Patents by Inventor Lewis Lo
Lewis Lo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10454949Abstract: Cross-Site Request Forgery attacks are mitigated by a CSRF mechanism executing at a computing entity. The CSRF mechanism is operative to analyze information associated with an HTTP request for a resource. The HTTP request typically originates as an HTTP redirect from another computing entity, such as an enterprise Web portal. Depending on the nature of the information associated with the HTTP request, the HTTP request may be rejected because the CSRF mechanism determines that the request is or is likely associated with a CSRF attack. To facilitate this determination, the approach leverages a new type of “referer” attribute, a trustedReferer, which indicates that the request originates from a server that has previously established a trust relationship with the site at which the CSRF mechanism executes. The trustedReferer attribute typically is set by the redirecting entity, and in an HTTP request header field dedicated for that attribute.Type: GrantFiled: November 20, 2015Date of Patent: October 22, 2019Assignee: International Business Machines CorporationInventors: Lewis Lo, Ching-Yun Chao, Li Yi, Leonardo A. Uzcategui, John Yow-Chun Chang, Rohan Gandhi
-
Patent number: 10341324Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: GrantFiled: April 23, 2018Date of Patent: July 2, 2019Assignee: International Business Machines CorporationInventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 10171561Abstract: A construct having a plurality of distributed resources can include a portion of a second rack having a plurality of computing devices controlled by a second management node. The second management node can determine it contains insufficient construct data such as user data, group data, resource data, or authorization policy data to execute an operation associated with the construct. The second management node can synchronize at least a portion of construct data with a first management node. The first management node can be associated with the construct and a mutual trust relationship can exist between the first management node and the second management node. The first management node and the second management node can comprise autonomous management nodes capable of functioning independent of the network.Type: GrantFiled: November 10, 2015Date of Patent: January 1, 2019Assignee: International Business Machines CorporationInventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20180241737Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: ApplicationFiled: April 23, 2018Publication date: August 23, 2018Inventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 9985954Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: GrantFiled: November 25, 2015Date of Patent: May 29, 2018Assignee: International Business Machines CorporationInventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 9906370Abstract: A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.Type: GrantFiled: November 16, 2015Date of Patent: February 27, 2018Assignee: International Business Machines CorporationInventors: Ajay A. Apte, John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Hugh E. Hockett, Yuhsuke Kaneyasu, Lewis Lo, Matthew D. McClintock, Scott C. Moonen, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20170149765Abstract: A new management node associated with a new rack sends at least a public key of the new management node to a first management node associated with a first rack and a plurality of autonomous management nodes. The first management node sends the new management node an access token trusted by at least a portion of the plurality of autonomous management nodes and a set of public keys corresponding to at least a portion of the plurality of autonomous management nodes. The new management node can send its public key and the access token to at least a portion of the plurality of autonomous management nodes. In response, the new management node can establish a mutual trust relationship with at least a portion of the plurality of autonomous management nodes.Type: ApplicationFiled: November 25, 2015Publication date: May 25, 2017Inventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20170149803Abstract: Cross-Site Request Forgery attacks are mitigated by a CSRF mechanism executing at a computing entity. The CSRF mechanism is operative to analyze information associated with an HTTP request for a resource. The HTTP request typically originates as an HTTP redirect from another computing entity, such as an enterprise Web portal. Depending on the nature of the information associated with the HTTP request, the HTTP request may be rejected because the CSRF mechanism determines that the request is or is likely associated with a CSRF attack. To facilitate this determination, the approach leverages a new type of “referer” attribute, a trustedReferer, which indicates that the request originates from a server that has previously established a trust relationship with the site at which the CSRF mechanism executes. The trustedReferer attribute typically is set by the redirecting entity, and in an HTTP request header field dedicated for that attribute.Type: ApplicationFiled: November 20, 2015Publication date: May 25, 2017Inventors: Lewis Lo, Ching-Yun Chao, Li Yi, Leonardo A. Uzcategui, John Yow-Chun Chang, Rohan Gandhi
-
Publication number: 20170141927Abstract: A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.Type: ApplicationFiled: November 16, 2015Publication date: May 18, 2017Inventors: Ajay A. Apte, John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Hugh E. Hockett, Yuhsuke Kaneyasu, Lewis Lo, Matthew D. McClintock, Scott C. Moonen, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Publication number: 20170134302Abstract: A construct having a plurality of distributed resources can include a portion of a second rack having a plurality of computing devices controlled by a second management node. The second management node can determine it contains insufficient construct data such as user data, group data, resource data, or authorization policy data to execute an operation associated with the construct. The second management node can synchronize at least a portion of construct data with a first management node. The first management node can be associated with the construct and a mutual trust relationship can exist between the first management node and the second management node. The first management node and the second management node can comprise autonomous management nodes capable of functioning independent of the network.Type: ApplicationFiled: November 10, 2015Publication date: May 11, 2017Inventors: John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Yuhsuke Kaneyasu, Lewis Lo, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 9160731Abstract: A mechanism is provided for establishing a trust relationship between two products. A resource device receives a registration request from an application device to access a resource on the resource device by an application and users of the application on the application device. The resource device sends a registration response using a redirection uniform resource identifier (URI) provided with the registration request, where the registration response includes an authorization code and a symmetric key in response to authenticating the registration request. The resource device receives an access token request that includes the symmetric key, verifiable authentication data, and the redirection URI. The resource device sends an access token to the application device in response to validating the access token request, where the access token allows for access to the resource on the resource device thereby establishing the trust relationship between the resource device and the application device.Type: GrantFiled: September 6, 2013Date of Patent: October 13, 2015Assignee: International Business Machines CorporationInventors: John Y. Chang, Ching-Yun Chao, Lewis Lo, Ki H. Park, Barbara J. Vander Weele
-
Publication number: 20150074395Abstract: A mechanism is provided for establishing a trust relationship between two products. A resource device receives a registration request from an application device to access a resource on the resource device by an application and users of the application on the application device. The resource device sends a registration response using a redirection uniform resource identifier (URI) provided with the registration request, where the registration response includes an authorization code and a symmetric key in response to authenticating the registration request. The resource device receives an access token request that includes the symmetric key, verifiable authentication data, and the redirection URI. The resource device sends an access token to the application device in response to validating the access token request, where the access token allows for access to the resource on the resource device thereby establishing the trust relationship between the resource device and the application device.Type: ApplicationFiled: September 6, 2013Publication date: March 12, 2015Applicant: International Business Machines CorporationInventors: John Y. Chang, Ching-Yun Chao, Lewis Lo, Ki H. Park, Barbara J. Vander Weele
-
Patent number: 8103640Abstract: A method, an apparatus, and computer instructions are provided for role mapping methodology for user registry migration. A migration engine is provided, which conjoins a set of conditions defined in a role mapping file to form a set of migration rules. The migration engine evaluates the migration rules against the current role of each user in the user registry and determines if the user should be assigned a new role. If a new role is assigned, the migration engine updates the user registry with the new role.Type: GrantFiled: March 2, 2005Date of Patent: January 24, 2012Assignee: International Business Machines CorporationInventor: Lewis Lo
-
Publication number: 20060200504Abstract: A method, an apparatus, and computer instructions are provided for role mapping methodology for user registry migration. A migration engine is provided, which conjoins a set of conditions defined in a role mapping file to form a set of migration rules. The migration engine evaluates the migration rules against the current role of each user in the user registry and determines if the user should be assigned a new role. If a new role is assigned, the migration engine updates the user registry with the new role.Type: ApplicationFiled: March 2, 2005Publication date: September 7, 2006Applicant: International Business Machines CorporationInventor: Lewis Lo