Patents by Inventor George R. Blakley
George R. Blakley has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9503458Abstract: These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions.Type: GrantFiled: August 11, 2015Date of Patent: November 22, 2016Assignee: International Business Machines CorporationInventors: Mary Ellen Zurko, George R. Blakley, III
-
Publication number: 20150350216Abstract: These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions.Type: ApplicationFiled: August 11, 2015Publication date: December 3, 2015Inventors: Mary Ellen Zurko, George R. Blakley, III
-
Patent number: 9148433Abstract: These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions.Type: GrantFiled: October 23, 2014Date of Patent: September 29, 2015Assignee: International Business Machines CorporationInventors: Mary Ellen Zurko, George R. Blakley, III
-
Publication number: 20150046972Abstract: These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions.Type: ApplicationFiled: October 23, 2014Publication date: February 12, 2015Inventors: Mary Ellen Zurko, George R. Blakley, III
-
Patent number: 8904476Abstract: These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions.Type: GrantFiled: March 15, 2013Date of Patent: December 2, 2014Assignee: International Business Machines CorporationInventors: Mary Ellen Zurko, George R. Blakley, III
-
Patent number: 8527754Abstract: A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.Type: GrantFiled: August 19, 2011Date of Patent: September 3, 2013Assignee: International Business Machines CorporationInventors: Diana J. Arroyo, George R. Blakley, III, Damir A. Jamsek, Sridhar R. Muppidi, Kimberly D. Simon, Ronald B. Williams
-
Patent number: 8474006Abstract: These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions.Type: GrantFiled: October 28, 2009Date of Patent: June 25, 2013Assignee: International Business Machines CorporationInventors: Mary Ellen Zurko, George R. Blakley, III
-
Publication number: 20110302413Abstract: A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.Type: ApplicationFiled: August 19, 2011Publication date: December 8, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Diana J. Arroyo, George R. Blakley, III, Damir A. Jamsek, Sridhar R. Muppidi, Kimberly D. Simon, Ronald B. Williams
-
Patent number: 8024565Abstract: Authorizing information flows between devices of a data processing system is provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.Type: GrantFiled: May 30, 2008Date of Patent: September 20, 2011Assignee: International Business Machines CorporationInventors: Diana J. Arroyo, George R. Blakley, III, Damir A. Jamsek, Sridhar R. Muppidi, Kimberly D. Simon, Ronald B. Williams
-
Patent number: 7975295Abstract: A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.Type: GrantFiled: May 30, 2008Date of Patent: July 5, 2011Assignee: International Business Machines CorporationInventors: Diana J. Arroyo, George R. Blakley, III, Damir A. Jamsek, Sridhar R. Muppidi, Kimberly D. Simon, Ronald B. Williams
-
Patent number: 7793100Abstract: A reference monitor that authorizes information flows between elements of a data processing system is provided. The elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.Type: GrantFiled: January 8, 2009Date of Patent: September 7, 2010Assignee: International Business Machines CorporationInventors: Diana J. Arroyo, George R. Blakley, III, Damir A. Jamsek, Sridhar R. Muppidi, Kimberly D. Simon, Ronald B. Williams
-
Publication number: 20100115580Abstract: These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions.Type: ApplicationFiled: October 28, 2009Publication date: May 6, 2010Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Mary Ellen Zurko, George R. Blakley, III
-
Patent number: 7647630Abstract: A method for authorizing information flows based on security information associated with information objects is provided. A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.Type: GrantFiled: December 15, 2005Date of Patent: January 12, 2010Assignee: International Business Machines CorporationInventors: Diana J. Arroyo, George R. Blakley, III, Damir A. Jamsek, Sridhar R. Muppidi, Kimberly D. Simon, Ronald B. Williams
-
Publication number: 20090119507Abstract: A reference monitor that authorizes information flows between elements of a data processing system is provided. The elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.Type: ApplicationFiled: January 8, 2009Publication date: May 7, 2009Applicant: International Business Machines CorporationInventors: Diana J. Arroyo, George R. Blakley, III, Damir A. Jamsek, Sridhar R. Muppidi, Kimberly D. Simon, Ronald B. Williams
-
Patent number: 7512792Abstract: A reference monitor system, apparatus, computer program product and method are provided. In one illustrative embodiment, elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.Type: GrantFiled: December 15, 2005Date of Patent: March 31, 2009Assignee: International Business Machines CorporationInventors: Diana J. Arroyo, George R. Blakley, III, Damir A. Jamsek, Sridhar R. Muppidi, Kimberly D. Simon, Ronald B. Williams
-
Publication number: 20080229412Abstract: A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.Type: ApplicationFiled: May 30, 2008Publication date: September 18, 2008Applicant: International Business Machines CorporationInventors: Diana J. Arroyo, George R. Blakley, Damir A. Jamesk, Sridhar R. Muppidi, Kimberly D. Simon, Ronald B. Williams
-
Publication number: 20080229413Abstract: Authorizing information flows between devices of a data processing system is provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.Type: ApplicationFiled: May 30, 2008Publication date: September 18, 2008Applicant: International Business Machines CorporationInventors: Diana J. Arroyo, George R. Blakley, Damir A. Jamsek, Sridhar R. Muppidi, Kimberly D. Simon, Ronald B. Williams
-
Patent number: 7039714Abstract: An enterprise computing environment such as a corporate web portal includes an intermediary server, a sign on service, and one or more backend enterprise systems managed by resource managers. Before or after user primary logon, which establishes a user primary account identity, the intermediary server uses its own identity to authenticate to the sign on service its right to retrieve user secondary account identities with respect to the backend enterprise systems. Retrieved secondary account identities are then used by the intermediary server to perform user secondary logons to respective resource managers in the environment. The intermediary server also manages the passing of resource requests and associated replies between the user and the resource managers.Type: GrantFiled: January 19, 2000Date of Patent: May 2, 2006Assignee: International Business Machines CorporationInventors: George R. Blakley III, Gregory Scott Clark, Ivan Matthew Milman, Brian Turner
-
Publication number: 20040128537Abstract: These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions.Type: ApplicationFiled: December 30, 2002Publication date: July 1, 2004Applicant: International Business Machines CorporationInventors: Mary Ellen Zurko, George R. Blakley
-
Patent number: 5677952Abstract: A method, using a secret key, to protect information in a storage disk of a computer, where the secret key is derived from a password entered into the computer by an authorized user. The method begins by applying a length-increasing pseudorandom function to the secret key and an index to generate a pseudorandom bit string having a length that is a function of the size of a sector of the storage disk. The sector is associated or otherwise identified by the index used by the pseudorandom function to generate the pseudorandom bit string. The pseudorandom bit string is then used to encrypt and decrypt data accesses to and from the sector.Type: GrantFiled: December 6, 1994Date of Patent: October 14, 1997Assignee: International Business Machines CorporationInventors: George R. Blakley, III, Phillip W. Rogaway