Patents by Inventor Mark Alexander McGloin
Mark Alexander McGloin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10375107Abstract: A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware). Preferably, given dynamically-generated content is marked by enclosing it between dynamic content indicators. After the document generation is completed but before it is output, the application-generated content is processed by a content sanitization filter. The filter uses the dynamic content identifiers to identify and locate the content that needs output escaping. The filter detects the appropriate context within which the dynamically-generated content has been placed and applies escaping. The output content is prepared for escaping in advance even if assembled from multiple sources that do not operate in the same runtime environment.Type: GrantFiled: July 22, 2010Date of Patent: August 6, 2019Assignee: International Business Machines CorporationInventors: Olgierd Pieczul, Mark Alexander McGloin, Mary Ellen Zurko
-
Patent number: 10372899Abstract: A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware). Preferably, given dynamically-generated content is marked by enclosing it between dynamic content indicators. After the document generation is completed but before it is output, the application-generated content is processed by a content sanitization filter. The filter uses the dynamic content identifiers to identify and locate the content that needs output escaping. The filter detects the appropriate context within which the dynamically-generated content has been placed and applies escaping. The output content is prepared for escaping in advance even if assembled from multiple sources that do not operate in the same runtime environment.Type: GrantFiled: July 22, 2010Date of Patent: August 6, 2019Assignee: International Business Machines CorporationInventors: Olgierd Pieczul, Mark Alexander McGloin, Mary Ellen Zurko
-
Patent number: 9699168Abstract: A rich client performs single sign-on (SSO) to access a web- or cloud-based application. According to the described SSO approach, the rich client delegates to its native application server the task of obtaining a credential, such as a SAML assertion. The native server, acting on behalf of the user, obtains an assertion from a federated identity provider (IdP) that is then returned to the rich client. The rich client provides the assertion to a cloud-based proxy, which presents the assertion to an identity manager to attempt to prove that the user is entitled to access the web- or cloud-based application using the rich client. If the assertion can be verified, it is exchanged with a signed token, such as a token designed to protect against cross-site request forgery (CSRF). The rich client then accesses the web- or cloud-based application making a REST call that includes the signed token. The application, which recognizes the request as trustworthy, responds to the call with the requested data.Type: GrantFiled: December 13, 2010Date of Patent: July 4, 2017Assignee: International Business Machines CorporationInventors: Olgierd Stanislaw Pieczul, Mark Alexander McGloin, Mary Ellen Zurko, David Scott Kern, Brent Allan Hepburn
-
Patent number: 9275234Abstract: A password protection application is executed on a mobile device and provides an interface by which an authorized user can define and configure a “data protection profile” for the device. This profile defines at least one security event (criteria or condition) associated with the device, and at least one protection action that should occur to protect data on the device upon the triggering of the event. Once defined in a profile, the application monitors for the occurrence of the security event. Upon the occurrence of the specified event, the protection action is enforced on the device to protect the data.Type: GrantFiled: March 1, 2013Date of Patent: March 1, 2016Assignee: International Business Machines CorporationInventors: Mark Alexander McGloin, Olgierd Pieczul, Joseph Celi
-
Patent number: 9208325Abstract: A password protection application is executed on a mobile device and provides an interface by which an authorized user can define and configure a “data protection profile” for the device. This profile defines at least one security event (criteria or condition) associated with the device, and at least one protection action that should occur to protect data on the device upon the triggering of the event. Once defined in a profile, the application monitors for the occurrence of the security event. Upon the occurrence of the specified event, the protection action is enforced on the device to protect the data.Type: GrantFiled: July 26, 2012Date of Patent: December 8, 2015Assignee: International Business Machines CorporationInventors: Mark Alexander McGloin, Olgierd Stanislaw Pieczul, Joseph Celi, Jr.
-
Patent number: 9160756Abstract: A method for decomposing a web application into one or more domain sandboxes ensures that the contents of each sandbox are protected from attacks on the web application outside that sandbox. Sandboxing is achieved on a per-element basis by identifying content that should be put under protection, generating a secure domain name for the identified content, and replacing the identified content with a unique reference (e.g., an iframe) to the generated secure domain. The identified content is then served only from the generated secure domain.Type: GrantFiled: May 19, 2010Date of Patent: October 13, 2015Assignee: International Business Machines CorporationInventors: Olgierd Pieczul, Mark Alexander McGloin, Mary Ellen Zurko
-
Patent number: 8931081Abstract: Information and data stored by a mobile device is protected by comprising applying password-protection to the locally-stored information without persistently storing the corresponding password locally. Rather, the corresponding password is stored by a remote password server. In response to a trigger event on the mobile device, such as an unlocking action by the user, a request is sent by the mobile device to the password server to retrieve the corresponding server, and the corresponding password is returned to the mobile device. The mobile device can then use the password to access the protected information. If the user determines that the mobile device is lost, stolen, or out of the user's physical control, the user may access the password server and disable the sending of the password to the mobile device, thereby thwarting attempts to access the protected data on the mobile device.Type: GrantFiled: August 21, 2012Date of Patent: January 6, 2015Assignee: International Business Machines CorporationInventors: Joseph Celi, Jr., Mark Alexander McGloin, Harshita Nersu, Olgierd Stanislaw Pieczul
-
Patent number: 8856874Abstract: A web application decomposed into one or more domain sandboxes ensures that the contents of each sandbox are protected from attacks on the web application outside that sandbox. Sandboxing is achieved on a per-element basis by identifying content that should be put under protection, generating a secure domain name for the identified content, and replacing the identified content with a unique reference (e.g., an iframe) to the generated secure domain. The identified content is then served only from the generated secure domain using a content handler.Type: GrantFiled: May 19, 2010Date of Patent: October 7, 2014Assignee: International Business Machines CorporationInventors: Olgierd Pieczul, Mark Alexander McGloin, Mary Ellen Zurko
-
Patent number: 8756665Abstract: A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like.Type: GrantFiled: July 8, 2011Date of Patent: June 17, 2014Assignee: International Business Machines CorporationInventors: Olgierd Stanislaw Pieczul, Mark Alexander McGloin, Mary Ellen Zurko
-
Publication number: 20140059671Abstract: Information and data stored by a mobile device is protected by comprising applying password-protection to the locally-stored information without persistently storing the corresponding password locally. Rather, the corresponding password is stored by a remote password server. In response to a trigger event on the mobile device, such as an unlocking action by the user, a request is sent by the mobile device to the password server to retrieve the corresponding server, and the corresponding password is returned to the mobile device. The mobile device can then use the password to access the protected information. If the user determines that the mobile device is lost, stolen, or out of the user's physical control, the user may access the password server and disable the sending of the password to the mobile device, thereby thwarting attempts to access the protected data on the mobile device.Type: ApplicationFiled: August 21, 2012Publication date: February 27, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Joseph Celi, JR., Mark Alexander McGloin, Harshita Nersu, Olgierd Stanislaw Pieczul
-
Publication number: 20140032921Abstract: A password protection application is executed on a mobile device and provides an interface by which an authorized user can define and configure a “data protection profile” for the device. This profile defines at least one security event (criteria or condition) associated with the device, and at least one protection action that should occur to protect data on the device upon the triggering of the event. Once defined in a profile, the application monitors for the occurrence of the security event. Upon the occurrence of the specified event, the protection action is enforced on the device to protect the data.Type: ApplicationFiled: March 1, 2013Publication date: January 30, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Mark Alexander McGloin, Olgierd Pieczul, Joseph Celi
-
Publication number: 20140033299Abstract: A password protection application is executed on a mobile device and provides an interface by which an authorized user can define and configure a “data protection profile” for the device. This profile defines at least one security event (criteria or condition) associated with the device, and at least one protection action that should occur to protect data on the device upon the triggering of the event. Once defined in a profile, the application monitors for the occurrence of the security event. Upon the occurrence of the specified event, the protection action is enforced on the device to protect the data.Type: ApplicationFiled: July 26, 2012Publication date: January 30, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Mark Alexander McGloin, Olgierd Stanislaw Pieczul, Joseph Celi, JR.
-
Publication number: 20130324083Abstract: The different illustrative embodiments provide a method, computer program product, and apparatus for managing an authentication request. A determination is made whether additional authentication is to be performed responsive to receiving the authentication request to access an application from a mobile device. A phone number to call is sent to the mobile device responsive to a determination that the additional authentication is to be performed. A determination is made whether an incoming call to the phone number is from the mobile device and within a selected period of time. The authentication request to access the application from the mobile device is granted responsive to a determination that the incoming call to the phone number is from the mobile device and within the selected period of time.Type: ApplicationFiled: May 30, 2012Publication date: December 5, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Joseph Celi, JR., Mark Alexander McGloin, Olgierd Stanislaw Pieczul
-
Publication number: 20130324086Abstract: The different illustrative embodiments provide a method, computer program product, and apparatus for managing an authentication request. A determination is made whether additional authentication is to be performed responsive to receiving the authentication request to access an application from a mobile device. A phone number to call is sent to the mobile device responsive to a determination that the additional authentication is to be performed. A determination is made whether an incoming call to the phone number is from the mobile device and within a selected period of time. The authentication request to access the application from the mobile device is granted responsive to a determination that the incoming call to the phone number is from the mobile device and within the selected period of time.Type: ApplicationFiled: September 11, 2012Publication date: December 5, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Joseph Celi, JR., Mark Alexander McGloin, Olgierd Stanislaw Pieczul
-
Patent number: 8555339Abstract: A technique that identifies registered or guest users in web meetings of the type wherein users must follow a supplied URL to attend the meeting. Registered and guest users are provided different forms of the meeting invite URL. Each registered user receives a common web meeting link (a URL) that he must follow to join the meeting. This link forces the registered user to authenticate to the service when used. A guest user invitee receives a unique URL for the meeting that is generated with a nonce value associated with the guess user's contact information. The nonce value does not expose the contact information. To join the meeting, each registered user must follow the common web meeting link and authenticate to the service. True identities of the web meeting participants are displayed.Type: GrantFiled: January 6, 2012Date of Patent: October 8, 2013Assignee: International Business Machines CorporationInventors: Mark Alexander McGloin, Olgierd Stanislaw Pieczul, Mary Ellen Zurko
-
Publication number: 20130179941Abstract: A technique that identifies registered or guest users in web meetings of the type wherein users must follow a supplied URL to attend the meeting. Registered and guest users are provided different forms of the meeting invite URL. Each registered user receives a common web meeting link (a URL) that he must follow to join the meeting. This link forces the registered user to authenticate to the service when used. A guest user invitee receives a unique URL for the meeting that is generated with a nonce value associated with the guess user's contact information. The nonce value does not expose the contact information. To join the meeting, each registered user must follow the common web meeting link and authenticate to the service. True identities of the web meeting participants are displayed.Type: ApplicationFiled: January 6, 2012Publication date: July 11, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Mark Alexander McGloin, Olgierd Stanislaw Pieczul, Mary Ellen Zurko
-
Publication number: 20130014239Abstract: A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like.Type: ApplicationFiled: July 8, 2011Publication date: January 10, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Olgierd Stanislaw Pieczul, Mark Alexander McGloin, Mary Ellen Zurko
-
Publication number: 20120151568Abstract: A rich client performs single sign-on (SSO) to access a web- or cloud-based application. According to the described SSO approach, the rich client delegates to its native application server the task of obtaining a credential, such as a SAML assertion. The native server, acting on behalf of the user, obtains an assertion from a federated identity provider (IdP) that is then returned to the rich client. The rich client provides the assertion to a cloud-based proxy, which presents the assertion to an identity manager to attempt to prove that the user is entitled to access the web- or cloud-based application using the rich client. If the assertion can be verified, it is exchanged with a signed token, such as a token designed to protect against cross-site request forgery (CSRF). The rich client then accesses the web- or cloud-based application making a REST call that includes the signed token. The application, which recognizes the request as trustworthy, responds to the call with the requested data.Type: ApplicationFiled: December 13, 2010Publication date: June 14, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Olgierd Stanislaw Pieczul, Mark Alexander McGloin, Mary Ellen Zurko, David Scott Kern, Brent Allan Hepburn
-
Publication number: 20120023395Abstract: A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware used by or associated with the application). Preferably, given dynamically-generated content is marked by enclosing it between dynamic content indicators. Then, after the document generation is completed but before it is output (delivered), the application-generated content is processed by a content sanitization filter. The filter uses the dynamic content identifiers to identify and locate the content that needs output escaping. The filter detects the appropriate context within which the dynamically-generated content has been placed, and it then applies the appropriate escaping.Type: ApplicationFiled: July 22, 2010Publication date: January 26, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Olgierd Pieczul, Mark Alexander McGloin, Mary Ellen Zurko
-
Publication number: 20120023394Abstract: A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware used by or associated with the application). Preferably, given dynamically-generated content is marked by enclosing it between dynamic content indicators. Then, after the document generation is completed but before it is output (delivered), the application-generated content is processed by a content sanitization filter. The filter uses the dynamic content identifiers to identify and locate the content that needs output escaping. The filter detects the appropriate context within which the dynamically-generated content has been placed, and it then applies the appropriate escaping.Type: ApplicationFiled: July 22, 2010Publication date: January 26, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Olgierd Pieczul, Mark Alexander McGloin, Mary Ellen Zurko