Patents by Inventor Lawrence Koved

Lawrence Koved has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10375116
    Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection, level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: August 6, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Pau-Chen Cheng, Stephen C. Gates, Lawrence Koved, Wilfried Teiken
  • Patent number: 10375119
    Abstract: Dynamic multi-factor authentication challenge selection is provided. A risk associated with an operation that requires authentication of a user of a client device is determined. A plurality of authentication methods is identified. Each respective authentication method associated with a level of security offsetting the risk and a computing cost associated with a respective authentication method. One or more authentication methods are selected from the plurality of authentication methods according to the risk and to minimize the computing cost associated with authenticating the operation.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: August 6, 2019
    Assignee: International Business Machines Corporation
    Inventors: Hagai Aronowitz, Lawrence Koved, Ian M. Molloy, Bo Zhang
  • Patent number: 10277591
    Abstract: Authenticating a user is provided. A decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device is received during authentication. Encrypted authentication credential data corresponding to the user is decrypted using the received decryption key corresponding to the authentication account of the user. The decrypted authentication credential data is compared with the received authentication credential data to authenticate the user of the client device.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: April 30, 2019
    Assignee: International Business Machines Corporation
    Inventors: Lawrence Koved, Ian M. Molloy, Gelareh Taban
  • Publication number: 20180316666
    Abstract: Authenticating a user is provided. A decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device is received during authentication. Encrypted authentication credential data corresponding to the user is decrypted using the received decryption key corresponding to the authentication account of the user. The decrypted authentication credential data is compared with the received authentication credential data to authenticate the user of the client device.
    Type: Application
    Filed: June 26, 2018
    Publication date: November 1, 2018
    Inventors: Lawrence Koved, Ian M. Molloy, Gelareh Taban
  • Publication number: 20180300693
    Abstract: An example operation may include one or more of receiving one or more transaction requests to complete one or more transactions, recording the one or more transaction requests in a blockchain, requesting one or more transaction confirmations from an out-of-band device to confirm the one or more transactions, and committing the one or more confirmed transactions to the blockchain.
    Type: Application
    Filed: April 17, 2017
    Publication date: October 18, 2018
    Inventors: Ramesh Gopinath, Lawrence Koved, Brigid Mcdermott, Krishna Ratakonda
  • Patent number: 10097544
    Abstract: Authenticating a user is provided. A decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device is received during authentication. Encrypted authentication credential data corresponding to the user is decrypted using the received decryption key corresponding to the authentication account of the user. The decrypted authentication credential data is compared with the received authentication credential data to authenticate the user of the client device.
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: October 9, 2018
    Assignee: International Business Machines Corporation
    Inventors: Lawrence Koved, Ian M. Molloy, Gelareh Taban
  • Patent number: 10091181
    Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: October 2, 2018
    Assignee: International Business Machines Corporation
    Inventors: Pau-Chen Cheng, Lawrence Koved, Kapil K. Singh, Calvin B. Swart, Sharon M. Trewin
  • Publication number: 20180158034
    Abstract: A blockchain may include various transactions which are identified and which require processing. The order of processing such transactions may be optimized by examining content of the transactions. One example method of operation may comprise one or more of receiving an ordered set of proposed transactions intended for inclusion in a blockchain block, creating a lattice structure containing the proposed transactions for the blockchain block, the lattice structure comprising a top and a bottom and a plurality of nodes representing the proposed transactions, determining an order of execution of the proposed transactions for the blockchain block via the lattice structure, and processing the proposed transactions in the lattice structure in parallel based on a configuration of the lattice structure.
    Type: Application
    Filed: December 7, 2016
    Publication date: June 7, 2018
    Inventors: Guerney D.H. Hunt, Lawrence Koved
  • Publication number: 20180150799
    Abstract: A certified checkpoint is provided for a ledger comprising a blockchain and a world state. The certified checkpoint enables a third party to recognize and verify that the ledger has integrity, a known starting state, and immutability properties starting at a specific point in time. Certification means that all of the validating peers reached consensus on the state of the ledger at that point in time. Thus, the certified checkpoint state represents an agreed-upon state, and that one or more subsequent operations on the ledger are relative to that agreed-upon state. Preferably, before a checkpoint is certified, it must be consistent, meaning that all validating peers have reached the same value for the checkpoint. Preferably, the checkpoint is a compression of the current blockchain world state into a compact representation (e.g., a hash) of the ledger that based on an agreed-upon consensus protocol is consistent across the (validating) peers.
    Type: Application
    Filed: November 30, 2016
    Publication date: May 31, 2018
    Inventors: Guerney D.H. Hunt, Lawrence Koved
  • Publication number: 20180150835
    Abstract: A certified checkpoint is provided for a ledger comprising a blockchain and a world state. The certified checkpoint enables a third party to recognize and verify that the ledger has integrity, a known starting state, and immutability properties starting at a specific point in time. Certification means that all of the validating peers reached consensus on the state of the ledger at that point in time. Thus, the certified checkpoint state represents an agreed-upon state, and that one or more subsequent operations on the ledger are relative to that agreed-upon state. Preferably, before a checkpoint is certified, it must be consistent, meaning that all validating peers have reached the same value for the checkpoint. Preferably, the checkpoint is a compression of the current blockchain world state into a compact representation (e.g., a hash) of the ledger that based on an agreed-upon consensus protocol is consistent across the (validating) peers. A technique to certify a blockchain checkpoint also is described.
    Type: Application
    Filed: February 2, 2017
    Publication date: May 31, 2018
    Inventors: Guerney D.H. Hunt, Lawrence Koved
  • Publication number: 20180152289
    Abstract: A certified checkpoint is provided for a ledger comprising a blockchain and a world state. The certified checkpoint enables a third party to recognize and verify that the ledger has integrity, a known starting state, and immutability properties starting at a specific point in time. Certification means that all of the validating peers reached consensus on the state of the ledger at that point in time. Thus, the certified checkpoint state represents an agreed-upon state, and that one or more subsequent operations on the ledger are relative to that agreed-upon state. Preferably, before a checkpoint is certified, it must be consistent, meaning that all validating peers have reached the same value for the checkpoint. Preferably, the checkpoint is a compression of the current blockchain world state into a compact representation (e.g., a hash) of the ledger that based on an agreed-upon consensus protocol is consistent across the (validating) peers. The approach also is extended to a permissionless blockchain.
    Type: Application
    Filed: June 26, 2017
    Publication date: May 31, 2018
    Inventors: Guerney D.H. Hunt, Lawrence Koved
  • Publication number: 20180034859
    Abstract: Dynamic multi-factor authentication challenge selection is provided. A risk associated with an operation that requires authentication of a user of a client device is determined. A plurality of authentication methods is identified. Each respective authentication method associated with a level of security offsetting the risk and a computing cost associated with a respective authentication method. One or more authentication methods are selected from the plurality of authentication methods according to the risk and to minimize the computing cost associated with authenticating the operation.
    Type: Application
    Filed: July 28, 2016
    Publication date: February 1, 2018
    Inventors: Hagai Aronowitz, Lawrence Koved, Ian M. Molloy, Bo Zhang
  • Patent number: 9876783
    Abstract: Distribution of verification of passwords for electronic account. Password verification is distributed (divided) across multiple entities to reduce potential exposure in the event of a server exposure.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: January 23, 2018
    Assignee: International Business Machines Corporation
    Inventors: Lawrence Koved, Gelareh Taban
  • Patent number: 9854057
    Abstract: Embodiments include a network data collection and response system for enhancing security in an enterprise network providing a user-supplied computing device with access to the network. A network data collection and response system tracks network activity of the device and maintains a device inventory recording the device type and configuration information for the device along with a resource utilization profile for the device. The network data collection and response system detects high-risk or unauthorized network activity involving the device through passive monitoring without utilization of a data monitoring agent installed on the device and implements a response action to mitigate the high-risk or unauthorized network.
    Type: Grant
    Filed: May 6, 2014
    Date of Patent: December 26, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Suresh N. Chari, Pau-Chen Cheng, Xin Hu, Lawrence Koved, Josyula R. Rao, Reiner Sailer, Douglas L. Schales, Kapil K. Singh, Marc P. Stoecklin
  • Publication number: 20170353450
    Abstract: Authenticating a user is provided. A decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device is received during authentication. Encrypted authentication credential data corresponding to the user is decrypted using the received decryption key corresponding to the authentication account of the user. The decrypted authentication credential data is compared with the received authentication credential data to authenticate the user of the client device.
    Type: Application
    Filed: June 1, 2016
    Publication date: December 7, 2017
    Inventors: Lawrence Koved, Ian M. Molloy, Gelareh Taban
  • Patent number: 9807105
    Abstract: Generating a behavior profile is provided. A newness score is calculated for a data point corresponding to a context of an access request to a resource made by a user of a client device. Newness scores for a plurality of data points corresponding to contexts of a plurality of access requests are aggregated to form an aggregated newness score. In response to determining that the aggregated newness score is greater than or equal to a pre-defined newness score threshold, data points stored in a data point cache and a long-term storage are used to generate a new behavior profile for the user or update an existing behavior profile for the user.
    Type: Grant
    Filed: November 11, 2015
    Date of Patent: October 31, 2017
    Assignee: International Business Machines Corporation
    Inventors: Pau-Chen Cheng, Lawrence Koved, Kapil K. Singh
  • Patent number: 9781095
    Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: October 3, 2017
    Assignee: International Business Machines Corporation
    Inventors: Pau-Chen Cheng, Lawrence Koved, Kapil K. Singh, Calvin B. Swart, Sharon M. Trewin
  • Publication number: 20170279787
    Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.
    Type: Application
    Filed: June 9, 2017
    Publication date: September 28, 2017
    Inventors: Pau-Chen Cheng, Lawrence Koved, Kapil K. Singh, Calvin B. Swart, Sharon M. Trewin
  • Patent number: 9712565
    Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.
    Type: Grant
    Filed: July 11, 2016
    Date of Patent: July 18, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Pau-Chen Cheng, Stephen C. Gates, Lawrence Koved, Wilfried Teiken
  • Publication number: 20170180339
    Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.
    Type: Application
    Filed: December 18, 2015
    Publication date: June 22, 2017
    Inventors: Pau-Chen Cheng, Lawrence Koved, Kapil K. Singh, Calvin B. Swart, Sharon M. Trewin