Patents by Inventor Leonardo A. Uzcategui
Leonardo A. Uzcategui has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10454949Abstract: Cross-Site Request Forgery attacks are mitigated by a CSRF mechanism executing at a computing entity. The CSRF mechanism is operative to analyze information associated with an HTTP request for a resource. The HTTP request typically originates as an HTTP redirect from another computing entity, such as an enterprise Web portal. Depending on the nature of the information associated with the HTTP request, the HTTP request may be rejected because the CSRF mechanism determines that the request is or is likely associated with a CSRF attack. To facilitate this determination, the approach leverages a new type of “referer” attribute, a trustedReferer, which indicates that the request originates from a server that has previously established a trust relationship with the site at which the CSRF mechanism executes. The trustedReferer attribute typically is set by the redirecting entity, and in an HTTP request header field dedicated for that attribute.Type: GrantFiled: November 20, 2015Date of Patent: October 22, 2019Assignee: International Business Machines CorporationInventors: Lewis Lo, Ching-Yun Chao, Li Yi, Leonardo A. Uzcategui, John Yow-Chun Chang, Rohan Gandhi
-
Patent number: 10341324Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: GrantFiled: April 23, 2018Date of Patent: July 2, 2019Assignee: International Business Machines CorporationInventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 10171561Abstract: A construct having a plurality of distributed resources can include a portion of a second rack having a plurality of computing devices controlled by a second management node. The second management node can determine it contains insufficient construct data such as user data, group data, resource data, or authorization policy data to execute an operation associated with the construct. The second management node can synchronize at least a portion of construct data with a first management node. The first management node can be associated with the construct and a mutual trust relationship can exist between the first management node and the second management node. The first management node and the second management node can comprise autonomous management nodes capable of functioning independent of the network.Type: GrantFiled: November 10, 2015Date of Patent: January 1, 2019Assignee: International Business Machines CorporationInventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20180241737Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: ApplicationFiled: April 23, 2018Publication date: August 23, 2018Inventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 9985954Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: GrantFiled: November 25, 2015Date of Patent: May 29, 2018Assignee: International Business Machines CorporationInventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 9906370Abstract: A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.Type: GrantFiled: November 16, 2015Date of Patent: February 27, 2018Assignee: International Business Machines CorporationInventors: Ajay A. Apte, John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Hugh E. Hockett, Yuhsuke Kaneyasu, Lewis Lo, Matthew D. McClintock, Scott C. Moonen, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20170149765Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: ApplicationFiled: November 25, 2015Publication date: May 25, 2017Inventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20170149803Abstract: Cross-Site Request Forgery attacks are mitigated by a CSRF mechanism executing at a computing entity. The CSRF mechanism is operative to analyze information associated with an HTTP request for a resource. The HTTP request typically originates as an HTTP redirect from another computing entity, such as an enterprise Web portal. Depending on the nature of the information associated with the HTTP request, the HTTP request may be rejected because the CSRF mechanism determines that the request is or is likely associated with a CSRF attack. To facilitate this determination, the approach leverages a new type of “referer” attribute, a trustedReferer, which indicates that the request originates from a server that has previously established a trust relationship with the site at which the CSRF mechanism executes. The trustedReferer attribute typically is set by the redirecting entity, and in an HTTP request header field dedicated for that attribute.Type: ApplicationFiled: November 20, 2015Publication date: May 25, 2017Inventors: Lewis Lo, Ching-Yun Chao, Li Yi, Leonardo A. Uzcategui, John Yow-Chun Chang, Rohan Gandhi
-
Publication number: 20170141927Abstract: A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.Type: ApplicationFiled: November 16, 2015Publication date: May 18, 2017Inventors: Ajay A. Apte, John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Hugh E. Hockett, Yuhsuke Kaneyasu, Lewis Lo, Matthew D. McClintock, Scott C. Moonen, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20170134302Abstract: A construct having a plurality of distributed resources can include a portion of a second rack having a plurality of computing devices controlled by a second management node. The second management node can determine it contains insufficient construct data such as user data, group data, resource data, or authorization policy data to execute an operation associated with the construct. The second management node can synchronize at least a portion of construct data with a first management node. The first management node can be associated with the construct and a mutual trust relationship can exist between the first management node and the second management node. The first management node and the second management node can comprise autonomous management nodes capable of functioning independent of the network.Type: ApplicationFiled: November 10, 2015Publication date: May 11, 2017Inventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 7885995Abstract: A computer-implemented method for processing service requests in a distributed environment includes routing a type of service request to a first service provider in the distributed environment, the first service provider having a commitment level for handling the service request type, detecting a second service provider in the distributed environment capable of handing the service request type, determining a commitment level of the second service provider to handle the service request type, and responsive to the commitment level of the second provider exceeding the commitment level of the first provider, routing the service request type to the second service provider.Type: GrantFiled: May 9, 2008Date of Patent: February 8, 2011Assignee: International Business Machines CorporationInventors: Claudia Susan Barrett, Joseph Kuruvilla Chacko, Krithika Kashinath, Shirish Trivikram Kuncolienkar, Leonardo A. Uzcategui
-
Publication number: 20080313266Abstract: A computer-implemented method for processing service requests in a distributed environment includes routing a type of service request to a first service provider in the distributed environment, the first service provider having a commitment level for handling the service request type, detecting a second service provider in the distributed environment capable of handing the service request type, determining a commitment level of the second service provider to handle the service request type, and responsive to the commitment level of the second provider exceeding the commitment level of the first provider, routing the service request type to the second service provider.Type: ApplicationFiled: May 9, 2008Publication date: December 18, 2008Applicant: International Business Machines CorporationInventors: Claudia S. Barrett, Joseph Chacko, Krithika Kashinath, Shirish Kuncolienkar, Leonardo A. Uzcategui