Patents by Inventor Krishna Kishore Yellepeddy
Krishna Kishore Yellepeddy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10623375Abstract: This disclosure describes an automated process of discovering characteristics needed to integrate a web-based application to a web portal, such as a reverse proxy. This process eliminates the need for application owners and security analysts to manually discover the information needed for the on-boarding process. To this end, application-specific information is determined by monitoring network traffic flows in and out of the application, user authentication and authorization event data, and the like. An application discovery engine analyzes the discovered data, preferably against a set of patterns and heuristic-based rules, to discover or identify the one or more application characteristics. A set of configuration data is then generated, and this configuration data is then used to integrate the application into the web reverse proxy and, in particular, by specifying the configuration needed to “board” the application.Type: GrantFiled: September 16, 2014Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Richard Jay Cohen, Anne Louise Bolgert, Randolph Michael Forlenza, Miguel Sang, Krishna Kishore Yellepeddy
-
Patent number: 10389527Abstract: A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified.Type: GrantFiled: February 28, 2017Date of Patent: August 20, 2019Assignee: International Business Machines CorporationInventors: Sadanand Rajaram Bajekal, Jai Singh Arun, Michael Delaine Nix, Krishna Kishore Yellepeddy
-
Patent number: 10122693Abstract: A method, system, and computer usable program product for protocol based key management are provided in the illustrative embodiments. A key management protocol associated with a key request is identified, the key request being a request for data usable in cryptographic security. A first subset is selected from a set of policies using the key management protocol. A set of permissions is computed based on the first subset of policies, the set of permissions indicating whether the key request is permitted under the key management protocol. The set of permissions is cached in a cache in a data storage device.Type: GrantFiled: October 25, 2010Date of Patent: November 6, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Bruce Arland Rich, Krishna Kishore Yellepeddy, Xiaoyan Y Zhang
-
Publication number: 20170244559Abstract: A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified.Type: ApplicationFiled: February 28, 2017Publication date: August 24, 2017Inventors: Sadanand Rajaram Bajekal, Jai Singh Arun, MIchael Delaine Nix, Krishna Kishore Yellepeddy
-
Patent number: 9584314Abstract: A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified.Type: GrantFiled: August 21, 2013Date of Patent: February 28, 2017Assignee: International Business Machines CorporationInventors: Sadanand Rajaram Bajekal, Jai Singh Arun, Michael Delaine Nix, Krishna Kishore Yellepeddy
-
Publication number: 20160080324Abstract: This disclosure describes an automated process of discovering characteristics needed to integrate a web-based application to a web portal, such as a reverse proxy. This process eliminates the need for application owners and security analysts to manually discover the information needed for the on-boarding process. To this end, application-specific information is determined by monitoring network traffic flows in and out of the application, user authentication and authorization event data, and the like. An application discovery engine analyzes the discovered data, preferably against a set of patterns and heuristic-based rules, to discover or identify the one or more application characteristics. A set of configuration data is then generated, and this configuration data is then used to integrate the application into the web reverse proxy and, in particular, by specifying the configuration needed to “board” the application.Type: ApplicationFiled: September 16, 2014Publication date: March 17, 2016Inventors: Richard Jay Cohen, Anne Louise Bolgert, Randolph Michael Forlenza, Miguel Sang, Krishna Kishore Yellepeddy
-
Publication number: 20150055780Abstract: A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified.Type: ApplicationFiled: August 21, 2013Publication date: February 26, 2015Applicant: International Business Machines CorporationInventors: Sadanand Rajaram Bajekal, Jai Singh Arun, MIchael Delaine Nix, Krishna Kishore Yellepeddy
-
Patent number: 8645182Abstract: A computer implemented method for integrating a calendar and task scheduler to enable automatic scheduling of meetings and assignment of tasks based on priority. With the illustrative embodiments, a task in a user's calendaring system may be split into multiple time blocks, and each time block for the task may then be scheduled around meetings in a user's calendar. Tasks that are scheduled in the user's calendar may also be automatically rescheduled when meetings within the user's calendar change. Tasks may be scheduled over lower priority meetings in the user's calendar as needed in order to meet the due dates assigned to the tasks. The illustrative embodiments also allow for automatically adjusting meeting or task priorities based on policies, and identifying classes of activities that may be performed concurrently.Type: GrantFiled: October 2, 2007Date of Patent: February 4, 2014Assignee: International Business Machines CorporationInventors: Conrad James Johnson, James Ealem Shewbert, Perry Lee Statham, Sandra Lee Tipton, Krishna Kishore Yellepeddy
-
Publication number: 20120099728Abstract: A method, system, and computer usable program product for protocol based key management are provided in the illustrative embodiments. A key management protocol associated with a key request is identified, the key request being a request for data usable in cryptographic security. A first subset is selected from a set of policies using the key management protocol. A set of permissions is computed based on the first subset of policies, the set of permissions indicating whether the key request is permitted under the key management protocol. The set of permissions is cached in a cache in a data storage device.Type: ApplicationFiled: October 25, 2010Publication date: April 26, 2012Applicant: International Business Machines CorporationInventors: Bruce Arland Rich, Krishna Kishore Yellepeddy, Xiaoyan Y. Zhang
-
Patent number: 8091138Abstract: A computer implemented method and apparatus for controlling the presentation of information. In response to receiving a request to present the information, a process confirms that conditions for presentation of the information are satisfied using a set of presentation policies, wherein the conditions are specified in the set of presentation policies, and wherein the conditions comprise a status of a user and a setting of the user. The process then determines whether confidential content is present in the information. Responsive to the confidential content being present, the process redacts the confidential content before presenting the information to a user, and then updates a presentation history with metadata describing the presentation of the information comprising the confidential content.Type: GrantFiled: September 6, 2007Date of Patent: January 3, 2012Assignee: International Business Machines CorporationInventors: Krishna Kishore Yellepeddy, Conrad James Johnson, Helen McKinstry, Perry Lee Statham, Sandra Lee Tipton
-
Patent number: 7971069Abstract: A replicated networked storage domain of an original data partition and one or more replica data partitions in which each partition is stored on a storage device having a network address, is secured by associating with each partition a secret key; sharing the secret keys between the storage devices and a file manager; requesting access to a specific partition by a client; and accessing the specific partition by the client using a credential encrypted by the key associated with the specific partition and including a network address of a storage device which stores the partition.Type: GrantFiled: October 11, 2006Date of Patent: June 28, 2011Assignee: International Business Machines CorporationInventor: Krishna Kishore Yellepeddy
-
Patent number: 7717326Abstract: A system for protecting data within a portable storage device. A self-destruct unit associated with the portable storage device is enabled. If the portable storage device is not within a pre-specified route tolerance or if the portable storage device is not at a pre-selected identification checkpoint, an alert message is sent. In response to receiving a particular response, a self-destruct signal is sent to the enabled self-destruct unit. Then the enabled self-destruct unit creates an electromagnetic pulse from a xenon flash tube to render confidential data within the portable storage device unusable.Type: GrantFiled: November 15, 2006Date of Patent: May 18, 2010Assignee: International Business Machines CorporationInventors: David Bruce Kumhyr, Pamela Ann Nesbitt, Lorin Evan Ullmann, Krishna Kishore Yellepeddy
-
Publication number: 20090089133Abstract: A computer implemented method for integrating a calendar and task scheduler to enable automatic scheduling of meetings and assignment of tasks based on priority. With the illustrative embodiments, a task in a user's calendaring system may be split into multiple time blocks, and each time block for the task may then be scheduled around meetings in a user's calendar. Tasks that are scheduled in the user's calendar may also be automatically rescheduled when meetings within the user's calendar change. Tasks may be scheduled over lower priority meetings in the user's calendar as needed in order to meet the due dates assigned to the tasks. The illustrative embodiments also allow for automatically adjusting meeting or task priorities based on policies, and identifying classes of activities that may be performed concurrently.Type: ApplicationFiled: October 2, 2007Publication date: April 2, 2009Inventors: Conrad James Johnson, James Ealem Shewbert, Perry Lee Statham, Sandra Lee Tipton, Krishna Kishore Yellepeddy
-
Publication number: 20090070881Abstract: A computer implemented method and apparatus for controlling the presentation of information. In response to receiving a request to present the information, a process confirms that conditions for presentation of the information are satisfied using a set of presentation policies, wherein the conditions are specified in the set of presentation policies, and wherein the conditions comprise a status of a user and a setting of the user. The process then determines whether confidential content is present in the information. Responsive to the confidential content being present, the process redacts the confidential content before presenting the information to a user, and then updates a presentation history with metadata describing the presentation of the information comprising the confidential content.Type: ApplicationFiled: September 6, 2007Publication date: March 12, 2009Inventors: Krishna Kishore Yellepeddy, Conrad James Johnson, Helen McKinstry, Perry Lee Statham, Sandra Lee Tipton
-
Publication number: 20080112300Abstract: A system for protecting data within a portable storage device. A self-destruct unit associated with the portable storage device is enabled. If the portable storage device is not within a pre-specified route tolerance or if the portable storage device is not at a pre-selected identification checkpoint, an alert message is sent. In response to receiving a particular response, a self-destruct signal is sent to the enabled self-destruct unit. Then the enabled self-destruct unit creates an electromagnetic pulse from a xenon flash tube to render confidential data within the portable storage device unusable.Type: ApplicationFiled: November 15, 2006Publication date: May 15, 2008Inventors: David Bruce Kumhyr, Pamela Ann Nesbitt, Lorin Evan Ullmann, Krishna Kishore Yellepeddy
-
Patent number: 7236465Abstract: A system and method for gathering data regarding receivers of multicast content is provided. A spanning tree is used to connect a content producer, such as a pay-per-view broadcaster, to one or more receivers over a computer network, such as the Internet. Clients that wish to join a multicast group to which content is sent join the multicast group at the client's designated multicast router. The router sends information regarding the request, such as a tally of the number of clients that have joined the group, through intermediate routers to an endpoint router as identified by the spanning tree. The content producer is able to use the information, such as the tally and demographic information, to analyze the group of receivers. In a pay-per-view setting, the tally can further be compared to the number of subscribers to determine whether illicit receivers have joined the group, whereupon appropriate action is taken.Type: GrantFiled: June 13, 2002Date of Patent: June 26, 2007Assignee: International Business Machines CorporationInventors: Dwip N. Banerjee, Rabindranath Dutta, Kumar Ravi, Krishna Kishore Yellepeddy
-
Patent number: 7191192Abstract: A bidirectional metadirectory agent a data source converter layer; a filters and rules layer for blocking disallowed changes; a mapping layer for translating attributes in change commands from a local set of attribute names to a set of metadirectory attribute names, and vice versa, and for converting change commands between said agent-internal common format and a directory change protocol; an extensible user customization layer for implementing custom metadirectory agent functions; and a metadirectory interface for sending and receiving said change commands in said directory change protocol.Type: GrantFiled: September 30, 2002Date of Patent: March 13, 2007Assignee: International Business Machines CorporationInventors: Krishna Kishore Yellepeddy, Rod Mancisidor
-
Patent number: 7146499Abstract: Through associating each data partition within a replicated storage domain of networked storage devices with one of multiple secret keys shared with a file manager, a credential is issued from the file manager to a client requesting access to a partition. The credential includes a network address for the partition to which the client is to direct its actions. The storage device periodically confirms with the file manager the validity of the shared secret keys. Through logical process and evaluations applied to issuing the credential and determining the address of the partition to be included in each credential, the file manager may invalidate partitions individually, provide load balancing between access of original and replica partitions, and provide security functions such as isolation of partitions for access by and tracking of unauthorized users, or for testing purposes.Type: GrantFiled: September 30, 2002Date of Patent: December 5, 2006Assignee: International Business Machines CorporationInventor: Krishna Kishore Yellepeddy
-
Patent number: 7107297Abstract: A system and method which propagates change operations to data items within a metadirectory on a differential basis in order to minimize or eliminate redundant updates to attributes within data items that have not changed, as well as conserve computing resources and transmission bandwidth consumed by update activities in large organizations of data items. A best match entry in the metadirectory is selected using a weighted score process, a determination is made as to exactly which attributes are changed by the update operation, and a differential update is propagated throughout the metadirectory via direct joiner access to the data items, or through remote access such as through LDAP.Type: GrantFiled: January 10, 2002Date of Patent: September 12, 2006Assignee: International Business Machines CorporationInventors: Krishna Kishore Yellepeddy, Rod Mancisidor
-
Publication number: 20040128266Abstract: The present invention enables a facility (home, business or industrial site) to optimize the consumption of energy in that facility. In this invention, the power companies that supply energy provide information to its client facilities on the cost and availability of energy from that company on a real-time basis. Each client facility would have a power accounting server. These servers store this and process this information to predict when the rates for using the energy will be the least expensive for a particular task or to operate a particular appliance. A homeowner (client facility) for example can program appliances such as a dishwasher or laundry machine to turn on when the cost of energy is below a particular threshold price. The present invention has the capability to receive characteristics about a particular appliance, generate a list of energy consumption options for that particular product at a particular time period and select and implement the most efficient energy supply option.Type: ApplicationFiled: December 12, 2003Publication date: July 1, 2004Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Krishna Kishore Yellepeddy, Rabindranath Dutta