Patents by Inventor Robert Hoy
Robert Hoy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10673885Abstract: A user state tracking and anomaly detector for multi-tenant SaaS applications operates in association with a log management solution, such as a SIEM. A given SaaS application has many user STATES, and the applications often have dependencies on one another that arise, for example, when a particular application makes a request (typically on behalf of a user) to take some action with respect to another application. The detector includes a mapper that maps the large number of user STATES to a reduced number of mapped states (e.g., “red” and “green”), and a dependency module that generates user-resource dependency graphs. Using a dependency graph, a SaaS modeler in the detector checks whether a particular dependency-based request associated with a SaaS application is valid. State and dependency information generated by the mapper and dependency module are reported back to the log management solution to facilitate improved logging and anomaly detection.Type: GrantFiled: February 4, 2019Date of Patent: June 2, 2020Assignee: International Business Machines CorporationInventors: Ravi Krishnan Muthukrishnan, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Kaushal Kiran Kapadia, Nataraj Nagaratnam
-
Patent number: 10673900Abstract: This disclosure provides the ability for a cloud application to specify its security requirements, the ability to have those requirements evaluated, e.g., against a specific cloud deployment environment, and the ability to enable the application to control a cloud-based security assurance service to provision additional security technology in the cloud to support deployment (or re-deployment elsewhere) of the application if the environment does not have the necessary topology and security resources deployed. To this end, the application queries the service by passing a set of application-based security rights. If the security capabilities provided by the security assurance service are sufficient or better than the application's security rights, the application functions normally. If, however, the security environment established by the security assurance service is insufficient for the application, the application is afforded one or more remediation options, e.g.Type: GrantFiled: September 11, 2017Date of Patent: June 2, 2020Assignee: HCL Technologies LimitedInventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Sreekanth Ramakrishna Iyer
-
Patent number: 10628682Abstract: Using mobile devices in a gesture based security system is described. An image based feed is received from a camera incorporated in a first mobile device. The first mobile device is in communication with the gesture based security system. The camera has a view of one of a plurality of secured areas monitored by the gesture based security system. A gesture is recognized within the feed. Non-gesture metadata from the mobile device is associated with the recognized gesture. The non-gesture metadata is used to determine that the image based feed is a view of a first secured area of the plurality of secured areas. The determination whether the recognized gesture is an approved gesture within the first secured area is made according to non-gesture metadata associated with the recognized gesture.Type: GrantFiled: April 29, 2016Date of Patent: April 21, 2020Assignee: International Business Machines CorporationInventors: Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Nataraj Nagaratnam
-
Publication number: 20190173903Abstract: A user state tracking and anomaly detector for multi-tenant SaaS applications operates in association with a log management solution, such as a SIEM. A given SaaS application has many user STATES, and the applications often have dependencies on one another that arise, for example, when a particular application makes a request (typically on behalf of a user) to take some action with respect to another application. The detector includes a mapper that maps the large number of user STATES to a reduced number of mapped states (e.g., “red” and “green”), and a dependency module that generates user-resource dependency graphs. Using a dependency graph, a SaaS modeler in the detector checks whether a particular dependency-based request associated with a SaaS application is valid. State and dependency information generated by the mapper and dependency module are reported back to the log management solution to facilitate improved logging and anomaly detection.Type: ApplicationFiled: February 4, 2019Publication date: June 6, 2019Applicant: International Business Machines CorporationInventors: Ravi Krishnan Muthukrishnan, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Kaushal Kiran Kapadia, Nataraj Nagaratnam
-
Patent number: 10244002Abstract: A cloud infrastructure security assurance service is enhanced to facilitate bursting of cloud applications into other cloud infrastructures. The security assurance service provides a mechanism to enable creation and management of secure application zones within a cloud infrastructure. When the security assurance service receives an indication that a workload associated with a cloud application triggers a cloud burst, the service is extended into a new cloud infrastructure. Once the security assurance service is instantiated in the new cloud infrastructure, it identifies the broad security requirements of the application, as well as the security capabilities of the new environment. Using this information, the security assurance service computes a minimal security environment needed by the cloud application for the burst operation.Type: GrantFiled: December 25, 2017Date of Patent: March 26, 2019Assignee: International Business Machines CorporaionInventors: Jeffrey Robert Hoy, Nataraj Nagaratnam, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Sreekanth Ramakrishna Iyer
-
Patent number: 10237064Abstract: This disclosure involves the notion of using physical objects to generate public key-based authenticators and, in particular, to use “everyday” physical objects to create a generator seed for a key generator that will use that seed to generate a key pair comprising a public key, and its associated private key. In a preferred approach, the physical object is used to create a digital representation (of the physical object) that, together with some uniqueness associated to the user, gives rise to a key generator seed value. Without knowledge of (a) the physical object itself, (b) how the physical object characteristic is converted (to a digital representation), and (c) the uniqueness value, an attacker cannot reproduce the key generator seed (or the key(s) generated from that seed).Type: GrantFiled: December 25, 2017Date of Patent: March 19, 2019Assignee: International Business Machines CorporationInventors: Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Nataraj Nagaratnam
-
Patent number: 10212190Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.Type: GrantFiled: December 5, 2017Date of Patent: February 19, 2019Assignee: International Business Machines CorporationInventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi
-
Patent number: 10200387Abstract: A user state tracking and anomaly detector for multi-tenant SaaS applications operates in association with a log management solution, such as a SIEM. A given SaaS application has many user STATES, and the applications often have dependencies on one another that arise, for example, when a particular application makes a request (typically on behalf of a user) to take some action with respect to another application. The detector includes a mapper that maps the large number of user STATES to a reduced number of mapped states (e.g., “red” and “green”), and a dependency module that generates user-resource dependency graphs. Using a dependency graph, a SaaS modeler in the detector checks whether a particular dependency-based request associated with a SaaS application is valid. State and dependency information generated by the mapper and dependency module are reported back to the log management solution to facilitate improved logging and anomaly detection.Type: GrantFiled: November 30, 2015Date of Patent: February 5, 2019Assignee: International Business Machines CorporationInventors: Ravi Krishnan Muthukrishnan, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Kaushal Kiran Kapadia, Nataraj Nagaratnam
-
Patent number: 10142293Abstract: A method, apparatus and computer program product manage a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment. A method in a first VPN agent manages a first VPN tunnel in a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment. The VPN agent receives a request from a VPN manager. The request includes a first set of requirements for the first VPN tunnel in the plurality of VPN tunnels. The VPN agent creates the first VPN tunnel according to the first set of requirements. The VPN agent tunes the first VPN tunnel according to a second set of requirements. The tuning of the first VPN tunnel can include merging the first VPN tunnel with a second VPN tunnel, or splitting the first VPN tunnel into a first and second VPN tunnel.Type: GrantFiled: December 15, 2015Date of Patent: November 27, 2018Assignee: International Business Machines CorporationInventors: Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Nataraj Nagaratnam
-
Patent number: 10028139Abstract: A technique to enforce a physical security constraint leverages a user's mobile device while at the same time enabling the user to continue use of the device for appropriate purposes within a restricted area. A user's access to a restricted area with his or her mobile device in effect is “conditioned” upon installation (on the device) of an endpoint agent that controls features of the mobile device based on one or more factors, such as the user's role, a current location of the user within the restricted area, and other criteria as defined in a security policy. Preferably, the agent is instantiated automatically when the user enters the restricted area, with the device then restored to its prior state when the user leaves the restricted area. The particular features of the mobile device that are controlled may be varied, even within particular zones of the restricted area itself.Type: GrantFiled: March 28, 2015Date of Patent: July 17, 2018Assignee: International Business Machines CorporationInventors: Sreekanth Ramakrishna Iyer, Jeffrey Robert Hoy, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Nataraj Nagaratnam
-
Publication number: 20180124119Abstract: A cloud infrastructure security assurance service is enhanced to facilitate bursting of cloud applications into other cloud infrastructures. The security assurance service provides a mechanism to enable creation and management of secure application zones within a cloud infrastructure. When the security assurance service receives an indication that a workload associated with a cloud application triggers a cloud burst, the service is extended into a new cloud infrastructure. Once the security assurance service is instantiated in the new cloud infrastructure, it identifies the broad security requirements of the application, as well as the security capabilities of the new environment. Using this information, the security assurance service computes a minimal security environment needed by the cloud application for the burst operation.Type: ApplicationFiled: December 25, 2017Publication date: May 3, 2018Inventors: Jeffrey Robert Hoy, Nataraj Nagaratnam, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Sreekanth Ramakrishna Iyer
-
Publication number: 20180109380Abstract: This disclosure involves the notion of using physical objects to generate public key-based authenticators and, in particular, to use “everyday” physical objects to create a generator seed for a key generator that will use that seed to generate a key pair comprising a public key, and its associated private key. In a preferred approach, the physical object is used to create a digital representation (of the physical object) that, together with some uniqueness associated to the user, gives rise to a key generator seed value. Without knowledge of (a) the physical object itself, (b) how the physical object characteristic is converted (to a digital representation), and (c) the uniqueness value, an attacker cannot reproduce the key generator seed (or the key(s) generated from that seed).Type: ApplicationFiled: December 25, 2017Publication date: April 19, 2018Inventors: Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Nataraj Nagaratnam
-
Publication number: 20180103067Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.Type: ApplicationFiled: December 5, 2017Publication date: April 12, 2018Inventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi
-
Patent number: 9912477Abstract: This disclosure involves the notion of using physical objects to generate public key-based authenticators and, in particular, to use “everyday” physical objects to create a generator seed for a key generator that will use that seed to generate a key pair comprising a public key, and its associated private key. In a preferred approach, the physical object is used to create a digital representation (of the physical object) that, together with some uniqueness associated to the user, gives rise to a key generator seed value. Without knowledge of (a) the physical object itself, (b) how the physical object characteristic is converted (to a digital representation), and (c) the uniqueness value, an attacker cannot reproduce the key generator seed (or the key(s) generated from that seed).Type: GrantFiled: August 8, 2017Date of Patent: March 6, 2018Assignee: International Business Machines CorporationInventors: Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Nataraj Nagaratnam
-
Patent number: 9912701Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.Type: GrantFiled: March 25, 2016Date of Patent: March 6, 2018Assignee: International Business Machines CorporationInventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi
-
Patent number: 9888040Abstract: A cloud infrastructure security assurance service is enhanced to facilitate bursting of cloud applications into other cloud infrastructures. The security assurance service provides a mechanism to enable creation and management of secure application zones within a cloud infrastructure. When the security assurance service receives an indication that a workload associated with a cloud application triggers a cloud burst, the service is extended into a new cloud infrastructure. Once the security assurance service is instantiated in the new cloud infrastructure, it identifies the broad security requirements of the application, as well as the security capabilities of the new environment. Using this information, the security assurance service computes a minimal security environment needed by the cloud application for the burst operation.Type: GrantFiled: July 11, 2015Date of Patent: February 6, 2018Assignee: International Business Machines CorporationInventors: Jeffrey Robert Hoy, Nataraj Nagaratnam, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Sreekanth Ramakrishna Iyer
-
Publication number: 20180027022Abstract: This disclosure provides the ability for a cloud application to specify its security requirements, the ability to have those requirements evaluated, e.g., against a specific cloud deployment environment, and the ability to enable the application to control a cloud-based security assurance service to provision additional security technology in the cloud to support deployment (or re-deployment elsewhere) of the application if the environment does not have the necessary topology and security resources deployed. To this end, the application queries the service by passing a set of application-based security rights. If the security capabilities provided by the security assurance service are sufficient or better than the application's security rights, the application functions normally. If, however, the security environment established by the security assurance service is insufficient for the application, the application is afforded one or more remediation options, e.g.Type: ApplicationFiled: September 11, 2017Publication date: January 25, 2018Inventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Sreekanth Ramakrishna Iyer
-
Patent number: 9876822Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.Type: GrantFiled: November 28, 2014Date of Patent: January 23, 2018Assignee: International Business Machines CorporationInventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi
-
Patent number: 9875399Abstract: A method, apparatus and computer program product for improving differentiation in a gesture based security system is described. An image based feed from a camera is received by the gesture based security system. The camera has a view of a first secured area. A first gesture within the feed is recognized, producing a first recognized gesture. The first recognized gesture is determined to be an unclassified gesture for the first secured area. Non-gesture metadata is associated with the first recognized gesture. The first recognized gesture and the associated non-gesture metadata are transmitted together for classification of the first recognized gesture. The first recognized gesture is classified as one of the following: an approved gesture within the first secured area, an unapproved gesture within the first secured area or a suspicious gesture within the first secured area.Type: GrantFiled: April 29, 2016Date of Patent: January 23, 2018Assignee: International Business Machines CorporationInventors: Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Nataraj Nagaratnam
-
Patent number: 9871822Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.Type: GrantFiled: November 28, 2014Date of Patent: January 16, 2018Assignee: International Business Machines CorporationInventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi