Patents by Inventor Richard Jay Cohen
Richard Jay Cohen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11770411Abstract: A method, system, and computer program product for prioritizing endpoints to be checked during a change window based on certain criteria. The method may include receiving a request for processing from a plurality of servers. The method may also include determining a priority for each server of the plurality of servers based on specified criteria, where the specified criteria includes at least compliance-check history. The method may also include determining whether each server belongs to one or more groups. The method may also include determining a notification order for the plurality of servers based on the priority and whether each server belongs to the one or more groups. The method may also include sending a notification to each server in the notification order.Type: GrantFiled: September 23, 2019Date of Patent: September 26, 2023Assignee: KYNDRYL, INC.Inventors: Lohitashwa Thyagaraj, Debasisha Padhi, Richard Jay Cohen
-
Publication number: 20230085001Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.Type: ApplicationFiled: November 18, 2022Publication date: March 16, 2023Inventors: Constantin Mircea Adam, Richard Jay Cohen, Robert Filepp, Milton H. Hernandez, Brian Peterson, Maja Vukovic, Sai ZENG, Guan Qun Zhang, Bhavna Agrawal
-
Patent number: 11533296Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.Type: GrantFiled: September 1, 2017Date of Patent: December 20, 2022Assignee: KYNDRYL, INC.Inventors: Constantin Mircea Adam, Richard Jay Cohen, Robert Filepp, Milton H. Hernandez, Brian Peterson, Maja Vukovic, Sai Zeng, Guan Qun Zhang, Bhavna Agrawal
-
Patent number: 11502995Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.Type: GrantFiled: December 14, 2017Date of Patent: November 15, 2022Assignee: KYNDRYL, INC.Inventors: Constantin Mircea Adam, Richard Jay Cohen, Robert Filepp, Milton H. Hernandez, Brian Peterson, Maja Vukovic, Sai Zeng, Guan Qun Zhang, Bhavna Agrawal
-
Patent number: 11288360Abstract: Using a first key, an encrypted file fingerprint is decrypted, the decrypting resulting in a decrypted file fingerprint. Using a hash function on a script file, a script file fingerprint is computed, the script file intended to be executed by an interpreter. Responsive to the script file fingerprint matching the decrypted file fingerprint, the script file is executed.Type: GrantFiled: March 4, 2020Date of Patent: March 29, 2022Assignee: KYNDRYL, INC.Inventors: Constantin Mircea Adam, Richard Jay Cohen, Jeffrey Edward Lammers, Cheng Yi Lee, Brian Peterson, Maja Vukovic, Xiongfei Wei
-
Publication number: 20210279326Abstract: Using a first key, an encrypted file fingerprint is decrypted, the decrypting resulting in a decrypted file fingerprint. Using a hash function on a script file, a script file fingerprint is computed, the script file intended to be executed by an interpreter. Responsive to the script file fingerprint matching the decrypted file fingerprint, the script file is executed.Type: ApplicationFiled: March 4, 2020Publication date: September 9, 2021Applicant: International Business Machines CorporationInventors: Constantin Mircea Adam, Richard Jay Cohen, Jeffrey Edward Lammers, Cheng Yi Lee, Brian Peterson, Maja Vukovic, Xiongfei Wei
-
Publication number: 20210092157Abstract: A method, system, and computer program product for prioritizing endpoints to be checked during a change window based on certain criteria. The method may include receiving a request for processing from a plurality of servers. The method may also include determining a priority for each server of the plurality of servers based on specified criteria, where the specified criteria includes at least compliance-check history. The method may also include determining whether each server belongs to one or more groups. The method may also include determining a notification order for the plurality of servers based on the priority and whether each server belongs to the one or more groups. The method may also include sending a notification to each server in the notification order.Type: ApplicationFiled: September 23, 2019Publication date: March 25, 2021Inventors: Lohitashwa Thyagaraj, Debasisha Padhi, Richard Jay Cohen
-
Patent number: 10623375Abstract: This disclosure describes an automated process of discovering characteristics needed to integrate a web-based application to a web portal, such as a reverse proxy. This process eliminates the need for application owners and security analysts to manually discover the information needed for the on-boarding process. To this end, application-specific information is determined by monitoring network traffic flows in and out of the application, user authentication and authorization event data, and the like. An application discovery engine analyzes the discovered data, preferably against a set of patterns and heuristic-based rules, to discover or identify the one or more application characteristics. A set of configuration data is then generated, and this configuration data is then used to integrate the application into the web reverse proxy and, in particular, by specifying the configuration needed to “board” the application.Type: GrantFiled: September 16, 2014Date of Patent: April 14, 2020Assignee: International Business Machines CorporationInventors: Richard Jay Cohen, Anne Louise Bolgert, Randolph Michael Forlenza, Miguel Sang, Krishna Kishore Yellepeddy
-
Publication number: 20190075082Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.Type: ApplicationFiled: December 14, 2017Publication date: March 7, 2019Inventors: Constantin Mircea Adam, Richard Jay Cohen, Robert Filepp, Milton H. Hernandez, Brian Peterson, Maja Vukovic, Sai Zeng, Guan Qun Zhang, Bhayna Agrawal
-
Publication number: 20190075081Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.Type: ApplicationFiled: September 1, 2017Publication date: March 7, 2019Inventors: Constantin Mircea Adam, Richard Jay Cohen, Robert Filepp, Milton H. Hernandez, Brian Peterson, Maja Vukovic, Sai Zeng, Guan Qun Zhang, Bhavna Agrawal
-
Patent number: 9460169Abstract: A cloud enablement aggregation proxy (CEAP) receives and processes audit data from audited resources before such data is stored in a database. The CEAP manages log data for resources hosted in a multi-tenant shared pool of configurable computing resources (e.g., a compute cloud). A method for managing log data begins by the proxy aggregating and normalizing log information received from a plurality of the resources. The aggregated and normalized log information is then parsed to identify a tenant associated with each of a set of transactions. For each of the set of transactions, the CEAP annotates log data associated with the tenant and the particular transaction to include a tenant-specific identifier. An optional tenant separation proxy (TSP) separates the annotated log data on a per tenant basis prior to storage, and the tenant-specific log data may be stored in per tenant data structures or dedicated tenant log event databases to facilitate subsequent compliance or other analysis.Type: GrantFiled: January 12, 2011Date of Patent: October 4, 2016Assignee: International Business Machines CorporationInventors: Heather M. Hinton, Richard Jay Cohen
-
Publication number: 20160080324Abstract: This disclosure describes an automated process of discovering characteristics needed to integrate a web-based application to a web portal, such as a reverse proxy. This process eliminates the need for application owners and security analysts to manually discover the information needed for the on-boarding process. To this end, application-specific information is determined by monitoring network traffic flows in and out of the application, user authentication and authorization event data, and the like. An application discovery engine analyzes the discovered data, preferably against a set of patterns and heuristic-based rules, to discover or identify the one or more application characteristics. A set of configuration data is then generated, and this configuration data is then used to integrate the application into the web reverse proxy and, in particular, by specifying the configuration needed to “board” the application.Type: ApplicationFiled: September 16, 2014Publication date: March 17, 2016Inventors: Richard Jay Cohen, Anne Louise Bolgert, Randolph Michael Forlenza, Miguel Sang, Krishna Kishore Yellepeddy
-
Patent number: 9110976Abstract: Gathering auditable data concerning actions in a cloud computing environment is automated by determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer. Optionally, in some embodiments, the requesting cloud client computer may negotiate a data exchange format with the cloud service provider for receipt of the requested auditable information.Type: GrantFiled: October 15, 2010Date of Patent: August 18, 2015Assignee: International Business Machines CorporationInventors: Anne Louise Bolgert, Raghuraman Kalyanaraman, Randolf Michael Forlenza, Richard Jay Cohen
-
Publication number: 20130254101Abstract: A method enables user-directed, selective control of payment transactions for a user's payment device by enabling a payment device user to create and manage self-defined policies on how a particular payment device (tangible or intangible) may be used. This approach enables the end user, as opposed to the financial or commercial institution, to control transactions with respect to the account. Thus, for example, using a display interface, the account holder can control factors such as: allowed or disallowed vendors, a number of charges, timing of charges, a charge frequency, types of purchases allowed, and the amount charged. This fine-grained, device-specific control mechanism enables account holders to protect financial assets against fraudulent or improper activity. The approach provides a policy management system by which user-directed options for selectively controlling and restricting payment transactions may be realized, thereby providing better security and more customized account control.Type: ApplicationFiled: March 1, 2013Publication date: September 26, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Anne Louise Bolgert, Richard Jay Cohen, Randolph Michael Forlenza, Raghuraman Kalyanaraman
-
Publication number: 20130254083Abstract: A method, apparatus and computer program product enables user-directed, selective control of payment transactions for a user's payment device. The techniques enable a payment device user to create and manage self-defined policies on how a particular payment device (tangible or intangible) may be used. This approach enables the end user, as opposed to the financial or commercial institution, to control transactions with respect to the account. Thus, for example, using a display interface, the account holder can control factors such as: allowed or disallowed vendors, a number of charges, timing of charges, a charge frequency, types of purchases allowed, and the amount charged. This fine-grained, device-specific control mechanism enables account holders to protect financial assets against fraudulent or improper activity.Type: ApplicationFiled: March 22, 2012Publication date: September 26, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Anne Louise Bolgert, Richard Jay Cohen, Randolph Michael Forlenza, Raghuraman Kalyanaraman, Suresh Vemulapalli Kumar
-
Publication number: 20120179746Abstract: Gathering auditable data concerning actions in a cloud computing environment is automated by determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer. Optionally, in some embodiments, the requesting cloud client computer may negotiate a data exchange format with the cloud service provider for receipt of the requested auditable information.Type: ApplicationFiled: March 16, 2012Publication date: July 12, 2012Applicant: International Business Machines CorporationInventors: Anne Louise Bolgert, Richard Jay Cohen, Randolf Michael Forlenza, Raghuraman Kalyanaraman
-
Publication number: 20120179646Abstract: A cloud enablement aggregation proxy (CEAP) receives and processes audit data from audited resources before such data is stored in a database. The CEAP manages log data for resources hosted in a multi-tenant shared pool of configurable computing resources (e.g., a compute cloud). A method for managing log data begins by the proxy aggregating and normalizing log information received from a plurality of the resources. The aggregated and normalized log information is then parsed to identify a tenant associated with each of a set of transactions. For each of the set of transactions, the CEAP annotates log data associated with the tenant and the particular transaction to include a tenant-specific identifier. An optional tenant separation proxy (TSP) separates the annotated log data on a per tenant basis prior to storage, and the tenant-specific log data may be stored in per tenant data structures or dedicated tenant log event databases to facilitate subsequent compliance or other analysis.Type: ApplicationFiled: January 12, 2011Publication date: July 12, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Heather M. Hinton, Richard Jay Cohen
-
Publication number: 20120096525Abstract: Gathering auditable data concerning actions in a cloud computing environment is automated by determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer. Optionally, in some embodiments, the requesting cloud client computer may negotiate a data exchange format with the cloud service provider for receipt of the requested auditable information.Type: ApplicationFiled: October 15, 2010Publication date: April 19, 2012Inventors: Anne Louise Bolgert, Richard Jay Cohen, Randolph Michael Forlenza, Raghuraman Kalyanaraman
-
Patent number: 7260838Abstract: Method, instructions and system for establishing and enforcing change password policy in a single sign-on environment. In response to receiving a change instruction identifying a first single sign-on password, the first single sign-on password is changed to create a second single sign-on password. Then a target password is retrieved. The target password is modified in a user selected manner to match the second single sign-on password to create a modified target password. The modified target password is stored. In response to a request from a user requesting access to an application, the modified target password is retrieved and the modified target password is provided to the requested application.Type: GrantFiled: December 18, 2000Date of Patent: August 21, 2007Assignee: International Business Machines CorporationInventors: Robert Delee Bones, Richard Jay Cohen, Paul Kallfelz
-
Patent number: 7000198Abstract: A frames-based Web browser is used with existing distributed computing environment (DCE) interfaces to facilitate and simplify management of DCE cells. In the preferred embodiment, administration may be performed from any secure Web browser acting as a client. Management data is typically supported on a target Web server. At the browser, CGI scripts are used to dynamically generate HTML (hypertext markup language) pages based on the network administrator's selections and the current state and defined objects in the DCE cell. The result is a robust and efficient Web-based DCE management scheme.Type: GrantFiled: October 26, 2000Date of Patent: February 14, 2006Assignee: International Business Machines CorporationInventors: Theodore Jack London Shrader, Richard Jay Cohen