identification corresponding to the user and the elevation class is registered in an elevated permission structure. An access control environment element (ACEE) is dynamically created with the elevated permission structure and the elevated class resources of the elevation class are associated with the ACEE. The user can then be validated with access to the elevated class resources. At the expiration of a limited duration of time, the elevated class resources are automatically disassociated with the ACEE.Type: GrantFiled: February 8, 2018Date of Patent: July 28, 2020Inventors: Frederic Duminy, Linwood Hugh Overby, Jr., Kevin Cunningham, Paul Reichl
-
Publication number: 20190243984Abstract: Embodiments of the present disclosure relate to automatically and dynamically elevating permissions on a mainframe system. Initially, a user may request an elevation class which corresponds to elevated class resources of the mainframe system. The elevation class may enable the user to perform actions to datasets, files, applications, or systems of the mainframe system the user may not otherwise be able to perform. If the user has permission to the elevation class, a user identification corresponding to the user and the elevation class is registered in an elevated permission structure. An access control environment element (ACEE) is dynamically created with the elevated permission structure and the elevated class resources of the elevation class are associated with the ACEE. The user can then be validated with access to the elevated class resources. At the expiration of a limited duration of time, the elevated class resources are automatically disassociated with the ACEE.Type: ApplicationFiled: February 8, 2018Publication date: August 8, 2019Inventors: FREDERIC DUMINY, LINWOOD HUGH OVERBY, JR., KEVIN CUNNINGHAM, PAUL REICHL
-
Patent number: 10326832Abstract: A method, apparatus and computer program product for improved load balancing provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.Type: GrantFiled: December 22, 2017Date of Patent: June 18, 2019Assignee: International Business Machines CorporationInventors: Michael Gerard Fitzpatrick, Andrew Hilliard Arrowood, Gary Owen McAfee, Andrea Lynn Fitzpatrick, Linwood Hugh Overby, Jr., Constantinos Kassimis
-
Publication number: 20190073485Abstract: Inventive embodiments are directed to a system and methods that manage file access in an MVS file management system, which allows for the same name to be allocated to different files. When multiple files share the same name, the name of each file is modified in order to render those files unrecognizable to an operating system. Thereafter, one file may be purposefully provided with the “shared” name. When a computer process requests access to a file and specifies the shared name, the operating system locates the first instance of the shared name in the MVS file management system. As the other files are unrecognizable, the operating system locates the only instance of the shared name and the corresponding file that was purposefully provided with the shared name. The operating system provides the computer process with access to that particular file. The name shared by the unrecognizable files may be subsequently restored.Type: ApplicationFiled: September 1, 2017Publication date: March 7, 2019Inventors: FREDERIC DUMINY, LINWOOD HUGH OVERBY, JR., JOHN WILLIAM BAY, DANIEL J. SHEA
-
Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly
Patent number: 10044756Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.Type: GrantFiled: August 24, 2015Date of Patent: August 7, 2018Assignee: International Business Machines CorporationInventors: Linwood Hugh Overby, Jr., Anthony Ffrench, Barry Mosakowski, Adolfo Francisco Rodriguez -
Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly
Patent number: 10038721Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.Type: GrantFiled: February 16, 2015Date of Patent: July 31, 2018Assignee: International Business Machines CorporationInventors: Linwood Hugh Overby, Jr., Anthony Ffrench, Barry Mosakowski, Adolfo Francisco Rodriguez -
Publication number: 20180124167Abstract: A method, apparatus and computer program product for improved load balancing provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.Type: ApplicationFiled: December 22, 2017Publication date: May 3, 2018Inventors: Michael Gerard Fitzpatrick, Andrew Hilliard Arrowood, Gary Owen McAfee, Andrea Lynn Fitzpatrick, Linwood Hugh Overby, JR., Constantinos Kassimis
-
Patent number: 9912742Abstract: A method that provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.Type: GrantFiled: August 20, 2015Date of Patent: March 6, 2018Assignee: International Business Machines CorporationInventors: Michael Gerard Fitzpatrick, Andrew Hilliard Arrowood, Gary Owen McAfee, Andrea Lynn Fitzpatrick, Linwood Hugh Overby, Jr., Constantinos Kassimis
-
Patent number: 9888063Abstract: A method that provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.Type: GrantFiled: December 10, 2014Date of Patent: February 6, 2018Assignee: International Business Machines CorporationInventors: Michael Gerard Fitzpatrick, Andrew Hilliard Arrowood, Jr., Gary Owen McAfee, Andrea Lynn Fitzpatrick, Linwood Hugh Overby, Jr., Constantinos Kassimis
-
Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly
Publication number: 20160241596Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.Type: ApplicationFiled: August 24, 2015Publication date: August 18, 2016Inventors: Linwood Hugh Overby, JR., Anthony Ffrench, Barry Mosakowski, Adolfo Francisco Rodriguez -
Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly
Publication number: 20160241633Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.Type: ApplicationFiled: February 16, 2015Publication date: August 18, 2016Inventors: Linwood Hugh Overby, JR., Anthony Ffrench, Barry Mosakowski, Adolfo Francisco Rodriguez -
Publication number: 20160173584Abstract: A method that provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.Type: ApplicationFiled: August 20, 2015Publication date: June 16, 2016Inventors: Michael Gerard Fitzpatrick, Andrew Hilliard Arrowood, Gary Owen McAfee, Andrea Lynn Fitzpatrick, Linwood Hugh Overby, JR., Constantinos Kassimis
-
Publication number: 20160173582Abstract: A method that provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.Type: ApplicationFiled: December 10, 2014Publication date: June 16, 2016Inventors: Michael Gerard Fitzpatrick, Andrew Hilliard Arrowood, JR., Gary Owen McAfee, Andrea Lynn Fitzpatrick, Linwood Hugh Overby, JR., Constantinos Kassimis
-
Patent number: 9253146Abstract: Preventing duplicate sources in a network that uses network address port translation on an established connection. In response to receiving an inbound packet at a destination host, input values are obtained therefrom and used to consult a mapping. If no match is found, a translation is performed, whereby a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.Type: GrantFiled: May 6, 2014Date of Patent: February 2, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Patricia A. Jakubik, Linwood Hugh Overby, Jr., Joyce Anne Porter, David John Wierbowski
-
Patent number: 8918634Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.Type: GrantFiled: February 21, 2012Date of Patent: December 23, 2014Assignee: International Business Machines CorporationInventors: Curtis Matthew Gearhart, Christopher Meyer, Scott Christopher Moonen, Linwood Hugh Overby, Jr.
-
Patent number: 8826003Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.Type: GrantFiled: February 26, 2013Date of Patent: September 2, 2014Assignee: International Business Machines CorporationInventors: Curtis Matthew Gearhart, Christopher Meyer, Scott Christopher Moonen, Linwood Hugh Overby
-
Publication number: 20140244862Abstract: Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify connections that include port number translation. In response to an inbound IPsec packet from a remote source client, a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.Type: ApplicationFiled: May 6, 2014Publication date: August 28, 2014Applicant: International Business Machines CorporationInventors: Patricia A. Jakubik, Linwood Hugh Overby, JR., Joyce Anne Porter, David John Wierbowski
-
Patent number: 8787393Abstract: Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify connections that include port number translation. In response to an inbound IPsec packet from a remote source client, a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.Type: GrantFiled: April 11, 2005Date of Patent: July 22, 2014Assignee: International Business Machines CorporationInventors: Patricia A. Jakubik, Linwood Hugh Overby, Jr., Joyce Anne Porter, David John Wierbowski
-
Publication number: 20130219167Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.Type: ApplicationFiled: February 21, 2012Publication date: August 22, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Curtis Matthew Gearhart, Christopher Meyer, Scott Christopher Moonen, Linwood Hugh Overby, JR.
-
Publication number: 20130219168Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.Type: ApplicationFiled: February 21, 2012Publication date: August 22, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Curtis Matthew Gearhart, Christopher Meyer, Scott Christopher Moonen, Linwood Hugh Overby, JR.