Patents by Inventor Steven D. Ims
Steven D. Ims has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Non-intrusive method and apparatus for automatically dispatching security rules in cloud environment
Patent number: 9444787Abstract: The present invention relates to a non-intrusive method and apparatus for automatically dispatching security rules in a cloud environment. The method comprises: forming a composition application model of an application in the cloud environment, said composition application model including at least types of various servers for deploying said application; generating a topology model of said various servers in the cloud environment; automatically generating security rules to be adopted by the server-side firewalls of respective servers based on the application context of said application, said composition application model and said topology model; and dispatching said security rules to each server-side firewall based on said composition application model and topology model.Type: GrantFiled: September 12, 2012Date of Patent: September 13, 2016Assignee: GLOBALFOUNDRIES INC.Inventors: Bo Gao, Steven D. Ims, Ling Lan, Jason R. McGee, Li Yi, Yu Zhang -
Patent number: 9137324Abstract: Methods, systems, computer program products, and methods of doing business by using dynamic capacity-on-demand techniques for re-routing traffic in a distributed computing network. When demand on an enterprise's resources exceeds some predetermined level, dynamic modifications cause static content (such as images) to be served from resources which are external to the enterprise, such as a caching system which is located close to the enterprise's end users. When demand falls below the predetermined level, the modifications are effectively reversed, such that the external resources are no longer used. The predetermined level may apply to a single monitored device, or to a group of monitored devices. The dynamic capacity-on-demand techniques may also be used for dynamic types of content, such as for dynamically re-routing access to an application program executing on an external resource, and may be used for internal capacity-on-demand as well.Type: GrantFiled: April 10, 2002Date of Patent: September 15, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Steven D. Ims, Yongcheng Li, Richard J. Lusardi, Jie Xing
-
Patent number: 9088479Abstract: A method, system and computer program product for selecting an appropriate platform to run an application deployed in a cloud computing environment. The appropriate platform is selected by employing a two phase process, where the first phase occurs prior to the deployment of the application and the second phase occurs after the application has been deployed. In the first phase, the cloud computing node selects a platform using various factors, such as application binaries, application metadata and artifacts, and qualities of service and application requirements. In the second phase, the cloud computing node determines whether an alternative platform needs to be implemented for subsequent deployments of the application using various factors, such as application runtime metrics and garbage collection metrics. In this manner, an appropriate platform is automatically selected thereby removing the requirement for the user to indicate the type of platform for the target environment.Type: GrantFiled: April 9, 2013Date of Patent: July 21, 2015Assignee: International Business Machines CorporationInventors: Ivan M. Heninger, Curtis Hrischuk, Steven D. Ims, Zachary H. Jones, Aaron J. Quirk
-
Patent number: 9083608Abstract: A method, system and computer program product for selecting an appropriate platform to run an application deployed in a cloud computing environment. The appropriate platform is selected by employing a two phase process, where the first phase occurs prior to the deployment of the application and the second phase occurs after the application has been deployed. In the first phase, the cloud computing node selects a platform using various factors, such as application binaries, application metadata and artifacts, and qualities of service and application requirements. In the second phase, the cloud computing node determines whether an alternative platform needs to be implemented for subsequent deployments of the application using various factors, such as application runtime metrics and garbage collection metrics. In this manner, an appropriate platform is automatically selected thereby removing the requirement for the user to indicate the type of platform for the target environment.Type: GrantFiled: January 24, 2012Date of Patent: July 14, 2015Assignee: International Business Machines CorporationInventors: Ivan M. Heninger, Curtis Hrischuk, Steven D. Ims, Zachary H. Jones, Aaron J. Quirk
-
Patent number: 9053446Abstract: A method, system and computer program product for dynamically quantifying a demand for the software components deployed in a cloud environment. An administrative server generates a table mapping the software levels of the software components of the deployed software stacks with the number of instances of the deployed software stacks tracked over a period of time. The depth weight based on subtracting a depth index (zero-based) from a depth size is calculated for each software component, where a depth index refers to the software level of the software component in question and a depth size refers to the number of software levels for the software stack bearing the software component in question. A metric used in quantifying the demand for the software component (“popularity index”) is then determined for each software component based on the number of deployed instances and the depth weight for that software component.Type: GrantFiled: November 27, 2012Date of Patent: June 9, 2015Assignee: International Business Machines CorporationInventors: Rohith K. Ashok, Steven D. Ims, James K. Kochuba, Aaron J. Quirk
-
NON-INTRUSIVE METHOD AND APPARATUS FOR AUTOMATICALLY DISPATCHING SECURITY RULES IN CLOUD ENVIRONMENT
Publication number: 20150033285Abstract: The present invention relates to a non-intrusive method and apparatus for automatically dispatching security rules in a cloud environment. The method comprises: forming a composition application model of an application in the cloud environment, said composition application model including at least types of various servers for deploying said application; generating a topology model of said various servers in the cloud environment; automatically generating security rules to be adopted by the server-side firewalls of respective servers based on the application context of said application, said composition application model and said topology model; and dispatching said security rules to each server-side firewall based on said composition application model and topology model.Type: ApplicationFiled: September 12, 2012Publication date: January 29, 2015Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Bo Gao, Steven D. Ims, Ling Lan, Jason R. McGee, Li Yi, Yu Zhang -
Publication number: 20140149421Abstract: A method, system and computer program product for dynamically quantifying a demand for the software components deployed in a cloud environment. An administrative server generates a table mapping the software levels of the software components of the deployed software stacks with the number of instances of the deployed software stacks tracked over a period of time. The depth weight based on subtracting a depth index (zero-based) from a depth size is calculated for each software component, where a depth index refers to the software level of the software component in question and a depth size refers to the number of software levels for the software stack bearing the software component in question. A metric used in quantifying the demand for the software component (“popularity index”) is then determined for each software component based on the number of deployed instances and the depth weight for that software component.Type: ApplicationFiled: November 27, 2012Publication date: May 29, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Rohith K. Ashok, Steven D. Ims, James K. Kochuba, Aaron J. Quirk
-
Publication number: 20130191528Abstract: A method, system and computer program product for selecting an appropriate platform to run an application deployed in a cloud computing environment. The appropriate platform is selected by employing a two phase process, where the first phase occurs prior to the deployment of the application and the second phase occurs after the application has been deployed. In the first phase, the cloud computing node selects a platform using various factors, such as application binaries, application metadata and artifacts, and qualities of service and application requirements. In the second phase, the cloud computing node determines whether an alternative platform needs to be implemented for subsequent deployments of the application using various factors, such as application runtime metrics and garbage collection metrics. In this manner, an appropriate platform is automatically selected thereby removing the requirement for the user to indicate the type of platform for the target environment.Type: ApplicationFiled: January 24, 2012Publication date: July 25, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ivan M. Heninger, Curtis Hrischuk, Steven D. Ims, Zachary H. Jones, Aaron J. Quirk
-
Patent number: 8468124Abstract: Some embodiments of the inventive subject matter are directed to a debugging system (“system”) configured to access a work flow document. The workflow document may include references to flow activities connected by flow connectors, forming a workflow path. Some of the flow connectors may have breakpoints. The debugging system can insert command instructions for a hypertext transfer protocol (HTTP) request into the workflow document at locations associated with the flow connectors and initiate a test run of the workflow path. In some embodiments, during the test run, when one of the flow connectors is reached, the system executes the command instructions for the HTTP request, sending the HTTP request to a debugger application (“debugger”). If a breakpoint is associated with the flow connector, the debugger can delay response to the HTTP request, otherwise the debugger can respond immediately. A user can debug the workflow document during the delay.Type: GrantFiled: June 30, 2010Date of Patent: June 18, 2013Assignee: International Business Machines CorporationInventors: James M. Bonanno, Steven D. Ims, Todd E. Kaplinger, Aaron J. Tarter
-
Patent number: 8381281Abstract: A computer implemented method, system, and computer program product for authenticating a remote host to a firewall. The illustrative embodiments allow a requesting host separated from a target host by a firewall to determine, based on exception handling code, that an original request sent to the target host has been intercepted and blocked by the firewall. The illustrative embodiments also allow the requesting host to automatically provide credentials that authenticate the requesting host to the firewall. The illustrative embodiments are particularly applicable in situations when requests are invoked without any user interaction, such as when a timer expires. In such a case, there is no user to provide the needed credentials to authenticate the requesting host. The illustrative embodiments enable a requesting host to access a target host without requiring user intervention.Type: GrantFiled: April 7, 2010Date of Patent: February 19, 2013Assignee: International Business Machines CorporationInventors: James M. Bonanno, Steven D. Ims, Todd E. Kaplinger, Aaron J. Tarter
-
Publication number: 20120005659Abstract: Some embodiments of the inventive subject matter are directed to a debugging system (“system”) configured to access a work flow document. The workflow document may include references to flow activities connected by flow connectors, forming a workflow path. Some of the flow connectors may have breakpoints. The debugging system can insert command instructions for a hypertext transfer protocol (HTTP) request into the workflow document at locations associated with the flow connectors and initiate a test run of the workflow path. In some embodiments, during the test run, when one of the flow connectors is reached, the system executes the command instructions for the HTTP request, sending the HTTP request to a debugger application (“debugger”). If a breakpoint is associated with the flow connector, the debugger can delay response to the HTTP request, otherwise the debugger can respond immediately. A user can debug the workflow document during the delay.Type: ApplicationFiled: June 30, 2010Publication date: January 5, 2012Applicant: International Business Machines CorporationInventors: James M. Bonanno, Steven D. Ims, Todd E. Kaplinger, Aaron J. Tarter
-
Publication number: 20110258679Abstract: A security mechanism for an application level protocol used to publish and edit web resources is extended to enable enforcement of a security policy on feed entries. The security mechanism ensures that only a certain class of privileged users can perform create, read, update and/or delete (CRUD) actions on feed entries, and it provides a uniform methodology for determining security access controls for resources. The techniques described herein enable selectively display of feed entries while at the same time maintaining a single document source for the privileged users.Type: ApplicationFiled: April 15, 2010Publication date: October 20, 2011Applicant: International Business Machines CorporationInventors: Todd Kaplinger, Steven D. Ims, James Michael Bonanno, Aaron J. Tarter
-
Publication number: 20110252462Abstract: A computer implemented method, system, and computer program product for authenticating a remote host to a firewall. The illustrative embodiments allow a requesting host separated from a target host by a firewall to determine, based on exception handling code, that an original request sent to the target host has been intercepted and blocked by the firewall. The illustrative embodiments also allow the requesting host to automatically provide credentials that authenticate the requesting host to the firewall. The illustrative embodiments are particularly applicable in situations when requests are invoked without any user interaction, such as when a timer expires. In such a case, there is no user to provide the needed credentials to authenticate the requesting host. The illustrative embodiments enable a requesting host to access a target host without requiring user intervention.Type: ApplicationFiled: April 7, 2010Publication date: October 13, 2011Applicant: International Business Machines CorporationInventors: James M. Bonanno, Steven D. Ims, Todd E. Kaplinger, Aaron J. Tarter
-
Patent number: 7657595Abstract: A method, system, and computer program product, by which portions of the session information that page-content is dependent upon are “pushed” to the client from the origin server in a way such that auxiliary servers, e.g. other application servers and edge-servers, have access to the session information and fragment dependancy data to generate auxiliary-server cache-IDs for the custom pages. This enables distribution of the load away from the origin server, allowing better application distribution and scalability through more effective caching.Type: GrantFiled: February 27, 2008Date of Patent: February 2, 2010Assignee: International Business Machines CorporationInventors: Rajesh S. Agarwalla, Madhu Chetuparambil, Steven D. Ims, Brian K. Martin, Thomas F. McElroy, Subbarao Meduri, Daniel C. Shupp, Brad B. Topol
-
Patent number: 7634726Abstract: The present invention provides a method, system, computer program product, and method of doing business with automated electronic business (“e-business”) services by using a structured markup language processing engine and structured markup language documents. The structured markup language, which in the preferred embodiment is the Extensible Markup Language (“XML”), is used to describe the data and processing invocations to perform in carrying out e-business services (which may include invocation of a number of sub-services), and to automatically synchronize the interactions that are necessary in carrying out the service. The interactions may involve multiple business partners.Type: GrantFiled: January 5, 2001Date of Patent: December 15, 2009Assignee: International Business Machines CorporationInventors: Steven D. Ims, Yongcheng Li, Yih-Shin Tan
-
Publication number: 20080288583Abstract: A method, system, and computer program product, by which portions of the session information that page-content is dependent upon are “pushed” to the client from the origin server in a way such that auxiliary servers, e.g. other application servers and edge-servers, have access to the session information and fragment dependancy data to generate auxiliary-server cache-IDs for the custom pages. This enables distribution of the load away from the origin server, allowing better application distribution and scalability through more effective caching.Type: ApplicationFiled: February 27, 2008Publication date: November 20, 2008Applicant: International Business Machines CorporationInventors: Rajesh S. Agarwalla, Madhu Chetuparambil, Steven D. Ims, Brian K. Martin, Thomas F. McElroy, Subbarao Meduri, Daniel C. Shupp, Brad B. Topol
-
Patent number: 7363340Abstract: A method, system, and computer program product, by which portions of the session information that page-content is dependent upon are “pushed” to the client from the origin server in a way such that auxiliary servers, e.g. other application servers and edge-servers, have access to the session information and fragment dependancy data to generate auxiliary-server cache-IDs for the custom pages. This enables distribution of the load away from the origin server, allowing better application distribution and scalability through more effective caching.Type: GrantFiled: July 18, 2002Date of Patent: April 22, 2008Assignee: International Business Machines CorporationInventors: Rajesh S. Agarwalla, Madhu Chetuparambil, Steven D. Ims, Brian K. Martin, Thomas F. McElroy, Subbarao Meduri, Daniel C. Shupp, Brad B. Topol
-
Patent number: 7308488Abstract: The present invention generally relates to a method, system and program product for distributing portal content processing. Specifically, a request for portal content is received on a surrogate system and then passed to a portal system. The portal system will obtain and aggregate a first type of the requested content, and then package the aggregated content into a response. The response will also include place holders that correspond to the remaining type of the requested content. The response will then be transmitted to the surrogate system, which will, based upon the place holders, obtain the remaining type of portal content. Once obtained, the remaining type of portal content will replace the place holders in the response, and the response will be rendered for the requesting portal user.Type: GrantFiled: September 12, 2002Date of Patent: December 11, 2007Assignee: International Business Machines CorporationInventors: Ronald P. Doyle, John G. Dudley, James C. Fletcher, James R. Giles, Steven D. Ims, Zon-Yin Shae, Dinesh C. Verma
-
Patent number: 7246146Abstract: A method and apparatus for navigating screens in a legacy host system. In a preferred embodiment, requests for specific legacy host screens are received by a server. The server then navigates to the appropriate screen within the legacy host system and retrieves the host screen. Any intermediate screens navigated by the server in reaching the host screen are not displayed to the user. If variable data need be entered to access the host screen, the server sends the user a submittable form on which to enter the appropriate information, which, once entered and sent to the server, is used by the server to retrieve the host screen. Once the host screen has been retrieved, the server formats it into a web page format using a hypertext language and sends the screen to the user. Other screens within the legacy host system are accessed by user selection of selectable links displayed to the user.Type: GrantFiled: November 18, 1999Date of Patent: July 17, 2007Assignee: International Business Machines CorporationInventors: Steven D. Ims, Yongcheng Li, Yih-Shin Tan, Brian Webb
-
Patent number: 7177900Abstract: Methods, systems, computer program products, and methods of doing business by caching dynamic content fragments in a distributed cache and assembling requested content using these fragments. The disclosed techniques are non-invasive, and enable the benefits of distributed fragment caching to be extended to more applications, without regard to the programming model used when designing the application. An application developer specifies dependencies among content creating components (or, in alternative embodiments, it may be possible to infer this information), and if one of these components may be called upon to generate a content fragment dynamically, correlator data is programmatically created and attached to a message that references the component. A subsequent content generation request to the component then automatically carries the correlator data, and that data is programmatically restored.Type: GrantFiled: February 19, 2003Date of Patent: February 13, 2007Assignee: International Business Machines CorporationInventors: Steven D. Ims, Brian K. Martin, Thomas F. McElroy, Brad B. Topol