Patents by Inventor Allan Hsu
Allan Hsu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8229903Abstract: A system and method for utilizing data mining to generate a policy document or to revise theory within a policy document. A data base of unknown events is mined for application to the development of a system management policy document. The results of the data mining of the database of unknown events are automatically incorporated into a policy document, subject to user approval, to produce a new policy document or an updated version of an existing policy document.Type: GrantFiled: December 19, 2002Date of Patent: July 24, 2012Assignee: International Business Machines CorporationInventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
-
Patent number: 7941854Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.Type: GrantFiled: December 5, 2002Date of Patent: May 10, 2011Assignee: International Business Machines CorporationInventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
-
Patent number: 7702914Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.Type: GrantFiled: April 16, 2008Date of Patent: April 20, 2010Assignee: International Business Machines CorporationInventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
-
Patent number: 7552472Abstract: A system and method for developing network policy document and assuring up-to-date monitoring and automated refinement and classification of the network policy. The system administrator defines an initial policy document that is provided as the initial symbolic classifier. The classification rules remain in human readable form throughout the process. Network system data is fed through the classifier, which labels the data according to whether a policy constraint is violated. The labels are tagged to the data. The user then reviews the labels to determine whether the classification is satisfactory. If the classification of the data is satisfactory, the label is unaltered; However, if the classification is not satisfactory, the data is re-labeled. The re-labeled data is then introduced into a refinement algorithm, which determines what policy must be modified to correct classification of network events in accordance with the re-labeling.Type: GrantFiled: December 19, 2002Date of Patent: June 23, 2009Assignee: International Business Machines CorporationInventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
-
Patent number: 7549166Abstract: A method and system for handling a malicious intrusion to a machine in a networked group of computers. The malicious intrusion is an unauthorized access to the machine, such as a server in a server farm. When the intrusion is detected, the machine is isolated from the rest of the server farm, and the machine is reprovisioned as a decoy system having access to only data that is ersatz or at least non-sensitive. If the intrusion is determined to be non-malicious, then the machine is functionally reconnected to the server farm, and the machine is reprovisioned to a state held before the reprovisioning of the machine as a decoy machine.Type: GrantFiled: December 5, 2002Date of Patent: June 16, 2009Assignee: International Business Machines CorporationInventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading, Ronald S. Woan, John D. Wolpert, Shawn L. Young
-
Publication number: 20080216164Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.Type: ApplicationFiled: April 16, 2008Publication date: September 4, 2008Inventors: PAUL T. BAFFES, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
-
Patent number: 7389430Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.Type: GrantFiled: December 5, 2002Date of Patent: June 17, 2008Assignee: International Business Machines CorporationInventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
-
Publication number: 20040123145Abstract: A system and method for developing network policy document and assuring up-to-date monitoring and automated refinement and classification of the network policy. The system administrator defines an initial policy document that is provided as the initial symbolic classifier. The classification rules remain in human readable form throughout the process. Network system data is fed through the classifier, which labels the data according to whether a policy constraint is violated. The labels are tagged to the data. The user then reviews the labels to determine whether the classification is satisfactory. If the classification of the data is satisfactory, the label is unaltered; However, if the classification is not satisfactory, the data is re-labeled. The re-labeled data is then introduced into a refinement algorithm, which determines what policy must be modified to correct classification of network events in accordance with the re-labeling.Type: ApplicationFiled: December 19, 2002Publication date: June 24, 2004Applicant: International Business Machines CorporationInventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
-
Publication number: 20040122823Abstract: A system and method for utilizing data mining to generate a policy document or to revise theory within a policy document. A data base of unknown events is mined for application to the development of a system management policy document. The results of the data mining of the database of unknown events are automatically incorporated into a policy document, subject to user approval, to produce a new policy document or an updated version of an existing policy document.Type: ApplicationFiled: December 19, 2002Publication date: June 24, 2004Applicant: International Business Machines Corp.Inventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
-
Publication number: 20040111637Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion maybe automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.Type: ApplicationFiled: December 5, 2002Publication date: June 10, 2004Applicant: International Business Machines Corp.Inventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
-
Publication number: 20040111636Abstract: A method and system for handling a malicious intrusion to a machine in a networked group of computers. The malicious intrusion is an unauthorized access to the machine, such as a server in a server farm. When the intrusion is detected, the machine is isolated from the rest of the server farm, and the machine is reprovisioned as a decoy system having access to only data that is ersatz or at least non-sensitive. If the intrusion is determined to be non-malicious, then the machine is functionally reconnected to the server farm, and the machine is reprovisioned to a state held before the reprovisioning of the machine as a decoy machine.Type: ApplicationFiled: December 5, 2002Publication date: June 10, 2004Applicant: International Business Machines Corp.Inventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading, Ronald S. Woan, John D. Wolpert, Shawn L. Young
-
Publication number: 20040111645Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.Type: ApplicationFiled: December 5, 2002Publication date: June 10, 2004Applicant: International Business Machines CorporationInventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading