Patents by Inventor Milton H. Hernandez

Milton H. Hernandez has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9608881
    Abstract: A computer implemented method, data processing system, and computer program product control point in time access to a remote client device and auditing system logs of the remote client device by an auditing server device to determine whether monitored user activity on the remote client device associated with a work request was in compliance with one or more regulations.
    Type: Grant
    Filed: April 10, 2013
    Date of Patent: March 28, 2017
    Assignee: International Business Machines Corporation
    Inventors: Milton H. Hernandez, Jim A. Laredo, Mattias Marder, Yaoping Ruan, Nandagopal Seshagiri
  • Patent number: 9584378
    Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: February 28, 2017
    Assignee: International Business Machines Corporation
    Inventors: Constantin M Adam, Nikolaos Anerousis, Vysakh K. Chandran, Milton H. Hernandez, Debasisha K. Padhi, Yaoping Ruan, Fabio M. Tanada, Frederick Y.-F. Wu, Sai Zeng
  • Publication number: 20160373289
    Abstract: A method, system, and/or computer program product ensures regulatory compliance during application migration to cloud-based containers. In response to receiving a message directing an application to be migrated to a container cloud, the application is matched to multiple containers described in a container registry, where each container is matched to a service that provides a server. A regulatory rule by which at least one of the server, the application, and requisite containers are governed is identified. In response to detecting a change to at least one of the server, the application, and the requisite containers so that there is noncompliance with a regulatory rule, a chain of compliance services is automatically recomposed using an artificial intelligence planning technology.
    Type: Application
    Filed: June 17, 2015
    Publication date: December 22, 2016
    Inventors: Milton H. Hernandez, Jill L. Jermyn, Clifford A. Pickover, Maja Vukovic
  • Publication number: 20160241397
    Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.
    Type: Application
    Filed: June 22, 2015
    Publication date: August 18, 2016
    Inventors: Constantin M. Adam, Milton H. Hernandez, Vugranam C. Sreedhar, Prema Vivekanandan
  • Publication number: 20160241558
    Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.
    Type: Application
    Filed: February 13, 2015
    Publication date: August 18, 2016
    Inventors: Constantin M. Adam, Milton H. Hernandez, Vugranam C. Sreedhar, Prema Vivekanandan
  • Publication number: 20150371547
    Abstract: An embodiment comprises a method associated with a computer system activity comprising one or more tasks, carried out by one or more users. The method comprises the step of furnishing a knowledge database with one or more knowledge teachings, wherein each knowledge teaching corresponds to one of the tasks. The method further comprises implementing a procedure at selected intervals, to determine whether any user in a group of users lacks specified knowledge related to one of the tasks. Responsive to determining that a particular user lacks specified knowledge related to a particular task, a knowledge teaching is presented to the particular user which corresponds to the particular task, and includes at least some of the specified knowledge which the particular user has been determined to lack. Feedback sent from the particular user, in response to receiving the presented knowledge teaching, is then selectively evaluated.
    Type: Application
    Filed: June 19, 2014
    Publication date: December 24, 2015
    Inventors: Milton H. Hernandez, Vugranam C. Sreedhar, Maja Vukovic
  • Patent number: 9088562
    Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.
    Type: Grant
    Filed: September 9, 2013
    Date of Patent: July 21, 2015
    Assignee: International Business Machines Corporation
    Inventors: Paul Driscoll, Milton H. Hernandez, Paul Jennings, Chee Meng Low, Yaoping Ruan, Larisa Shwartz
  • Patent number: 9088563
    Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.
    Type: Grant
    Filed: October 8, 2013
    Date of Patent: July 21, 2015
    Assignee: International Business Machines Corporation
    Inventors: Paul Driscoll, Milton H. Hernandez, Paul Jennings, Chee Meng Low, Yaoping Ruan, Larisa Shwartz
  • Patent number: 9070106
    Abstract: A plurality of base templates is generated. Each of the base templates models a corresponding process. A plurality of instances of each of the base templates is instantiated. Each of the plurality of instances corresponds to an application of the corresponding process to a particular environment. Each of the instances of each of the base templates is annotated, based, in each case, upon observation of functioning of the instance in the particular environment.
    Type: Grant
    Filed: July 14, 2008
    Date of Patent: June 30, 2015
    Assignee: International Business Machines Corporation
    Inventors: Nikolaos Anerousis, Milton H. Hernandez, Hani T. Jamjoon, Debanjan Saha, Ramendra K. Sahoo, Zon-Yin Shae, Anees A. Shaikh
  • Patent number: 9009842
    Abstract: In an embodiment of the invention, wherein users must be able to access a computer system to perform respective functions, initial data is acquired from data sources, some of the initial data pertaining to previously granted system access rights. The initial data is used to create a crowdsourcing task, which is executed to acquire crowdsourced data from SMEs in an SME population, wherein the crowdsourced data comprises additional data pertaining to previously granted system access. The crowdsourced data is used to create a set of role definitions, wherein the role definitions determine which of the users are assigned to be members of a particular role associated with the system, and further determine the access rights that are granted to each member of the particular role.
    Type: Grant
    Filed: January 28, 2013
    Date of Patent: April 14, 2015
    Assignee: International Business Machines Corporation
    Inventors: Christopher J. Giblin, Milton H. Hernandez, Sriram K. Rajagopal, Maja Vukovic
  • Patent number: 9003547
    Abstract: In an embodiment of the invention, wherein users must be able to access a computer system to perform respective functions, initial data is acquired from data sources, some of the initial data pertaining to previously granted system access rights. The initial data is used to create a crowdsourcing task, which is executed to acquire crowdsourced data from SMEs in an SME population, wherein the crowdsourced data comprises additional data pertaining to previously granted system access. The crowdsourced data is used to create a set of role definitions, wherein the role definitions determine which of the users are assigned to be members of a particular role associated with the system, and further determine the access rights that are granted to each member of the particular role.
    Type: Grant
    Filed: December 11, 2012
    Date of Patent: April 7, 2015
    Assignee: International Business Machines Corporation
    Inventors: Christopher J. Giblin, Milton H. Hernandez, Sriram K. Rajagopal, Maja Vukovic
  • Publication number: 20150074784
    Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.
    Type: Application
    Filed: September 9, 2013
    Publication date: March 12, 2015
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Paul Driscoll, Milton H. Hernandez, Paul Jennings, Chee Meng Low, Yaoping Ruan, Larisa Shwartz
  • Publication number: 20150074785
    Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.
    Type: Application
    Filed: October 8, 2013
    Publication date: March 12, 2015
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Paul Driscoll, Milton H. Hernandez, Paul Jennings, Chee Meng Low, Yaoping Ruan, Larisa Shwartz
  • Patent number: 8826403
    Abstract: Auditing system logs of a remote client device is provided. Login session information entered at a workstation device accessing the remote client device to perform an activity associated with a work request is received. An access token is generated based on the login session information and information associated with the work request on the remote client device. The access token is compared with an audit log report of the remote client device that includes the activity associated with the work request performed by the workstation device on the remote client device. It is determined whether information in the access token matches information in the audit log report of the remote client device. In response to determining that the information in the access token does not match the information in the audit log report of the remote client device, an action alert is sent.
    Type: Grant
    Filed: February 1, 2012
    Date of Patent: September 2, 2014
    Assignee: International Business Machines Corporation
    Inventors: Kumar Bhaskaran, Paul Driscoll, Milton H. Hernandez, Yaoping Ruan
  • Publication number: 20140165188
    Abstract: In an embodiment of the invention, wherein users must be able to access a computer system to perform respective functions, initial data is acquired from data sources, some of the initial data pertaining to previously granted system access rights. The initial data is used to create a crowdsourcing task, which is executed to acquire crowdsourced data from SMEs in an SME population, wherein the crowdsourced data comprises additional data pertaining to previously granted system access. The crowdsourced data is used to create a set of role definitions, wherein the role definitions determine which of the users are assigned to be members of a particular role associated with the system, and further determine the access rights that are granted to each member of the particular role.
    Type: Application
    Filed: December 11, 2012
    Publication date: June 12, 2014
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Christopher J. Giblin, Milton H. Hernandez, Sriram K. Rajagopal, Maja Vukovic
  • Publication number: 20140165154
    Abstract: In an embodiment of the invention, wherein users must be able to access a computer system to perform respective functions, initial data is acquired from data sources, some of the initial data pertaining to previously granted system access rights. The initial data is used to create a crowdsourcing task, which is executed to acquire crowdsourced data from SMEs in an SME population, wherein the crowdsourced data comprises additional data pertaining to previously granted system access. The crowdsourced data is used to create a set of role definitions, wherein the role definitions determine which of the users are assigned to be members of a particular role associated with the system, and further determine the access rights that are granted to each member of the particular role.
    Type: Application
    Filed: January 28, 2013
    Publication date: June 12, 2014
    Applicant: International Business Machines Corporation
    Inventors: Christopher J. Giblin, Milton H. Hernandez, Sriram K. Rajagopal, Maja Vukovic
  • Patent number: 8635689
    Abstract: An embodiment of the invention is directed to a data processing system having a plurality of users, a portion of which were previously assigned permissions respectively corresponding to system resources. The embodiment includes acquiring data from a first data source, containing information pertaining to the portion of users and their permissions, and further includes acquiring data from a second data source, containing information pertaining to attributes of each user of the plurality. A set of permissions is determined for a given role, from both first and second data sources. First and second criteria are determined for assigning users to the given role, from information in the first and second data sources, respectively. A particular user is selected for admission to the given role only if the particular user is in compliance with both the first criterion and second criterion.
    Type: Grant
    Filed: October 27, 2011
    Date of Patent: January 21, 2014
    Assignee: International Business Machines Corporation
    Inventors: Milton H. Hernandez, Jim A. Laredo, Supreet R. Mandala, Yaoping Ruan, Vugranam C. Sreedhar, Maja Vukovic
  • Publication number: 20130311221
    Abstract: A data processing system for determining deployment readiness of a service is disclosed. A computer identifies tasks that must be performed to address requirements associated with categories of complexity for deploying the service in one or more locations. The computer assigns the identified tasks to experts based on skill and availability of the experts. The computer verifies whether the assigned tasks have been completed. The computer then provides an indication that the service is ready to be deployed in one or more locations responsive to the verification that the tasks have been completed.
    Type: Application
    Filed: July 9, 2012
    Publication date: November 21, 2013
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Milton H. Hernandez, Jim A. Laredo, Sriram K. Rajagopal, Yaoping Ruan, Maja Vukovic
  • Publication number: 20130311220
    Abstract: A method and data processing system for determining deployment readiness of a service is disclosed. A computer identifies tasks that must be performed to address requirements associated with categories of complexity for deploying the service in one or more locations. The computer assigns the identified tasks to experts based on skill and availability of the experts. The computer verifies whether the assigned tasks have been completed. The computer then provides an indication that the service is ready to be deployed in one or more locations responsive to the verification that the tasks have been completed.
    Type: Application
    Filed: May 18, 2012
    Publication date: November 21, 2013
    Applicant: International Business Machines Corporation
    Inventors: Milton H. Hernandez, Jim A. Laredo, Sriram K. Rajagopal, Yaoping Ruan, Maja Vukovic
  • Publication number: 20130311653
    Abstract: A computer implemented method, data processing system, and computer program product control point in time access to a remote client device and auditing system logs of the remote client device by an auditing server device to determine whether monitored user activity on the remote client device associated with a work request was in compliance with one or more regulations.
    Type: Application
    Filed: July 25, 2013
    Publication date: November 21, 2013
    Applicant: International Business Machines Corporation
    Inventors: Milton H. Hernandez, Jim A. Laredo, Mattias Marder, Yaoping Ruan, Nandagopal Seshagiri