Patents by Inventor Milton H. Hernandez
Milton H. Hernandez has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9608881Abstract: A computer implemented method, data processing system, and computer program product control point in time access to a remote client device and auditing system logs of the remote client device by an auditing server device to determine whether monitored user activity on the remote client device associated with a work request was in compliance with one or more regulations.Type: GrantFiled: April 10, 2013Date of Patent: March 28, 2017Assignee: International Business Machines CorporationInventors: Milton H. Hernandez, Jim A. Laredo, Mattias Marder, Yaoping Ruan, Nandagopal Seshagiri
-
Patent number: 9584378Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.Type: GrantFiled: December 22, 2015Date of Patent: February 28, 2017Assignee: International Business Machines CorporationInventors: Constantin M Adam, Nikolaos Anerousis, Vysakh K. Chandran, Milton H. Hernandez, Debasisha K. Padhi, Yaoping Ruan, Fabio M. Tanada, Frederick Y.-F. Wu, Sai Zeng
-
Publication number: 20160373289Abstract: A method, system, and/or computer program product ensures regulatory compliance during application migration to cloud-based containers. In response to receiving a message directing an application to be migrated to a container cloud, the application is matched to multiple containers described in a container registry, where each container is matched to a service that provides a server. A regulatory rule by which at least one of the server, the application, and requisite containers are governed is identified. In response to detecting a change to at least one of the server, the application, and the requisite containers so that there is noncompliance with a regulatory rule, a chain of compliance services is automatically recomposed using an artificial intelligence planning technology.Type: ApplicationFiled: June 17, 2015Publication date: December 22, 2016Inventors: Milton H. Hernandez, Jill L. Jermyn, Clifford A. Pickover, Maja Vukovic
-
Publication number: 20160241397Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.Type: ApplicationFiled: June 22, 2015Publication date: August 18, 2016Inventors: Constantin M. Adam, Milton H. Hernandez, Vugranam C. Sreedhar, Prema Vivekanandan
-
Publication number: 20160241558Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.Type: ApplicationFiled: February 13, 2015Publication date: August 18, 2016Inventors: Constantin M. Adam, Milton H. Hernandez, Vugranam C. Sreedhar, Prema Vivekanandan
-
Publication number: 20150371547Abstract: An embodiment comprises a method associated with a computer system activity comprising one or more tasks, carried out by one or more users. The method comprises the step of furnishing a knowledge database with one or more knowledge teachings, wherein each knowledge teaching corresponds to one of the tasks. The method further comprises implementing a procedure at selected intervals, to determine whether any user in a group of users lacks specified knowledge related to one of the tasks. Responsive to determining that a particular user lacks specified knowledge related to a particular task, a knowledge teaching is presented to the particular user which corresponds to the particular task, and includes at least some of the specified knowledge which the particular user has been determined to lack. Feedback sent from the particular user, in response to receiving the presented knowledge teaching, is then selectively evaluated.Type: ApplicationFiled: June 19, 2014Publication date: December 24, 2015Inventors: Milton H. Hernandez, Vugranam C. Sreedhar, Maja Vukovic
-
Patent number: 9088562Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.Type: GrantFiled: September 9, 2013Date of Patent: July 21, 2015Assignee: International Business Machines CorporationInventors: Paul Driscoll, Milton H. Hernandez, Paul Jennings, Chee Meng Low, Yaoping Ruan, Larisa Shwartz
-
Patent number: 9088563Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.Type: GrantFiled: October 8, 2013Date of Patent: July 21, 2015Assignee: International Business Machines CorporationInventors: Paul Driscoll, Milton H. Hernandez, Paul Jennings, Chee Meng Low, Yaoping Ruan, Larisa Shwartz
-
Patent number: 9070106Abstract: A plurality of base templates is generated. Each of the base templates models a corresponding process. A plurality of instances of each of the base templates is instantiated. Each of the plurality of instances corresponds to an application of the corresponding process to a particular environment. Each of the instances of each of the base templates is annotated, based, in each case, upon observation of functioning of the instance in the particular environment.Type: GrantFiled: July 14, 2008Date of Patent: June 30, 2015Assignee: International Business Machines CorporationInventors: Nikolaos Anerousis, Milton H. Hernandez, Hani T. Jamjoon, Debanjan Saha, Ramendra K. Sahoo, Zon-Yin Shae, Anees A. Shaikh
-
Patent number: 9009842Abstract: In an embodiment of the invention, wherein users must be able to access a computer system to perform respective functions, initial data is acquired from data sources, some of the initial data pertaining to previously granted system access rights. The initial data is used to create a crowdsourcing task, which is executed to acquire crowdsourced data from SMEs in an SME population, wherein the crowdsourced data comprises additional data pertaining to previously granted system access. The crowdsourced data is used to create a set of role definitions, wherein the role definitions determine which of the users are assigned to be members of a particular role associated with the system, and further determine the access rights that are granted to each member of the particular role.Type: GrantFiled: January 28, 2013Date of Patent: April 14, 2015Assignee: International Business Machines CorporationInventors: Christopher J. Giblin, Milton H. Hernandez, Sriram K. Rajagopal, Maja Vukovic
-
Patent number: 9003547Abstract: In an embodiment of the invention, wherein users must be able to access a computer system to perform respective functions, initial data is acquired from data sources, some of the initial data pertaining to previously granted system access rights. The initial data is used to create a crowdsourcing task, which is executed to acquire crowdsourced data from SMEs in an SME population, wherein the crowdsourced data comprises additional data pertaining to previously granted system access. The crowdsourced data is used to create a set of role definitions, wherein the role definitions determine which of the users are assigned to be members of a particular role associated with the system, and further determine the access rights that are granted to each member of the particular role.Type: GrantFiled: December 11, 2012Date of Patent: April 7, 2015Assignee: International Business Machines CorporationInventors: Christopher J. Giblin, Milton H. Hernandez, Sriram K. Rajagopal, Maja Vukovic
-
Publication number: 20150074784Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.Type: ApplicationFiled: September 9, 2013Publication date: March 12, 2015Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul Driscoll, Milton H. Hernandez, Paul Jennings, Chee Meng Low, Yaoping Ruan, Larisa Shwartz
-
Publication number: 20150074785Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.Type: ApplicationFiled: October 8, 2013Publication date: March 12, 2015Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul Driscoll, Milton H. Hernandez, Paul Jennings, Chee Meng Low, Yaoping Ruan, Larisa Shwartz
-
Patent number: 8826403Abstract: Auditing system logs of a remote client device is provided. Login session information entered at a workstation device accessing the remote client device to perform an activity associated with a work request is received. An access token is generated based on the login session information and information associated with the work request on the remote client device. The access token is compared with an audit log report of the remote client device that includes the activity associated with the work request performed by the workstation device on the remote client device. It is determined whether information in the access token matches information in the audit log report of the remote client device. In response to determining that the information in the access token does not match the information in the audit log report of the remote client device, an action alert is sent.Type: GrantFiled: February 1, 2012Date of Patent: September 2, 2014Assignee: International Business Machines CorporationInventors: Kumar Bhaskaran, Paul Driscoll, Milton H. Hernandez, Yaoping Ruan
-
Publication number: 20140165188Abstract: In an embodiment of the invention, wherein users must be able to access a computer system to perform respective functions, initial data is acquired from data sources, some of the initial data pertaining to previously granted system access rights. The initial data is used to create a crowdsourcing task, which is executed to acquire crowdsourced data from SMEs in an SME population, wherein the crowdsourced data comprises additional data pertaining to previously granted system access. The crowdsourced data is used to create a set of role definitions, wherein the role definitions determine which of the users are assigned to be members of a particular role associated with the system, and further determine the access rights that are granted to each member of the particular role.Type: ApplicationFiled: December 11, 2012Publication date: June 12, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Christopher J. Giblin, Milton H. Hernandez, Sriram K. Rajagopal, Maja Vukovic
-
Publication number: 20140165154Abstract: In an embodiment of the invention, wherein users must be able to access a computer system to perform respective functions, initial data is acquired from data sources, some of the initial data pertaining to previously granted system access rights. The initial data is used to create a crowdsourcing task, which is executed to acquire crowdsourced data from SMEs in an SME population, wherein the crowdsourced data comprises additional data pertaining to previously granted system access. The crowdsourced data is used to create a set of role definitions, wherein the role definitions determine which of the users are assigned to be members of a particular role associated with the system, and further determine the access rights that are granted to each member of the particular role.Type: ApplicationFiled: January 28, 2013Publication date: June 12, 2014Applicant: International Business Machines CorporationInventors: Christopher J. Giblin, Milton H. Hernandez, Sriram K. Rajagopal, Maja Vukovic
-
Patent number: 8635689Abstract: An embodiment of the invention is directed to a data processing system having a plurality of users, a portion of which were previously assigned permissions respectively corresponding to system resources. The embodiment includes acquiring data from a first data source, containing information pertaining to the portion of users and their permissions, and further includes acquiring data from a second data source, containing information pertaining to attributes of each user of the plurality. A set of permissions is determined for a given role, from both first and second data sources. First and second criteria are determined for assigning users to the given role, from information in the first and second data sources, respectively. A particular user is selected for admission to the given role only if the particular user is in compliance with both the first criterion and second criterion.Type: GrantFiled: October 27, 2011Date of Patent: January 21, 2014Assignee: International Business Machines CorporationInventors: Milton H. Hernandez, Jim A. Laredo, Supreet R. Mandala, Yaoping Ruan, Vugranam C. Sreedhar, Maja Vukovic
-
Publication number: 20130311221Abstract: A data processing system for determining deployment readiness of a service is disclosed. A computer identifies tasks that must be performed to address requirements associated with categories of complexity for deploying the service in one or more locations. The computer assigns the identified tasks to experts based on skill and availability of the experts. The computer verifies whether the assigned tasks have been completed. The computer then provides an indication that the service is ready to be deployed in one or more locations responsive to the verification that the tasks have been completed.Type: ApplicationFiled: July 9, 2012Publication date: November 21, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Milton H. Hernandez, Jim A. Laredo, Sriram K. Rajagopal, Yaoping Ruan, Maja Vukovic
-
Publication number: 20130311220Abstract: A method and data processing system for determining deployment readiness of a service is disclosed. A computer identifies tasks that must be performed to address requirements associated with categories of complexity for deploying the service in one or more locations. The computer assigns the identified tasks to experts based on skill and availability of the experts. The computer verifies whether the assigned tasks have been completed. The computer then provides an indication that the service is ready to be deployed in one or more locations responsive to the verification that the tasks have been completed.Type: ApplicationFiled: May 18, 2012Publication date: November 21, 2013Applicant: International Business Machines CorporationInventors: Milton H. Hernandez, Jim A. Laredo, Sriram K. Rajagopal, Yaoping Ruan, Maja Vukovic
-
Publication number: 20130311653Abstract: A computer implemented method, data processing system, and computer program product control point in time access to a remote client device and auditing system logs of the remote client device by an auditing server device to determine whether monitored user activity on the remote client device associated with a work request was in compliance with one or more regulations.Type: ApplicationFiled: July 25, 2013Publication date: November 21, 2013Applicant: International Business Machines CorporationInventors: Milton H. Hernandez, Jim A. Laredo, Mattias Marder, Yaoping Ruan, Nandagopal Seshagiri