Patents by Inventor James F. Riordan
James F. Riordan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8271424Abstract: A method of preserving privacy and confidentiality in a system where information is associated with an existing web page having an address. The method includes receiving a store command from a first user system, the store command including at least a database key and information to be associated with the web page, wherein the database key was created by performing a cryptographic hash function on the address of the web page; storing the information at a location in a storage database; associating the location with the database key; receiving a retrieve command from a second user system, the retrieve command including the database key calculated by the second user system; retrieving stored information from one or more locations in the database associated with the database key; and transmitting the stored information to the second user system.Type: GrantFiled: May 15, 2008Date of Patent: September 18, 2012Assignee: International Business Machines CorporationInventors: Daniela Bourges-Waldegg, Christian Hoertnagl, James F. Riordan
-
Patent number: 8266140Abstract: A method of acquiring tags using web search includes receiving a search query in a search engine, processing the search query and returning a list of candidate resources corresponding to the search query, determining a candidate resource out of the list of candidate resources, extracting tags from the search query, and tagging the candidate resource with the extracted tags.Type: GrantFiled: March 13, 2009Date of Patent: September 11, 2012Assignee: International Business Machines CorporationInventors: Daniela Bourges-Waldegg, Christian Hörtnagl, James F. Riordan, Andreas Schade
-
Patent number: 8261346Abstract: Described is a technique for detecting attacks on a data communications network having a plurality of addresses for assignment to data processing systems in the network. The technique involves identifying data traffic on the network originating at any assigned address and addressed to any unassigned address. Any data traffic so identified is inspected for data indicative of an attack. On detection of data indicative of an attack, an alert signal is generated.Type: GrantFiled: May 29, 2008Date of Patent: September 4, 2012Assignee: International Business Machines CorporationInventor: James F. Riordan
-
Patent number: 8219679Abstract: A method and apparatus are provided for detecting peer-to-peer communication on a data communication network, between an internal client machine within an internal address space and an external client machine. The method includes routing all messages addressed to internal client machines to an analysis device. The analysis device identifies messages pertaining to peer-to-peer communication and identifies the internal client machine to which the messages of a specified nature were addressed. The analysis device terminates the connection with the external client machine if the establishing of the peer-to-peer communication is in violation of a pre-determined internal network rule.Type: GrantFiled: February 27, 2007Date of Patent: July 10, 2012Assignee: International Business Machines CorporationInventors: Dominique Alessandrl, Daniela Bourges-Waldegg, James F. Riordan, Diego M. Zambonl
-
Patent number: 8166306Abstract: A method is provided for adding intended meaning to digital signatures. A message, being base content, is received to be signed. Assertions, ontologies, and description of a reasoner are adjoined to the message. Ontologies are a formal specification of vocabulary and rules used to state the assertions. The reasoner validates the assertions against the corresponding ontologies. A compound message is formed including the message, the assertions, the ontologies, and the reasoner. The compound message is signed using a cryptographic digital signature, where the assertions indicate an intended meaning of the digital signature. During verification of semantic signatures, a digital signature is received for a compound message, where the compound message includes assertions, ontologies, and reasoner. The digital signature is verified, and the compound message structure is checked for semantic signature conformance.Type: GrantFiled: June 18, 2008Date of Patent: April 24, 2012Assignee: International Business Machines CorporationInventors: Christian Hoertnagl, James F. Riordan, Daniela Bourges-Waldegg
-
Publication number: 20120096548Abstract: A method and apparatus are provided for detecting attacks on a data communication network. The apparatus includes a router with a mechanism for monitoring return messages addressed to an originating user system local to the router. The mechanism includes a message checker for identifying a return message of a specified nature and a rerouter for temporarily routing subsequent messages from the originating user system to the intrusion detection sensor.Type: ApplicationFiled: February 21, 2006Publication date: April 19, 2012Applicant: International Business Machines CorporationInventors: James F. Riordan, Yann Regis Duponchel, Ruediger Rissmann, Diego Zamboni
-
Patent number: 8055751Abstract: Methods and apparatus are provided for managing an IP network interconnecting a plurality of network hosts (2). Status information, indicative of status of a host, is automatically acquired from each host (2). The status information, such as MAC address, security and/or operational information, acquired from a host (2) is automatically recorded in at least one DNS record, associated with the IP address of that host (2), of a DNS server (4). The host status information in the DNS records can then be accessed for network management operations. The automatic acquisition and recording of the status information may be performed by a DHCP server (3) of the network on allocation of dynamic IP addresses to hosts (2).Type: GrantFiled: November 20, 2008Date of Patent: November 8, 2011Assignee: International Business Machines CorporationInventors: James F. Riordan, Ruediger Rissmann, Diego M. Zamboni
-
Patent number: 7908350Abstract: The invention relates to a method for operating virtual networks.Type: GrantFiled: December 12, 2006Date of Patent: March 15, 2011Assignee: International Business Machines CorporationInventors: Yann Duponchel, James F. Riordan, Ruediger Rissmann, Diego M. Zamboni
-
Publication number: 20100235342Abstract: A method of acquiring tags using web search includes receiving a search query in a search engine, processing the search query and returning a list of candidate resources corresponding to the search query, determining a candidate resource out of the list of candidate resources, extracting tags from the search query, and tagging the candidate resource with the extracted tags.Type: ApplicationFiled: March 13, 2009Publication date: September 16, 2010Inventors: Daniela Bourges-Waldegg, Christian Hortnagl, James F. Riordan, Andreas Schade
-
Publication number: 20090319794Abstract: A method is provided for adding intended meaning to digital signatures. A message, being base content, is received to be signed. Assertions, ontologies, and description of a reasoner are adjoined to the message. Ontologies are a formal specification of vocabulary and rules used to state the assertions. The reasoner validates the assertions against the corresponding ontologies. A compound message is formed including the message, the assertions, the ontologies, and the reasoner. The compound message is signed using a cryptographic digital signature, where the assertions indicate an intended meaning of the digital signature. During verification of semantic signatures, a digital signature is received for a compound message, where the compound message includes assertions, ontologies, and reasoner. The digital signature is verified, and the compound message structure is checked for semantic signature conformance.Type: ApplicationFiled: June 18, 2008Publication date: December 24, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Christian Hoertnagl, James F. Riordan, Daniela Bourges-Waldegg
-
Publication number: 20090319530Abstract: A method is provided for referencing content by generating a bound uniform resource locator. Content is selected, a fragment identifier is calculated for the content, and the content is normalized. A content digest of the normalized content is calculated. A content binding document is assembled in which the content binding document comprises: an original URL to the content, the fragment identifier, the name of a method for normalizing the content, the name of a method for calculating the content digest, and the content digest. A content binding document digest is calculated. A bound universal resource locator is generated that contains the content binding document digest and the name of the method that was used to calculate the content binding document digest. The content binding document is stored using its digest as a file name or database key, and the content binding document can be retrieved using the bound universal resource locator.Type: ApplicationFiled: June 18, 2008Publication date: December 24, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Christian Hoertnagl, James F. Riordan, Daniela Bourges-Waldegg
-
Publication number: 20090313136Abstract: An apparatus and method are disclosed for enabling controlled access to resources at a resource provider server. The invention may encrypt or decrypt a portion of a uniform resource identifier (URI), according to a stateless method for hiding resources and/or providing access control support. Upon receipt of a URI having an encrypted portion, the invention decrypts the encrypted portion using a predetermined key to obtain a decrypted segment, extracts additional information from the decrypted segment and forms a decrypted URI, before the decrypted URI is forwarded to a resource producer server. The invention may also encrypt a URI from a resource provider server before it is sent to a client in response to a client request.Type: ApplicationFiled: August 20, 2009Publication date: December 17, 2009Inventors: Christopher J. Giblin, Tadeusz J. Pietraszek, James F. Riordan, Chris P. Vanden Berghe
-
Publication number: 20090287706Abstract: A method of preserving privacy and confidentiality in a system where information is associated with an existing web page having an address. The method includes receiving a store command from a first user system, the store command including at least a database key and information to be associated with the web page, wherein the database key was created by performing a cryptographic hash function on the address of the web page; storing the information at a location in a storage database; associating the location with the database key; receiving a retrieve command from a second user system, the retrieve command including the database key calculated by the second user system; retrieving stored information from one or more locations in the database associated with the database key; and transmitting the stored information to the second user system.Type: ApplicationFiled: May 15, 2008Publication date: November 19, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Daniela Bourges-Waldegg, Christian Hoertnagl, James F. Riordan
-
Patent number: 7568228Abstract: Described is apparatus for testing an intrusion detection system in a data processing system. The apparatus comprises an attack generator for generating attack traffic on a communications path in the data processing system. A collector receives responses generated by the intrusion detection system on receipt of the attack traffic. A controller coupled to the attack generator and the collector varies the attack traffic generated by the attack generator in dependence on the response received from the intrusion detection system by the collector.Type: GrantFiled: May 17, 2002Date of Patent: July 28, 2009Assignee: International Business Machines CorporationInventors: Alessandri Dominique, James F. Riordan, Andreas Wespi
-
Patent number: 7562214Abstract: Detection of an attack on a data processing system. An example method comprising, in the data processing system: providing an initial secret; binding the initial secret to data indicative of an initial state of the system via a cryptographic function; recording state changing administrative actions performed on the system in a log; prior to performing each state changing administrative action, generating a new secret by performing the cryptographic function on a combination of data indicative of the administrative action and the previous secret, and erasing the previous secret; evolving the initial secret based on the log to produce an evolved secret; comparing the evolved secret with the new secret; determining that the system is uncorrupted if the comparison indicates a match between the evolved secret and the new secret; and, determining that the system in corrupted if the comparison indicate a mismatch between the evolved secret and the new secret.Type: GrantFiled: March 26, 2004Date of Patent: July 14, 2009Assignee: International Business Machines CorporationInventor: James F. Riordan
-
Publication number: 20090144419Abstract: Methods and apparatus are provided for managing an IP network interconnecting a plurality of network hosts (2). Status information, indicative of status of a host, is automatically acquired from each host (2). The status information, such as MAC address, security and/or operational information, acquired from a host (2) is automatically recorded in at least one DNS record, associated with the IP address of that host (2), of a DNS server (4). The host status information in the DNS records can then be accessed for network management operations. The automatic acquisition and recording of the status information may be performed by a DHCP server (3) of the network on allocation of dynamic IP addresses to hosts (2).Type: ApplicationFiled: November 20, 2008Publication date: June 4, 2009Applicant: International Business Machines CorporationInventors: James F. Riordan, Ruediger Rissmann, Diego M. Zamboni
-
Patent number: 7516490Abstract: The invention provides a form of reacting on security or vulnerability information relevant for a system comprising computer software and/or hardware or electronics, wherein a service provider with a first subsystem (1) is providing activation tokens to be received by a customer with a second subsystem (2). The activation tokens including activation information and naming of system characteristics in machine readable and filterable manner. The second subsystem (2) comprises receiving means (11) for controlling the receiving of the activation tokens, checking means (12) for automatically determining whether the activation information is relevant for the second subsystem (2) by checking whether the second subsystem has characteristics corresponding to the naming of an activation token, and transforming means (13) for transforming relevant activation information into at least one activation measure for the second subsystem (2). The activation measures will reduce the vulnerability of the second subsystem.Type: GrantFiled: March 29, 2001Date of Patent: April 7, 2009Assignee: International Business Machines CorporationInventors: James F. Riordan, Dominique Alessandri
-
Publication number: 20090070870Abstract: Described is a technique for detecting attacks on a data communications network having a plurality of addresses for assignment to data processing systems in the network. The technique involves identifying data traffic on the network originating at any assigned address and addressed to any unassigned address. Any data traffic so identified is inspected for data indicative of an attack. On detection of data indicative of an attack, an alert signal is generated.Type: ApplicationFiled: May 29, 2008Publication date: March 12, 2009Inventor: James F. Riordan
-
Publication number: 20090037583Abstract: A method and apparatus are provided for detecting peer-to-peer communication on a data communication network, between an internal client machine within an internal address space and an external client machine. The method includes routing all messages addressed to internal client machines to an analysis device. The analysis device identifies messages pertaining to peer-to-peer communication and identifies the internal client machine to which the messages of a specified nature were addressed. The analysis device terminates the connection with the external client machine if the establishing of the peer-to-peer communication is in violation of a pre-determined internal network rule.Type: ApplicationFiled: February 27, 2007Publication date: February 5, 2009Inventors: Dominique Alessandri, Daniela Bourges-Waldegg, James F. Riordan, Diego M. Zamboni
-
Patent number: D587481Type: GrantFiled: July 12, 2007Date of Patent: March 3, 2009Inventors: Jose G. Martinez, James F. Riordan