Patents by Inventor John Michael Garrison

John Michael Garrison has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8229903
    Abstract: A system and method for utilizing data mining to generate a policy document or to revise theory within a policy document. A data base of unknown events is mined for application to the development of a system management policy document. The results of the data mining of the database of unknown events are automatically incorporated into a policy document, subject to user approval, to produce a new policy document or an updated version of an existing policy document.
    Type: Grant
    Filed: December 19, 2002
    Date of Patent: July 24, 2012
    Assignee: International Business Machines Corporation
    Inventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
  • Patent number: 7958460
    Abstract: A method simplified drag and drop operations of display icons. This method calculates a projected path for an icon based on the past movement of the icon. The method highlights the “best fit” target icon as the mouse pointer moves across the screen. As the mouse pointer moves, or changes direction, the “best fit” target icon can change, with the current best-fit icon being highlighted. In addition to highlighting the target icon, a line or arrow from the mouse pointer to the target icon is maintained. The line presents the predicted path in a very noticeable, visual way. As the best-fit target icon changes, the line is re-drawn to point to the current best-fit icon. Regardless of how the target icon is visually indicated, releasing the mouse button will cause the drop operation to be completed “into” target. Completion of the drop could be instantaneous, or could be rendered with animation of some sort to indicate moving from the source to the target.
    Type: Grant
    Filed: October 30, 2007
    Date of Patent: June 7, 2011
    Assignee: International Business Machines Corporation
    Inventors: John Michael Garrison, Michael S. McKay
  • Patent number: 7941854
    Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.
    Type: Grant
    Filed: December 5, 2002
    Date of Patent: May 10, 2011
    Assignee: International Business Machines Corporation
    Inventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
  • Patent number: 7702914
    Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.
    Type: Grant
    Filed: April 16, 2008
    Date of Patent: April 20, 2010
    Assignee: International Business Machines Corporation
    Inventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
  • Patent number: 7694339
    Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis. The morphing honeypot can also be integrated with intrusion detection systems and other types of computer security incident recognition systems to correlate its personality with detected nefarious activities.
    Type: Grant
    Filed: June 28, 2008
    Date of Patent: April 6, 2010
    Assignee: International Business Machines Corporation
    Inventors: Kenneth W. Blake, Vikki Kim Converse, Ronald O'Neal Edmark, John Michael Garrison
  • Patent number: 7694336
    Abstract: An apparatus and method for authenticating users on a data processing system is implemented. The present invention provides for aggregating authenticated identities and related authorization information. A security context created in response to a first user logon is saved in response to a second logon. A composite or aggregate security context is created based on the identity passed in the second logon. Access may then be granted (or denied) based on the current, aggregated security context. Upon logout of the user based on the second identity, the aggregate security context is destroyed, and the security context reverts to the context previously saved.
    Type: Grant
    Filed: December 4, 2007
    Date of Patent: April 6, 2010
    Assignee: International Business Machines Corporation
    Inventors: Debora Rinkevich, John Michael Garrison
  • Publication number: 20090328213
    Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis.
    Type: Application
    Filed: April 23, 2008
    Publication date: December 31, 2009
    Inventors: Kenneth W. Blake, Vikki Kim Converse, Ronald O'Neal Edmark, John Michael Garrison
  • Patent number: 7571480
    Abstract: A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations”—are presented to a user or administrator.
    Type: Grant
    Filed: May 3, 2007
    Date of Patent: August 4, 2009
    Assignee: International Business Machines Corporation
    Inventors: Steven Black, Herve Debar, John Michael Garrison
  • Patent number: 7552472
    Abstract: A system and method for developing network policy document and assuring up-to-date monitoring and automated refinement and classification of the network policy. The system administrator defines an initial policy document that is provided as the initial symbolic classifier. The classification rules remain in human readable form throughout the process. Network system data is fed through the classifier, which labels the data according to whether a policy constraint is violated. The labels are tagged to the data. The user then reviews the labels to determine whether the classification is satisfactory. If the classification of the data is satisfactory, the label is unaltered; However, if the classification is not satisfactory, the data is re-labeled. The re-labeled data is then introduced into a refinement algorithm, which determines what policy must be modified to correct classification of network events in accordance with the re-labeling.
    Type: Grant
    Filed: December 19, 2002
    Date of Patent: June 23, 2009
    Assignee: International Business Machines Corporation
    Inventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
  • Patent number: 7549166
    Abstract: A method and system for handling a malicious intrusion to a machine in a networked group of computers. The malicious intrusion is an unauthorized access to the machine, such as a server in a server farm. When the intrusion is detected, the machine is isolated from the rest of the server farm, and the machine is reprovisioned as a decoy system having access to only data that is ersatz or at least non-sensitive. If the intrusion is determined to be non-malicious, then the machine is functionally reconnected to the server farm, and the machine is reprovisioned to a state held before the reprovisioning of the machine as a decoy machine.
    Type: Grant
    Filed: December 5, 2002
    Date of Patent: June 16, 2009
    Assignee: International Business Machines Corporation
    Inventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading, Ronald S. Woan, John D. Wolpert, Shawn L. Young
  • Publication number: 20090113330
    Abstract: A method simplified drag and drop operations of display icons. This method calculates a projected path for an icon based on the past movement of the icon. The method highlights the “best fit” target icon as the mouse pointer moves across the screen. As the mouse pointer moves, or changes direction, the “best fit” target icon can change, with the current best-fit icon being highlighted. In addition to highlighting the target icon, a line or arrow from the mouse pointer to the target icon is maintained. The line presents the predicted path in a very noticeable, visual way. As the best-fit target icon changes, the line is re-drawn to point to the current best-fit icon. Regardless of how the target icon is visually indicated, releasing the mouse button will cause the drop operation to be completed “into” target. Completion of the drop could be instantaneous, or could be rendered with animation of some sort to indicate moving from the source to the target.
    Type: Application
    Filed: October 30, 2007
    Publication date: April 30, 2009
    Inventors: John Michael Garrison, Michael S. McKay
  • Publication number: 20090109961
    Abstract: Illustrative embodiments provide a computer implemented method, apparatus, and computer program product for more effectively managing multiple call situations using voice over internet protocol. In one illustrative embodiment, the computer implemented method comprising, responsive to receiving a request to monitor a call from among multiple simultaneous calls using voice over internet protocol, creating a set of trigger criteria for the call and monitoring the call for the set of trigger criteria. Responsive to one of the set of trigger criteria having been met, identifying a triggered criteria and selectively invoking a rule with respect to the triggered criteria to produce a result, and notifying a requester of the result.
    Type: Application
    Filed: October 31, 2007
    Publication date: April 30, 2009
    Inventors: John Michael Garrison, Michael S. McKay
  • Publication number: 20090100335
    Abstract: A computer implemented method, apparatus, and computer usable program product for implementing wildcard patterns for a spellchecking operation. The process parses a set of words of a document using a dictionary of wildcard patterns to identify a set of wildcard strings in response to receiving a request to perform a spellchecking operation on the document. Thereafter, the process generates a visual cue identifying a subset of words as potentially misspelled, wherein the subset of words comprises words from the set of words that are absent from the set of wildcard strings.
    Type: Application
    Filed: October 10, 2007
    Publication date: April 16, 2009
    Inventors: John Michael Garrison, Michael S. McKay
  • Publication number: 20090089680
    Abstract: A computer implemented method, data processing system, and a computer program product are provided for resolving uniform resource locator addresses. A first uniform resource locator address is input from a user. The first uniform resource locator address is identified within a database list of uniform resource locator addresses. Each of the list of uniform resource locator addresses corresponds to a second uniform resource locator address contained in the database. Responsive to identifying the first uniform resource locator address with the list of uniform resource locator addresses, information for the corresponding second uniform resource locator address is displayed.
    Type: Application
    Filed: September 27, 2007
    Publication date: April 2, 2009
    Inventors: John Michael Garrison, Michael S. McKay
  • Publication number: 20080307367
    Abstract: A computer implemented method, apparatus, and computer program product for transferring a file item. The process selects a file item in response to receiving a first input command. The process selects a file item in response to receiving a first input command. The process then identifies a file path name from a hierarchical file path to form a selected file path name. The file path name is identified by detecting a pointer passing over the file path name. In response to receiving a second input command, the process transfers the file item to a storage location associated with the selected file path name.
    Type: Application
    Filed: June 7, 2007
    Publication date: December 11, 2008
    Inventors: John Michael Garrison, Michael S. McKay
  • Publication number: 20080271151
    Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis. The morphing honeypot can also be integrated with intrusion detection systems and other types of computer security incident recognition systems to correlate its personality with detected nefarious activities.
    Type: Application
    Filed: June 28, 2008
    Publication date: October 30, 2008
    Inventors: Kenneth W. Blake, Vikki Kim Converse, Ronald O' Neal Edmark, John Michael Garrison
  • Publication number: 20080216164
    Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.
    Type: Application
    Filed: April 16, 2008
    Publication date: September 4, 2008
    Inventors: PAUL T. BAFFES, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
  • Patent number: 7412723
    Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis. The morphing honeypot can also be integrated with intrusion detection systems and other types of computer security incident recognition systems to correlate its personality with detected nefarious activities.
    Type: Grant
    Filed: December 31, 2002
    Date of Patent: August 12, 2008
    Assignee: International Business Machines Corporation
    Inventors: Kenneth W. Blake, Vikki Kim Converse, Ronald O'Neal Edmark, John Michael Garrison
  • Patent number: 7389430
    Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.
    Type: Grant
    Filed: December 5, 2002
    Date of Patent: June 17, 2008
    Assignee: International Business Machines Corporation
    Inventors: Paul T. Baffes, John Michael Garrison, Michael Gilfix, Allan Hsu, Tyron Jerrod Stading
  • Patent number: 7383578
    Abstract: A method, system, apparatus, or computer program product is presented for morphing a honeypot system on a dynamic and configurable basis. The morphing honeypot emulates a variety of services while falsely presenting information about potential vulnerabilities within the system that supports the honeypot. The morphing honeypot has the ability to dynamically change its personality or displayed characteristics using a variety of algorithms and a database of known operating system and service vulnerabilities. The morphing honeypot's personality can be changed on a timed or scheduled basis, on the basis of activity that is generated by the presented honeypot personality, or on some other basis.
    Type: Grant
    Filed: December 31, 2002
    Date of Patent: June 3, 2008
    Assignee: International Business Machines Corporation
    Inventors: Kenneth W. Blake, Vikki Kim Converse, Ronald O'Neal Edmark, John Michael Garrison