Patents by Inventor Harold Moss
Harold Moss has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9560080Abstract: An information sharing paradigm for a cloud computing solution enables flexible organizational boundaries with respect to cloud resources. Cloud service customers manage their own organization boundary but can extend that boundary selectively by associating cloud resources they own with sets of domain names that may be associated with requests for cloud resources that the organization may be willing to share with other organizations that are using the cloud environment, and by ensuring that any such requests for resources that are shared in this manner are associated with one or more message handling policies that have been defined by (or otherwise associated with) the resource-owning organization. Cloud resources owned by an organization (even those marked as “internal only”) may be selectively shared with one or more other organizations using the cloud environment depending on the domain names associated with the requests. Message handling policies are enforced with respect to shared resources.Type: GrantFiled: December 15, 2015Date of Patent: January 31, 2017Assignee: International Business Machines CorporationInventors: Mustansir Banatwala, Harold Moss, III, Robert L. Yates, Mary E. Zurko
-
Publication number: 20160099975Abstract: An information sharing paradigm for a cloud computing solution enables flexible organizational boundaries with respect to cloud resources. Cloud service customers manage their own organization boundary but can extend that boundary selectively by associating cloud resources they own with sets of domain names that may be associated with requests for cloud resources that the organization may be willing to share with other organizations that are using the cloud environment, and by ensuring that any such requests for resources that are shared in this manner are associated with one or more message handling policies that have been defined by (or otherwise associated with) the resource-owning organization. Cloud resources owned by an organization (even those marked as “internal only”) may be selectively shared with one or more other organizations using the cloud environment depending on the domain names associated with the requests. Message handling policies are enforced with respect to shared resources.Type: ApplicationFiled: December 15, 2015Publication date: April 7, 2016Inventors: Mustansir Banatwala, Harold Moss, III, Robert L. Yates, Mary E. Zurko
-
Patent number: 9246839Abstract: An information sharing paradigm for a cloud computing solution enables flexible organizational boundaries with respect to cloud resources. Cloud service customers manage their own organization boundary but can extend that boundary selectively by associating cloud resources they own with sets of domain names that may be associated with requests for cloud resources that the organization may be willing to share with other organizations that are using the cloud environment, and by ensuring that any such requests for resources that are shared in this manner are associated with one or more message handling policies that have been defined by (or otherwise associated with) the resource-owning organization. Cloud resources owned by an organization (even those marked as “internal only”) may be selectively shared with one or more other organizations using the cloud environment depending on the domain names associated with the requests. Message handling policies are enforced with respect to shared resources.Type: GrantFiled: January 2, 2013Date of Patent: January 26, 2016Assignee: International Business Machines CorporationInventors: Mustansir Banatwala, Harold Moss, III, Robert L. Yates, Mary E. Zurko
-
Patent number: 9092787Abstract: A method, system and computer-usable medium for a policy validator that automates the validation of existing or proposed policies. A segmented questionnaire wizard is implemented to guide a policy creator through a series of policy-related questions, resulting in the automated generation of a questionnaire used for validating the policy. The resulting validation questionnaire is automatically distributed to predetermined subject matter experts and individuals affected by the policy, whose responses are then analyzed and scored by the policy validator to determine the validity of the policy. If the resulting validation score is within a predetermined, acceptable range, the policy is approved and released for implementation. Otherwise, the process is repeated until an acceptable validation score is achieved.Type: GrantFiled: September 6, 2006Date of Patent: July 28, 2015Assignee: International Business Machines CorporationInventor: Harold Moss
-
Patent number: 9047488Abstract: Mechanisms are provided for relational context sensitive anonymization of data. A request for data is received that specifies a relational context corresponding to a selected group of selected persons selected from a global group of persons based on the relational context. The relational context specifies one or more attributes of selected persons in the selected group that establishes a relationship between the selected persons and distinguishes the selected persons from non-selected persons in the global group that are not in the selected group. For the relational context, based on a corpus of personal information data corresponding to the selected persons, key attributes in the personal information data are determined and a rarity value for each key attribute is determined. Selected key attributes are then anonymized based on the determined rarity value for each of the key attributes within the relational context of the selected group.Type: GrantFiled: March 15, 2013Date of Patent: June 2, 2015Assignee: International Business Machines CorporationInventors: Corville O. Allen, Scott R. Carrier, Harold Moss, III, Eric Woods
-
Patent number: 8984593Abstract: A system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.Type: GrantFiled: May 7, 2013Date of Patent: March 17, 2015Assignee: International Business Machines CorporationInventors: Steven A. Bade, Harold Moss, Mary Ellen Zurko
-
Publication number: 20140283097Abstract: Mechanisms are provided for relational context sensitive anonymization of data. A request for data is received that specifies a relational context corresponding to a selected group of selected persons selected from a global group of persons based on the relational context. The relational context specifies one or more attributes of selected persons in the selected group that establishes a relationship between the selected persons and distinguishes the selected persons from non-selected persons in the global group that are not in the selected group. For the relational context, based on a corpus of personal information data corresponding to the selected persons, key attributes in the personal information data are determined and a rarity value for each key attribute is determined. Selected key attributes are then anonymized based on the determined rarity value for each of the key attributes within the relational context of the selected group.Type: ApplicationFiled: March 15, 2013Publication date: September 18, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Corville O. Allen, Scott R. Carrier, Harold Moss, III, Eric Woods
-
Patent number: 8819787Abstract: A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.Type: GrantFiled: May 7, 2013Date of Patent: August 26, 2014Assignee: International Business Machines CorporationInventors: Steven A Bade, Harold Moss, Mary Ellen Zurko
-
Publication number: 20130297681Abstract: A system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.Type: ApplicationFiled: May 7, 2013Publication date: November 7, 2013Applicant: International Business Machines CorporationInventors: STEVEN A. BADE, HAROLD MOSS, MARY ELLEN ZURKO
-
Publication number: 20130246515Abstract: A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.Type: ApplicationFiled: May 7, 2013Publication date: September 19, 2013Applicant: International Business Machines CorporationInventors: Steven A. BADE, Harold MOSS, Mary Ellen ZURKO
-
Publication number: 20130238789Abstract: A monitoring tool can monitor network location of a digital asset hosted by a cloud service provider. Movement of the digital asset from a first network location to a second network location is detected. In response to detecting that the digital asset moves, a geographic location that corresponds to the second network location is determined. It is then determined that the geographic location deviates from a geographic setting configured for the digital asset. A notification that the digital asset has been moved to the geographic location that deviates from the geographic setting is generated.Type: ApplicationFiled: February 28, 2013Publication date: September 12, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Steven A. Bade, Harold Moss, III, Mary Ellen Zurko
-
Patent number: 8527633Abstract: A technique for addressing geographical location issues in a computing environment includes receiving, at a data processing system, location information indicating a permissible geographical location in which a virtual machine image for a consumer may be deployed. A request for an exception to deploy the virtual machine image outside of the permissible geographical location is issued, from the data processing system. An exception grant or an exception denial is received, at the data processing system, from the consumer in response to the request. The virtual machine image is deployed, using the data processing system, to one or more servers in the computing environment that are outside of the permissible geographical location in response to receipt of the exception grant. The virtual machine image is deployed, using the data processing system, to one or more servers in the computing environment that are within the permissible geographical location in response to receipt of the exception denial.Type: GrantFiled: January 6, 2011Date of Patent: September 3, 2013Assignee: International Business Machines CorporationInventors: Steven A. Bade, Harold Moss, III, Mary Ellen Zurko
-
Patent number: 8479268Abstract: A system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.Type: GrantFiled: December 15, 2009Date of Patent: July 2, 2013Assignee: International Business Machines CorporationInventors: Steven A Bade, Harold Moss, Mary Ellen Zurko
-
Patent number: 8474019Abstract: A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.Type: GrantFiled: March 6, 2012Date of Patent: June 25, 2013Assignee: International Business Machines CorporationInventors: Steven A Bade, Harold Moss, Mary Ellen Zurko
-
Publication number: 20130054780Abstract: Despite the best intentions of a cloud service provider, digital assets of may be moved to a geographic location that deviates from a geographic preference, policy, or setting of the owner of the digital assets. A monitoring tool can monitor network location of a digital asset hosted by a cloud service provider. Movement of the digital asset from a first network location to a second network location is detected. In response to detecting that the digital asset moves, a geographic location that corresponds to the second network location is determined. It is then determined that the geographic location deviates from a geographic setting configured for the digital asset. A notification that the digital asset has been moved to the geographic location that deviates from the geographic setting is generated.Type: ApplicationFiled: August 26, 2011Publication date: February 28, 2013Applicant: International Business Machines CorporationInventors: Steven A. Bade, Harold Moss, III, Mary Ellen Zurko
-
Publication number: 20120233664Abstract: A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.Type: ApplicationFiled: March 6, 2012Publication date: September 13, 2012Applicant: International Business Machines CorporationInventors: STEVEN A. BADE, Harold Moss, Mary Ellen Zurko
-
Publication number: 20120179817Abstract: A technique for addressing geographical location issues in a computing environment includes receiving, at a data processing system, location information indicating a permissible geographical location in which a virtual machine image for a consumer may be deployed. A request for an exception to deploy the virtual machine image outside of the permissible geographical location is issued, from the data processing system. An exception grant or an exception denial is received, at the data processing system, from the consumer in response to the request. The virtual machine image is deployed, using the data processing system, to one or more servers in the computing environment that are outside of the permissible geographical location in response to receipt of the exception grant. The virtual machine image is deployed, using the data processing system, to one or more servers in the computing environment that are within the permissible geographical location in response to receipt of the exception denial.Type: ApplicationFiled: January 6, 2011Publication date: July 12, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: STEVEN A. BADE, HAROLD MOSS, III, MARY ELLEN ZURKO
-
Publication number: 20110145891Abstract: A method, system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.Type: ApplicationFiled: December 15, 2009Publication date: June 16, 2011Applicant: International Business Machines CorporationInventors: Steven A. Bade, Harold Moss, Mary Ellen Zurko
-
Patent number: 7945467Abstract: A method, apparatus and computer-usable medium for a policy guidance system comprising one or more Cartesian coordinate plots of a policy's adherence and compliance guidelines. One or more segmented questionnaires are created, comprising a range of weighted responses, that are electronically distributed to one or more predetermined reviewers such as, but not limited to, policy makers or enforcers. Responses to the questionnaire are aggregated, statistically analyzed and scored to derive quantitative values that are then graphically plotted as one or more coordinates in a Cartesian format. The resulting graphical depiction of the policy's guidance parameters is then presented such that it facilitates a policy viewer's comprehension of the possible implications of noncompliance.Type: GrantFiled: August 14, 2006Date of Patent: May 17, 2011Assignee: International Business Machines CorporationInventor: Harold Moss
-
Patent number: 7620729Abstract: A method, apparatus and computer-usable medium for a virtual policy control router, comprising applicable control elements relating to one or more external or internal policies. Two or more policy control repositories are aggregated to create a virtual policy control router, accessible and navigable by users to provide relevant and applicable control elements for establishing policy compliance initiatives. One or more agents are implemented as a web service comprising a services oriented architecture (SOA) to access policy control elements in their native repositories. The web service agent communicates policy control information to the virtual policy control router, contingent upon each control repository's existing security model and access controls. As policy control information is received from each web service agent, it is relationally associated with predetermined users and/or initiatives by the virtual policy control router.Type: GrantFiled: September 6, 2006Date of Patent: November 17, 2009Assignee: International Business Machines CorporationInventor: Harold Moss