Patents by Inventor Ricky Hei Wong Chan
Ricky Hei Wong Chan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12155640Abstract: Systems and methods for cloud federated token just in time authorization are disclosed. A method may include: (1) receiving, by a cloud authentication services computer program, authenticating information for a user from an active directory federation service computer program; (2) querying, by the cloud authentication services computer program, a plurality of backend services to validate the authenticating information; (3) communicating, by the cloud authentication services computer program, validation to the active directory federation service computer program, wherein the active directory federation service computer program is configured to generate a security token comprising one or more assertion, wherein the assertion comprises a limit on a session with the user at a cloud platform, and wherein the cloud platform is configured to receive the security token and a trusted federated endpoint executed by the cloud platform is configured to enforce the limit on the session.Type: GrantFiled: October 21, 2021Date of Patent: November 26, 2024Assignee: JPMORGAN CHASE BANK, N.A.Inventors: Kanishka Hettiarachchi, Ricky Hei Wong Chan, Renfei Zhang, Ross S Indyke, Vijay Basker Balakrishnan, Vladimir Belinkis, Joseph Schilling, Ramesh Krishnamurthy
-
Patent number: 11729179Abstract: In one embodiment, in access gateway comprising at least one computer processor, a method for real-time data protection may include: (1) receiving a user login comprising a user identifier; (2) retrieving, using an in-memory entitlements graph, a role definition for the user identifier, wherein the role definition comprises allowed actions, entitled assets, and a system account; (3) receiving a selection of a requested asset from the entitled assets and a requested action from the allowed actions; (4) verifying the user's entitlement to access the requested asset and perform the requested action with the system account using the in-memory entitlement graph based on the user identifier, the system account, the requested asset, and the requested action; and (5) authorizing the user's entitlement to access the requested asset and perform the requested action with the system account substantially at a time of requested access.Type: GrantFiled: March 15, 2021Date of Patent: August 15, 2023Assignee: JPMORGAN CHASE BANK, N.A.Inventors: Rejith G. Kurup, Kanishka Hettiarachchi, Vladimir Belinkis, Ish K. Ahluwalia, Ricky Hei Wong Chan, Dennis Joseph
-
Publication number: 20230129824Abstract: Systems and methods for cloud federated token just in time authorization are disclosed. A method may include: (1) receiving, by a cloud authentication services computer program, authenticating information for a user from an active directory federation service computer program; (2) querying, by the cloud authentication services computer program, a plurality of backend services to validate the authenticating information; (3) communicating, by the cloud authentication services computer program, validation to the active directory federation service computer program, wherein the active directory federation service computer program is configured to generate a security token comprising one or more assertion, wherein the assertion comprises a limit on a session with the user at a cloud platform, and wherein the cloud platform is configured to receive the security token and a trusted federated endpoint executed by the cloud platform is configured to enforce the limit on the session.Type: ApplicationFiled: October 21, 2021Publication date: April 27, 2023Inventors: Kanishka HETTIARACHCHI, Ricky Hei Wong CHAN, Renfei ZHANG, Ross S INDYKE, Vijay Basker BALAKRISHNAN, Vladimir BELINKIS, Joseph SCHILLING, Ramesh KRISHNAMURTHY
-
Patent number: 11546362Abstract: Systems and methods for data-driven infrastructure controls are disclosed. According to one embodiment, in an information processing apparatus comprising at least one computer processor, a computer-implemented method for automatically detecting anomalous user behavior within a unified entitlement framework may include: (1) receiving an access request for a technology asset from a user on a computing device, the access request comprising session data comprising one or more of user identification, user location, key strokes, and user computing device identification; (2) applying an entitlement-specific machine learning algorithm to the session data to generate an anomaly score; (3) storing the session data and associated anomaly score; (4) sending a review request to a manager; (5) receiving review results from the manager; and (6) updating the entitlement-specific machine learning algorithm based on the anomaly score and the review results from the manager.Type: GrantFiled: April 28, 2020Date of Patent: January 3, 2023Assignee: JPMORGAN CHASE BANK, N.A.Inventors: Rejith G. Kurup, Kanishka Hettiarachchi, Vladimir Belinkis, Ish K. Ahluwalia, Ricky Hei Wong Chan, Dennis Joseph
-
Patent number: 11165854Abstract: An embodiment of the present invention may be directed to large scale screen capturing on operating systems across global data center deployments. The system performs monitoring and recording activities, reporting and auditing the activities and further implementing an autonomous (agentless) deployment model. The system may orchestrate a number of agents to execute on an asynchronous basis to capture and aggregate screen data as well as identify associated metadata in real time. The system may also publish the aggregated screen data.Type: GrantFiled: April 22, 2020Date of Patent: November 2, 2021Assignee: JPMorgan Chase Bank, N.A.Inventors: Ramesh Krishnamurthy, Ricky Hei Wong Chan, Vijaya Basker Balakrishnan, Ross S. Indyke, Renfei Zhang, Kanishka Hettiarachchi
-
Publication number: 20210337013Abstract: An embodiment of the present invention may be directed to performing monitoring and recording activities, reporting and auditing the activities and further implementing an autonomous (agentless) deployment model.Type: ApplicationFiled: April 22, 2020Publication date: October 28, 2021Inventors: Ramesh Krishnamurthy, Ricky Hei Wong Chan, Vijaya Basker Balakrishnan, Ross S. Indyke, Renfei Zhang, Kanishka Hettiarachchi
-
Publication number: 20210203663Abstract: In one embodiment, in access gateway comprising at least one computer processor, a method for real-time data protection may include: (1) receiving a user login comprising a user identifier; (2) retrieving, using an in-memory entitlements graph, a role definition for the user identifier, wherein the role definition comprises allowed actions, entitled assets, and a system account; (3) receiving a selection of a requested asset from the entitled assets and a requested action from the allowed actions; (4) verifying the user's entitlement to access the requested asset and perform the requested action with the system account using the in-memory entitlement graph based on the user identifier, the system account, the requested asset, and the requested action; and (5) authorizing the user's entitlement to access the requested asset and perform the requested action with the system account substantially at a time of requested access.Type: ApplicationFiled: March 15, 2021Publication date: July 1, 2021Inventors: Rejith G. Kurup, Kanishka Hettiarachchi, Vladimir Belinkis, Ish K. Ahluwalia, Ricky Hei Wong Chan, Dennis Joseph
-
Patent number: 10951624Abstract: In one embodiment, in access gateway comprising at least one computer processor, a method for real-time data protection may include: (1) receiving a user login comprising a user identifier; (2) retrieving, using an in-memory entitlements graph, a role definition for the user identifier, wherein the role definition comprises allowed actions, entitled assets, and a system account; (3) receiving a selection of a requested asset from the entitled assets and a requested action from the allowed actions; (4) verifying the user's entitlement to access the requested asset and perform the requested action with the system account using the in-memory entitlement graph based on the user identifier, the system account, the requested asset, and the requested action; and (5) authorizing the user's entitlement to access the requested asset and perform the requested action with the system account substantially at a time of requested access.Type: GrantFiled: December 14, 2018Date of Patent: March 16, 2021Assignee: JPMORGAN CHASE BANK, N.A.Inventors: Rejith G. Kurup, Kanishka Hettiarachchi, Vladimir Belinkis, Ish K. Ahluwalia, Ricky Hei Wong Chan, Dennis Joseph
-
Publication number: 20200344253Abstract: Systems and methods for data-driven infrastructure controls are disclosed. According to one embodiment, in an information processing apparatus comprising at least one computer processor, a computer-implemented method for automatically detecting anomalous user behavior within a unified entitlement framework may include: (1) receiving an access request for a technology asset from a user on a computing device, the access request comprising session data comprising one or more of user identification, user location, key strokes, and user computing device identification; (2) applying an entitlement-specific machine learning algorithm to the session data to generate an anomaly score; (3) storing the session data and associated anomaly score; (4) sending a review request to a manager; (5) receiving review results from the manager; and (6) updating the entitlement-specific machine learning algorithm based on the anomaly score and the review results from the manager.Type: ApplicationFiled: April 28, 2020Publication date: October 29, 2020Inventors: Rejith G. KURUP, Kanishka HETTIARACHCHI, Vladimir BELINKIS, Ish K. AHLUWALIA, Ricky Hei Wong CHAN, Dennis JOSEPH
-
Publication number: 20200195650Abstract: In one embodiment, in access gateway comprising at least one computer processor, a method for real-time data protection may include: (1) receiving a user login comprising a user identifier; (2) retrieving, using an in-memory entitlements graph, a role definition for the user identifier, wherein the role definition comprises allowed actions, entitled assets, and a system account; (3) receiving a selection of a requested asset from the entitled assets and a requested action from the allowed actions; (4) verifying the user's entitlement to access the requested asset and perform the requested action with the system account using the in-memory entitlement graph based on the user identifier, the system account, the requested asset, and the requested action; and (5) authorizing the user's entitlement to access the requested asset and perform the requested action with the system account substantially at a time of requested access.Type: ApplicationFiled: December 14, 2018Publication date: June 18, 2020Inventors: Rejith G. Kurup, Kanishka Hettiarachchi, Vladimir Belinkis, Ish K. Ahluwalia, Ricky Hei Wong Chan, Dennis Joseph