Patents by Inventor Ki H. Park
Ki H. Park has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10666441Abstract: Exposure of sensitive information to users and other servers is controlled by using a first security token which contains a user identity and one or more user credentials associated with a first user; a second security token which contains an identity of a token issuer and an identity of a first owning process; and at least a first trusted server which accesses a downstream computing service on behalf of the first user by substituting or combining the first security token and the second security token, while preventing the second security token from being exposed to the first user. This establishes a first security sensitivity level for the first user and a second security sensitivity level for the first trusted server, wherein the first security sensitivity level is a lower access level than the second security sensitivity level for the downstream service.Type: GrantFiled: April 1, 2019Date of Patent: May 26, 2020Assignee: International Business Machines CorporationInventors: John Y-C. Chang, Ching-Yun Chao, Bertrand Be-Chung Chiu, Ki H. Park
-
Publication number: 20190229917Abstract: Exposure of sensitive information to users and other servers is controlled by using a first security token which contains a user identity and one or more user credentials associated with a first user; a second security token which contains an identity of a token issuer and an identity of a first owning process; and at least a first trusted server which accesses a downstream computing service on behalf of the first user by substituting or combining the first security token and the second security token, while preventing the second security token from being exposed to the first user. This establishes a first security sensitivity level for the first user and a second security sensitivity level for the first trusted server, wherein the first security sensitivity level is a lower access level than the second security sensitivity level for the downstream service.Type: ApplicationFiled: April 1, 2019Publication date: July 25, 2019Inventors: John Y-C. Chang, Ching-Yun Chao, Bertrand Be-Chung Chiu, Ki H. Park
-
Patent number: 10341324Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: GrantFiled: April 23, 2018Date of Patent: July 2, 2019Assignee: International Business Machines CorporationInventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 10341109Abstract: Exposure of sensitive information to users is controlled using a first security token containing user identity and user credentials to represent the user who requests services, and a second security token containing two other identities, one identifying the token issuer and the other identifying the owning process. When requesting services, the token-owning process sends a security token to indicate who is making the request, and uses its key to digitally sign the request. The token-owning process signs the request to indicate that it endorses the request.Type: GrantFiled: June 12, 2017Date of Patent: July 2, 2019Assignee: International Business Machines CorporationInventors: John Y-C. Chang, Ching-Yun Chao, Bertrand Be-Chung Chiu, Ki H. Park
-
Patent number: 10171561Abstract: A construct having a plurality of distributed resources can include a portion of a second rack having a plurality of computing devices controlled by a second management node. The second management node can determine it contains insufficient construct data such as user data, group data, resource data, or authorization policy data to execute an operation associated with the construct. The second management node can synchronize at least a portion of construct data with a first management node. The first management node can be associated with the construct and a mutual trust relationship can exist between the first management node and the second management node. The first management node and the second management node can comprise autonomous management nodes capable of functioning independent of the network.Type: GrantFiled: November 10, 2015Date of Patent: January 1, 2019Assignee: International Business Machines CorporationInventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20180241737Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: ApplicationFiled: April 23, 2018Publication date: August 23, 2018Inventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 9985954Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: GrantFiled: November 25, 2015Date of Patent: May 29, 2018Assignee: International Business Machines CorporationInventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 9906370Abstract: A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.Type: GrantFiled: November 16, 2015Date of Patent: February 27, 2018Assignee: International Business Machines CorporationInventors: Ajay A. Apte, John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Hugh E. Hockett, Yuhsuke Kaneyasu, Lewis Lo, Matthew D. McClintock, Scott C. Moonen, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20170279610Abstract: Exposure of sensitive information to users is controlled using a first security token containing user identity and user credentials to represent the user who requests services, and a second security token containing two other identities, one identifying the token issuer and the other identifying the owning process. When requesting services, the token-owning process sends a security token to indicate who is making the request, and uses its key to digitally sign the request. The token-owning process signs the request to indicate that it endorses the request.Type: ApplicationFiled: June 12, 2017Publication date: September 28, 2017Inventors: John Y-C. Chang, Ching-Yun Chao, Bertrand Be-Chung Chiu, Ki H. Park
-
Patent number: 9767497Abstract: An approach is provided that authenticates, at an on-line distributor, an end user that has connected to the distributor over a communications network. One or more sets of rules are sent from the distributor to one or more vendor sites. The distributor receives vendor product data pertaining to the vendor sites. The vendor product data received from the vendor sites is based on the sets of rules sent to the respective vendors. A product request is received at the distributor from the authenticated end user. The vendor product data received at the distributor is queried using a query that is based on the product request with the query resulting in a search result that is returned to the end user.Type: GrantFiled: September 28, 2016Date of Patent: September 19, 2017Assignee: International Business Machines CorporationInventors: Ching-Yun Chao, William H. Lee, Ikenna C. Osuji, Ki H. Park, Yan Xiao
-
Patent number: 9712322Abstract: Exposure of sensitive information to users is controlled using a first security token containing user identity and user credentials to represent the user who requests services, and a second security token containing two other identities, one identifying the token issuer and the other identifying the owning process. When requesting services, the token-owning process sends a security token to indicate who is making the request, and uses its key to digitally sign the request. The token-owning process signs the request to indicate that it endorses the request.Type: GrantFiled: October 5, 2016Date of Patent: July 18, 2017Assignee: International Business Machines CorporationInventors: John Y-C. Chang, Ching-Yun Chao, Bertrand Be-Chung Chiu, Ki H. Park
-
Publication number: 20170149765Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: ApplicationFiled: November 25, 2015Publication date: May 25, 2017Inventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20170141927Abstract: A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.Type: ApplicationFiled: November 16, 2015Publication date: May 18, 2017Inventors: Ajay A. Apte, John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Hugh E. Hockett, Yuhsuke Kaneyasu, Lewis Lo, Matthew D. McClintock, Scott C. Moonen, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20170134302Abstract: A construct having a plurality of distributed resources can include a portion of a second rack having a plurality of computing devices controlled by a second management node. The second management node can determine it contains insufficient construct data such as user data, group data, resource data, or authorization policy data to execute an operation associated with the construct. The second management node can synchronize at least a portion of construct data with a first management node. The first management node can be associated with the construct and a mutual trust relationship can exist between the first management node and the second management node. The first management node and the second management node can comprise autonomous management nodes capable of functioning independent of the network.Type: ApplicationFiled: November 10, 2015Publication date: May 11, 2017Inventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20170026179Abstract: Exposure of sensitive information to users is controlled using a first security token containing user identity and user credentials to represent the user who requests services, and a second security token containing two other identities, one identifying the token issuer and the other identifying the owning process. When requesting services, the token-owning process sends a security token to indicate who is making the request, and uses its key to digitally sign the request. The token-owning process signs the request to indicate that it endorses the request.Type: ApplicationFiled: October 5, 2016Publication date: January 26, 2017Inventors: John Y-C. Chang, Ching-Yun Chao, Bertrand Be-Chung Chiu, Ki H. Park
-
Patent number: 9160731Abstract: A mechanism is provided for establishing a trust relationship between two products. A resource device receives a registration request from an application device to access a resource on the resource device by an application and users of the application on the application device. The resource device sends a registration response using a redirection uniform resource identifier (URI) provided with the registration request, where the registration response includes an authorization code and a symmetric key in response to authenticating the registration request. The resource device receives an access token request that includes the symmetric key, verifiable authentication data, and the redirection URI. The resource device sends an access token to the application device in response to validating the access token request, where the access token allows for access to the resource on the resource device thereby establishing the trust relationship between the resource device and the application device.Type: GrantFiled: September 6, 2013Date of Patent: October 13, 2015Assignee: International Business Machines CorporationInventors: John Y. Chang, Ching-Yun Chao, Lewis Lo, Ki H. Park, Barbara J. Vander Weele
-
Publication number: 20150074395Abstract: A mechanism is provided for establishing a trust relationship between two products. A resource device receives a registration request from an application device to access a resource on the resource device by an application and users of the application on the application device. The resource device sends a registration response using a redirection uniform resource identifier (URI) provided with the registration request, where the registration response includes an authorization code and a symmetric key in response to authenticating the registration request. The resource device receives an access token request that includes the symmetric key, verifiable authentication data, and the redirection URI. The resource device sends an access token to the application device in response to validating the access token request, where the access token allows for access to the resource on the resource device thereby establishing the trust relationship between the resource device and the application device.Type: ApplicationFiled: September 6, 2013Publication date: March 12, 2015Applicant: International Business Machines CorporationInventors: John Y. Chang, Ching-Yun Chao, Lewis Lo, Ki H. Park, Barbara J. Vander Weele
-
Patent number: 8566716Abstract: A method, system and apparatus for selective macro event recording. In accordance with the present invention, events can be selectively included in a macro recording process, even where the events occur across different contexts such as different application windows in different applications. Specifically, once a macro recording session has been initiated for a particular application or application window, events occurring in different applications or application windows can be selected for inclusion in the macro through an append recording operation. Notably, the selective macro recording facility can be included as part of an operating environment, or as part of the individual applications executing within the operating environment.Type: GrantFiled: January 10, 2005Date of Patent: October 22, 2013Assignee: International Business Machines CorporationInventors: Thomas R. Haynes, Douglas A. Larson, Srinivasan Muralidharan, Ki H. Park, Shirish Amin, Robin L. Yehle
-
Patent number: 5553726Abstract: A feeder nipple system removably mounted on a container and has a nipple body with a nipple, and a detachable valve which prevents leakage from the nipple body. The detachable feature of the valve also permits proper sanitization of the feeder nipple system. The valve has a toroidal shaped top portion integrally joined by a truncated trapezoidal shaped neck of the valve to a toroidal shaped bottom portion of the valve which has a circular central portion having a slightly concave shape with slits which form a plurality of flaps. When the flaps are opened in the direction of a sucking force applied to the nipple, fluid flows out of the nipple body. However, when the flaps are closed, upon cessation of the applied sucking force, the fluid is prevented from leaking through the detachable valve and out of the nipple body. The nipple body, nipple, and detachable valve are made of pliable material which allows them to be easily deformable.Type: GrantFiled: November 8, 1993Date of Patent: September 10, 1996Inventor: Ki H. Park