Patents by Inventor Codur S. Pranam
Codur S. Pranam has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11245716Abstract: In an aspect of the invention, the method includes one or more processors identifying events in the target environment that are associated with an indication of a security attack on the target environment. The method further includes composing rules based on the events and relating to an entity identifier that is fixed over a period of time in relation to an entity in the target environment. The method further includes weighting the rules according to a probability that the rule positively identifies a security attack. The method further correlating outputs of multiple activated rules relating to an entity identifier that are activated over time in response to events occurring in the target environment. The method further includes aggregating weightings from the multiple activated rules. The method further includes determining a score for an entity relating to the entity identifier based on the aggregated weightings.Type: GrantFiled: May 9, 2019Date of Patent: February 8, 2022Assignee: International Business Machines CorporationInventors: Thomas M. Roelofs, Codur S. Pranam
-
Patent number: 11012455Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.Type: GrantFiled: April 3, 2019Date of Patent: May 18, 2021Assignee: International Business Machines CorporationInventors: Shahnawaz Backer, Christopher J. Hockings, Codur S. Pranam, Rohit U. Satyanarayana
-
Publication number: 20200358803Abstract: In an aspect of the invention, the method includes one or more processors identifying events in the target environment that are associated with an indication of a security attack on the target environment. The method further includes composing rules based on the events and relating to an entity identifier that is fixed over a period of time in relation to an entity in the target environment. The method further includes weighting the rules according to a probability that the rule positively identifies a security attack. The method further correlating outputs of multiple activated rules relating to an entity identifier that are activated over time in response to events occurring in the target environment. The method further includes aggregating weightings from the multiple activated rules. The method further includes determining a score for an entity relating to the entity identifier based on the aggregated weightings.Type: ApplicationFiled: May 9, 2019Publication date: November 12, 2020Inventors: Thomas M. Roelofs, Codur S. Pranam
-
Patent number: 10685107Abstract: A computer-implemented method includes receiving a request to authenticate a user to remotely access a secure device and establishing, in response to the user being granted remote access to the secure device, a remote user session for the user. The computer-implemented method further includes identifying a plurality of actions performed during the remote user session. The computer-implemented method further includes comparing a first combination of actions in the plurality of actions to a plurality of policies for malicious intent. The computer-implemented method further includes determining a level of risk for malicious intent for the first combination of actions. The computer-implemented method further includes generating, in response to the level of risk of the first combination of actions exceeding a given threshold level, one or more preventive actions. A corresponding computer system and computer program product are also disclosed.Type: GrantFiled: October 24, 2017Date of Patent: June 16, 2020Assignee: International Business Machines CorporationInventors: Trevor S. Norvill, Codur S. Pranam, Rohit U. Satyanarayana, Suhas Venkatesh Kashyap
-
Patent number: 10581861Abstract: Aspects of the present invention disclose a method, computer program product, and system for determining whether an endpoint meets compliance standards. The method includes one or more processors receiving an endpoint certificate associated with an endpoint device that is requesting to access a resource, wherein the endpoint certificate includes a device fingerprint. The method further includes one or more processors determining compliance level of the endpoint device. The method further includes one or more processors validating credentials of the endpoint device. The method further includes one or more processors determining whether the endpoint device meets compliance standards based on the endpoint certificate, the determined compliance level, and the credentials of the endpoint device.Type: GrantFiled: September 12, 2017Date of Patent: March 3, 2020Assignee: International Business Machines CorporationInventors: Yunfei Bai, Ken Yian Chow, Christopher Hockings, Guoguang Jason Lu, Codur S. Pranam, Roy Soumyajit, Chuxin Zhao
-
Publication number: 20190230111Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.Type: ApplicationFiled: April 3, 2019Publication date: July 25, 2019Inventors: Shahnawaz Backer, Christopher J. Hockings, Codur S. Pranam, Rohit U. Satyanarayana
-
Patent number: 10320776Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.Type: GrantFiled: February 8, 2018Date of Patent: June 11, 2019Assignee: International Business Machines CorporationInventors: Codur S. Pranam, Vivek Shankar
-
Patent number: 10291636Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.Type: GrantFiled: May 23, 2016Date of Patent: May 14, 2019Assignee: International Business Machines CorporationInventors: Shahnawaz Backer, Christopher J. Hockings, Codur S. Pranam, Rohit U. Satyanarayana
-
Publication number: 20190121972Abstract: A computer-implemented method includes receiving a request to authenticate a user to remotely access a secure device and establishing, in response to the user being granted remote access to the secure device, a remote user session for the user. The computer-implemented method further includes identifying a plurality of actions performed during the remote user session. The computer-implemented method further includes comparing a first combination of actions in the plurality of actions to a plurality of policies for malicious intent. The computer-implemented method further includes determining a level of risk for malicious intent for the first combination of actions. The computer-implemented method further includes generating, in response to the level of risk of the first combination of actions exceeding a given threshold level, one or more preventive actions. A corresponding computer system and computer program product are also disclosed.Type: ApplicationFiled: October 24, 2017Publication date: April 25, 2019Inventors: Trevor S. Norvill, Codur S. Pranam, Rohit U. Satyanarayana, Suhas Venkatesh Kashyap
-
Publication number: 20190081953Abstract: Aspects of the present invention disclose a method, computer program product, and system for determining whether an endpoint meets compliance standards. The method includes one or more processors receiving an endpoint certificate associated with an endpoint device that is requesting to access a resource, wherein the endpoint certificate includes a device fingerprint. The method further includes one or more processors determining compliance level of the endpoint device. The method further includes one or more processors validating credentials of the endpoint device. The method further includes one or more processors determining whether the endpoint device meets compliance standards based on the endpoint certificate, the determined compliance level, and the credentials of the endpoint device.Type: ApplicationFiled: September 12, 2017Publication date: March 14, 2019Inventors: Yunfei Bai, Ken Yian Chow, Christopher Hockings, Guoguang Jason Lu, Codur S. Pranam, Roy Soumyajit, Chuxin Zhao
-
Patent number: 10178096Abstract: Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.Type: GrantFiled: March 31, 2017Date of Patent: January 8, 2019Assignee: International Business Machines CorporationInventors: Christopher J. Hockings, Budi Mulyono, Sumana S. Narasipur, Codur S. Pranam
-
Patent number: 10171455Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.Type: GrantFiled: February 8, 2018Date of Patent: January 1, 2019Assignee: International Business Machines CorporationInventors: Codur S. Pranam, Vivek Shankar
-
Publication number: 20180288051Abstract: Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventors: Christopher J. Hockings, Budi Mulyono, Sumana S. Narasipur, Codur S. Pranam
-
Patent number: 9998470Abstract: Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.Type: GrantFiled: September 19, 2017Date of Patent: June 12, 2018Assignee: International Business Machines CorporationInventors: Christopher J. Hockings, Budi Mulyono, Sumana S. Narasipur, Codur S. Pranam
-
Patent number: 9998455Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.Type: GrantFiled: July 25, 2017Date of Patent: June 12, 2018Assignee: International Business Machines CorporationInventors: Codur S. Pranam, Vivek Shankar
-
Publication number: 20180145965Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.Type: ApplicationFiled: February 8, 2018Publication date: May 24, 2018Inventors: Codur S. Pranam, Vivek Shankar
-
Publication number: 20180145966Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.Type: ApplicationFiled: February 8, 2018Publication date: May 24, 2018Inventors: Codur S. Pranam, Vivek Shankar
-
Patent number: 9887990Abstract: A computer-implemented method, computer program product, and system for tagging and replacing tagged credentials with target credentials unknown to a client. The method includes; receiving an access request from a client to access a protected resource on a target server, injecting credential field tags into a credential form used to access the protected resource, auto-submitting the credential form on the client computer, replace tagged credentials with target credentials, submitting the target credentials to the target server, and updating the target credentials if the target credentials are invalid or expired without intervention by the client.Type: GrantFiled: April 25, 2016Date of Patent: February 6, 2018Assignee: International Business Machines CorporationInventors: Codur S. Pranam, Vivek Shankar
-
Publication number: 20170339176Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.Type: ApplicationFiled: May 23, 2016Publication date: November 23, 2017Inventors: Shahnawaz Backer, Christopher J. Hockings, Codur S. Pranam, Rohit U. Satyanarayana
-
Publication number: 20170318009Abstract: Protecting application passwords using a secure proxy. A request is received by a proxy from a client to access a protected resource located on a target server. A secure session is initiated between the proxy and client. The access request is forwarded by the proxy to the target. A response is received from the target that is a credential form. The proxy server injects into each required credential field a credential field tag and is sent to the client computer. Target credentials mapped by the credential field tags are retrieved by the proxy server from a protected datastore. The form is completed and sent to the target. If the credentials are invalid, the target credentials are updated and stored in the protected data store without client computer intervention, and sent by the proxy server to the target. The client computer is then allowed to access the protected resource.Type: ApplicationFiled: July 25, 2017Publication date: November 2, 2017Inventors: Codur S. Pranam, Vivek Shankar