Patents by Inventor Chih-Wen Chao
Chih-Wen Chao has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10379876Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.Type: GrantFiled: November 16, 2015Date of Patent: August 13, 2019Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Gregory L. Galloway, Cheng-Ta Lee, Ming-Hsun Wu, Rick M. F. Wu
-
Publication number: 20190238527Abstract: Embodiments provide a system and method for network tracking. Through various methods of packet encapsulation or IP option filling, one or more packets of information can be tagged with a unique security tag to prevent unauthorized access. A user agent can be validated by an authentication server through acceptance of one or more user credentials. The authentication server can generate a security token that can be transmitted to the user agent. The user agent can generate a keystream from the security token, and portions of that keystream can be attached to the packets as the security tag. The tagged packets can be forwarded to an authenticator, who can recreate the keystream from a copy of the security token provided by the authentication server. If the tags generated from the authenticator match the tags on the tagged packet, the authenticator can strip the tag from the tagged packet and forward the packet on to its next network address.Type: ApplicationFiled: April 11, 2019Publication date: August 1, 2019Inventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Patent number: 10341332Abstract: Embodiments provide a system and method for network tracking. Through various methods of packet encapsulation or IP option filling, one or more packets of information can be tagged with a unique security tag to prevent unauthorized access. A user agent can be validated by an authentication server through acceptance of one or more user credentials. The authentication server can generate a security token that can be transmitted to the user agent. The user agent can generate a keystream from the security token, and portions of that keystream can be attached to the packets as the security tag. The tagged packets can be forwarded to an authenticator, who can recreate the keystream from a copy of the security token provided by the authentication server. If the tags generated from the authenticator match the tags on the tagged packet, the authenticator can strip the tag from the tagged packet and forward the packet on to its next network address.Type: GrantFiled: July 26, 2016Date of Patent: July 2, 2019Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Patent number: 10298550Abstract: A computer program product for transmitting data flow in a network between two resources using a processing circuit to perform a method which includes obtaining a data record from a first resource, storing the data record and an associated data record identifier in a first memory, transmitting the data record from a first network to a second network, storing the data record and an associated data record identifier in a second memory, determining by an inline service provider whether the data record is suitable for transmission from a first resource to a second resource; based on determining that the data record is suitable for transmission by the inline service provider transmitting only the data record identifier stored in the second memory to the first switch and retrieving the data record stored in the first memory associated with the data record identifier for transmission to the second resource.Type: GrantFiled: September 22, 2016Date of Patent: May 21, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Chih-Wen Chao, Cheng-Ta Lee, Yin Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Publication number: 20190109858Abstract: Selecting a receive side scaling (RSS) key is provided. It is determined whether a defined time interval expired. In response to determining that the defined time interval has expired, it is determined whether one or more keys in a set of randomly generated candidate RSS keys have a higher packet distribution score than an active RSS key. In response to determining that one or more keys in the set of randomly generated candidate RSS keys have a higher packet distribution score than the active RSS key, an RSS key having a highest packet distribution score is selected from the one or more keys in the set of randomly generated candidate RSS keys that have a higher packet distribution score than the active RSS key. The RSS key having the highest packet distribution score is used to distribute incoming network packets across a plurality of processors.Type: ApplicationFiled: October 11, 2017Publication date: April 11, 2019Inventors: Chih-Wen Chao, Kuo-Chun Chen, Wei-Hsiang Hsiung, Sheng-Tung Hsu, Ming-Pin Hsueh
-
Publication number: 20190109859Abstract: Selecting a receive side scaling (RSS) key is provided. It is determined whether a defined time interval expired. In response to determining that the defined time interval has expired, it is determined whether one or more keys in a set of randomly generated candidate RSS keys have a higher packet distribution score than an active RSS key. In response to determining that one or more keys in the set of randomly generated candidate RSS keys have a higher packet distribution score than the active RSS key, an RSS key having a highest packet distribution score is selected from the one or more keys in the set of randomly generated candidate RSS keys that have a higher packet distribution score than the active RSS key. The RSS key having the highest packet distribution score is used to distribute incoming network packets across a plurality of processors.Type: ApplicationFiled: November 14, 2017Publication date: April 11, 2019Inventors: Chih-Wen Chao, Kuo-Chun Chen, Wei-Hsiang Hsiung, Sheng-Tung Hsu, Ming-Pin Hsueh
-
Patent number: 10212078Abstract: Methods, systems, and computer program products for enabling network services in a multi-tenant IaaS environment are provided. A service portal is deployed in the IaaS environment. In one embodiment, tenant packet associated with a first tenant of the IaaS environment is received by the service portal. The tenant packet is analyzed to identify one or more services to which to transmit the tenant packet. The tenant packet is distributed to the identified services for processing. A processed tenant packet is received from one or more of the identified services. The processed tenant packet is transmitted to a destination.Type: GrantFiled: July 9, 2015Date of Patent: February 19, 2019Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Publication number: 20190012214Abstract: Embodiments pertain to facilitation of live migration of a virtual machine in a network system. During live migration, a first appliance is cloned and state information directed to a first network flow is obtained. The state information is utilized by the cloned appliance to re-direct operations associated with the first network flow. At such time as the first network flow is terminated, the cloned is removed.Type: ApplicationFiled: September 14, 2018Publication date: January 10, 2019Applicant: International Business Machines CorporationInventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Travis Wu, Lun Pin Yuan
-
Patent number: 10146594Abstract: Embodiment pertain to facilitation of live migration of a virtual machine in a network system. The network system includes a first host, a second host, a first appliance for providing service to the first host, a second appliance for providing service to the second host, and a third appliance. At least one virtual machine is disposed on the first host and has an ongoing first network flow. The first appliance has generated state information about the first network flow. During the migration of the at least one virtual machine to the second host, the third appliance obtains a copy of the state information about the first network flow; and the third appliance takes over from the first appliance to serve the first network flow during the migration of the at least one virtual machine, until the first network flow is terminated.Type: GrantFiled: December 21, 2015Date of Patent: December 4, 2018Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming Hsun Wu, Lun Pin Yuan
-
Patent number: 9998329Abstract: An intelligent network management device including an analytic unit, conducting an analysis according to received packets in order to determine whether a given event is occurred; and a processing unit, generating and sending a control instruction to a SDN controller to change configurations of a SDN switch when the analytic unit determined the given event has been occurred.Type: GrantFiled: July 23, 2015Date of Patent: June 12, 2018Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Publication number: 20180083925Abstract: A computer program product for transmitting data flow in a network between two resources using a processing circuit to perform a method which includes obtaining a data record from a first resource, storing the data record and an associated data record identifier in a first memory, transmitting the data record from a first network to a second network, storing the data record and an associated data record identifier in a second memory, determining by an inline service provider whether the data record is suitable for transmission from a first resource to a second resource; based on determining that the data record is suitable for transmission by the inline service provider transmitting only the data record identifier stored in the second memory to the first switch and retrieving the data record stored in the first memory associated with the data record identifier for transmission to the second resource.Type: ApplicationFiled: September 22, 2016Publication date: March 22, 2018Inventors: Chih-Wen Chao, Cheng-Ta Lee, Yin Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Publication number: 20180077019Abstract: An intelligent network management device including an analytic unit, conducting an analysis according to received packets in order to determine whether a given event is occurred; and a processing unit, generating and sending a control instruction to a SDN controller to change configurations of a SDN switch when the analytic unit determined the given event has been occurred.Type: ApplicationFiled: November 7, 2017Publication date: March 15, 2018Inventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Publication number: 20180054450Abstract: A data packet is received. The data packet is a unit of data transmitted across a packet-switched network. A determination is made whether a new connection is detected. The data packet is transmitted using the new connection. In response to determining that a new connection is detected, a connection context for the new connection is added to a current connection context in a dynamic event table. The dynamic event table includes the current connection context, one or more previous connection contexts, and a listing of one or more events. Each event of the one or more events is a malicious activity and is retrieved from a repository. A score for each event is calculated based on the current connection context. Each event in the dynamic event table is prioritized based on the calculated score for each event. The event with the highest score receives the highest priority.Type: ApplicationFiled: August 16, 2016Publication date: February 22, 2018Inventors: Chih-Wen Chao, Hsin-Yu Chuang, Ming-Pin Hsueh, Sheng-Wei Lee
-
Publication number: 20180034797Abstract: Embodiments provide a system and method for network tracking. Through various methods of packet encapsulation or IP option filling, one or more packets of information can be tagged with a unique security tag to prevent unauthorized access. A user agent can be validated by an authentication server through acceptance of one or more user credentials. The authentication server can generate a security token that can be transmitted to the user agent. The user agent can generate a keystream from the security token, and portions of that keystream can be attached to the packets as the security tag. The tagged packets can be forwarded to an authenticator, who can recreate the keystream from a copy of the security token provided by the authentication server. If the tags generated from the authenticator match the tags on the tagged packet, the authenticator can strip the tag from the tagged packet and forward the packet on to its next network address.Type: ApplicationFiled: July 26, 2016Publication date: February 1, 2018Inventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Publication number: 20170111391Abstract: As disclosed herein a method, executed by a computer, includes detecting, by an intrusion prevention system, intruder network traffic addressed to a computing device, creating a decoy virtual machine, and redirecting the intruder network traffic to the decoy virtual machine. The method further includes determining one or more attack characteristics of the intruder network traffic, and generating a new intruder signature corresponding to the attack characteristics. The method further includes validating the new intruder signature, and providing the new intruder signature to the intrusion prevention system. A computer system and computer program product corresponding to the above method are also disclosed herein.Type: ApplicationFiled: October 15, 2015Publication date: April 20, 2017Inventors: Chih-Wen Chao, Hsin-Yu Chuang, Ming-Pin Hsueh, Sheng-Wei Lee
-
Publication number: 20170012872Abstract: Methods, systems, and computer program products for enabling network services in a multi-tenant IaaS environment are provided. A service portal is deployed in the IaaS environment. In one embodiment, tenant packet associated with a first tenant of the IaaS environment is received by the service portal. The tenant packet is analyzed to identify one or more services to which to transmit the tenant packet. The tenant packet is distributed to the identified services for processing. A processed tenant packet is received from one or more of the identified services. The processed tenant packet is transmitted to a destination.Type: ApplicationFiled: July 9, 2015Publication date: January 12, 2017Inventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Publication number: 20160188378Abstract: Embodiment pertain to facilitation of live migration of a virtual machine in a network system. The network system includes a first host, a second host, a first appliance for providing service to the first host, a second appliance for providing service to the second host, and a third appliance. At least one virtual machine is disposed on the first host and has an ongoing first network flow. The first appliance has generated state information about the first network flow. During the migration of the at least one virtual machine to the second host, the third appliance obtains a copy of the state information about the first network flow; and the third appliance takes over from the first appliance to serve the first network flow during the migration of the at least one virtual machine, until the first network flow is terminated.Type: ApplicationFiled: December 21, 2015Publication date: June 30, 2016Applicant: International Business Machines CorporationInventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Travis Wu, Lun Pin Yuan
-
Publication number: 20160147546Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.Type: ApplicationFiled: November 16, 2015Publication date: May 26, 2016Inventors: Chih-Wen Chao, Gregory L. Galloway, Cheng-Ta Lee, Ming-Hsun Wu, Rick M. F. Wu
-
Publication number: 20160036635Abstract: An intelligent network management device including an analytic unit, conducting an analysis according to received packets in order to determine whether a given event is occurred; and a processing unit, generating and sending a control instruction to a SDN controller to change configurations of a SDN switch when the analytic unit determined the given event has been occurred.Type: ApplicationFiled: July 23, 2015Publication date: February 4, 2016Inventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu