Patents by Inventor Patrick S. Botz
Patrick S. Botz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8220040Abstract: In an embodiment, a verifier receives requirements for membership in a group from a service and receives proof of attributes from users. The verifier verifies whether the proof of attributes meets the membership requirements and sends acceptance or rejection to the service. If the proof meets the requirements, the service allows the users to become members of the group and allows the members to transfer data to and from other members. If the proof does not meet the requirements, the service prevents the users from becoming members. In this way, the service and group members know that other group members satisfy the group membership requirements without needing to know the identity of the group members or other information unrelated to the group membership requirements.Type: GrantFiled: January 8, 2008Date of Patent: July 10, 2012Assignee: International Business Machines CorporationInventors: Patrick S. Botz, Michael John Branson, Gregory Richard Hintermeister
-
Patent number: 8171558Abstract: In a multi-tiered computing environment, a first program may authenticate with a second program using dynamically-generated public/private key pairs. An authentication token is constructed that includes user information and information about the first program and the second program. The first program then digitally signs the authentication token using the dynamically-generated private key, and sends the authentication token to the second program. The second program then verifies the authentication token using the public key corresponding to the first program. Once verified, the first program is authenticated to the second program. The second program may then authenticate to a next-tier program by constructing an authentication token that includes the information in the authentication token received from the first program.Type: GrantFiled: December 8, 2007Date of Patent: May 1, 2012Assignee: International Business Machines CorporationInventor: Patrick S. Botz
-
Patent number: 7822980Abstract: An authenticated identity propagation and translation technique is provided based on a trust relationship between multiple user identification and authentication services resident on different computing components of a multi-component transaction processing computing environment including distributed and mainframe computing components. The technique includes, in one embodiment, forwarding, in association with transaction requests, identified and authenticated user identification and authentication information from a distributed component to a mainframe component, facilitating the selection of the appropriate mainframe user identity with which to execute the mainframe portion of the transaction, and creating the appropriate run-time security context.Type: GrantFiled: August 29, 2006Date of Patent: October 26, 2010Assignee: International Business Machines CorporationInventors: Patrick S. Botz, John C. Dayka, Donna N. Dillenberger, Richard H. Guski, Timothy J. Hahn, Margaret K. LaBelle, Mark A. Nelson
-
Publication number: 20090178130Abstract: In an embodiment, a verifier receives requirements for membership in a group from a service and receives proof of attributes from users. The verifier verifies whether the proof of attributes meets the membership requirements and sends acceptance or rejection to the service. If the proof meets the requirements, the service allows the users to become members of the group and allows the members to transfer data to and from other members. If the proof does not meet the requirements, the service prevents the users from becoming members. In this way, the service and group members know that other group members satisfy the group membership requirements without needing to know the identity of the group members or other information unrelated to the group membership requirements.Type: ApplicationFiled: January 8, 2008Publication date: July 9, 2009Inventors: Patrick S. Botz, Michael John Branson, Gregory Richard Hintermeister
-
Publication number: 20080172720Abstract: Methods, apparatus, and products for administering access permissions for computer resources that include: establishing, for active access permissions for a computer resource for a user, proposed alternative access permissions for the computer resource for the user; receiving, in an access control module of an operating system from the user, a request for access to the resource; determining, by the access control module, whether to grant access to the resource for the request in accordance with the active access permissions for the computer resource for the user; determining, by the access control module, whether access would have been granted for the request in accordance with the proposed alternative access permissions for the resource for the user; and recording, by the access control module, the result of the determination whether access would have been granted.Type: ApplicationFiled: January 15, 2007Publication date: July 17, 2008Inventors: Patrick S. Botz, Daniel P. Kolz, Garry J. Sullivan
-
Patent number: 7350079Abstract: In a multi-tiered computing environment, a first program may authenticate with a second program using dynamically-generated public/private key pairs. An authentication token is constructed that includes user information and information about the first program and the second program. The first program then digitally signs the authentication token using the dynamically-generated private key, and sends the authentication token to the second program. The second program then verifies the authentication token using the public key corresponding to the first program. Once verified, the first program is authenticated to the second program. The second program may then authenticate to a next-tier program by constructing an authentication token that includes the information in the authentication token received from the first program.Type: GrantFiled: November 20, 2003Date of Patent: March 25, 2008Assignee: International Business Machines CorporationInventor: Patrick S. Botz
-
Publication number: 20080034402Abstract: A method, system, and computer program product for implementing policy-based security control functions is provided. The method includes constructing an organizational domain specifying business assets to be secured and the actors in specific roles requiring access to the business assets. The method also includes constructing a control policy domain including system setting attributes and access control policies for a computer system, the access control policies specifying permissions-based access to specified types of data based upon actor and purpose of use criteria. The method further includes mapping user identifiers to corresponding actors and mapping system artifacts in the computer system or subsystem to business assets defined in the organizational domain to which an access control policy is to be applied. The method also includes applying the access control policies to the system.Type: ApplicationFiled: August 7, 2006Publication date: February 7, 2008Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Patrick S. Botz, Daniel P. Kolz, Garry J. Sullivan
-
Patent number: 6981043Abstract: An apparatus and method allow a system administrator to manage multiple user identities in multiple user registries in different processing environments. An identity mapping mechanism is provided that includes a directory service that includes entries that reference user identities in the multiple registries, and that reference identity mappings between those entries. The identity mapping mechanism includes an interface defined by a plurality of APIs that allow accessing and correlating the multiple user identities and the identity mappings. A programmer can generate an application or tool that uses the identity mapping mechanism by calling the APIs in the interface. In this manner, administration of user identities occurs with the user as the primary focus, rather than the platform. In addition, a common tool can be used to manage the user identities of different environments, making administration of user identities in a heterogenous network more efficient and cost-effective.Type: GrantFiled: March 27, 2001Date of Patent: December 27, 2005Assignee: International Business Machines CorporationInventors: Patrick S. Botz, Patrick Jerome Fleming, Timothy James Hahn
-
Patent number: 6898711Abstract: A user within a multiple process environment is initially authenticated, such as by verifying the user's identification and password. A first process, such as a client, requests a profile token representative of the user in response to authenticating the user. The profile token has associated with it one or more usage limitations. The profile token is transferred from the first process to a second process, such as a server. The second process, upon receiving a valid profile token, is allowed to perform one or more tasks on behalf of the user within the token's usage limitations. A profile token is invalidated upon violation of a usage limitation, such as a preestablished time-out period. One or more lookup tables are used to manage the profile tokens and to store certain user and profile token information, providing increased processing security.Type: GrantFiled: January 13, 1999Date of Patent: May 24, 2005Assignee: International Business Machines CorporationInventors: Mark Linus Bauman, Patrick S. Botz, William Craig Rapp
-
Patent number: 6747676Abstract: Method for providing at least a portion of a disguised password in an undisguised form is described. More particularly, a program is described having a capability of displaying a single character at a time, more than one character at a time or all of otherwise disguised characters of a password in an undisguised form in response to a successful pre-password check.Type: GrantFiled: December 13, 2000Date of Patent: June 8, 2004Assignee: International Business Machines CorporationInventors: Patrick S. Botz, Brian John Cragun
-
Publication number: 20030177388Abstract: An authenticated identity translation technique is provided based on a trust relationship between multiple user identification and authentication services resident on different computing units of a multiple computing unit environment. The technique includes, in one embodiment, recording user identification and authentication events occurring within the trusted domain, and making this information available to other computing units within the domain by generating tokens representative of the identification and authentication events. A token is forwarded with a request to one or more computing units of the domain, which in turn provide the token to a domain controller to translate user identities between respective computing units.Type: ApplicationFiled: March 15, 2002Publication date: September 18, 2003Applicant: International Business Machines CorporationInventors: Patrick S. Botz, John C. Dayka, Richard H. Guski, Timothy J. Hahn, Margaret K. LaBelle
-
Publication number: 20020143909Abstract: An apparatus and method allow a system administrator to manage multiple user identities in multiple user registries in different processing environments. An identity mapping mechanism is provided that includes a directory service that includes entries that reference user identities in the multiple registries, and that reference identity mappings between those entries. The identity mapping mechanism includes an interface defined by a plurality of APIs that allow accessing and correlating the multiple user identities and the identity mappings. A programmer can generate an application or tool that uses the identity mapping mechanism by calling the APIs in the interface. In this manner, administration of user identities occurs with the user as the primary focus, rather than the platform. In addition, a common tool can be used to manage the user identities of different environments, making administration of user identities in a heterogenous network more efficient and cost-effective.Type: ApplicationFiled: March 27, 2001Publication date: October 3, 2002Applicant: International Business Machines CorporationInventors: Patrick S. Botz, Patrick Jerome Fleming
-
Publication number: 20020070964Abstract: Method for providing at least a portion of a disguised password in an undisguised form is described. More particularly, a program is described having a capability of displaying a single character at a time, more than one character at a time or all of otherwise disguised characters of a password in an undisguised form in response to a successful pre-password check.Type: ApplicationFiled: December 13, 2000Publication date: June 13, 2002Applicant: International Business Machines Corporation, Armonk, New York 10504Inventors: Patrick S. Botz, Brian John Cragun