Patents by Inventor David C. Roxin

David C. Roxin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9514153
    Abstract: The present invention may comprise a system and method for a Virtual Attribute Federation System (VAFS) and may be composed of a Virtual Attribute Federation Manager (VAFM) and a system of Virtual Attribute Enabled Directories (VAED) modified to accept federation of virtual attributes. The VAFM produces signed and trusted calculation methods and coordinates a synchronized dispersal of these methods to the VAEDs. The VAEDs may have local mappings which allow for federation-time configuration of the calculation methods.
    Type: Grant
    Filed: March 7, 2016
    Date of Patent: December 6, 2016
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin
  • Publication number: 20160188629
    Abstract: The present invention may comprise a system and method for a Virtual Attribute Federation System (VAFS) and may be composed of a Virtual Attribute Federation Manager (VAFM) and a system of Virtual Attribute Enabled Directories (VAED) modified to accept federation of virtual attributes. The VAFM produces signed and trusted calculation methods and coordinates a synchronized dispersal of these methods to the VAEDs. The VAEDs may have local mappings which allow for federation-time configuration of the calculation methods.
    Type: Application
    Filed: March 7, 2016
    Publication date: June 30, 2016
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin
  • Patent number: 9311370
    Abstract: The present invention may comprise a system and method for a Virtual Attribute Federation System (VAFS) and may be composed of a Virtual Attribute Federation Manager (VAFM) and a system of Virtual Attribute Enabled Directories (VAED) modified to accept federation of virtual attributes. The VAFM produces signed and trusted calculation methods and coordinates a synchronized dispersal of these methods to the VAEDs. The VAEDs may have local mappings which allow for federation-time configuration of the calculation methods.
    Type: Grant
    Filed: November 24, 2010
    Date of Patent: April 12, 2016
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin
  • Patent number: 9268965
    Abstract: Approaches for using the historical party reputation data to calculate an access decision rating are provided. Specifically, one or more approaches provide a method, including: collecting reputation information of a first user that is requesting access to one or more assets, the reputation information based on at least an association of the first user with an organization and an association of the first user with one or more other users associated with one or more other organizations; storing the requester's reputation information; determining a change in the requester's reputation information, wherein the change comprises at least one of: the first user forming a new association with another organization, and the first user forming a new association with a second user, wherein the second user is affiliated with another organization; and causing an access decision rating to be calculated based upon the determined change in the requester's reputation information.
    Type: Grant
    Filed: June 26, 2014
    Date of Patent: February 23, 2016
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin
  • Patent number: 9219739
    Abstract: Approaches for providing reputation based access control are provided. Specifically, at least one approach includes: identifying a requesting subject requesting access to a controlled resource; retrieving a reputation of the subject stored as a virtual attribute in a reputation-based access control database, the reputation comprising a value for skill for operating with the requested controlled resource; determining whether the subject is a known security risk; modifying a reputation of the subject and an associate in the case that a security risk of the subject meets a threshold; modifying the reputation of the subject based on at least one of: peer feedback and expert opinion, in the case that the subject is not a known security risk; retrieving a policy of the requested controlled resource; determining if the reputation of the subject meets the policy, and if so, allowing the subject access to the resource, and if not, denying the access.
    Type: Grant
    Filed: March 9, 2015
    Date of Patent: December 22, 2015
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Hom, David C. Roxin
  • Publication number: 20150188926
    Abstract: Approaches for providing reputation based access control are provided. Specifically, at least one approach includes: identifying a requesting subject requesting access to a controlled resource; retrieving a reputation of the subject stored as a virtual attribute in a reputation-based access control database, the reputation comprising a value for skill for operating with the requested controlled resource; determining whether the subject is a known security risk; modifying a reputation of the subject and an associate in the case that a security risk of the subject meets a threshold; modifying the reputation of the subject based on at least one of: peer feedback and expert opinion, in the case that the subject is not a known security risk; retrieving a policy of the requested controlled resource; determining if the reputation of the subject meets the policy, and if so, allowing the subject access to the resource, and if not, denying the access.
    Type: Application
    Filed: March 9, 2015
    Publication date: July 2, 2015
    Inventors: Richard V. Hom, David C. Roxin
  • Patent number: 9058227
    Abstract: An approach for connecting the inputs and the outputs of multiple services in such a way that the entire transaction can be tracked from beginning to end and from service to service is provided. The pipeline architecture of the present invention passes information through a sequence of nodes, each node providing some processing or filtering before passing information to the next node in the pipe. A transaction's token passes down a pipe of services. The pipe can have forks and branches, so a transaction's token is passed from node to node carrying messages from one node to another. The overall transactional information is not lost from service to service; instead it is carried up and down the length of the pipeline. As the transaction's token is passed up and down the pipeline, its history passes with it. The pipe links a chain of nodes connected end-to-end.
    Type: Grant
    Filed: January 21, 2014
    Date of Patent: June 16, 2015
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin
  • Patent number: 9047336
    Abstract: Approaches for providing reputation based access control are provided.
    Type: Grant
    Filed: June 26, 2014
    Date of Patent: June 2, 2015
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Hom, David C. Roxin
  • Patent number: 8931048
    Abstract: A system and method for creates, maintains and monitors individuals, organizations and artifacts relating to the same over time with respect to pedigree and reputation, security and reliability. One aspect of the present invention provides for a method and a system for collecting and maintaining historical party reputation data. Another aspect of the present invention provides for a method and a system for assessing an access decision to the historical party reputation data to a person after the person's reputation has changed.
    Type: Grant
    Filed: August 24, 2010
    Date of Patent: January 6, 2015
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Hom, David C. Roxin
  • Publication number: 20140310806
    Abstract: Approaches for using the historical party reputation data to calculate an access decision rating are provided. Specifically, one or more approaches provide a method, including: collecting reputation information of a first user that is requesting access to one or more assets, the reputation information based on at least an association of the first user with an organization and an association of the first user with one or more other users associated with one or more other organizations; storing the requester's reputation information; determining a change in the requester's reputation information, wherein the change comprises at least one of: the first user forming a new association with another organization, and the first user forming a new association with a second user, wherein the second user is affiliated with another organization; and causing an access decision rating to be calculated based upon the determined change in the requester's reputation information.
    Type: Application
    Filed: June 26, 2014
    Publication date: October 16, 2014
    Inventors: Richard V. Horn, Eric M. Nelson, David C. Roxin
  • Publication number: 20140310254
    Abstract: Approaches for providing reputation based access control are provided.
    Type: Application
    Filed: June 26, 2014
    Publication date: October 16, 2014
    Inventors: Richard V. Hom, David C. Roxin
  • Patent number: 8805881
    Abstract: The reputation based access control system of the present invention allows or denies access to a requested controlled resource to a requesting subject based upon predetermined associations between the resource and security contexts to determine the subject's reputation in those contexts. The reputation based access control system utilizes an authentication system (biometric, challenge/response, etc.) to identify a subject. Once the identity is determined, a resource to be accessed is determined by a reputation based access control unit. The system interfaces with a reputation assessment system to gauge the subject's reputation in these contexts. If the subject's reputation meets the predetermined limits for reputation in those contexts for that resource, the subject is allowed access to the resource. Otherwise access is denied and the proper agents are notified.
    Type: Grant
    Filed: May 6, 2010
    Date of Patent: August 12, 2014
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Hom, David C. Roxin
  • Patent number: 8800029
    Abstract: A method and a system for collecting and maintaining historical party reputation data and for using the historical party reputation data to calculate an access decision rating and recalculating the access decision rating when the historical party reputation data has changed has a reputation updater for updating a reputation when a party's reputation has changed, a reputation storer for storing the party's reputation, an access decision rating maker for making a rating on a party's access abilities based upon the party's reputation and reputation history storage for storing a party's reputation having access decision rating storage for storing previous and present access decision storage ratings.
    Type: Grant
    Filed: October 4, 2010
    Date of Patent: August 5, 2014
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Horn, Eric M. Nelson, David C. Roxin
  • Publication number: 20140136474
    Abstract: An approach for connecting the inputs and the outputs of multiple services in such a way that the entire transaction can be tracked from beginning to end and from service to service is provided. The pipeline architecture of the present invention passes information through a sequence of nodes, each node providing some processing or filtering before passing information to the next node in the pipe. A transaction's token passes down a pipe of services. The pipe can have forks and branches, so a transaction's token is passed from node to node carrying messages from one node to another. The overall transactional information is not lost from service to service; instead it is carried up and down the length of the pipeline. As the transaction's token is passed up and down the pipeline, its history passes with it. The pipe links a chain of nodes connected end-to-end.
    Type: Application
    Filed: January 21, 2014
    Publication date: May 15, 2014
    Applicant: International Business Machines Corporation
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin
  • Patent number: 8650151
    Abstract: An approach for connecting the inputs and the outputs of multiple services in such a way that the entire transaction can be tracked from beginning to end and from service to service is provided. The pipeline architecture of the present invention passes information through a sequence of nodes, each node providing some processing or filtering before passing information to the next node in the pipe. A transaction's token passes down a pipe of services. The pipe can have forks and branches, so a transaction's token is passed from node to node carrying messages from one node to another. The overall transactional information is not lost from service to service; instead it is carried up and down the length of the pipeline. As the transaction's token is passed up and down the pipeline, its history passes with it. The pipe links a chain of nodes connected end-to-end.
    Type: Grant
    Filed: January 24, 2011
    Date of Patent: February 11, 2014
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin
  • Patent number: 8359328
    Abstract: A party reputation aggregation unit determines and collects the reputation of a party from various sources. Further, the party reputation aggregation unit provides for the weighing and aggregation of such data, including reputation data of the party, reputation data of the party's relationships, reputation data of the party's social networks and reputation data of the members of the party's social network so that a complete picture of an individual or organization may be provided to a qualified requestor for his/her use/assessment.
    Type: Grant
    Filed: June 15, 2010
    Date of Patent: January 22, 2013
    Assignee: International Business Machines Corporation
    Inventors: Richard V. Hom, David C. Roxin
  • Publication number: 20120191643
    Abstract: An approach for connecting the inputs and the outputs of multiple services in such a way that the entire transaction can be tracked from beginning to end and from service to service is provided. The pipeline architecture of the present invention passes information through a sequence of nodes, each node providing some processing or filtering before passing information to the next node in the pipe. A transaction's token passes down a pipe of services. The pipe can have forks and branches, so a transaction's token is passed from node to node carrying messages from one node to another. The overall transactional information is not lost from service to service; instead it is carried up and down the length of the pipeline. As the transaction's token is passed up and down the pipeline, its history passes with it. The pipe links a chain of nodes connected end-to-end.
    Type: Application
    Filed: January 24, 2011
    Publication date: July 26, 2012
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin
  • Publication number: 20120136908
    Abstract: The present invention involves creating an attribute in a directory and having a system provide attribute values for data that changes rapidly with a speed high enough to satisfy real-time requirements. The present invention calculates values rather than storing them for each attribute of an object class instance. It provides “virtual attributes” and using them in Attribute Based Access Control (ABAC). The resulting Virtual Attribute Based Access Control (VABAC) system allows a Policy Decision Point (PDP) to make better informed decisions based on information that results from metrics, statistics, or data from some outside system. Given virtual attributes, the PDPs can make access decisions based on things like reputation, skill level, trust level, organizational structure, etc.
    Type: Application
    Filed: November 29, 2010
    Publication date: May 31, 2012
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin
  • Publication number: 20120131077
    Abstract: The present invention may comprise a system and method for a Virtual Attribute Federation System (VAFS) and may be composed of a Virtual Attribute Federation Manager (VAFM) and a system of Virtual Attribute Enabled Directories (VAED) modified to accept federation of virtual attributes. The VAFM produces signed and trusted calculation methods and coordinates a synchronized dispersal of these methods to the VAEDs. The VAEDs may have local mappings which allow for federation-time configuration of the calculation methods.
    Type: Application
    Filed: November 24, 2010
    Publication date: May 24, 2012
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin
  • Publication number: 20120084856
    Abstract: A method and a system for collecting and maintaining historical party reputation data and for using the historical party reputation data to calculate an access decision rating and recalculating the access decision rating when the historical party reputation data has changed has a reputation updater for updating a reputation when a party's reputation has changed, a reputation storer for storing the party's reputation, an access decision rating maker for making a rating on a party's access abilities based upon the party's reputation and reputation history storage for storing a party's reputation having access decision rating storage for storing previous and present access decision storage ratings.
    Type: Application
    Filed: October 4, 2010
    Publication date: April 5, 2012
    Applicant: International Business Machines Corporation
    Inventors: Richard V. Hom, Eric M. Nelson, David C. Roxin