Patents by Inventor Richard Ory Jerrell
Richard Ory Jerrell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11947694Abstract: A method, a computer program product, and a system for implementing a dynamic virtual database honeypot. The method includes relaying a query request received from a database client to a database and receiving, from the database, a response relating to the query request. The method also includes determining the query request is an attack on the database based on session information relating to the database and the database client, generating a honey token based on information contained within the response, generating an alternate response formatted in a same format as the response and containing artificial information that masks the information contained within the response. The method further includes inserting the honey token into the alternate response and transmitting the alternate response to the database client.Type: GrantFiled: June 29, 2021Date of Patent: April 2, 2024Assignee: International Business Machines CorporationInventors: Galia Diamant, Richard Ory Jerrell, Chun-Shuo Lin, Wei-Hsiang Hsiung, Cheng-Ta Lee, Wei-Jie Liau
-
Patent number: 11847122Abstract: An example operation may include one or more of receiving a set of structured query language (SQL) queries from one or more software applications, generating a set of SQL syntax trees that correspond to the set of SQL queries, identifying a unique subset of SQL syntax trees among the generated set of SQL syntax trees based on previously obtained SQL syntax trees, and transmitting the unique subset of SQL syntax trees to a computing system.Type: GrantFiled: April 1, 2022Date of Patent: December 19, 2023Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Chun-Shuo Lin, Galia Diamant, Richard Ory Jerrell, Leonid Rodniansky
-
Patent number: 11562095Abstract: A database protection system (DPS) mitigates injection attacks. DPS receives an unrestricted database query, extract a syntax tree, and evaluates whether it recognizes the query. To this end, DPS applies a hash function over the extracted syntax tree, and then determines whether the resulting hash has been seen by DPS before. If so, DPS retrieves a previously-generated prepared statement associated with the syntax tree, and that prepared statement is then forward to the database server in lieu of sending the original query. If the syntax tree is not recognized, DPS creates a new prepared statement, generates a hash of the syntax tree, and stores the hash and the new prepared statement, and forwards the new prepared statement. The prepared statements are configured based on the native wire protocol used by the database server, and DPS includes additional functionality by which it can learn the semantics of this protocol if necessary.Type: GrantFiled: January 28, 2021Date of Patent: January 24, 2023Assignee: International Business Machines CorporationInventors: Galia Diamant, Leonid Rodniansky, Cheng-Ta Lee, Chun-Shuo Lin, Richard Ory Jerrell
-
Publication number: 20220414245Abstract: A method, a computer program product, and a system for implementing a dynamic virtual database honeypot. The method includes relaying a query request received from a database client to a database and receiving, from the database, a response relating to the query request. The method also includes determining the query request is an attack on the database based on session information relating to the database and the database client, generating a honey token based on information contained within the response, generating an alternate response formatted in a same format as the response and containing artificial information that masks the information contained within the response. The method further includes inserting the honey token into the alternate response and transmitting the alternate response to the database client.Type: ApplicationFiled: June 29, 2021Publication date: December 29, 2022Inventors: Galia Diamant, Richard Ory Jerrell, Chun-Shuo Lin, Wei-Hsiang Hsiung, Cheng-Ta Lee, WEI-JIE LIAU
-
Patent number: 11502855Abstract: A method includes retrieving a server certificate from a server in response to a request from a client to negotiate a connection between the client and the server and generating a new server public key and a new client public key in response to the request. The method also includes generating a new server certificate using information in the server certificate. The method further includes signing the new server certificate to produce a new signed server certificate, communicating the new signed server certificate, which includes the new server public key, to the client, and generating a new client certificate using information in a client certificate received from the client. The method also includes signing the new client certificate to produce a new signed client certificate and communicating the new signed client certificate, which includes the new client public key, to the server to establish the connection.Type: GrantFiled: August 26, 2021Date of Patent: November 15, 2022Assignee: International Business Machines CorporationInventors: Richard Ory Jerrell, Mae Rockar, Galia Diamant
-
Patent number: 11481508Abstract: A mechanism is provided for monitoring and controlling data access. Responsive to intercepting a response from a server to a request for information from a client device, a security system agent applies pattern matching using a predefined set of sensitive data pattern rules to identify at least one sensitive data access included in the response. Responsive to identifying at least one sensitive data access matching one or more of the predefined set of sensitive data pattern rules, the security system agent modifies that the request from the client by marking the at least one sensitive data access as sensitive thereby forming a modified request. The security system agent sends the modified request to the security system thereby causing the security system to process the modified request without access the sensitive data associated with the at least one marked sensitive data access.Type: GrantFiled: December 15, 2020Date of Patent: October 25, 2022Assignee: International Business Machines CorporationInventors: Tania Butovsky, Leonid Rodniansky, Mikhail Shpak, Richard Ory Jerrell, Peter Maniatis, Shidong Shan
-
Publication number: 20220237314Abstract: A database protection system (DPS) mitigates injection attacks. DPS receives an unrestricted database query, extract a syntax tree, and evaluates whether it recognizes the query. To this end, DPS applies a hash function over the extracted syntax tree, and then determines whether the resulting hash has been seen by DPS before. If so, DPS retrieves a previously-generated prepared statement associated with the syntax tree, and that prepared statement is then forward to the database server in lieu of sending the original query. If the syntax tree is not recognized, DPS creates a new prepared statement, generates a hash of the syntax tree, and stores the hash and the new prepared statement, and forwards the new prepared statement. The prepared statements are configured based on the native wire protocol used by the database server, and DPS includes additional functionality by which it can learn the semantics of this protocol if necessary.Type: ApplicationFiled: January 28, 2021Publication date: July 28, 2022Applicant: International Business Machines CorporationInventors: Galia Diamant, Leonid Rodniansky, Cheng-Ta Lee, Chun-Shuo Lin, Richard Ory Jerrell
-
Publication number: 20220222259Abstract: An example operation may include one or more of receiving a set of structured query language (SQL) queries from one or more software applications, generating a set of SQL syntax trees that correspond to the set of SQL queries, identifying a unique subset of SQL syntax trees among the generated set of SQL syntax trees based on previously obtained SQL syntax trees, and transmitting the unique subset of SQL syntax trees to a computing system.Type: ApplicationFiled: April 1, 2022Publication date: July 14, 2022Inventors: Cheng-Ta Lee, Chun-Shuo Lin, Galia Diamant, Richard Ory Jerrell, Leonid Rodniansky
-
Publication number: 20220188437Abstract: A mechanism is provided for monitoring and controlling data access. Responsive to intercepting a response from a server to a request for information from a client device, a security system agent applies pattern matching using a predefined set of sensitive data pattern rules to identify at least one sensitive data access included in the response. Responsive to identifying at least one sensitive data access matching one or more of the predefined set of sensitive data pattern rules, the security system agent modifies that the request from the client by marking the at least one sensitive data access as sensitive thereby forming a modified request. The security system agent sends the modified request to the security system thereby causing the security system to process the modified request without access the sensitive data associated with the at least one marked sensitive data access.Type: ApplicationFiled: December 15, 2020Publication date: June 16, 2022Inventors: Tania Butovsky, Leonid Rodniansky, Mikhail Shpak, Richard Ory Jerrell, Peter Maniatis, Shidong Shan
-
Patent number: 11334569Abstract: An example operation may include one or more of receiving a set of structured query language (SQL) queries from one or more software applications, generating a set of SQL syntax trees that correspond to the set of SQL queries, identifying a unique subset of SQL syntax trees among the generated set of SQL syntax trees based on previously obtained SQL syntax trees, and transmitting the unique subset of SQL syntax trees to a computing system.Type: GrantFiled: January 21, 2020Date of Patent: May 17, 2022Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Chun-Shuo Lin, Galia Diamant, Richard Ory Jerrell, Leonid Rodniansky
-
Patent number: 11228607Abstract: A network protection system (NPS) is augmented to provide additional functionality—preferably within the SSL/TLS connection at the OSI presentation layer—to enable efficient management and handling of security-violating client connections. When the NPS determines to suspend a suspect application client connection, the NPS modifies the request (the TLS encrypted packet) at a random offset to include a random byte value. When the modified request is then received at the server, a TLS decryption error occurs. In response, the server drops the request gracefully and, in particular, a termination response is returned from the server to the NPS, which then passes the termination response back to the requesting client.Type: GrantFiled: November 9, 2019Date of Patent: January 18, 2022Assignee: International Business Machines CorporationInventors: Leonid Rodniansky, Viktor Ginzburg, Richard Ory Jerrell, Galia Diamant
-
Publication number: 20210224281Abstract: An example operation may include one or more of receiving a set of structured query language (SQL) queries from one or more software applications, generating a set of SQL syntax trees that correspond to the set of SQL queries, identifying a unique subset of SQL syntax trees among the generated set of SQL syntax trees based on previously obtained SQL syntax trees, and transmitting the unique subset of SQL syntax trees to a computing system.Type: ApplicationFiled: January 21, 2020Publication date: July 22, 2021Inventors: Cheng-Ta Lee, Chun-Shuo Lin, Galia Diamant, Richard Ory Jerrell, Leonid Rodniansky
-
Publication number: 20210144160Abstract: A network protection system (NPS) is augmented to provide additional functionality—preferably within the SSL/TLS connection at the OSI presentation layer—to enable efficient management and handling of security-violating client connections. When the NPS determines to suspend a suspect application client connection, the NPS modifies the request (the TLS encrypted packet) at a random offset to include a random byte value. When the modified request is then received at the server, a TLS decryption error occurs. In response, the server drops the request gracefully and, in particular, a termination response is returned from the server to the NPS, which then passes the termination response back to the requesting client.Type: ApplicationFiled: November 9, 2019Publication date: May 13, 2021Applicant: International Business Machines CorporationInventors: Leonid Rodniansky, Viktor Ginzburg, Richard Ory Jerrell, Galia Diamant
-
Patent number: 9069628Abstract: The techniques herein provide for “time-shifting” of intercepted system calls to enable a one-to-many (1:n) or a many-to-one (n:1) mapping of intercepted-to-real system calls. Any action that needs to be applied on the logical boundaries of the data (instead of the physical boundaries) presented upon system call interception spools (buffers) the data before taking the action and then unspools the result when finished. The action may be quite varied, e.g., examining the data, redacting the data, changing the data, restricting the data, processing the data, and updating the data, among others. The technique may be implemented in a database access control system.Type: GrantFiled: April 10, 2013Date of Patent: June 30, 2015Assignee: International Business Machines CorporationInventors: Richard Ory Jerrell, Ury Segal, Galia Diamant
-
Publication number: 20140310727Abstract: The techniques herein provide for “time-shifting” of intercepted system calls to enable a one-to-many (1:n) or a many-to-one (n:1) mapping of intercepted-to-real system calls. Any action that needs to be applied on the logical boundaries of the data (instead of the physical boundaries) presented upon system call interception spools (buffers) the data before taking the action and then unspools the result when finished. The action may be quite varied, e.g., examining the data, redacting the data, changing the data, restricting the data, processing the data, and updating the data, among others. The technique may be implemented in a database access control system.Type: ApplicationFiled: April 10, 2013Publication date: October 16, 2014Applicant: International Business Machines CorporationInventors: Richard Ory Jerrell, Ury Segal, Galia Diamant