Patents by Inventor Paul W. Bennett
Paul W. Bennett has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10650134Abstract: Computer implemented methods are presented. The methods include, for instance: obtaining a user credential for login to a mobile device from a user. By use of a multi-layered authentication, based on the user credential, and a discreet user identity verification, the user determined to be unauthorized would operate the mobile device in a precaution mode, which discreetly creates secure records of activities of the user.Type: GrantFiled: January 16, 2018Date of Patent: May 12, 2020Assignee: International Business Machines CorporationInventors: Michael David Schiller, Adam Yoho, Wilalberto Rodriguez, Paul W. Bennett, David Y. Chang
-
Patent number: 10652708Abstract: An event/object reporting system is provided using data from sensors of a smart vehicle, which events/objects are observed by the smart vehicle but do not involve the smart vehicle. For this purpose, a computer-implemented method includes collecting, by the computer device, sensor data from at least one sensor on the smart vehicle regarding events/objects external to the smart vehicle, analyzing, by the computer device, the sensor data to detect whether a predetermined event and/or object external to the smart vehicle is found in the sensor data, and transmitting, by the computer device, portions of the sensor data pertaining to the predetermined event and/or object to an external server based on the detecting.Type: GrantFiled: October 17, 2018Date of Patent: May 12, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michal Broz, Steven D. Clay, Shunguo Yan, Paul W. Bennett
-
Publication number: 20200128371Abstract: An event/object reporting system is provided using data from sensors of a smart vehicle, which events/objects are observed by the smart vehicle but do not involve the smart vehicle. For this purpose, a computer-implemented method includes collecting, by the computer device, sensor data from at least one sensor on the smart vehicle regarding events/objects external to the smart vehicle, analyzing, by the computer device, the sensor data to detect whether a predetermined event and/or object external to the smart vehicle is found in the sensor data, and transmitting, by the computer device, portions of the sensor data pertaining to the predetermined event and/or object to an external server based on the detecting.Type: ApplicationFiled: October 17, 2018Publication date: April 23, 2020Inventors: Michal BROZ, Steven D. CLAY, Shunguo YAN, Paul W. BENNETT
-
Publication number: 20190220584Abstract: Computer implemented methods are presented. The methods include, for instance: obtaining a user credential for login to a mobile device from a user. By use of a multi-layered authentication, based on the user credential, and a discreet user identity verification, the user determined to be unauthorized would operate the mobile device in a precaution mode, which discreetly creates secure records of activities of the user.Type: ApplicationFiled: January 16, 2018Publication date: July 18, 2019Inventors: Michael David SCHILLER, Adam YOHO, Wilalberto RODRIGUEZ, Paul W. BENNETT, David Y. CHANG
-
Patent number: 9582407Abstract: Mechanisms are provided for performing security role definition testing. An application is received in a container of a runtime environment of the data processing system. The application has methods and security role definitions associated with the methods. A properties object, which specifies a user identifier to security role mapping, is received in the container. A test application is executed, in the container, by the processor, on an execution of the methods of the application based on the user identifier to security role mapping and the security role definitions. The test application tests an operation of the application with regard to the security role definitions. A result of the execution of the test application on the execution of the methods of the application is then output.Type: GrantFiled: February 25, 2011Date of Patent: February 28, 2017Assignee: International Business Machines CorporationInventors: Paul W. Bennett, Elisa Ferracane, William J. O'Donnell, Michael C. Thompson
-
Patent number: 9426155Abstract: A cloud deployment appliance (or other platform-as-a-service (IPAS) infrastructure software) includes a mechanism to deploy a product as a “shared service” to the cloud, as well as to enable the product to establish a trust relationship between itself and the appliance or IPAS. The mechanism further enables multiple products deployed to the cloud to form trust relationships with each other (despite the fact that each deployment and each product typically, by the nature of the cloud deployment, are intended to be isolated from one another). In addition, once deployed and provisioned into the cloud, a shared service can become part of a single sign-on (SSO) domain automatically. SSO is facilitated using a token-based exchange. Once a product registers with a token service, it can participate in SSO. This approach enables enforcement of consistent access control policy across product boundaries, and without requiring a user to perform any configuration.Type: GrantFiled: April 18, 2013Date of Patent: August 23, 2016Assignee: International Business Machines CorporationInventors: Ching-Yun Chao, John Yow-Chun Chang, Paul W. Bennett, John C. Sanchez, Donald R. Woods, Yuhsuke Kaneyasu, Sriram Srinivasan, Stuart Robert Douglas Monteith, Marcos Lohmann
-
Patent number: 9292702Abstract: Disclosed is a computer implemented method, computer program product, and apparatus to switch security configurations. A data processing system accesses a first security configuration via a thread of execution, wherein a security configuration comprises at least one security parameter. The thread receives an incoming request. The thread switches to a second security configuration that specifies a resource, based on the incoming request, responsive to receiving the incoming request. The thread stores the second security configuration or a reference to the second security configuration to a stack. The thread authenticates the incoming request based on the second security configuration. The thread grants or denies access to the resource. The thread executes a method referenced in the incoming request. The thread restores to a first security configuration, responsive to completing the method.Type: GrantFiled: August 20, 2009Date of Patent: March 22, 2016Assignee: International Business Machines CorporationInventors: Paul W. Bennett, Elisa A. Ferracane, Daniel E. Morris, Michael C. Thompson
-
Patent number: 9147062Abstract: A method, data processing system, and computer program product for managing user identification information. A determination is made whether an instance of security information in use on the first application server and referenced by a token that has expired was generated by an application server compatible with a first application server in response to receiving the token. A determination is made whether the instance of the security information is managed by a set of rules for a group of users of the first application server. A determination is made whether a user identifier from the token is authorized to access the first application server. The token is renewed in response to determining that the user identifier is authorized to access the first application server.Type: GrantFiled: June 29, 2011Date of Patent: September 29, 2015Assignee: International Business Machines CorporationInventors: Paul W. Bennett, Christopher M. Dettlaff, Elisa Ferracane, William J. O'Donnell, Michael C. Thompson
-
Patent number: 8955052Abstract: A method, system and computer-usable medium are disclosed for managing identity authorizations to access information processing system resources. An application thread requiring access to target resources is initiated and associated with an authenticated client identity and a server identity. The resource authorization attribute of a resource required for execution of the application thread designates the use of a client identity, a server identity, or a client identity and server identity when attempting authorized access of the resource. The client identity, the server identity, or the client identity and server identity is then respectively used to access the target resource and the application thread is executed.Type: GrantFiled: May 27, 2010Date of Patent: February 10, 2015Assignee: International Business Machines CorporationInventors: William J. O'Donnell, Elisa Ferracane, Paul W. Bennett, Michael C. Thompson
-
Publication number: 20140317716Abstract: A cloud deployment appliance (or other platform-as-a-service (IPAS) infrastructure software) includes a mechanism to deploy a product as a “shared service” to the cloud, as well as to enable the product to establish a trust relationship between itself and the appliance or IPAS. The mechanism further enables multiple products deployed to the cloud to form trust relationships with each other (despite the fact that each deployment and each product typically, by the nature of the cloud deployment, are intended to be isolated from one another). In addition, once deployed and provisioned into the cloud, a shared service can become part of a single sign-on (SSO) domain automatically. SSO is facilitated using a token-based exchange. Once a product registers with a token service, it can participate in SSO. This approach enables enforcement of consistent access control policy across product boundaries, and without requiring a user to perform any configuration.Type: ApplicationFiled: April 18, 2013Publication date: October 23, 2014Applicant: International Business Machines CorporationInventors: Ching-Yun Chao, John Yow-Chun Chang, Paul W. Bennett, John C. Sanchez, Donald R. Woods, Yuhsuke Kaneyasu, Sriram Srinivasan, Stuart Robert Douglas Monteith, Marcos Lohmann
-
Patent number: 8522307Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.Type: GrantFiled: March 6, 2012Date of Patent: August 27, 2013Assignee: International Business Machines CorporationInventors: Paul W. Bennett, Elisa Ferracane, Daniel E. Morris, Michael C. Thompson
-
Publication number: 20130007856Abstract: A method, data processing system, and computer program product for managing user identification information. A determination is made whether an instance of security information in use on the first application server and referenced by a token that has expired was generated by an application server compatible with a first application server in response to receiving the token. A determination is made whether the instance of the security information is managed by a set of rules for a group of users of the first application server. A determination is made whether a user identifier from the token is authorized to access the first application server. The token is renewed in response to determining that the user identifier is authorized to access the first application server.Type: ApplicationFiled: June 29, 2011Publication date: January 3, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul W. Bennett, Christopher M. Dettlaff, Elisa Ferracane, William J. O'Donnell, Michael C. Thompson
-
Publication number: 20120222015Abstract: Mechanisms are provided for performing security role definition testing. An application is received in a container of a runtime environment of the data processing system. The application has methods and security role definitions associated with the methods. A properties object, which specifies a user identifier to security role mapping, is received in the container. A test application is executed, in the container, by the processor, on an execution of the methods of the application based on the user identifier to security role mapping and the security role definitions. The test application tests an operation of the application with regard to the security role definitions. A result of the execution of the test application on the execution of the methods of the application is then output.Type: ApplicationFiled: February 25, 2011Publication date: August 30, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul W. Bennett, Elisa Ferracane, William J. O'Donnell, Michael C. Thompson
-
Publication number: 20120198515Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.Type: ApplicationFiled: March 6, 2012Publication date: August 2, 2012Applicant: New Orchard RoadInventors: PAUL W. BENNETT, Elisa Ferracane, Daniel E. Morris, Michael C. Thompson
-
Patent number: 8230478Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.Type: GrantFiled: August 27, 2009Date of Patent: July 24, 2012Assignee: International Business Machines CorporationInventors: Paul W. Bennett, Elisa Ferracane, Daniel E. Morris, Michael C. Thompson
-
Publication number: 20110296496Abstract: A method, system and computer-usable medium are disclosed for managing identity authorizations to access information processing system resources. An application thread requiring access to target resources is initiated and associated with an authenticated client identity and a server identity. The resource authorization attribute of a resource required for execution of the application thread designates the use of a client identity, a server identity, or a client identity and server identity when attempting authorized access of the resource. The client identity, the server identity, or the client identity and server identity is then respectively used to access the target resource and the application thread is executed.Type: ApplicationFiled: May 27, 2010Publication date: December 1, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: William J. O'Donnell, Elisa Ferracane, Paul W. Bennett, Michael C. Thompson
-
Publication number: 20110055926Abstract: A method, system, and computer usable program product for flexibly assigning security configurations to applications are provided in the illustrative embodiments. An embodiment determines, forming a first determination, whether a first identifier identifying the application is mapped to the security configuration. The embodiment determines, forming a second determination, whether the application participates in a group by determining whether a second identifier identifying the group is mapped to the security configuration. The embodiment assigns, forming a first assignment, the security configuration to the application if either of the first and the second determinations is true. The embodiment assigns, forming a second assignment, the security configuration to the application using a determination by a first policy if the first and the second determinations are false.Type: ApplicationFiled: August 27, 2009Publication date: March 3, 2011Applicant: International Business Machines CorporationInventors: Paul W. Bennett, Elisa Ferracane, Daniel E. Morris, Michael C. Thompson
-
Publication number: 20110047589Abstract: Disclosed is a computer implemented method, computer program product, and apparatus to switch security configurations. A data processing system accesses a first security configuration via a thread of execution, wherein a security configuration comprises at least one security parameter. The thread receives an incoming request. The thread switches to a second security configuration that specifies a resource, based on the incoming request, responsive to receiving the incoming request. The thread stores the second security configuration or a reference to the second security configuration to a stack. The thread authenticates the incoming request based on the second security configuration. The thread grants or denies access to the resource. The thread executes a method referenced in the incoming request. The thread restores to a first security configuration, responsive to completing the method.Type: ApplicationFiled: August 20, 2009Publication date: February 24, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul W. Bennett, Elisa A. Ferracane, Daniel E. Morris, Michael C. Thompson
-
Patent number: 6961898Abstract: Systems and methods for computer-based numerical calculation using a calcsheet are provided. A calcsheet may provide one or more columns for vertical calculation, each column having a plurality of fields including operation fields, number fields, and optional comment fields. The calcsheet may include multiple columns of vertical calculations. A user may type in calculations in a manner similar to the entry of calculations on a hand held calculator, and the calculations may be displayed in a vertical format in substantially any column. Number fields in a calcsheet may include mathematical formulas or references to other fields. A set of fields (such as all operation fields in a column, for example) may be hidden. The display order of fields may be altered. Parentheses spanning multiple rows may be used to alter the order of operations. Spreadsheet lines and vertical calculations may be used in a single document or display screen.Type: GrantFiled: March 28, 2001Date of Patent: November 1, 2005Inventor: Paul W. Bennett
-
Publication number: 20040205676Abstract: Systems and methods for computer-based numerical calculation using a calcsheet are provided. A calcsheet may provide one or more columns for vertical calculation, each column having a plurality of fields including operation fields, number fields, and optional comment fields. The calcsheet may include multiple columns of vertical calculations. A user may type in calculations in a manner similar to the entry of calculations on a hand held calculator, and the calculations may be displayed in a vertical format in substantially any column. Number fields in a calcsheet may include mathematical formulas or references to other fields. A set of fields (such as all operation fields in a column, for example) may be hidden. The display order of fields may be altered. Parentheses spanning multiple rows may be used to alter the order of operations. Spreadsheet lines and vertical calculations may be used in a single document or display screen.Type: ApplicationFiled: March 28, 2001Publication date: October 14, 2004Inventor: Paul W. Bennett