Patents by Inventor Hyen Vui Chung
Hyen Vui Chung has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10511484Abstract: In large distributed computing environments, application execution may be distributed between a plurality of groups, the plurality of groups containing a set of host computer systems responsible for the execution of one or more operations of the application. Group membership may be determined by generating configuration information based at least in part on the plurality of groups. The configuration information may be provided to a plurality of host computer systems and each host computer system of the plurality of host computer systems may determine membership to a particular group of the plurality of groups based at least in part on the configuration information.Type: GrantFiled: March 24, 2017Date of Patent: December 17, 2019Assignee: Amazon Technologies, Inc.Inventors: Wei Yu, Dmytro Ivashchenko, Qihui Li, Nengwu Zhu, Bhavesh Anil Doshi, Joshua Stephen Ullom, Nathan Manning, Michael Christopher Wenneman, Yubai Di, Hyen Vui Chung
-
Patent number: 10467191Abstract: Technologies are disclosed for providing a large scale data join service within a service provider network. A data set includes first and second sets of files that correspond to each other. Each file includes a first identifier (ID) and a second ID. The first set of files is partitioned based at least in part upon the first ID into a plurality of first subsets of files and the second set of files is partitioned based at least in part upon the first ID into a plurality of second subsets of files. Files within a first group of the plurality of first subsets and files within a second group of the plurality of second subsets are encoded into first and second bitsets, respectively, based at least in part upon the second IDs. An exclusive-or operation is performed on the first and second bitsets to find discrepancies between the data files.Type: GrantFiled: December 27, 2016Date of Patent: November 5, 2019Assignee: Amazon Technologies, Inc.Inventors: Wei Yu, Nengwu Zhu, Hyen Vui Chung, Qihui Lee
-
Patent number: 9530012Abstract: Markup language security messages are processed. A template corresponding to a markup language security message is identified. The markup language security message is parsed for variable values using the template. A transition sequence is generated that represents the entire markup language security message. Each transition in the transition sequence is associated with a portion of the markup language security message. A lightweight data model of the markup language security message is populated using the transition sequence. The lightweight data model includes nodes for the variable values and a set of selected constant values.Type: GrantFiled: November 13, 2014Date of Patent: December 27, 2016Assignee: International Business Machines CorporationInventors: Hyen Vui Chung, Satoshi Makino, Masayoshi Teraguchi, Kenichiro Ueno
-
Publication number: 20150095657Abstract: Markup language security messages are processed. A template corresponding to a markup language security message is identified. The markup language security message is parsed for variable values using the template. A transition sequence is generated that represents the entire markup language security message. Each transition in the transition sequence is associated with a portion of the markup language security message. A lightweight data model of the markup language security message is populated using the transition sequence. The lightweight data model includes nodes for the variable values and a set of selected constant values.Type: ApplicationFiled: November 13, 2014Publication date: April 2, 2015Inventors: Hyen Vui Chung, Satoshi Makino, Masayoshi Teraguchi, Kenichiro Ueno
-
Patent number: 8375211Abstract: An XML digital signature mechanism for providing message integrity. A sending party serializes a source XML document into a serialized byte array, calculates the source offset and length of the array of the signed part in the serialized byte array, and calculates a source hash value using the serialized array and the source offset and length. The serialized byte array is a non-canonicalized array. The array and source hash value used to sign a part or the whole of the serialized byte array is sent to a receiving party. The receiving party calculates the target offset and length of the signed part in the serialized byte array and calculates a target hash value of the signed part by using the array and the target offset and length. The receiving party compares the target hash value and the source hash value to verify the integrity of the target XML document.Type: GrantFiled: April 21, 2009Date of Patent: February 12, 2013Assignee: International Business Machines CorporationInventors: Hyen Vui Chung, Takahide Nogayama, Gregory Louis Truty, Kenichiro Ueno
-
Publication number: 20120210396Abstract: Markup language security messages are processed. A template corresponding to a markup language security message is identified. The markup language security message is parsed for variable values using the template. A transition sequence is generated that represents the entire markup language security message. Each transition in the transition sequence is associated with a portion of the markup language security message. A lightweight data model of the markup language security message is populated using the transition sequence. The lightweight data model includes nodes for the variable values and a set of selected constant values.Type: ApplicationFiled: April 25, 2012Publication date: August 16, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Hyen Vui Chung, Satoshi Makino, Masayoshi Teraguchi, Kenichiro Ueno
-
Patent number: 8060917Abstract: An authentication system and method for allowing an administrator to host a plurality of service principal names (SPNs) over a common network port of a backend server. The authentication system includes a client computer, a backend server, and a service principal name (SPN) apparatus. The client computer sends an authentication request to the backend server. The backend server performs an authentication procedure in response to a reception of the authentication request from the client computer. The SPN apparatus configures a plurality of service SPNs for the web service application over the common network port.Type: GrantFiled: April 16, 2008Date of Patent: November 15, 2011Assignee: International Business Machines CorporationInventors: Hyen-Vui Chung, Derek W. Ho, David L. Leigh, Michael J. McMahon, Rengan Sundararaman
-
Patent number: 7934252Abstract: A message gateway apparatus is provided for use in a web service system to process a message containing a request for a destination web service application, in which the message includes a plurality of events within a structured document conforming to a web service protocol and each event of the plurality of events has a name and a content thereof.Type: GrantFiled: June 29, 2007Date of Patent: April 26, 2011Assignee: International Business Machines CorporationInventors: Hyen-Vui Chung, Takahide Nogayama, Toshiro Takase, Kenichiro Ueno
-
Patent number: 7925881Abstract: A method and apparatus for preventing rogue implementations of a security-sensitive class interface are provided. With the method and apparatus, a unique identifier (UID) is created by a server process when the server process is started. Anytime the server process, i.e. a server runtime environment, instantiates a new credential object following start-up of the server process, the encrypted UID is placed into a private field within the new credential object. In addition, the UID is encrypted and stored in a private class of the server runtime environment. A verification class is provided within the server runtime environment which includes one or more methods that receive the credential object as a parameter and return true or false as to the validity of the credential object.Type: GrantFiled: October 4, 2007Date of Patent: April 12, 2011Assignee: International Business Machines CorporationInventors: Peter Daniel Birk, Ching-Yun Chao, Hyen Vui Chung
-
Publication number: 20100268952Abstract: An XML digital signature mechanism for providing message integrity. A sending party serializes a source XML document into a serialized byte array, calculates the source offset and length of the array of the signed part in the serialized byte array, and calculates a source hash value using the serialized array and the source offset and length. The serialized byte array is a non-canonicalized array. The array and source hash value used to sign a part or the whole of the serialized byte array is sent to a receiving party. The receiving party calculates the target offset and length of the signed part in the serialized byte array and calculates a target hash value of the signed part by using the array and the target offset and length. The receiving party compares the target hash value and the source hash value to verify the integrity of the target XML document.Type: ApplicationFiled: April 21, 2009Publication date: October 21, 2010Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Hyen Vui Chung, Takahide Nogayama, Gregory Louis Truty, Kenichiro Ueno
-
Patent number: 7810132Abstract: Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.Type: GrantFiled: May 20, 2008Date of Patent: October 5, 2010Assignee: International Business Machines CorporationInventors: Peter Daniel Birk, Ching-Yun Chao, Hyen Vui Chung, Carlton Keith Mason, Ajaykumar Karkala Reddy, Vishwanath Venkataramappa
-
Patent number: 7765585Abstract: Run-as credentials delegation using identity assertion is presented. A server receives a request from a client that includes the client's user identifier and password. The server authenticates the client and stores the client's user identifier without the corresponding password in a client credential storage area. The server determines if a run-as command is specified to communicate with a downstream server. If a run-as command is specified, the server retrieves a corresponding run-as identity which identifies whether a client credential type, a server credential type, or a specific identifier credential type should be used in the run-as command. The server retrieves an identified credential corresponding to the identified credential type, and sends the identified credential in an identity assertion token to a downstream server.Type: GrantFiled: April 17, 2008Date of Patent: July 27, 2010Assignee: International Business Machines CorporationInventors: Ching-Yun Chao, Hyen Vui Chung, Ajay Reddy, Vishwanath Venkataramappa
-
Patent number: 7752452Abstract: A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code. This invention stores the user credentials in a distributed cache and provides a system and method to compute the unique key based on the dynamic security credentials for cache lookup.Type: GrantFiled: February 2, 2009Date of Patent: July 6, 2010Assignee: International Business Machines CorporationInventors: Peter Daniel Birk, Ching-Yun Chao, Hyen Vui Chung
-
Patent number: 7734918Abstract: A method and apparatus for preventing rogue implementations of a security-sensitive class interface are provided. With the method and apparatus, a unique identifier (UID) is created by a server process when the server process is started. Anytime the server process, i.e. a server runtime environment, instantiates a new credential object following start-up of the server process, the encrypted UID is placed into a private field within the new credential object. In addition, the UID is encrypted and stored in a private class of the server runtime environment. A verification class is provided within the server runtime environment which includes one or more methods that receive the credential object as a parameter and return true or false as to the validity of the credential object.Type: GrantFiled: January 17, 2008Date of Patent: June 8, 2010Assignee: International Business Machines CorporationInventors: Peter Daniel Birk, Ching-Yun Chao, Hyen Vui Chung
-
Patent number: 7634803Abstract: An extensible token framework is provided for identifying purpose and behavior of run time security objects. The framework includes a set of marker token interfaces, which extends from a default token interface. A service provider may implement one or more marker token interfaces for a Subject or a thread of execution. A service provider may also implement its own custom marker tokens to perform custom operations. The security infrastructure runtime recognizes behavior and purpose of run time security objects based on the marker or custom marker token interfaces the token implements and handles the security objects accordingly.Type: GrantFiled: June 30, 2004Date of Patent: December 15, 2009Assignee: International Business Machines CorporationInventors: Peter Daniel Birk, Ching-Yun Chao, Hyen Vui Chung
-
Publication number: 20090265771Abstract: An authentication system and method for allowing an administrator to host a plurality of service principal names (SPNs) over a common network port of a backend server. The authentication system includes a client computer, a backend server, and a service principal name (SPN) apparatus. The client computer sends an authentication request to the backend server. The backend server performs an authentication procedure in response to a reception of the authentication request from the client computer. The SPN apparatus configures a plurality of service SPNs for the web service application over the common network port.Type: ApplicationFiled: April 16, 2008Publication date: October 22, 2009Inventors: Hyen-Vui Chung, Derek W. Ho, David L. Leigh, Michael J. McMahon, Rengan Sundararaman
-
Publication number: 20090138951Abstract: A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code.Type: ApplicationFiled: February 2, 2009Publication date: May 28, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Peter Daniel Birk, Ching-Yun Chao, Hyen Vui Chung
-
Patent number: 7526798Abstract: Run-as credentials delegation using identity assertion is presented. A server receives a request from a client that includes the client's user identifier and password. The server authenticates the client and stores the client's user identifier without the corresponding password in a client credential storage area. The server determines if a run-as command is specified to communicate with a downstream server. If a run-as command is specified, the server retrieves a corresponding run-as identity which identifies whether a client credential type, a server credential type, or a specific identifier credential type should be used in the run-as command. The server retrieves an identified credential corresponding to the identified credential type, and sends the identified credential in an identity assertion token to a downstream server.Type: GrantFiled: October 31, 2002Date of Patent: April 28, 2009Assignee: International Business Machines CorporationInventors: Ching-Yun Chao, Hyen Vui Chung, Ajay Reddy, Vishwanath Venkataramappa
-
Patent number: 7526799Abstract: A method for tracking security attributes along invocation chain using secure propagation token. When a user is authenticated, a propagation token is created. The propagation token includes a caller list, a host list, and custom attributes. The propagation token may be propagated downstream along with other marker tokens. A service provider may associate custom attributes in the propagation token or create custom propagation token to be propagated. The propagation token tracks the original caller and subsequent callers when user switches occur and a list of hosts at which the propagation token lands on.Type: GrantFiled: June 30, 2004Date of Patent: April 28, 2009Assignee: International Business Machines CorporationInventors: Peter Daniel Birk, Keys Dylan Botzum, Ching Yun Chao, Hyen-Vui Chung
-
Patent number: 7487361Abstract: A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code.Type: GrantFiled: June 30, 2004Date of Patent: February 3, 2009Assignee: International Business Machines CorporationInventors: Peter Daniel Birk, Ching-Yun Chao, Hyen Vui Chung