Patents by Inventor Jeff Kalibjian
Jeff Kalibjian has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11366893Abstract: Systems, methods, and non-transitory computer-readable media can receive a notification of a user request to securely process a first set of data. A time estimate is calculated, wherein the time estimate is indicative of an expected amount of time for a secure data processing application to process the first set of data. An actual utilization time required for a first instance of the secure data processing application to process the first set of data is measured. A determination is made as to whether the secure data processing application may be compromised based on a comparison of the time estimate and the actual utilization time. In various embodiments, a re-cryptor process is used to change the cryptographic keys accessed by the secure data processing application. In various embodiments, a re-credentialer is used to change the database access credentials the secure data processing application used to access the encrypted data.Type: GrantFiled: October 27, 2020Date of Patent: June 21, 2022Assignee: Ent. Services Development Corporation LPInventors: Jeff Kalibjian, Scott Lopez, Peter Eugene Schmidt, II, Mari Mortell Kwee
-
Patent number: 11017687Abstract: Textual indicators are extracted from an electronic document. A rule for monitoring information technology user behavior is generated from the extracted textual indicators.Type: GrantFiled: January 31, 2017Date of Patent: May 25, 2021Assignee: ENT. SERVICES DEVELOPMENT CORPORATION LPInventor: Jeff Kalibjian
-
Patent number: 10872144Abstract: Systems, methods, and non-transitory computer-readable media can receive a notification of a user request to securely process a first set of data. A time estimate is calculated, wherein the time estimate is indicative of an expected amount of time for a secure data processing application to process the first set of data. An actual utilization time required for a first instance of the secure data processing application to process the first set of data is measured. A determination is made as to whether the secure data processing application may be compromised based on a comparison of the time estimate and the actual utilization time. In various embodiments, a re-cryptor process is used to change the cryptographic keys accessed by the secure data processing application. In various embodiments, a re-credentialer is used to change the database access credentials the secure data processing application used to access the encrypted data.Type: GrantFiled: December 7, 2017Date of Patent: December 22, 2020Assignee: Ent. Services Development Corporation LPInventors: Jeff Kalibjian, Scott Lopez, Peter Eugene Schmidt, II, Mari Mortell Kwee
-
Patent number: 10503909Abstract: In remediating a computer vulnerability, operations to be performed to correct the vulnerability are identified. Remediation processors are scheduled to perform the operations. Whether the vulnerability has been corrected is determined by: determining whether the operations have been performed successfully; and determining whether the operations have been performed by authorized remediation processors.Type: GrantFiled: October 31, 2014Date of Patent: December 10, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Peter Schmidt, Jeff Kalibjian
-
Patent number: 10339499Abstract: To propagate compliance and governance (C&G) policies, a parser including natural language processing is used to deconstruct a set of organization C&G policies from a set of C&G documents to identify and record a parsed set of categorized C&G policies. A configuration parameter analyzer deconstructs and parses a plurality of C&G configuration parameters of an application program to identify and record a set of application C&G configuration parameters each comprising a purpose and a unit of measure. A reconciliation arranger receives the set of categorized C&G policies and the set of application C&G configuration parameters and maps the categorized C&G policies for the correct purpose and the unit of measure to the respective application C&G configuration parameters. The reconciliation arranger propagates and secures the application program with the respective set of mapped application C&G configuration parameters from mapped C&G policies.Type: GrantFiled: April 29, 2015Date of Patent: July 2, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Robert Rathbun, Jeff Kalibjian, George Romas
-
Patent number: 10275604Abstract: An input monitoring agent detects storage of a security record by a security scanning application, encrypts a copy of the security record, and deletes the security record. A secure transfer queue decrypts the encrypted security record, translates the security record for use by a security monitoring application, and encrypts the translated security record. An output monitoring agent predicts when a security monitoring application will attempt to import a new security file, decrypts and stores the encrypted translated security record as the new security file, and deletes the new security file when the security monitoring application has completed importation.Type: GrantFiled: October 31, 2014Date of Patent: April 30, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Scott Lopez, Jeff Kalibjian
-
Patent number: 10277565Abstract: Logging of enterprise service bus (ESB) activity includes receiving, from the ESB, information specific to an inter-application message. Control data, provided by an application communicating via the ESB that specifies how the information is to be encrypted for logging and what portions of the information is to be logged is extracted from the information. The information is encrypted in accordance with the control data, and the encrypted information is recorded.Type: GrantFiled: December 31, 2014Date of Patent: April 30, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Scott Lopez, Jeff Kalibjian
-
Patent number: 10244077Abstract: In one example, an Enterprise Service Bus (ESB) Sequencer may receive a request token that includes a plurality of ESB requests. The request token may be parsed into a plurality of service frames. Verification confirms a) each of the plurality of ESB requests are valid and corresponding services available and b) sufficient computing resources are available to complete each of the plurality of ESB requests. For each of the service frames an ESB may be called using a requested input source and format provided in the request token for the service frame. The respective output source from the ESB is received and stored. The respective output source may be used as an input source for one or more other service frames. One or more service frame output sources as requested by the request token may be sent to a calling application.Type: GrantFiled: January 28, 2015Date of Patent: March 26, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Scott Lopez, Jeff Kalibjian
-
Publication number: 20180218628Abstract: Textual indicators are extracted from an electronic document. A rule for monitoring information technology user behavior is generated from the extracted textual indicators.Type: ApplicationFiled: January 31, 2017Publication date: August 2, 2018Applicant: ENT. SERVICES DEVELOPMENT CORPORATION LPInventor: JEFF KALIBJIAN
-
Publication number: 20170293887Abstract: To propagate compliance and governance (C&G) policies, a parser including natural language processing is used to deconstruct a set of organization C&G policies from a set of C&G documents to identify and record a parsed set of categorized C&G policies. A configuration parameter analyzer deconstructs and parses a plurality of C&G configuration parameters of an application program to identify and record a set of application C&G configuration parameters each comprising a purpose and a unit of measure. A reconciliation arranger receives the set of categorized C&G policies and the set of application C&G configuration parameters and maps the categorized C&G policies for the correct purpose and the unit of measure to the respective application C&G configuration parameters. The reconciliation arranger propagates and secures the application program with the respective set of mapped application C&G configuration parameters from mapped C&G policies.Type: ApplicationFiled: April 29, 2015Publication date: October 12, 2017Inventors: Robert RATHBUN, Jeff KALIBJIAN, George ROMAS
-
Publication number: 20170251075Abstract: In one example, an Enterprise Service Bus (ESB) Sequencer may receive a request token that includes a plurality of ESB requests. The request token may be parsed into a plurality of service frames. Verification confirms a) each of the plurality of ESB requests are valid and corresponding services available and b) sufficient computing resources are available to complete each of the plurality of ESB requests. For each of the plurality of service frames an ESB may be called using a requested input source and format provided in the request token for the service frame. The respective output source from the ESB is received and stored. The respective output source may be used as an input source for one or more other service frames. One or more service frame output sources as requested by the request token may be sent to a calling application.Type: ApplicationFiled: January 28, 2015Publication date: August 31, 2017Inventors: Scott LOPEZ, Jeff KALIBJIAN
-
Publication number: 20170230347Abstract: Logging of enterprise service bus (ESB) activity includes receiving, from the ESB, information specific to an inter-application message. Control data, provided by an application communicating via the ESB that specifies how the information is to be encrypted for logging and what portions of the information is to be logged is extracted from the information. The information is encrypted in accordance with the control data, and the encrypted information is recorded.Type: ApplicationFiled: December 31, 2014Publication date: August 10, 2017Inventors: Scott Lopez, Jeff Kalibjian
-
Publication number: 20170220812Abstract: An input monitoring agent detects storage of a security record by a security scanning application, encrypts a copy of the security record, and deletes the security record. A secure transfer queue decrypts the encrypted security record, translates the security record for use by a security monitoring application, and encrypts the translated security record. An output monitoring agent predicts when a security monitoring application will attempt to import a new security file, decrypts and stores the encrypted translated security record as the new security file, and deletes the new security file when the security monitoring application has completed importation.Type: ApplicationFiled: October 31, 2014Publication date: August 3, 2017Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Scott Lopez, Jeff Kalibjian
-
Publication number: 20170220808Abstract: In remediating a computer vulnerability, operations to be performed to correct the vulnerability are identified. Remediation processors are scheduled to perform the operations. Whether the vulnerability has been corrected is determined by: determining whether the operations have been performed successfully; and determining whether the operations have been performed by authorized remediation processors.Type: ApplicationFiled: October 31, 2014Publication date: August 3, 2017Inventors: Peter Schmidt, Jeff Kalibjian
-
Patent number: 8826024Abstract: In one embodiment, a method of implementing trusted compliance operations inside secure computing boundaries comprises receiving, in a secure computing environment, a data envelope from an application operating outside the secure computing environment, the data envelope comprising data and a compliance operation command, verifying, in the secure computing environment, a signature associated with the data envelope, authenticating, in the secure computing environment, the data envelope, notarizing, in the secure computing environment, the application of the command to the data in the envelope, executing the compliance operation in the secure environment; and confirming a result of the compliance operation to a client via trusted communication tunnel.Type: GrantFiled: October 23, 2006Date of Patent: September 2, 2014Assignee: Hewlett-Packard Development Company, L.P.Inventors: Jeff Kalibjian, Vladimir Libershteyn, Steven W. Wierenga, John W. Clark, Susan Langford
-
Patent number: 8713667Abstract: Systems, methods, and apparatus are provided for policy protected cryptographic Application Programming Interfaces (APIs) that are deployed in secure memory. One embodiment is a method of software execution. The method includes executing an application in a first secure memory partition; formatting a request to comply with a pre-defined secure communication protocol; transmitting the request from the application to a cryptographic application programming interface (API) of the application, the API being in a second secure memory partition that is separate and secure from the first secure memory partition; and verifying, in the second secure memory partition, that the request complies with a security policy before executing the request.Type: GrantFiled: July 8, 2005Date of Patent: April 29, 2014Assignee: Hewlett-Packard Development Company, L.P.Inventors: Jeff Kalibjian, Ralph Bestock, Larry Hines, W. Dale Hopkins, Vladimir Libershteyn, Steven W. Wierenga, Susan Langford
-
Patent number: 7996680Abstract: In one embodiment a secure computer system comprises a processor and a memory module including logic instructions stored on a computer readable medium which. When executed by the processor, the logic instructions configure the processor to receive, in a secure computing environment, a portion of a data log from an application operating outside the secure computing environment, and when the portion of the data log exceeds a size threshold, to assign a timestamp to the portion of the data log, assign an identifier to the portion of the data log, create a digital signature load block comprising the portion of the data log, the timestamp, and the identifier, and store the digital signature load block in a memory module.Type: GrantFiled: September 27, 2006Date of Patent: August 9, 2011Assignee: Hewlett-Packard Development Company, L.P.Inventors: Jeff Kalibjian, Susan Langford, Vladimir Libershteyn, Larry Hines, Steve Wierenga
-
Publication number: 20080126429Abstract: In one embodiment a secure computer system comprises a processor and a memory module including logic instructions stored on a computer readable medium which. When executed by the processor, the logic instructions configure the processor to receive, in a secure computing environment, a portion of a data log from an application operating outside the secure computing environment, and when the portion of the data log exceeds a size threshold, to assign a timestamp to the portion of the data log, assign an identifier to the portion of the data log, create a digital signature load block comprising the portion of the data log, the timestamp, and the identifier, and store the digital signature load block in a memory module.Type: ApplicationFiled: September 27, 2006Publication date: May 29, 2008Inventors: Jeff Kalibjian, Susan Langford, Vladimir Libershteyn, Larry Hines, Steve Wierenga
-
Publication number: 20080098230Abstract: In one embodiment, a method of implementing trusted compliance operations inside secure computing boundaries comprises receiving, in a secure computing environment, a data envelope from an application operating outside the secure computing environment, the data envelope comprising data and a compliance operation command, verifying, in the secure computing environment, a signature associated with the data envelope, authenticating, in the secure computing environment, the data envelope, notarizing, in the secure computing environment, the application of the command to the data in the envelope, executing the compliance operation in the secure environment; and confirming a result of the compliance operation to a client via trusted communication tunnel.Type: ApplicationFiled: October 23, 2006Publication date: April 24, 2008Inventors: Jeff Kalibjian, Vladimir Libershteyn, Steven W. Wierenga, John W. Clark, Susan Langford
-
Publication number: 20070011736Abstract: Systems, methods, and apparatus are provided for policy protected cryptographic Application Programming Interfaces (APIs) that are deployed in secure memory. One embodiment is a method of software execution. The method includes executing an application in a first secure memory partition; formatting a request to comply with a pre-defined secure communication protocol; transmitting the request from the application to a cryptographic application programming interface (API) of the application, the API being in a second secure memory partition that is separate and secure from the first secure memory partition; and verifying, in the second secure memory partition, that the request complies with a security policy before executing the request.Type: ApplicationFiled: July 8, 2005Publication date: January 11, 2007Inventors: Jeff Kalibjian, Ralph Bestock, Larry Hines, W. Hopkins, Vladimir Libershteyn, Steven Wierenga, Susan Langford