Patents by Inventor Pratik Gupta
Pratik Gupta has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8533168Abstract: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.Type: GrantFiled: July 20, 2007Date of Patent: September 10, 2013Assignee: International Business Machines CorporationInventors: David G. Kuehr-McLaren, Pratik Gupta, Govindaraj Sampathkumar, Vincent C. Williams, Sharon L. Cutcher, Sumit Taank, Brian A. Stube, Hari Shankar
-
Patent number: 8495352Abstract: A framework instantiates an application from its disk snapshots. The disk snapshots are taken from a different network environment and migrated to a virtualized environment. Modifications to operating systems and hypervisors are avoided, and no special network isolation support is required. The framework is extensible and plug-in based, allowing product experts to provide knowledge about discovering, updating, starting and stopping of software components. This knowledge base is compiled into a plan that executes various interleaved configuration discovery, updates and start tasks such that a required configuration model can be discovered with minimal start and update task execution. The plan generation automatically stitches together knowledge for the various products, thus significantly simplifying the knowledge specification.Type: GrantFiled: December 8, 2010Date of Patent: July 23, 2013Assignee: International Business Machines CorporationInventors: Manish Gupta, Pratik Gupta, Narendran Sachindran, Manish Sethi, Manoj Soni
-
Publication number: 20120151198Abstract: A framework instantiates an application from its disk snapshots taken from a different network environment and migrated to a virtualized environment. Modifications to operating systems and hypervisors are avoided, and no special network isolation support is required. The framework is extensible and plug-in based, allowing product experts to provide knowledge about discovering, updating, starting and stopping of software components. This knowledge base is compiled into a plan that executes various interleaved configuration discovery, updates and start tasks such that a required configuration model can be discovered with minimal start and update task execution. The plan generation automatically stitches together knowledge for the various products, thus significantly simplifying the knowledge specification. Once discovery is complete, the framework utilizes the discovered model to update stale network configurations across software stack and customize configurations beyond network settings.Type: ApplicationFiled: December 8, 2010Publication date: June 14, 2012Applicant: IBM CORPORATIONInventors: Manish Gupta, Pratik Gupta, Narendran Sachindran, Manish Sethi, Manoj Soni
-
Patent number: 7971231Abstract: The present invention discloses a solution for managing policy artifacts using a configuration management database (CMDB). Policies can be associated with a number of information technology resources, such as servers, businesses applications and the like. The solution permits automatic tagging of the policies (auto-discovery) as they enter the CMDB. For example, when a policy is added, it can be compared against a set of tagging rules. Multiple rules can match a new policy, which results in multiple tags being added for the policy. The policy specific tags can be optionally indexed for faster searching. Once indexed, the CMDB can support policy and policy tag based queries. In one embodiment, policy artifacts can be manipulated within a CMDB tool in a manner consistent with how the CMDB tool handles configuration items (CIs).Type: GrantFiled: October 2, 2007Date of Patent: June 28, 2011Assignee: International Business Machines CorporationInventors: Pratik Gupta, Neeraj Joshi, David L. Kaminsky, David B. Lindquist, Balachandar Rajaraman
-
Patent number: 7624445Abstract: A method, apparatus, and computer instructions for responding to a threat condition within the network data processing system. A threat condition within the network data processing system is detected. At least one routing device is dynamically reconfigured within the network data processing system to isolate or segregate one or more infected data processing systems within the network data processing system. This dynamic reconfiguration occurs in response to the threat condition being detected.Type: GrantFiled: June 15, 2004Date of Patent: November 24, 2009Assignee: International Business Machines CorporationInventors: Pratik Gupta, David Bruce Lindquist
-
Patent number: 7530097Abstract: A method of controlling password changes in a system having a plurality of data processing systems having separate password registries. Contents of passwords in the password registries of the data processing systems are controlled using password content policies that are centrally shared between the plurality of data processing systems.Type: GrantFiled: June 5, 2003Date of Patent: May 5, 2009Assignee: International Business Machines CorporationInventors: Luis Benici Casco-Arias, Pratik Gupta, David Gerard Kuehr-McLaren, Andrew David Record
-
Publication number: 20090089072Abstract: The present invention discloses a solution for managing policy artifacts using a configuration management database (CMDB). Policies can be associated with a number of information technology resources, such as servers, businesses applications and the like. The solution permits automatic tagging of the policies (auto-discovery) as they enter the CMDB. For example, when a policy is added, it can be compared against a set of tagging rules. Multiple rules can match a new policy, which results in multiple tags being added for the policy. The policy specific tags can be optionally indexed for faster searching. Once indexed, the CMDB can support policy and policy tag based queries. In one embodiment, policy artifacts can be manipulated within a CMDB tool in a manner consistent with how the CMDB tool handles configuration items (CIs).Type: ApplicationFiled: October 2, 2007Publication date: April 2, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: PRATIK GUPTA, NEERAJ JOSHI, DAVID L. KAMINSKY, DAVID B. LINDQUIST, BALACHANDAR RAJARAMAN
-
Publication number: 20080016104Abstract: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.Type: ApplicationFiled: July 20, 2007Publication date: January 17, 2008Inventors: David Kuehr-McLaren, Pratik Gupta, Govindaraj Sampathkumar, Vincent Williams, Sharon Cutcher, Sumit Taank, Brian Stube, Hari Shankar
-
Patent number: 7284000Abstract: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.Type: GrantFiled: December 19, 2003Date of Patent: October 16, 2007Assignee: International Business Machines CorporationInventors: David G. Kuehr-McLaren, Pratik Gupta, Govindaraj Sampathkumar, Vincent C. Williams, Sharon L. Cutcher, Sumit Taank, Brian A. Stube, Hari Shankar
-
Publication number: 20050278784Abstract: A method, apparatus, and computer instructions for responding to a threat condition within the network data processing system. A threat condition within the network data processing system is detected. At least one routing device is dynamically reconfigured within the network data processing system to isolate or segregate one or more infected data processing systems within the network data processing system. This dynamic reconfiguration occurs in response to the threat condition being detected.Type: ApplicationFiled: June 15, 2004Publication date: December 15, 2005Applicant: International Business Machines CorporationInventors: Pratik Gupta, David Lindquist
-
Publication number: 20050138061Abstract: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.Type: ApplicationFiled: December 19, 2003Publication date: June 23, 2005Inventors: David Kuehr-McLaren, Pratik Gupta, Govindaraj Sampathkumar, Vincent Williams, Sharon Cutcher, Sumit Taank, Brian Stube, Hari Shankar
-
Publication number: 20050138419Abstract: An automated, bottom-up role discovery method for a role based control system includes automatically extracting identities and attributes from data sources and automatically clustering the identities based on the attributes to form recommended roles. The recommended roles may be modified by intervention of an administrator. Additionally, the recommended roles may be aggregated by defining the role definition as an attribute of each constituent identity, and re-clustering the identities to generate refined roles. The recommended, modified, and/or refined roles may then be utilized in a role based control system, such as a role based access control system. Periodically performing the role discovery process provides a means to audit a role based access control system.Type: ApplicationFiled: December 19, 2003Publication date: June 23, 2005Inventors: Pratik Gupta, Govindaraj Sampathkumar, David Kuehr-McLaren, Vincent Williams, Sharon Cutcher, Sumit Taank, Brian Stube, Hari Shankar
-
Publication number: 20050138420Abstract: A role hierarchy is automatically generated by hierarchically ranking roles in a role based control system, each role including a plurality of identities having attributes. Iteratively at each hierarchical level: each non-cohesive role (wherein, in this case, at least one attribute is not possessed by every identity in the role) is replaced, at the same hierarchical level, by a cohesive role formed by grouping identities having at least one common attribute. The remaining identities are clustered into children roles based on attributes other than the common attribute, and the children roles are added to the role hierarchy at a hierarchical level below the cohesive role. If no common attribute exists in the non-cohesive role, the role is clustered into two or more new roles based on all the attributes in the role, and the non-cohesive role is replaced with the new roles at the same hierarchical level.Type: ApplicationFiled: December 19, 2003Publication date: June 23, 2005Inventors: Govindaraj Sampathkumar, Pratik Gupta, David Kuehr-McLaren, Vincent Williams, Sharon Cutcher, Sumit Taank, Brian Stube, Hari Shankar
-
Publication number: 20040250141Abstract: A method of controlling password changes in a system having a plurality of data processing systems having separate password registries. Contents of passwords in the password registries of the data processing systems are controlled using password content policies that are centrally shared between the plurality of data processing systems.Type: ApplicationFiled: June 5, 2003Publication date: December 9, 2004Inventors: Luis Benicio Casco-Arias, Pratik Gupta, David Gerard Kuehr-McLaren, Andrew David Record