Patents by Inventor Patrick R. Wardrop
Patrick R. Wardrop has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11895094Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.Type: GrantFiled: November 18, 2019Date of Patent: February 6, 2024Assignee: International Business Machines CorporationInventors: David G. Druker, Matthew Elsner, Ariel Farkash, Igor Gokhman, Brian R. Matthiesen, Patrick R. Wardrop, Ilgen B. Yuceer
-
Patent number: 10681031Abstract: A method, system and computer-usable medium for performing an adaptive security operation comprising: performing an authentication operation via a first device, the authentication operation analyzing an obligation performed by a first user; establishing access to a protected resource by the first device based upon the obligation performed by the first user; generating an attribute list comprising at least one attribute of the first device; analyzing a second device to determine whether the second device comprises an attribute corresponding to the at least one attribute of the first device; and, allowing access to the protected resource by the second device when the second device comprises the attribute corresponding to the at least one attribute of the first device.Type: GrantFiled: November 2, 2015Date of Patent: June 9, 2020Assignee: International Business Machines CorporationInventors: Pranam C. Sreedhar, Patrick R. Wardrop
-
Publication number: 20200084184Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.Type: ApplicationFiled: November 18, 2019Publication date: March 12, 2020Inventors: David G. Druker, Matthew Elsner, Ariel Farkash, Igor Gokhman, Brian R. Matthiesen, Patrick R. Wardrop, Ilgen B. Yuceer
-
Patent number: 10547612Abstract: According to a non-limiting embodiment, a multiple identity resolution system includes an IDaaS integrated with a PaaS. The IDaaS is integrated with a cloud-based network, and an application module installed in the cloud-based network. The application module is configured to deliver content to at least one electronic device. The multiple identity resolution system further includes a service module in signal communication with the application module. The service module is configured to identify a physical user operating the at least one electronic device based on at least one user authentication credential received by the at least one electronic user device and at least one device attribute of the at least one electronic device.Type: GrantFiled: September 21, 2016Date of Patent: January 28, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Sreedhar C. Pranam, Patrick R. Wardrop
-
Patent number: 10523638Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.Type: GrantFiled: March 13, 2019Date of Patent: December 31, 2019Assignee: International Business Machines CorporationInventors: David G. Druker, Matthew Elsner, Ariel Farkash, Igor Gokhman, Brian R. Matthiesen, Patrick R. Wardrop, Ilgen B. Yuceer
-
Publication number: 20190215309Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.Type: ApplicationFiled: March 13, 2019Publication date: July 11, 2019Inventors: David G. Druker, Matthew Elsner, Ariel Farkash, Igor Gokhman, Brian R. Matthiesen, Patrick R. Wardrop, Ilgen B. Yuceer
-
Patent number: 10333902Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.Type: GrantFiled: December 19, 2017Date of Patent: June 25, 2019Assignee: International Business Machines CorporationInventors: David G. Druker, Matthew Elsner, Ariel Farkash, Igor Gokhman, Brian R. Matthiesen, Patrick R. Wardrop, Ilgen B. Yuceer
-
Publication number: 20190190890Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.Type: ApplicationFiled: December 19, 2017Publication date: June 20, 2019Inventors: David G. Druker, Matthew Elsner, Ariel Farkash, Igor Gokhman, Brian R. Matthiesen, Patrick R. Wardrop, Ilgen B. Yuceer
-
Patent number: 10218690Abstract: An enterprise server is provisioned with an authentication response language, where the authentication response language allows the enterprise server to issue instructions for authentication steps to an enterprise client, which enables the enterprise client to execute a set of instructions for navigating an authentication sequence. The set of instructions installed into and served by the enterprise server varies depending on a protocol inherently used by the authentication topology. The enterprise client, when accessing a protected resource, and not already authenticated, receives a set of authentication instructions from the enterprise server formulated in the authentication response language. The client starts to interpret the provided authentication instructions, but controls the presentation layer and interface of any user interactions. The client follows the sequence by sending requests and receiving responses from one or more servers in the topology until the sequence is complete.Type: GrantFiled: October 17, 2016Date of Patent: February 26, 2019Assignee: International Business Machines CorporationInventors: Simon Helsen, Jose A. Rodriguez, Ritchard L. Schacher, Patrick R. Wardrop
-
Publication number: 20180109506Abstract: An enterprise server is provisioned with an authentication response language, where the authentication response language allows the enterprise server to issue instructions for authentication steps to an enterprise client, which enables the enterprise client to execute a set of instructions for navigating an authentication sequence. The set of instructions installed into and served by the enterprise server varies depending on a protocol inherently used by the authentication topology. The enterprise client, when accessing a protected resource, and not already authenticated, receives a set of authentication instructions from the enterprise server formulated in the authentication response language. The client starts to interpret the provided authentication instructions, but controls the presentation layer and interface of any user interactions. The client follows the sequence by sending requests and receiving responses from one or more servers in the topology until the sequence is complete.Type: ApplicationFiled: October 17, 2016Publication date: April 19, 2018Inventors: SIMON HELSEN, JOSE A. RODRIGUEZ, RITCHARD L. SCHACHER, PATRICK R. WARDROP
-
Publication number: 20180083940Abstract: According to a non-limiting embodiment, a multiple identity crisis resolution system includes an IDaaS integrated with a PaaS. The IDaaS is integrated with a cloud-based network, and an application module installed in the cloud-based network. The application module is configured to deliver content to at least one electronic device. The multiple identity crisis resolution system further includes a service module in signal communication with the application module. The service module is configured to identify a physical user operating the at least one electronic device based on at least one user authentication credential received by the at least one electronic user device and at least one device attribute of the at least one electronic device.Type: ApplicationFiled: September 21, 2016Publication date: March 22, 2018Inventors: Sreedhar C. Pranam, Patrick R. Wardrop
-
Patent number: 9742757Abstract: A computer receives a request for protected user data with an access token presented by a client as authorization for the client to access the protected user data in a delegated environment. The computer parses the request to create a device fingerprint identifying the device submitting the request for the client. The computer compares the device fingerprint of the request to a previously stored device fingerprint of an authorized device associated with the access token. The computer automatically determines whether to identify the access token as potentially misappropriated based on the comparison of the device fingerprint of the request to the previously stored device fingerprint.Type: GrantFiled: November 27, 2013Date of Patent: August 22, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Simon G. Canning, Pranam C. Sreedhar, Patrick R. Wardrop, Shane B. Weeden
-
Publication number: 20170126662Abstract: A method, system and computer-usable medium for performing an adaptive security operation comprising: performing an authentication operation via a first device, the authentication operation analyzing an obligation performed by a first user; establishing access to a protected resource by the first device based upon the obligation performed by the first user; generating an attribute list comprising at least one attribute of the first device; analyzing a second device to determine whether the second device comprises an attribute corresponding to the at least one attribute of the first device; and, allowing access to the protected resource by the second device when the second device comprises the attribute corresponding to the at least one attribute of the first device.Type: ApplicationFiled: November 2, 2015Publication date: May 4, 2017Inventors: Pranam C. Sreedhar, Patrick R. Wardrop
-
Publication number: 20160373422Abstract: Authentication of users is based at least in part on a comparison of environmental signals of a present location with environmental signals identified earlier for the present location. Verification of the user location supports authentication where a conventional user logon actions are insufficient.Type: ApplicationFiled: June 22, 2015Publication date: December 22, 2016Inventors: Austin F. Bruch, Brad J. Fraley, Patrick R. Wardrop, Scott S. Wisson
-
Publication number: 20160373442Abstract: Authentication of users is based at least in part on a comparison of environmental signals of a present location with environmental signals identified earlier for the present location. Verification of the user location supports authentication where a conventional user logon actions are insufficient.Type: ApplicationFiled: December 15, 2015Publication date: December 22, 2016Inventors: Austin F. Bruch, Brad J. Fraley, Patrick R. Wardrop, Scott S. Wisson
-
Patent number: 9350739Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.Type: GrantFiled: April 10, 2015Date of Patent: May 24, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
-
Patent number: 9350726Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.Type: GrantFiled: September 11, 2014Date of Patent: May 24, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
-
Publication number: 20160080383Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.Type: ApplicationFiled: April 10, 2015Publication date: March 17, 2016Inventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
-
Publication number: 20160080354Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.Type: ApplicationFiled: September 11, 2014Publication date: March 17, 2016Inventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
-
Publication number: 20150150110Abstract: A computer receives a request for protected user data with an access token presented by a client as authorization for the client to access the protected user data in a delegated environment. The computer parses the request to create a device fingerprint identifying the device submitting the request for the client. The computer compares the device fingerprint of the request to a previously stored device fingerprint of an authorized device associated with the access token. The computer automatically determines whether to identify the access token as potentially misappropriated based on the comparison of the device fingerprint of the request to the previously stored device fingerprint.Type: ApplicationFiled: November 27, 2013Publication date: May 28, 2015Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: SIMON G. CANNING, PRANAM C. SREEDHAR, PATRICK R. WARDROP, SHANE B. WEEDEN