Patents by Inventor Christopher J. Hockings
Christopher J. Hockings has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9992201Abstract: A management component of a computing system evaluates end-users, end-user devices, and user accounts for access to provisioned-resources of the computing system. The management component utilizes device compliance attributes to form a device risk vector associated with an end-user device. The management component further utilizes resource compliance attributes to form a resource risk vector associated with a provisioned-resource. The management component forms a policy vector utilizing compliance attributes included in a compliance policy. The management component compares the device and resource risk vectors to the policy vector to determine a threat vector, and uses the threat vector to evaluate the end-users, end-user devices, and user accounts for risk of security breach, damage to, and/or loss of components of the computing system.Type: GrantFiled: August 30, 2017Date of Patent: June 5, 2018Assignee: International Business Machines CorporationInventors: Christopher J. Hockings, Dinesh T. Jain, Rohit U. Satyanarayana, Vincent C. Williams
-
Publication number: 20180081991Abstract: Disclosed herein is a system and method for identifying a spam email message. To identify a spam message a similarity measurement hash and a sender hash is generated for each email message. Two or more previously received email messages are compared with an incoming email message. The incoming email message is identified as a spam message when the similarity measurement hash between incoming message and one of the received messages matches and the corresponding sender hash does not match. The system may integrate with other email servers through a DNS to identify spam emails across different organizations and locations. The system and method may further apply rules to particular match to whitelist a potential spam email.Type: ApplicationFiled: September 20, 2016Publication date: March 22, 2018Inventors: Mark H. Barber, Carsten Hagemann, Christopher J. Hockings
-
Patent number: 9888022Abstract: Assessment of threat risks associated with a given mobile device application (app) on a device type specific basis, so that the threat assessment is specific to a particular device type that is suitable for running the given app. The assessed device-type-specific risk is represented as device-type-specific risk metadata, which is associated as metadata with the given app. For example, the metadata may be stored along with the given app in a common repository that includes many apps. In some embodiments, the device-type-specific risk metadata is generated and stored comprehensively for all apps and device types used in an enterprise. The device-type-specific risk assessment, and corresponding device-type-specific risk metadata, may be based upon run time behavior of the given app on a given device type.Type: GrantFiled: December 1, 2015Date of Patent: February 6, 2018Assignee: International Business Machines CorporationInventors: Vikas B. Desai, Carsten Hagemann, Christopher J. Hockings, Mark D. Johnston
-
Publication number: 20180012015Abstract: A mechanism is provided for sending a password to a terminal. A password send request is received. The status of each of a plurality of terminals coupled to the information processing device via a network is acquired. On the basis of the acquired statuses, at least one item is selected from a group comprising the terminal serving as a destination for the password, the communication method with the terminal, or the method for inputting the password in the terminal. The password is then sent to the selected terminal via a network.Type: ApplicationFiled: August 15, 2017Publication date: January 11, 2018Inventors: Christopher J. Hockings, Philip A. J. Nye, Tadashi Tsumura
-
Publication number: 20170366548Abstract: A management component of a computing system evaluates end-users, end-user devices, and user accounts for access to provisioned-resources of the computing system. The management component utilizes device compliance attributes to form a device risk vector associated with an end-user device. The management component further utilizes resource compliance attributes to form a resource risk vector associated with a provisioned-resource. The management component forms a policy vector utilizing compliance attributes included in a compliance policy. The management component compares the device and resource risk vectors to the policy vector to determine a threat vector, and uses the threat vector to evaluate the end-users, end-user devices, and user accounts for risk of security breach, damage to, and/or loss of components of the computing system.Type: ApplicationFiled: August 30, 2017Publication date: December 21, 2017Inventors: Christopher J. Hockings, Dinesh T. Jain, Rohit U. Satyanarayana, Vincent C. Williams
-
Publication number: 20170366549Abstract: A management component of a computing system evaluates end-users, end-user devices, and user accounts for access to provisioned-resources of the computing system. The management component utilizes device compliance attributes to form a device risk vector associated with an end-user device. The management component further utilizes resource compliance attributes to form a resource risk vector associated with a provisioned-resource. The management component forms a policy vector utilizing compliance attributes included in a compliance policy. The management component compares the device and resource risk vectors to the policy vector to determine a threat vector, and uses the threat vector to evaluate the end-users, end-user devices, and user accounts for risk of security breach, damage to, and/or loss of components of the computing system.Type: ApplicationFiled: August 30, 2017Publication date: December 21, 2017Inventors: Christopher J. Hockings, Dinesh T. Jain, Rohit U. Satyanarayana, Vincent C. Williams
-
Publication number: 20170346815Abstract: A first user request may be received to access a particular resource. A first authentication credential from a first client device may be received based on a first authentication challenge being issued to a user of the first client device. A second client device of the user may be notified to prompt the user to provide a second authentication credential to complete at least a second authentication challenge. The access to the particular resource may require at least successfully completing the first authentication challenge on the first client device and the second authentication challenge on the second client device.Type: ApplicationFiled: May 31, 2016Publication date: November 30, 2017Inventors: Scott M. Andrews, Christopher J. Hockings, Sumana Srinath Narasipur, Codur Sreedhar Pranam
-
Publication number: 20170339176Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.Type: ApplicationFiled: May 23, 2016Publication date: November 23, 2017Inventors: Shahnawaz Backer, Christopher J. Hockings, Codur S. Pranam, Rohit U. Satyanarayana
-
Publication number: 20170339160Abstract: A management component of a computing system evaluates end-users, end-user devices, and user accounts for access to provisioned-resources of the computing system. The management component utilizes device compliance attributes to form a device risk vector associated with an end-user device. The management component further utilizes resource compliance attributes to form a resource risk vector associated with a provisioned-resource. The management component forms a policy vector utilizing compliance attributes included in a compliance policy. The management component compares the device and resource risk vectors to the policy vector to determine a threat vector, and uses the threat vector to evaluate the end-users, end-user devices, and user accounts for risk of security breach, damage to, and/or loss of components of the computing system.Type: ApplicationFiled: May 17, 2016Publication date: November 23, 2017Inventors: Christopher J. Hockings, Dinesh T. Jain, Rohit U. Satyanarayana, Vincent C. Williams
-
Publication number: 20170310696Abstract: Assessment of threat risks associated with a given mobile device application (app) on a device type specific basis, so that the threat assessment is specific to a particular device type that is suitable for running the given app. The assessed device-type-specific risk is represented as device-type-specific risk metadata, which is associated as metadata with the given app. For example, the metadata may be stored along with the given app in a common repository that includes many apps. In some embodiments, the device-type-specific risk metadata is generated and stored comprehensively for all apps and device types used in an enterprise. The device-type-specific risk assessment, and corresponding device-type-specific risk metadata, may be based upon run time behavior of the given app on a given device type.Type: ApplicationFiled: July 7, 2017Publication date: October 26, 2017Inventors: Vikas B. Desai, Carsten Hagemann, Christopher J. Hockings, Mark D. Johnston
-
Patent number: 9762582Abstract: A management component of a computing system evaluates end-users, end-user devices, and user accounts for access to provisioned-resources of the computing system. The management component utilizes device compliance attributes to form a device risk vector associated with an end-user device. The management component further utilizes resource compliance attributes to form a resource risk vector associated with a provisioned-resource. The management component forms a policy vector utilizing compliance attributes included in a compliance policy. The management component compares the device and resource risk vectors to the policy vector to determine a threat vector, and uses the threat vector to evaluate the end-users, end-user devices, and user accounts for risk of security breach, damage to, and/or loss of components of the computing system.Type: GrantFiled: December 20, 2016Date of Patent: September 12, 2017Assignee: International Business Machines CorporationInventors: Christopher J. Hockings, Dinesh T. Jain, Rohit U. Satyanarayana, Vincent C. Williams
-
Patent number: 9740851Abstract: A mechanism is provided for sending a password to a terminal. A password send request is received. The status of each of a plurality of terminals coupled to the information processing device via a network is acquired. On the basis of the acquired statuses, at least one item is selected from a group comprising the terminal serving as a destination for the password, the communication method with the terminal, or the method for inputting the password in the terminal. The password is then sent to the selected terminal via a network.Type: GrantFiled: July 17, 2015Date of Patent: August 22, 2017Assignee: International Business Machines CorporationInventors: Christopher J. Hockings, Philip A. J. Nye, Tadashi Tsumura
-
Patent number: 9712942Abstract: A request for a first resource by a user is received. In response to receiving the request for a first resource, a second resource is determined based on the first resource and a resource usage pattern of the user. A response to the request for the first resource is provided. The response includes the first resource and the second resource.Type: GrantFiled: December 2, 2016Date of Patent: July 18, 2017Assignee: International Business Machines CorporationInventors: Ann-Louise Bolger, Scott A. Exton, Yaqian Fang, Christopher J. Hockings
-
Publication number: 20170187751Abstract: A policy enforcement point includes fraud prevention information associated with devices and/or users which is collected from: (i) many cloud fraud services located in the cloud; and/or (ii) authorization processing of users and/or devices. The policy enforcement point is consulted when a user/device undergoes authorization processing for a transaction with an application (for example, an application that serves protected content such as financial records, email, etc.). Fraud prevention information is added to session data, associated with the attempted authorization to the application, for the user/device as the user/device proceeds its attempted authorization to the application. In some cases, the authorization to the application may be refused based on the data added to the session data by the policy enforcement point or the policy enforcement point will propagate fraud prevention information to the application to make the decision.Type: ApplicationFiled: December 29, 2015Publication date: June 29, 2017Inventors: Scott M. Andrews, Timothy J. Ashton, Leigh Doddy, Christopher J. Hockings, Trevor S. Norvill
-
Publication number: 20170180908Abstract: A request for a first resource by a user is received. In response to receiving the request for a first resource, a second resource is determined based on the first resource and a resource usage pattern of the user. A response to the request for the first resource is provided. The response includes the first resource and the second resource.Type: ApplicationFiled: December 2, 2016Publication date: June 22, 2017Inventors: Ann-Louise Bolger, Scott A. Exton, Yaqian Fang, Christopher J. Hockings
-
Publication number: 20170180452Abstract: A request for a first resource by a user is received. In response to receiving the request for a first resource, a second resource is determined based on the first resource and a resource usage pattern of the user. A response to the request for the first resource is provided. The response includes the first resource and the second resource.Type: ApplicationFiled: December 18, 2015Publication date: June 22, 2017Inventors: Ann-Louise Bolger, Scott A. Exton, Yaqian Fang, Christopher J. Hockings
-
Patent number: 9672348Abstract: Risk-based credential management is provided. A request to checkout credentials is received. The credentials are associated with at least one managed resource. A risk value of the request is determined. The determination of the risk value is based, at least in part, on risk information of the requesting device. A determination is made whether to deny the request based, at least in part, on the risk value and a first predetermined threshold of a checkout policy.Type: GrantFiled: May 27, 2015Date of Patent: June 6, 2017Assignee: International Business Machines CorporationInventors: Leigh T. Doddy, Christopher J. Hockings, Dinesh T. Jain, Philip A. J. Nye
-
Publication number: 20170155673Abstract: Assessment of threat risks associated with a given mobile device application (app) on a device type specific basis, so that the threat assessment is specific to a particular device type that is suitable for running the given app. The assessed device-type-specific risk is represented as device-type-specific risk metadata, which is associated as metadata with the given app. For example, the metadata may be stored along with the given app in a common repository that includes many apps. In some embodiments, the device-type-specific risk metadata is generated and stored comprehensively for all apps and device types used in an enterprise. The device-type-specific risk assessment, and corresponding device-type-specific risk metadata, may be based upon run time behavior of the given app on a given device type.Type: ApplicationFiled: December 1, 2015Publication date: June 1, 2017Inventors: Vikas B. Desai, Carsten Hagemann, Christopher J. Hockings, Mark D. Johnston
-
Patent number: 9659166Abstract: Risk-based credential management is provided. A request to checkout credentials is received. The credentials are associated with at least one managed resource. A risk value of the request is determined. The determination of the risk value is based, at least in part, on risk information of the requesting device. A determination is made whether to deny the request based, at least in part, on the risk value and a first predetermined threshold of a checkout policy.Type: GrantFiled: January 30, 2015Date of Patent: May 23, 2017Assignee: International Business Machines CorporationInventors: Leigh T. Doddy, Christopher J. Hockings, Dinesh T. Jain, Philip A. J. Nye
-
Patent number: 9560163Abstract: A request for a first resource by a user is received. In response to receiving the request for a first resource, a second resource is determined based on the first resource and a resource usage pattern of the user. A response to the request for the first resource is provided. The response includes the first resource and the second resource.Type: GrantFiled: May 31, 2016Date of Patent: January 31, 2017Assignee: International Business Machines CorporationInventors: Ann-Louise Bolger, Scott A. Exton, Yaqian Fang, Christopher J. Hockings