Patents by Inventor Pau-Chen Cheng
Pau-Chen Cheng has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9582674Abstract: Systems and methods are provided to manage risk associated with access to information within a given organization. The overall risk tolerance for the organization is determined and allocated among a plurality of subjects within the organization. Allocation is accomplished using either a centralized, request/response or free market mechanism. As requested from subjects within the organization for access to objects, i.e. information and data, are received, the amount of risk or risk level associated with each requested is quantified. Risk quantification can be accomplished using, for example, fuzzy multi-level security. The quantified risk associated with the access request in combination with the identity of the object and the identity of the subject are used to determine whether or not the request should be granted, denied or granted with appropriated mitigation measures.Type: GrantFiled: December 9, 2013Date of Patent: February 28, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Pau-Chen Cheng, Pankaj Rohatgi, Claudia Keser, Josyula R. Rao
-
Publication number: 20160323321Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.Type: ApplicationFiled: July 11, 2016Publication date: November 3, 2016Inventors: Pau-Chen Cheng, Stephen C. Gates, Lawrence Koved, Wilfried Teiken
-
Patent number: 9432375Abstract: Generating a resource access control decision is provided. A user trust value associated with a user identifier of a user requesting access to a protected resource is modulated based on an estimated risk value associated with a context of a resource access request. The resource access control decision is generated based on the modulated user trust value associated with the user requesting access to the protected resource.Type: GrantFiled: May 20, 2014Date of Patent: August 30, 2016Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, Lawrence Koved, Kapil K. Singh
-
Patent number: 9396352Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.Type: GrantFiled: July 31, 2015Date of Patent: July 19, 2016Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, Stephen C. Gates, Lawrence Koved, Wilfried Teiken
-
Publication number: 20160006730Abstract: A technique is provided for continuous user authentication through real-time fusion and correlation of multiple factors. Monitored data is continuously obtained from a computer. The monitored data is related to user actions on the computer of a user. A server analyzes the monitored data of the computer to execute a windowing system event sequences modality, a network footprint modality, an application specific user actions modality, and/or a forensic linguistic analysis modality for the user. The user is authenticated on the computer based on a combination of the windowing system event sequences modality, the network footprint modality, the application specific user actions modality, and/or the forensic linguistic analysis modality.Type: ApplicationFiled: July 7, 2014Publication date: January 7, 2016Inventors: Suresh N. Chari, Pau-Chen Cheng, Lawrence Koved, Ian M. Molloy, Youngja Park
-
Publication number: 20150339489Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.Type: ApplicationFiled: July 31, 2015Publication date: November 26, 2015Inventors: Pau-Chen Cheng, Stephen C. Gates, Lawrence Koved, Wilfried Teiken
-
Publication number: 20150326594Abstract: Embodiments include a network data collection and response system for enhancing security in an enterprise network providing a user-supplied computing device with access to the network. A network data collection and response system tracks network activity of the device and maintains a device inventory recording the device type and configuration information for the device along with a resource utilization profile for the device. The network data collection and response system detects high-risk or unauthorized network activity involving the device through passive monitoring without utilization of a data monitoring agent installed on the device and implements a response action to mitigate the high-risk or unauthorized network.Type: ApplicationFiled: May 6, 2014Publication date: November 12, 2015Applicant: International Business Machines CorporationInventors: Suresh N. Chari, Pau-Chen Cheng, Xin Hu, Lawrence Koved, Josyula R. Rao, Reiner Sailer, Douglas L. Schales, Kapil K. Singh, Marc P. Stoecklin
-
Patent number: 9135465Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.Type: GrantFiled: August 9, 2012Date of Patent: September 15, 2015Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, Stephen C. Gates, Lawrence Koved, Wilfried Teiken
-
Publication number: 20150106888Abstract: Generating a resource access control decision is provided. A user trust value associated with a user identifier of a user requesting access to a protected resource is modulated based on an estimated risk value associated with a context of a resource access request. The resource access control decision is generated based on the modulated user trust value associated with the user requesting access to the protected resource.Type: ApplicationFiled: May 20, 2014Publication date: April 16, 2015Applicant: International Business Machines CorporationInventors: Pau-Chen Cheng, Lawrence Koved, Kapil K. Singh
-
Publication number: 20140101753Abstract: Systems and methods are provided to manage risk associated with access to information within a given organization. The overall risk tolerance for the organization is determined and allocated among a plurality of subjects within the organization. Allocation is accomplished using either a centralized, request/response or free market mechanism. As requested from subjects within the organization for access to objects, i.e. information and data, are received, the amount of risk or risk level associated with each requested is quantified. Risk quantification can be accomplished using, for example, fuzzy multi-level security. The quantified risk associated with the access request in combination with the identity of the object and the identity of the subject are used to determine whether or not the request should be granted, denied or granted with appropriated mitigation measures.Type: ApplicationFiled: December 9, 2013Publication date: April 10, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Pau-Chen Cheng, Pankaj Rohatgi, Claudia Keser, Josyula R. Rao
-
Patent number: 8650623Abstract: Systems and methods are provided to manage risk associated with access to information within a given organization. The overall risk tolerance for the organization is determined and allocated among a plurality of subjects within the organization. Allocation is accomplished using either a centralized, request/response or free market mechanism. As requested from subjects within the organization for access to objects, i.e. information and data, are received, the amount of risk or risk level associated with each requested is quantified. Risk quantification can be accomplished using, for example, fuzzy multi-level security. The quantified risk associated with the access request in combination with the identity of the object and the identity of the subject are used to determine whether or not the request should be granted, denied or granted with appropriated mitigation measures.Type: GrantFiled: January 17, 2007Date of Patent: February 11, 2014Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, Pankaj Rohatgi, Claudia Keser, Josyula R. Rao
-
Patent number: 8606724Abstract: A method for constructing a classifier which maps an input vector to one of a plurality of pre-defined classes, the method steps includes receiving a set of training examples as input, wherein each training example is an exemplary input vector belonging to one of the pre-defined classes, learning a plurality of functions, wherein each function maps the exemplary input vectors to a numerical value, and determining a class for the input vector by combining numerical outputs of the functions determined for the input vector.Type: GrantFiled: November 6, 2008Date of Patent: December 10, 2013Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, John Andrew Clark, Yow Tzu Lim, Pankaj Rohatgi
-
Publication number: 20130232542Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.Type: ApplicationFiled: July 23, 2012Publication date: September 5, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Pau-Chen Cheng, Stephen C. Gates, Lawrence Koved, Wilfried Teiken
-
Publication number: 20130232543Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.Type: ApplicationFiled: August 9, 2012Publication date: September 5, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Pau-Chen Cheng, Stephen C. Gates, Lawrence Koved, Wilfried Teiken
-
Patent number: 8276192Abstract: A method for security planning with hard security constraints includes: receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.Type: GrantFiled: May 30, 2008Date of Patent: September 25, 2012Assignee: International Business Machines CorporationInventors: Kay Schwendimann Anderson, Pau-Chen Cheng, Genady Ya. Grabarnik, Paul Ashley Karger, Marc Lelarge, Zhen Liu, Anton Viktorovich Riabov, Pankaj Rohatgi, Angela Marie Schuett, Grant Wagner
-
Patent number: 8132259Abstract: A method for security planning with soft security constraints, include: receiving security-related requirements of a workflow to be developed using system inputs and processing components; and generating at least one proposed workflow according to the security-related requirements, wherein the at least one proposed workflow satisfies soft constraints.Type: GrantFiled: January 4, 2007Date of Patent: March 6, 2012Assignee: International Business Machines CorporationInventors: Kay Schwendimann Anderson, Pau-Chen Cheng, Trenton Ray Jaeger, Zhen Liu, Anton Viktorovich Riabov, Pankaj Rohatgi, Angela Schuett Reninger, Grant Wagner
-
Patent number: 8099781Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.Type: GrantFiled: July 23, 2009Date of Patent: January 17, 2012Assignee: International Business Machines CorporationInventors: Kay S. Anderson, Pau-Chen Cheng, Mark D. Feblowitz, Genady Grabarnik, Shai Halevi, Nagui Halim, Trent R. Jaeger, Paul Ashley Karger, Zhen Liu, Ronald Perez, Anton V. Riabov, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Patent number: 8087090Abstract: An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range by mapping the effectiveness of performing the mitigation measures to determine a residual risk after a mitigation measure has been implemented.Type: GrantFiled: June 2, 2008Date of Patent: December 27, 2011Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, Shai Halevi, Trent Ray Jaeger, Paul Ashley Karger, Ronald Perez, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Publication number: 20110173084Abstract: Systems and methods are provided to manage risk associated with access to information within a given organization. The overall risk tolerance for the organization is determined and allocated among a plurality of subjects within the organization. Allocation is accomplished using either a centralized, request/response or free market mechanism. As requested from subjects within the organization for access to objects, i.e. information and data, are received, the amount of risk or risk level associated with each requested is quantified. Risk quantification can be accomplished using, for example, fuzzy multi-level security. The quantified risk associated with the access request in combination with the identity of the object and the identity of the subject are used to determine whether or not the request should be granted, denied or granted with appropriated mitigation measures.Type: ApplicationFiled: January 17, 2007Publication date: July 14, 2011Inventors: Pau-Chen Cheng, Pankaj Rohatgi, Claudia Keser, Josyula R. Rao
-
Publication number: 20100332422Abstract: A method for constructing a classifier which maps an input vector to one of a plurality of pre-defined classes, the method steps includes receiving a set of training examples as input, wherein each training example is an exemplary input vector belonging to one of the pre-defined classes, learning a plurality of functions, wherein each function maps the exemplary input vectors to a numerical value, and determining a class for the input vector by combining numerical outputs of the functions determined for the input vector.Type: ApplicationFiled: November 6, 2008Publication date: December 30, 2010Inventors: Pau-Chen Cheng, John Andrew Clark, Yow Tzu Lim, Pankaj Rohatgi