Patents by Inventor Olgierd Pieczul
Olgierd Pieczul has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240007470Abstract: A method, system and computer program product for secure access management for tools within a secure environment. A virtual file system for a user in memory on a server side in the secure environment is accessed as part of an authenticated user session including a user command instigated by a user. At the virtual file system, an encrypted file stored in the secure environment is obtained, where the file is encrypted using a public key of a user. A read operation at the virtual file system of the encrypted file is intercepted and the encrypted file is sent to a client at a user system external to the secure environment over a secure connection for decryption by a remote cryptography device of the user system using the user's private key. The decrypted file is then received at the virtual file system enabling the user to run the required user command.Type: ApplicationFiled: September 15, 2023Publication date: January 4, 2024Inventors: Olgierd Pieczul, Jinhui Wang
-
Patent number: 11799861Abstract: A method, system and computer program product for secure access management for tools within a secure environment. A virtual file system for a user in memory on a server side in the secure environment is accessed as part of an authenticated user session including a user command instigated by a user. At the virtual file system, an encrypted file stored in the secure environment is obtained, where the file is encrypted using a public key of a user. A read operation at the virtual file system of the encrypted file is intercepted and the encrypted file is sent to a client at a user system external to the secure environment over a secure connection for decryption by a remote cryptography device of the user system using the user's private key. The decrypted file is then received at the virtual file system enabling the user to run the required user command.Type: GrantFiled: December 19, 2020Date of Patent: October 24, 2023Assignee: International Business Machines CorporationInventors: Olgierd Pieczul, Jinhui Wang
-
Publication number: 20220368694Abstract: A method, system and computer program product relating to an application server operable to manage a microservice-based application, i.e. app, on behalf of clients, the clients being available for use by system actors who may be, for example, end users, bots, developers or other apps. A permissions validator is used to compute effective permissions in response to client requests. The requests are granted or denied conditional on the effective permissions being at least a subset of the permissions required to be given by any of the app's microservices that are needed for the resource being requested. The effective permissions are computed from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions.Type: ApplicationFiled: July 29, 2022Publication date: November 17, 2022Inventors: Vincent Burckhardt, Andre Fischer, Olgierd Pieczul, Jürgen Schmidt, Xiao F. Yu
-
Publication number: 20220337593Abstract: A method, system and computer program product relating to an application server operable to manage a microservice-based application, i.e. app, on behalf of clients, the clients being available for use by system actors who may be, for example, end users, bots, developers or other apps. A permissions validator is used to compute effective permissions in response to client requests. The requests are granted or denied conditional on the effective permissions being at least a subset of the permissions required to be given by any of the app's microservices that are needed for the resource being requested. The effective permissions are computed from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions.Type: ApplicationFiled: June 30, 2022Publication date: October 20, 2022Inventors: Vincent Burckhardt, Andre Fischer, Olgierd Pieczul, Jürgen Schmidt, Xiao F. Yu
-
Patent number: 11477199Abstract: A method, system and computer program product relating to an application server operable to manage a microservice-based application, i.e. app, on behalf of clients, the clients being available for use by system actors who may be, for example, end users, bots, developers or other apps. A permissions validator is used to compute effective permissions in response to client requests. The requests are granted or denied conditional on the effective permissions being at least a subset of the permissions required to be given by any of the app's microservices that are needed for the resource being requested. The effective permissions are computed from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions.Type: GrantFiled: April 24, 2019Date of Patent: October 18, 2022Assignee: International Business Machines CorporationInventors: Vincent Burckhardt, Andre Fischer, Olgierd Pieczul, Jürgen Schmidt, Xiao F. Yu
-
Patent number: 11457014Abstract: A method, system and computer program product relating to an application server operable to manage a microservice-based application, i.e. app, on behalf of clients, the clients being available for use by system actors who may be, for example, end users, bots, developers or other apps. A permissions validator is used to compute effective permissions in response to client requests. The requests are granted or denied conditional on the effective permissions being at least a subset of the permissions required to be given by any of the app's microservices that are needed for the resource being requested. The effective permissions are computed from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions.Type: GrantFiled: October 26, 2017Date of Patent: September 27, 2022Assignee: International Business Machines CorporationInventors: Vincent Burckhardt, Andre Fischer, Olgierd Pieczul, Jürgen Schmidt, Xiao F. Yu
-
Patent number: 11165890Abstract: A secure client-server connection method compatible with RESTful (REpresentational State Transfer) APIs (Application Programming Interface) that is resistant to cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The server generates a token for the client and a random value which it pairs with the token. The random value is hashed. The hash value is transmitted to the client contained in the token and the random value is transmitted to the client contained in an HTTPOnly cookie. Even if an attacker steals the token and/or the hash, security is maintained, since the server verifies communications from the client by validating the token on the basis of its hash value. Validation is performed by the server hashing the random value contained in the HTTPOnly cookie paired with the token to obtain a further hash value, and checking that this further hash value matches the token's hash value.Type: GrantFiled: January 23, 2020Date of Patent: November 2, 2021Assignee: International Business Machines CorporationInventors: Vincent Burckhardt, Carlos C. Manias Diez, Olgierd Pieczul
-
Publication number: 20210152556Abstract: A method, system and computer program product for secure access management for tools within a secure environment. A virtual file system for a user in memory on a server side in the secure environment is accessed as part of an authenticated user session including a user command instigated by a user. At the virtual file system, an encrypted file stored in the secure environment is obtained, where the file is encrypted using a public key of a user. A read operation at the virtual file system of the encrypted file is intercepted and the encrypted file is sent to a client at a user system external to the secure environment over a secure connection for decryption by a remote cryptography device of the user system using the user's private key. The decrypted file is then received at the virtual file system enabling the user to run the required user command.Type: ApplicationFiled: December 19, 2020Publication date: May 20, 2021Inventors: Olgierd Pieczul, Jinhui Wang
-
Patent number: 10977156Abstract: Concepts for linking source code with compliance requirements are presented. One example comprises analyzing a set of compliance requirements to identify one or more compliance topics. The example further comprises determining keywords for the identified one or more compliance topics. An item of source code is then analyzed to identify occurrences of the keywords in the source code. Mapping information representing a relationship between the item of source code and the compliance requirements is then generated based on the identified occurrence of the keywords.Type: GrantFiled: October 10, 2018Date of Patent: April 13, 2021Assignees: International Business Machines Corporation, University of LimerickInventors: Mark McGloin, Olgierd Pieczul, Bashar Nuseibeh, Sorren Hanvey, Jesus Garcia Galan
-
Patent number: 10924486Abstract: A method, system and computer program product for secure access management for tools within a secure environment. A virtual file system for a user in memory on a server side in the secure environment is accessed as part of an authenticated user session including a user command instigated by a user. At the virtual file system, an encrypted file stored in the secure environment is obtained, where the file is encrypted using a public key of a user. A read operation at the virtual file system of the encrypted file is intercepted and the encrypted file is sent to a client at a user system external to the secure environment over a secure connection for decryption by a remote cryptography device of the user system using the user's private key. The decrypted file is then received at the virtual file system enabling the user to run the required user command.Type: GrantFiled: April 22, 2019Date of Patent: February 16, 2021Assignee: International Business Machines CorporationInventors: Olgierd Pieczul, Jinhui Wang
-
Patent number: 10834081Abstract: A method, system and computer program product for secure access management for tools within a secure environment. A virtual file system for a user in memory on a server side in the secure environment is accessed as part of an authenticated user session including a user command instigated by a user. At the virtual file system, an encrypted file stored in the secure environment is obtained, where the file is encrypted using a public key of a user. A read operation at the virtual file system of the encrypted file is intercepted and the encrypted file is sent to a client at a user system external to the secure environment over a secure connection for decryption by a remote cryptography device of the user system using the user's private key. The decrypted file is then received at the virtual file system enabling the user to run the required user command.Type: GrantFiled: October 19, 2017Date of Patent: November 10, 2020Assignee: International Business Machines CorporationInventors: Olgierd Pieczul, Jinhui Wang
-
Patent number: 10757225Abstract: A secure client-server connection method compatible with RESTful (REpresentational State Transfer) APIs (Application Programming Interface) that is resistant to cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The server generates a token for the client and a random value which it pairs with the token. The random value is hashed. The hash value is transmitted to the client contained in the token and the random value is transmitted to the client contained in an HTTPOnly cookie. Even if an attacker steals the token and/or the hash, security is maintained, since the server verifies communications from the client by validating the token on the basis of its hash value. Validation is performed by the server hashing the random value contained in the HTTPOnly cookie paired with the token to obtain a further hash value, and checking that this further hash value matches the token's hash value.Type: GrantFiled: October 29, 2018Date of Patent: August 25, 2020Assignee: International Business Machines CorporationInventors: Vincent Burckhardt, Carlos C. Manias Diez, Olgierd Pieczul
-
Publication number: 20200162583Abstract: A secure client-server connection method compatible with RESTful (REpresentational State Transfer) APIs (Application Programming Interface) that is resistant to cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The server generates a token for the client and a random value which it pairs with the token. The random value is hashed. The hash value is transmitted to the client contained in the token and the random value is transmitted to the client contained in an HTTPOnly cookie. Even if an attacker steals the token and/or the hash, security is maintained, since the server verifies communications from the client by validating the token on the basis of its hash value. Validation is performed by the server hashing the random value contained in the HTTPOnly cookie paired with the token to obtain a further hash value, and checking that this further hash value matches the token's hash value.Type: ApplicationFiled: January 23, 2020Publication date: May 21, 2020Inventors: Vincent Burckhardt, Carlos C. Manias Diez, Olgierd Pieczul
-
Publication number: 20200117427Abstract: Concepts for identifying relevance of a source code change to compliance requirements are presented. One example comprises obtaining mapping information linking an item of source code with a set of compliance requirements, the mapping information representing a relationship between the item of source and the set of compliance requirements. A changed element of an item of source code is identified. The mapping information is analyzed based on the changed element to determine if the changed element relates to a compliance requirement. If it is determined that the changed element relates to a compliance requirement, an indication of th compliance requirement is generated.Type: ApplicationFiled: October 10, 2018Publication date: April 16, 2020Inventors: Mark McGloin, Olgierd Pieczul, Bashar Nuseibeh, Sorren Hanvey, Jesus Garcia Galan
-
Publication number: 20200117573Abstract: Concepts for linking source code with compliance requirements are presented. One example comprises analyzing a set of compliance requirements to identify one or more compliance topics. The example further comprises determining keywords for the identified one or more compliance topics. An item of source code is then analyzed to identify occurrences of the keywords in the source code. Mapping information representing a relationship between the item of source code and the compliance requirements is then generated based on the identified occurrence of the keywords.Type: ApplicationFiled: October 10, 2018Publication date: April 16, 2020Inventors: Mark McGloin, Olgierd Pieczul, Bashar Nuseibeh, Sorren Hanvey, Jesus Garcia Galan
-
Patent number: 10587732Abstract: A secure client-server connection method compatible with RESTful (REpresentational State Transfer) APIs (Application Programming Interface) that is resistant to cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The server generates a token for the client and a random value which it pairs with the token. The random value is hashed. The hash value is transmitted to the client contained in the token and the random value is transmitted to the client contained in an HTTPOnly cookie. Even if an attacker steals the token and/or the hash, security is maintained, since the server verifies communications from the client by validating the token on the basis of its hash value. Validation is performed by the server hashing the random value contained in the HTTPOnly cookie paired with the token to obtain a further hash value, and checking that this further hash value matches the token's hash value.Type: GrantFiled: April 13, 2017Date of Patent: March 10, 2020Assignee: International Business Machines CorporationInventors: Vincent Burckhardt, Carlos C. Manias Diez, Olgierd Pieczul
-
Publication number: 20190253421Abstract: A method, system and computer program product for secure access management for tools within a secure environment. A virtual file system for a user in memory on a server side in the secure environment is accessed as part of an authenticated user session including a user command instigated by a user. At the virtual file system, an encrypted file stored in the secure environment is obtained, where the file is encrypted using a public key of a user. A read operation at the virtual file system of the encrypted file is intercepted and the encrypted file is sent to a client at a user system external to the secure environment over a secure connection for decryption by a remote cryptography device of the user system using the user's private key. The decrypted file is then received at the virtual file system enabling the user to run the required user command.Type: ApplicationFiled: April 22, 2019Publication date: August 15, 2019Inventors: Olgierd Pieczul, Jinhui Wang
-
Publication number: 20190253424Abstract: A method, system and computer program product relating to an application server operable to manage a microservice-based application, i.e. app, on behalf of clients, the clients being available for use by system actors who may be, for example, end users, bots, developers or other apps. A permissions validator is used to compute effective permissions in response to client requests. The requests are granted or denied conditional on the effective permissions being at least a subset of the permissions required to be given by any of the app's microservices that are needed for the resource being requested. The effective permissions are computed from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions.Type: ApplicationFiled: April 24, 2019Publication date: August 15, 2019Inventors: Vincent Burckhardt, Andre Fischer, Olgierd Pieczul, Jürgen Schmidt, Xiao F. Yu
-
Patent number: 10372899Abstract: A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware). Preferably, given dynamically-generated content is marked by enclosing it between dynamic content indicators. After the document generation is completed but before it is output, the application-generated content is processed by a content sanitization filter. The filter uses the dynamic content identifiers to identify and locate the content that needs output escaping. The filter detects the appropriate context within which the dynamically-generated content has been placed and applies escaping. The output content is prepared for escaping in advance even if assembled from multiple sources that do not operate in the same runtime environment.Type: GrantFiled: July 22, 2010Date of Patent: August 6, 2019Assignee: International Business Machines CorporationInventors: Olgierd Pieczul, Mark Alexander McGloin, Mary Ellen Zurko
-
Patent number: 10375107Abstract: A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware). Preferably, given dynamically-generated content is marked by enclosing it between dynamic content indicators. After the document generation is completed but before it is output, the application-generated content is processed by a content sanitization filter. The filter uses the dynamic content identifiers to identify and locate the content that needs output escaping. The filter detects the appropriate context within which the dynamically-generated content has been placed and applies escaping. The output content is prepared for escaping in advance even if assembled from multiple sources that do not operate in the same runtime environment.Type: GrantFiled: July 22, 2010Date of Patent: August 6, 2019Assignee: International Business Machines CorporationInventors: Olgierd Pieczul, Mark Alexander McGloin, Mary Ellen Zurko