Patents by Inventor Michael P. Kasper
Michael P. Kasper has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11010479Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The memory system includes a plurality of address spaces. The processing system is configured to perform operations including creating a data space from within a primary address space and a primary address space number access list entry referencing the data space. An unauthorized caller routine in a home address space configured to issue a service request including an address space-switching program call from the home address space to a program call target routine in the primary address space. The address space-switching program call references the primary address space number access list entry in the primary address space. A vulnerability identifier associated with the program call target routine is created and logged based on one or more conditions indicative of a cross-memory integrity violation detected responsive to the service request.Type: GrantFiled: October 1, 2018Date of Patent: May 18, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Bryan Childs, Peter Relson, Karl D. Schmitz, Michael P. Kasper, Kathryn Voss, Kin Choi
-
Patent number: 10915640Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The processing system is configured to perform operations including setting a target register to point to a first protected storage location of the memory system resulting in a protection exception upon access, calling an authorized service, and confirming that the authorized service uses the target register based on detecting the protection exception. The target register is adjusted to point to a parameter list including one or more known values and a pointer to a second protected storage location resulting in the protection exception upon access to confirm use of a value of the parameter list responsive to calling the authorized service. Parameter list testing and target register testing is repeated for locations in the parameter list and target registers to construct a testing profile for vulnerability testing of the authorized service.Type: GrantFiled: October 1, 2018Date of Patent: February 9, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael P. Kasper, Bryan Childs, Kin Choi, Karl D. Schmitz, Kathryn Voss
-
Patent number: 10652244Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: GrantFiled: November 30, 2017Date of Patent: May 12, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Publication number: 20200104508Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The memory system includes a plurality of address spaces. The processing system is configured to perform operations including creating a data space from within a primary address space and a primary address space number access list entry referencing the data space. An unauthorized caller routine in a home address space configured to issue a service request including an address space-switching program call from the home address space to a program call target routine in the primary address space. The address space-switching program call references the primary address space number access list entry in the primary address space. A vulnerability identifier associated with the program call target routine is created and logged based on one or more conditions indicative of a cross-memory integrity violation detected responsive to the service request.Type: ApplicationFiled: October 1, 2018Publication date: April 2, 2020Inventors: Bryan Childs, Peter Relson, Karl D. Schmitz, Michael P. Kasper, Kathryn Voss, Kin Choi
-
Publication number: 20200104507Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The processing system is configured to perform operations including setting a target register to point to a first protected storage location of the memory system resulting in a protection exception upon access, calling an authorized service, and confirming that the authorized service uses the target register based on detecting the protection exception. The target register is adjusted to point to a parameter list including one or more known values and a pointer to a second protected storage location resulting in the protection exception upon access to confirm use of a value of the parameter list responsive to calling the authorized service. Parameter list testing and target register testing is repeated for locations in the parameter list and target registers to construct a testing profile for vulnerability testing of the authorized service.Type: ApplicationFiled: October 1, 2018Publication date: April 2, 2020Inventors: Michael P. Kasper, Bryan Childs, Kin Choi, Karl D. Schmitz, Kathryn Voss
-
Publication number: 20180097813Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: ApplicationFiled: November 30, 2017Publication date: April 5, 2018Inventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Patent number: 9906517Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: GrantFiled: June 10, 2016Date of Patent: February 27, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Patent number: 9906531Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: GrantFiled: November 23, 2015Date of Patent: February 27, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Publication number: 20170149783Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: ApplicationFiled: November 23, 2015Publication date: May 25, 2017Inventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Publication number: 20170149768Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.Type: ApplicationFiled: June 10, 2016Publication date: May 25, 2017Inventors: John C. Dayka, Michael P. Kasper, Eysha S. Powers
-
Patent number: 8825905Abstract: A method includes receiving a message in a JavaScript object notation (JSON) format from a first processor, converting the message from the JSON format into a hypertext markup language (HTML) format, and presenting the content of the message in the HTML format to a user on a display.Type: GrantFiled: April 4, 2011Date of Patent: September 2, 2014Assignee: International Business Machines CorporationInventors: Michael P. Kasper, Ulrich Kurz, Gary S. Puchkoff, Bertold Reddemann, Peter D. Van Dyke
-
Patent number: 8533734Abstract: A method includes receiving a start request from a client at a launcher application programming interface (API), determining whether an existing time sharing option (TSO) address space associated with a user of the client is available, retrieving security environment data associated with the user from a security product responsive to determining that no existing TSO address space associated with a user of the client is available, saving the retrieved security environment data as a security object, generating a message queue, generating a terminal status block (TSB) and saving the terminal status block, creating a TSO address space in a processor, sending an instruction to an operating system to start the TSO address space, and sending a message queue identifier associated with the message queue and an address space token associated with the TSO address space to the client.Type: GrantFiled: April 4, 2011Date of Patent: September 10, 2013Assignee: International Business Machines CorporationInventors: Susan Z. Demkowicz, James M. Hertzig, Michael P. Kasper, Harris M. Morgenstern, Gary S. Puchkoff
-
Publication number: 20120254889Abstract: A method includes receiving a start request from a client at a launcher application programming interface (API), determining whether an existing time sharing option (TSO) address space associated with a user of the client is available, retrieving security environment data associated with the user from a security product responsive to determining that no existing TSO address space associated with a user of the client is available, saving the retrieved security environment data as a security object, generating a message queue, generating a terminal status block (TSB) and saving the terminal status block, creating a TSO address space in a processor, sending an instruction to an operating system to start the TSO address space, and sending a message queue identifier associated with the message queue and an address space token associated with the TSO address space to the client.Type: ApplicationFiled: April 4, 2011Publication date: October 4, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Susan Z. Demkowicz, James M. Hertzig, Michael P. Kasper, Harris M. Morgenstern, Gary S. Puchkoff
-
Publication number: 20120254294Abstract: A method includes receiving a request for a time sharing option (TSO) address space from a client application, reserving a TSO address space in a processor, initializing a interactive system productivity facility (ISPF) session in the TSO address space, initializing a message queue associated with the TSO address space and the ISPF session, generating a unique key associated with the client application, the TSO address space, the ISPF session, and the message queue, and entering the unique key and the association of the unique key with the client application, the TSO address space, the ISPF session, and the message queue into a hash map entry.Type: ApplicationFiled: April 4, 2011Publication date: October 4, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jose H. Cifuentes, JR., Anuja Deedwaniya, Nina J. Goradia, Michael P. Kasper, Steven G. Kavka, Gary S. Puchkoff
-
Publication number: 20120254467Abstract: A method includes receiving a message in a JavaScript object notation (JSON) format from a first processor, converting the message from the JSON format into a hypertext markup language (HTML) format, and presenting the content of the message in the HTML format to a user on a display.Type: ApplicationFiled: April 4, 2011Publication date: October 4, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael P. Kasper, Ulrich Kurz, Gary S. Puchkoff, Bertold Reddemann, Peter D. Van Dyke