Patents by Inventor Steven A. Bade

Steven A. Bade has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10657469
    Abstract: In a method for estimating a severity of a current security incident reported by a customer for the customer's computer system, a processor receives from one or more administrators for a plurality of prior security incidents reported by the customer, identifications of a respective plurality of actual severities for the plurality of prior security incidents. The processor estimates, based in part on the plurality of identified actual severities of the prior security incidents, a severity of the current security incident. The processor reports the estimated severity for the current security incident.
    Type: Grant
    Filed: April 11, 2014
    Date of Patent: May 19, 2020
    Assignee: International Business Machines Corporation
    Inventors: Steven A. Bade, Heather M. Hinton, Neil I. Readshaw, Srinivas B. Tummalapenta
  • Patent number: 9560036
    Abstract: A method to enable access to resources hosted in a compute cloud begins upon receiving a registration request to initiate a user's registration to use resources hosted in the compute cloud. During a registration process initiated by receipt of the registration request, a federated single sign-on (F-SSO) request is received. The F-SSO request includes an assertion (e.g., an HTTP-based SAML assertion) having authentication data (e.g., an SSH public key, a CIFS username, etc.) for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed within the cloud to enable direct user access to the compute cloud resource using the authentication data. In this manner, the cloud provider provides authentication, single sign-on and lifecycle management for the user, despite the “air gap” between the HTTP protocol used for F-SSO and the non-HTTP protocol used for the user's direct access to the cloud resource.
    Type: Grant
    Filed: July 8, 2010
    Date of Patent: January 31, 2017
    Assignee: International Business Machines Corporation
    Inventors: Heather M. Hinton, Steven A. Bade, Jeb Linton, Peter Rodriguez
  • Publication number: 20150294244
    Abstract: In a method for estimating a severity of a current security incident reported by a customer for the customer's computer system, a processor receives from one or more administrators for a plurality of prior security incidents reported by the customer, identifications of a respective plurality of actual severities for the plurality of prior security incidents. The processor estimates, based in part on the plurality of identified actual severities of the prior security incidents, a severity of the current security incident. The processor reports the estimated severity for the current security incident.
    Type: Application
    Filed: April 11, 2014
    Publication date: October 15, 2015
    Applicant: International Business Machines Corporation
    Inventors: Steven A. Bade, Heather M. Hinton, Neil I. Readshaw, Srinivas B. Tummalapenta
  • Patent number: 9141819
    Abstract: Access to encrypted data on a removable computer media such as a computer tape is controlled via a uniquely-structured header on the medium having a symmetrical key wrapped by asymmetrical encryption plus a public key associated with the asymmetrical encryption. The data on the medium is encrypted using the symmetrical key. Prior to automated reading of the data by a reader, a challenge is issued to a host system including the public key and preferably a nonce value. The host responds by signing the nonce using a private key associated with the public key in order to prove it has rights to decrypt the data. The symmetrical key is unwrapped using the private key, and finally the unwrapped symmetrical key is used to decrypt the data on the medium, thereby allowing automated reading of the tape data without the need or risk of two administrators sharing a symmetrical key value.
    Type: Grant
    Filed: November 8, 2006
    Date of Patent: September 22, 2015
    Assignee: International Business Machines Corporation
    Inventors: Steven A. Bade, John C. Dayka, Glen Alan Jaquette, Richard Henry Guski
  • Patent number: 9122875
    Abstract: Embodiments of the present invention address deficiencies of the art in respect to trusted platform module (TPM) unification in a trusted computing environment and provide a novel and non-obvious method, system and computer program product for trusted platform module data harmonization. In one embodiment of the invention, a TPM log harmonization method can include designating both a single master TPM for a master node among multiple nodes, and also a multiplicity of subsidiary TPMs for remaining ones of the nodes. The method further can include extending the single master TPM with a measurement representing a rendezvous operation for the nodes.
    Type: Grant
    Filed: May 2, 2006
    Date of Patent: September 1, 2015
    Assignee: International Business Machines Corporation
    Inventors: Steven A. Bade, Richard A. Dayan, James T. Hanna, Andrew G. Kegel
  • Patent number: 8984593
    Abstract: A system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.
    Type: Grant
    Filed: May 7, 2013
    Date of Patent: March 17, 2015
    Assignee: International Business Machines Corporation
    Inventors: Steven A. Bade, Harold Moss, Mary Ellen Zurko
  • Publication number: 20150067761
    Abstract: An inventory manager optimizes the security and maintenance of a plurality of virtual machines and their workloads in a cloud environment and has: an inventory database, a workload compliance history of scanning workloads database, and a workload category database including security rules and compliance policies relating to workload category in a repository. The inventory manager identifies changes to characteristics of the workload of the plurality of virtual machines; alters the inventory database stored in the repository and maintained by the inventory manager, based on the identified changes to the characteristics of the workload of the plurality of virtual machines; and initiates security rules and compliance policies of the workload category database based on the identified changes to the characteristics of the workload of the plurality of virtual machines through a security tools program.
    Type: Application
    Filed: August 29, 2013
    Publication date: March 5, 2015
    Applicant: International Business Machines Corporation
    Inventors: Steven A. Bade, Heather M. Hinton, Neil I. Readshaw
  • Patent number: 8819787
    Abstract: A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.
    Type: Grant
    Filed: May 7, 2013
    Date of Patent: August 26, 2014
    Assignee: International Business Machines Corporation
    Inventors: Steven A Bade, Harold Moss, Mary Ellen Zurko
  • Patent number: 8707383
    Abstract: A computer implemented method, data processing system, and computer program product for managing computer workloads with security policy enforcement. When a determination is made that a component in a data processing system has failed to meet processing requirements, a candidate host to where the component may be migrated based on performance considerations is identified. A first security policy associated with the component is compared to a second security policy associated with the candidate host to determine if the first security policy is equivalent to or stronger than the second security policy. Responsive to a determination that the first security policy is equivalent to or stronger than the second security policy, the component is migrated to the candidate host.
    Type: Grant
    Filed: August 16, 2006
    Date of Patent: April 22, 2014
    Assignee: International Business Machines Corporation
    Inventors: Steven A. Bade, Andrew Gregory Kegel, Ronald Perez, Brian D. You
  • Patent number: 8695102
    Abstract: A computer implemented method, apparatus, and computer usable program code for assuring data integrity is shown. A partition receives a request to execute an executable file from a source external to the partition. A memory region is created within the partition. The partition or service interface makes an authentication determination. The partition executes an executable file in the memory region based on the request, provided there is a positive authentication determination.
    Type: Grant
    Filed: May 1, 2006
    Date of Patent: April 8, 2014
    Assignee: International Business Machines Corporation
    Inventors: Steven A. Bade, Renato J. Recio, Madeline Vega
  • Patent number: 8694786
    Abstract: A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.
    Type: Grant
    Filed: October 4, 2011
    Date of Patent: April 8, 2014
    Assignee: International Business Machines Corporation
    Inventors: Rajiv Augu, Steven A. Bade, Jeb R Linton, Dimitrios Pendarakis, George C. Wilson, Lee Hardy Wilson
  • Publication number: 20130297681
    Abstract: A system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.
    Type: Application
    Filed: May 7, 2013
    Publication date: November 7, 2013
    Applicant: International Business Machines Corporation
    Inventors: STEVEN A. BADE, HAROLD MOSS, MARY ELLEN ZURKO
  • Patent number: 8549288
    Abstract: A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.
    Type: Grant
    Filed: May 29, 2008
    Date of Patent: October 1, 2013
    Assignee: International Business Machines Corporation
    Inventors: Steven A. Bade, Stefan Berger, Kenneth Alan Goldman, Ronald Perez, Reiner Sailer, Leendert Peter Van Doorn
  • Patent number: 8549592
    Abstract: A method and apparatus are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement key, which is stored only within a corresponding virtual TPM. Using the virtual endorsement key, each virtual TPM also generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.
    Type: Grant
    Filed: July 12, 2005
    Date of Patent: October 1, 2013
    Assignee: International Business Machines Corporation
    Inventors: Steven A. Bade, James Patrick Hoff, Siegfried Sutter, James Peter Ward, Helmut H. Weber
  • Publication number: 20130246515
    Abstract: A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.
    Type: Application
    Filed: May 7, 2013
    Publication date: September 19, 2013
    Applicant: International Business Machines Corporation
    Inventors: Steven A. BADE, Harold MOSS, Mary Ellen ZURKO
  • Publication number: 20130238789
    Abstract: A monitoring tool can monitor network location of a digital asset hosted by a cloud service provider. Movement of the digital asset from a first network location to a second network location is detected. In response to detecting that the digital asset moves, a geographic location that corresponds to the second network location is determined. It is then determined that the geographic location deviates from a geographic setting configured for the digital asset. A notification that the digital asset has been moved to the geographic location that deviates from the geographic setting is generated.
    Type: Application
    Filed: February 28, 2013
    Publication date: September 12, 2013
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Steven A. Bade, Harold Moss, III, Mary Ellen Zurko
  • Patent number: 8527633
    Abstract: A technique for addressing geographical location issues in a computing environment includes receiving, at a data processing system, location information indicating a permissible geographical location in which a virtual machine image for a consumer may be deployed. A request for an exception to deploy the virtual machine image outside of the permissible geographical location is issued, from the data processing system. An exception grant or an exception denial is received, at the data processing system, from the consumer in response to the request. The virtual machine image is deployed, using the data processing system, to one or more servers in the computing environment that are outside of the permissible geographical location in response to receipt of the exception grant. The virtual machine image is deployed, using the data processing system, to one or more servers in the computing environment that are within the permissible geographical location in response to receipt of the exception denial.
    Type: Grant
    Filed: January 6, 2011
    Date of Patent: September 3, 2013
    Assignee: International Business Machines Corporation
    Inventors: Steven A. Bade, Harold Moss, III, Mary Ellen Zurko
  • Patent number: 8479268
    Abstract: A system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.
    Type: Grant
    Filed: December 15, 2009
    Date of Patent: July 2, 2013
    Assignee: International Business Machines Corporation
    Inventors: Steven A Bade, Harold Moss, Mary Ellen Zurko
  • Patent number: 8474019
    Abstract: A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.
    Type: Grant
    Filed: March 6, 2012
    Date of Patent: June 25, 2013
    Assignee: International Business Machines Corporation
    Inventors: Steven A Bade, Harold Moss, Mary Ellen Zurko
  • Publication number: 20130086383
    Abstract: A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.
    Type: Application
    Filed: October 4, 2011
    Publication date: April 4, 2013
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Rajiv Augusto Santos Galvao de Andrade, Steven A. Bade, Jeb R. Linton, Dimitrios Pendarakis, George C. Wilson, Lee H. Wilson