Patents by Inventor Stephen D. Pipes
Stephen D. Pipes has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10805798Abstract: Aspects of the present invention provide an approach for user authentication during a user session which potentially requires multiple user authentications. A library of authentication methods is provided for preforming the user authentications. For authentication, a threshold contribution value is set which needs to be exceeded for authentication to occur. To carry out the authentication, a chain of authentication methods is constructed at run time, selected from the library in order to provide an aggregate contribution value which exceeds the threshold. During run time, the contribution value of each authentication method is dynamically adjusted, so that construction of the chain uses current amounts for the contribution values of each authentication method. This allows the chain to be reconstructed at run time taking into account changing circumstances. Specifically, not yet executed authentication methods may be unlinked from the chain and replaced with one or more new ones.Type: GrantFiled: April 16, 2019Date of Patent: October 13, 2020Assignee: International Business Machines CorporationInventors: Sophie D. Green, Joe Pavitt, Stephen D. Pipes
-
Publication number: 20190246274Abstract: Aspects of the present invention provide an approach for user authentication during a user session which potentially requires multiple user authentications. A library of authentication methods is provided for preforming the user authentications. For authentication, a threshold contribution value is set which needs to be exceeded for authentication to occur. To carry out the authentication, a chain of authentication methods is constructed at run time, selected from the library in order to provide an aggregate contribution value which exceeds the threshold. During run time, the contribution value of each authentication method is dynamically adjusted, so that construction of the chain uses current amounts for the contribution values of each authentication method. This allows the chain to be reconstructed at run time taking into account changing circumstances. Specifically, not yet executed authentication methods may be unlinked from the chain and replaced with one or more new ones.Type: ApplicationFiled: April 16, 2019Publication date: August 8, 2019Inventors: Sophie D. Green, Joe Pavitt, Stephen D. Pipes
-
Patent number: 10362481Abstract: Aspects of the present invention provide an approach for user authentication during a user session which potentially requires multiple user authentications. A library of authentication methods is provided for preforming the user authentications. For authentication, a threshold contribution value is set which needs to be exceeded for authentication to occur. To carry out the authentication, a chain of authentication methods is constructed at run time, selected from the library in order to provide an aggregate contribution value which exceeds the threshold. During run time, the contribution value of each authentication method is dynamically adjusted, so that construction of the chain uses current amounts for the contribution values of each authentication method. This allows the chain to be reconstructed at run time taking into account changing circumstances. Specifically, not yet executed authentication methods may be unlinked from the chain and replaced with one or more new ones.Type: GrantFiled: November 15, 2016Date of Patent: July 23, 2019Assignee: International Business Machines CorporationInventors: Sophie D. Green, Joe Pavitt, Stephen D. Pipes
-
Patent number: 10102365Abstract: An approach is described for authenticating a user. An associated method includes displaying a dynamic image on a display screen, detecting a user interaction with the displayed image, and detecting a duration of the detected user interaction. The method further includes comparing the detected user interaction and the detected duration with a stored user interaction and a stored duration. The method further includes authenticating the user upon determining that the detected user interaction matches the stored user interaction and the detected duration matches the stored duration. In an embodiment, the method further includes transmitting the detected user interaction and the detected duration to a remote device. In such embodiment, the method step of comparing the detected user interaction and the detected duration with the stored user interaction and the stored duration is performed by the remote device.Type: GrantFiled: January 23, 2015Date of Patent: October 16, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: David P. George, Benjamin J. Hardill, Stephen D. Pipes, Robert S. Smart
-
Patent number: 10097527Abstract: A method of managing authentication during a user session comprises the steps of operating a user session for a specific user, maintaining a user authentication level for the user session, monitoring one or more factors relating to the user's activity, applying one or more rules to the monitored factors, detecting that a rule has indicated the user's current authentication level is too high, and lowering the user's authentication level, without ending the user's session.Type: GrantFiled: August 21, 2015Date of Patent: October 9, 2018Assignee: International Business Machines CorporationInventors: Kevin C. Brown, Peter W. Jenkins, Stephen D. Pipes, Larissa C. Romualdo Suzuki
-
Patent number: 10063563Abstract: A method indicates a trustworthiness of data processed in accordance with a processing rule. A first trust weight is assigned to a data item to be processed to provide a weighted data item, the first trust weight representing a level of trust in the data item. A trust value is selected from a set of data trust values, the selected trust value being representative of a determined level of trust in the data item. The selected trust value is defined as the first trust weight which is associated with the data item. The first trust weight is assigned to a processing rule to provide a weighted processing rule, the first trust weight representing a level of trust in the processing rule. The weighted data item is processed in accordance with the weighted processing rule to generate a data output and an indication of a trust level for the data output.Type: GrantFiled: January 4, 2017Date of Patent: August 28, 2018Assignee: International Business Machines CorporationInventors: Saritha Arunkumar, Stephen D. Pipes, Mudhakar Srivatsa
-
Publication number: 20180139606Abstract: Aspects of the present invention provide an approach for user authentication during a user session which potentially requires multiple user authentications. A library of authentication methods is provided for preforming the user authentications. For authentication, a threshold contribution value is set which needs to be exceeded for authentication to occur. To carry out the authentication, a chain of authentication methods is constructed at run time, selected from the library in order to provide an aggregate contribution value which exceeds the threshold. During run time, the contribution value of each authentication method is dynamically adjusted, so that construction of the chain uses current amounts for the contribution values of each authentication method. This allows the chain to be reconstructed at run time taking into account changing circumstances. Specifically, not yet executed authentication methods may be unlinked from the chain and replaced with one or more new ones.Type: ApplicationFiled: November 15, 2016Publication date: May 17, 2018Inventors: Sophie D. Green, Joe Pavitt, Stephen D. Pipes
-
Patent number: 9876784Abstract: A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device.Type: GrantFiled: February 6, 2017Date of Patent: January 23, 2018Assignee: International Business Machines CorporationInventors: Saritha Arunkumar, Stephen D. Pipes
-
Patent number: 9871804Abstract: Providing a user apparatus access to a computer system including services and authentication levels. A service request is determined for at least one of the services from a user apparatus. A distributed authentication provider is negotiated with to provide an authentication level based access control for the plurality of authentication levels associated with the plurality of services. The user apparatus to is redirected to access the distributed authentication provider such that the user apparatus authenticates itself at the distributed authentication provider for the authentication level associated with the at least one of the services within the service request. The user apparatus is provided access to the at least one of the services within the service request based on a successful authentication at the distributed authentication provider for the authentication level associated with the at least one of the services within the service request.Type: GrantFiled: January 11, 2017Date of Patent: January 16, 2018Assignee: International Business Machines CorporationInventors: John Duffell, Sam Marland, Stephen D. Pipes
-
Publication number: 20170310680Abstract: A method indicates a trustworthiness of data processed in accordance with a processing rule. A first trust weight is assigned to a data item to be processed to provide a weighted data item, the first trust weight representing a level of trust in the data item. A trust value is selected from a set of data trust values, the selected trust value being representative of a determined level of trust in the data item. The selected trust value is defined as the first trust weight which is associated with the data item. The first trust weight is assigned to a processing rule to provide a weighted processing rule, the first trust weight representing a level of trust in the processing rule. The weighted data item is processed in accordance with the weighted processing rule to generate a data output and an indication of a trust level for the data output.Type: ApplicationFiled: January 4, 2017Publication date: October 26, 2017Inventors: SARITHA ARUNKUMAR, STEPHEN D. PIPES, MUDHAKAR SRIVATSA
-
Patent number: 9699178Abstract: A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device.Type: GrantFiled: November 25, 2014Date of Patent: July 4, 2017Assignee: International Business Machines CorporationInventors: Saritha Arunkumar, Stephen D. Pipes
-
Patent number: 9699179Abstract: A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device.Type: GrantFiled: April 15, 2015Date of Patent: July 4, 2017Assignee: International Business Machines CorporationInventors: Saritha Arunkumar, Stephen D. Pipes
-
Patent number: 9680932Abstract: A method, system and/or computer program product secures response data sent from a responder to a querier. Path information for query data is collected. The path information identifies paths from the querier to the responder and includes a physical machine identifier for each node hosted by a physical machine. One or more sets of return paths are identified for sending response data. For each set of return paths, any return paths that utilize any nodes sharing a physical machine identifier with any node present in another of the return paths within the set of return paths are discarded. The response data is split into a plurality of portions, and each of the plurality of portions is sent from the responder to the querier using a different return path selected from one of the set of return paths.Type: GrantFiled: October 8, 2014Date of Patent: June 13, 2017Assignee: International Business Machines CorporationInventors: Thomas J. C. Berman, Stephen D. Pipes
-
Publication number: 20170149763Abstract: A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device.Type: ApplicationFiled: February 6, 2017Publication date: May 25, 2017Inventors: Saritha Arunkumar, Stephen D. Pipes
-
Publication number: 20170126696Abstract: Providing a user apparatus access to a computer system including services and authentication levels. A service request is determined for at least one of the services from a user apparatus. A distributed authentication provider is negotiated with to provide an authentication level based access control for the plurality of authentication levels associated with the plurality of services. The user apparatus to is redirected to access the distributed authentication provider such that the user apparatus authenticates itself at the distributed authentication provider for the authentication level associated with the at least one of the services within the service request. The user apparatus is provided access to the at least one of the services within the service request based on a successful authentication at the distributed authentication provider for the authentication level associated with the at least one of the services within the service request.Type: ApplicationFiled: January 11, 2017Publication date: May 4, 2017Inventors: John Duffell, Sam Marland, Stephen D. Pipes
-
Patent number: 9621563Abstract: The method includes identifying a computing device attempting to access content. The method further includes identifying a defined geographical boundary that is associated with the content, wherein the defined geographical boundary includes coordinates that define a geographical area that allows access to the content within the defined geographical boundary. The method further includes determining a geographical location of the computing device. The method further includes determining whether the geographical location of the computing device is within the identified defined geographical boundary.Type: GrantFiled: March 27, 2015Date of Patent: April 11, 2017Assignee: International Business Machines CorporationInventors: Saritha Arunkumar, Raghu K. Ganti, Stephen D. Pipes, Mudhakar Srivatsa
-
Patent number: 9602510Abstract: Providing a user apparatus access to a computer system including services and authentication levels. A service request is determined for at least one of the services from a user apparatus. A distributed authentication provider is negotiated with to provide an authentication level based access control for the plurality of authentication levels associated with the plurality of services. The user apparatus to is redirected to access the distributed authentication provider such that the user apparatus authenticates itself at the distributed authentication provider for the authentication level associated with the at least one of the services within the service request. The user apparatus is provided access to the at least one of the services within the service request based on a successful authentication at the distributed authentication provider for the authentication level associated with the at least one of the services within the service request.Type: GrantFiled: February 23, 2015Date of Patent: March 21, 2017Assignee: International Business Machines CorporationInventors: John Duffell, Sam Marland, Stephen D. Pipes
-
Patent number: 9602511Abstract: Providing a user apparatus access to a computer system including services and authentication levels. A service request is determined for at least one of the services from a user apparatus. A distributed authentication provider is negotiated with to provide an authentication level based access control for the plurality of authentication levels associated with the plurality of services. The user apparatus to is redirected to access the distributed authentication provider such that the user apparatus authenticates itself at the distributed authentication provider for the authentication level associated with the at least one of the services within the service request. The user apparatus is provided access to the at least one of the services within the service request based on a successful authentication at the distributed authentication provider for the authentication level associated with the at least one of the services within the service request.Type: GrantFiled: February 23, 2015Date of Patent: March 21, 2017Assignee: International Business Machines CorporationInventors: John Duffell, Sam Marland, Stephen D. Pipes
-
Patent number: 9585011Abstract: Anonymizing location information of a mobile device by an anonymization provider. The anonymizing provider receives, from the mobile device, location information identifying the location of the mobile device and an anonymity requirement. The anonymization provider selects an obfuscation value indicating an extent of location obfuscation that satisfies the received anonymity requirement. The extent of location obfuscation determines location boundaries within which a generated obfuscated location will reside. The anonymization provider generates an obfuscated location for the mobile device and sends the obfuscated location to the mobile device.Type: GrantFiled: February 18, 2016Date of Patent: February 28, 2017Assignee: International Business Machines CorporationInventors: Saritha Arunkumar, Stephen D. Pipes, Mudhakar Srivatsa
-
Patent number: 9571505Abstract: A method and/or computer program product indicates a trustworthiness of data processed in accordance with a processing rule. A first trust weight is assigned to a data item to be processed to provide a weighted data item, the first trust weight representing a level of trust in the data item. A second trust weight is assigned to the processing rule to provide a weighted processing rule, the second trust weight representing a level of trust in the processing rule. The weighted data item is processed in accordance with the weighted processing rule to generate a data output and an indication of a level of trust in the data output.Type: GrantFiled: December 1, 2014Date of Patent: February 14, 2017Assignee: International Business Machines CorporationInventors: Saritha Arunkumar, Stephen D. Pipes, Mudhakar Srivatsa