Patents by Inventor Thomas R. Gissel

Thomas R. Gissel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10372904
    Abstract: A method for evaluating indicators of compromise (IOCs) is performed at a device having one or more processors and memory. The method includes receiving respective specifications of a plurality of IOCs, wherein the respective specifications of each IOC of the plurality of IOCs includes a respective cost associated with evaluating the IOC. The method further includes dynamically determining an order for evaluating the plurality of IOCs based on the respective costs associated with the plurality of IOCs, and determining whether a threat is present based on results for evaluating one or more of the plurality of IOCs in accordance with the dynamically determined order, instead of an order by which the plurality of IOCs have been received at the device.
    Type: Grant
    Filed: July 20, 2016
    Date of Patent: August 6, 2019
    Assignee: TANIUM INC.
    Inventors: Christian L. Hunt, Thomas R. Gissel, Thomas W. Savage
  • Patent number: 10095864
    Abstract: A remote server dispatches an instruction packet to a node in a network through a linear communication orbit formed by a collection of nodes. The instruction packet propagates from node to node along the linear communication orbit until reaching the node. The instruction packet includes instructions for establishing a direct duplex connection between the node and the remote server. After dispatching the instruction packet to the node through the linear communication orbit, the remote server receives, from the node, a request for establishing the direct duplex connection. In response to receiving the request from the node, the remote server establishes the direct duplex connection. After establishing the direct duplex connection, the remote server issues instructions to the node to upload local data from the node to the remote server through the direct duplex connection.
    Type: Grant
    Filed: July 20, 2016
    Date of Patent: October 9, 2018
    Assignee: TANIUM INC.
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs
  • Publication number: 20180013768
    Abstract: This application is directed to an integrity monitoring method performed at a computational machine in a linear communication orbit. The computational machine receives a watch list through the linear communication orbit. The watch list identifies objects for which events are to be monitored at the computational machine. While a plurality of events are occurring locally at the computational machine, the computational machine identifies the plurality of events in real-time. The identified events include events for the objects identified by the watch list, and event information for these identified events is stored in a local database of the computational machine. In response to an integrity reporting request received through the linear communication orbit, the computational machine identifies event information for at least some of the objects identified by the watch list in the local database, and returns the identified event information to a server system through the linear communication orbit.
    Type: Application
    Filed: September 22, 2017
    Publication date: January 11, 2018
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs, Michael Smith
  • Publication number: 20170264589
    Abstract: A remote server dispatches an instruction packet to a node in a network through a linear communication orbit formed by a collection of nodes. The instruction packet propagates from node to node along the linear communication orbit until reaching the node. The instruction packet includes instructions for establishing a direct duplex connection between the node and the remote server. After dispatching the instruction packet to the node through the linear communication orbit, the remote server receives, from the node, a request for establishing the direct duplex connection. In response to receiving the request from the node, the remote server establishes the direct duplex connection. After establishing the direct duplex connection, the remote server issues instructions to the node to upload local data from the node to the remote server through the direct duplex connection.
    Type: Application
    Filed: July 20, 2016
    Publication date: September 14, 2017
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs
  • Publication number: 20170264627
    Abstract: A method for evaluating indicators of compromise (IOCs) is performed at a device having one or more processors and memory. The method includes receiving respective specifications of a plurality of IOCs, wherein the respective specifications of each IOC of the plurality of IOCs includes a respective cost associated with evaluating the IOC. The method further includes dynamically determining an order for evaluating the plurality of IOCs based on the respective costs associated with the plurality of IOCs, and determining whether a threat is present based on results for evaluating one or more of the plurality of IOCs in accordance with the dynamically determined order, instead of an order by which the plurality of IOCs have been received at the device.
    Type: Application
    Filed: July 20, 2016
    Publication date: September 14, 2017
    Inventors: Christian L. Hunt, Thomas R. Gissel, Thomas W. Savage
  • Publication number: 20170264588
    Abstract: A respective node in a linear communication orbit receives an instruction packet through the linear communication orbit, where the instruction packet has been propagated from a starting node to the respective node through one or more upstream nodes along the linear communication orbit, and the instruction packet includes an instruction for establishing a direct duplex connection between the respective node and a respective server. In response to receiving the instruction packet, the respective node sends an outbound connection request to the respective server to establish the direct duplex connection. The respective node then uploads local data to the respective server through the direct duplex connection (e.g., in response to one or more queries, instructions, and requests received from the respective server through the direct duplex connection), where the respective server performs analysis on the local data received from the respective node through the direct duplex connection.
    Type: Application
    Filed: July 20, 2016
    Publication date: September 14, 2017
    Inventors: Christian L. Hunt, Thomas R. Gissel, Aaron Tarter, Daniel Floyd, Benjamin Hobbs
  • Patent number: 8869177
    Abstract: A method, system and computer program product for decoupling components of a software system at load/compile time to accelerate application startup times. In particular, a software components partitioning (SCP) utility pre-defines a number of (implementation) classes to initiate and facilitate the decoupling process. The SCP utility allows the method names and argument lists to be recorded from a remote interface into a local interface which emulates the remote interface. The local interface is augmented with an annotation to define the remote interface. Additionally, a pre-defined keyword is appended to the name of the local interface to enable the creation of a (pre-defined) classname. Furthermore, when the classname is loaded, an implementation (via a Java implementation class, for example) for the remote class is loaded, and the implementation is associated with a dynamic proxy that implements both the local and remote interfaces, on demand.
    Type: Grant
    Filed: September 6, 2007
    Date of Patent: October 21, 2014
    Assignee: International Business Machines Corporation
    Inventors: Thomas R. Gissel, Marc E. Haberkorn, Sai G. Rathnam
  • Publication number: 20130067190
    Abstract: A method for creating a buffer of a special class for accessing a specified memory space. The method includes the steps of: creating, by a processor of the computer system, a buffer of a special class, the buffer including a memory space that the processor is not permitted to access; and creating, by the processor, an accessible buffer of the class in access-permitted memory space by slicing off a portion of a created buffer of the class in response to a designation of the access-permitted memory space and size, where the processor includes: the special class for the buffer for accessing a memory space specified by an absolute address; and a function to create the class by slicing off the portion of the memory space specified by the class.
    Type: Application
    Filed: September 7, 2012
    Publication date: March 14, 2013
    Applicant: International Business Machines Corporation
    Inventors: Thomas R. Gissel, Hiroshi Horii
  • Publication number: 20120317339
    Abstract: A cache is configured as a hybrid disk-overflow system in which data sets generated by applications running in a distributed computing system are stored in a fast access memory portion of cache, e.g., in random access memory and are moved to a slower access memory portion of cache, e.g., persistent durable memory such as a solid state disk. Each data set includes application-defined key data and bulk data. The bulk data are moved to slab-allocated slower access memory while the key data are maintained in fast access memory. A pointer to the location within the slower access memory containing the bulk data is stored in the fast access memory in association with the key data. Applications call data sets within the cache using the key data, and the pointers facilitate access, management and manipulation of the associated bulk data. Access, management and manipulation occur asynchronously with the application calls.
    Type: Application
    Filed: June 13, 2011
    Publication date: December 13, 2012
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Thomas R. Gissel, Avraham Leff, Benjamin Michael Parees, James Thomas Rayfield
  • Patent number: 8074218
    Abstract: System for managing a life cycle of a virtual resource. One or more virtual resources are defined. The one or more defined virtual resources are created. The created virtual resources are instantiated. Then, a topology of a virtual resource is constructed using a plurality of virtual resources that are in at least one of a defined, a created, or an instantiated state.
    Type: Grant
    Filed: March 29, 2007
    Date of Patent: December 6, 2011
    Assignee: International Business Machines Corporation
    Inventors: Tamar Eilam, Thomas R. Gissel, Guerney Douglass Holloway Hunt, Alexander V. Konstantinou, Giovanni Pacifici, Hidayatullah Habeebullah Shaikh, Andrew Neil Trossman
  • Patent number: 7761564
    Abstract: In a method and system for monitoring events occurring at respective servers of a configuration of nodes, a first server located at a first node receives information from a messaging system pertaining to events at servers located at other nodes. The messaging system usefully comprises a highly available (HA) bulletin board or the like. When the first server receives a start event notification pertaining to a second server located at a second node, a direct communication path is established between the first and second servers. The first server identifies events in the second server that affect or are of interest to services of the first server. The first server then registers with the second server, to receive notification through the direct communication path when respective identified events occur.
    Type: Grant
    Filed: September 24, 2008
    Date of Patent: July 20, 2010
    Assignee: International Business Machines Corporation
    Inventors: Thomas R. Gissel, Brian Keith Martin, Jason Robert McGee, William Thomas Newport
  • Patent number: 7761862
    Abstract: Modules which are running outside of a first application server virtual machine (VM) are enabled to introspect into modules running inside the first VM by notifying a manageable component factory by an application module being executed by a first application server VM of a need to allow a second VM to introspect into and to load class information regarding objects already running in the first VM, wherein the first and second virtual machines are separate virtual machines; registering the already-running object class information to a manageable component server using a descriptor; and loading the registered class information by the second VM from the manageable component server, wherein a tool object or administrative object running in the second VM introspects into and loads the objects already running in the first virtual machine without use of an application programming interface.
    Type: Grant
    Filed: March 10, 2006
    Date of Patent: July 20, 2010
    Assignee: International Business Machines Corporation
    Inventors: Thomas R. Gissel, Michael Levi Fraenkel, Brian Keith Martin
  • Patent number: 7725901
    Abstract: A method of dynamic performance balancing in a distributed computer system including collecting average service time statistics for application requests distributed from multiple application servers and collecting application server CPU utilization statistics from multiple hosts where each host is associated with at least one of the application servers. In addition, the method includes periodically calculating scaled routing weights from the average service time and CPU utilization statistics and distributing server requests to the application servers in accordance with the scaled routing weights. Also provided is a distributed computer system configured to accomplish dynamic performance balancing as described above, and an article of manufacture for use in programming a distributed computer system containing instructions to accomplish dynamic performance balancing of server requests as described above.
    Type: Grant
    Filed: April 14, 2005
    Date of Patent: May 25, 2010
    Assignee: International Business Machines Corporation
    Inventors: Thomas R Gissel, Asser N Tantawi
  • Patent number: 7571230
    Abstract: In a method and system for monitoring events occurring at respective servers of a configuration of nodes, a first server located at a first node receives information from a messaging system pertaining to events at servers located at other nodes. The messaging system usefully comprises a highly available (HA) bulletin board or the like. When the first server receives a start event notification pertaining to a second server located at a second node, a direct communication path is established between the first and second servers. The first server identifies events in the second server that affect or are of interest to services of the first server. The first server then registers with the second server, to receive notification through the direct communication path when respective identified events occur.
    Type: Grant
    Filed: September 19, 2008
    Date of Patent: August 4, 2009
    Assignee: International Business Machines Corporation
    Inventors: Thomas R. Gissel, Brian Keith Martin, Jason Robert McGee, William Thomas Newport
  • Patent number: 7523195
    Abstract: In a method and system for monitoring events occurring at respective servers of a configuration of nodes, a first server located at a first node receives information from a messaging system pertaining to events at servers located at other nodes. The messaging system usefully comprises a highly available (HA) bulletin board or the like. When the first server receives a start event notification pertaining to a second server located at a second node, a direct communication path is established between the first and second servers. The first server identifies events in the second server that affect or are of interest to services of the first server. The first server then registers with the second server, to receive notification through the direct communication path when respective identified events occur.
    Type: Grant
    Filed: October 29, 2004
    Date of Patent: April 21, 2009
    Assignee: International Business Machines Corporation
    Inventors: Thomas R. Gissel, Brian Keith Martin, Jason Robert McGee, William Thomas Newport
  • Publication number: 20090070791
    Abstract: A method, system and computer program product for decoupling components of a software system at load/compile time to accelerate application startup times. In particular, a software components partitioning (SCP) utility pre-defines a number of (implementation) classes to initiate and facilitate the decoupling process. The SCP utility allows the method names and argument lists to be recorded from a remote interface into a local interface which emulates the remote interface. The local interface is augmented with an annotation to define the remote interface. Additionally, a pre-defined keyword is appended to the name of the local interface to enable the creation of a (pre-defined) classname. Furthermore, when the classname is loaded, an implementation (via a Java implementation class, for example) for the remote class is loaded, and the implementation is associated with a dynamic proxy that implements both the local and remote interfaces, on demand.
    Type: Application
    Filed: September 6, 2007
    Publication date: March 12, 2009
    Inventors: THOMAS R. GISSEL, Marc E. Haberkorn, Sai G. Rathnam
  • Publication number: 20090030987
    Abstract: In a method and system for monitoring events occurring at respective servers of a configuration of nodes, a first server located at a first node receives information from a messaging system pertaining to events at servers located at other nodes. The messaging system usefully comprises a highly available (HA) bulletin board or the like. When the first server receives a start event notification pertaining to a second server located at a second node, a direct communication path is established between the first and second servers. The first server identifies events in the second server that affect or are of interest to services of the first server. The first server then registers with the second server, to receive notification through the direct communication path when respective identified events occur.
    Type: Application
    Filed: September 24, 2008
    Publication date: January 29, 2009
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Thomas R. Gissel, Brian Keith Martin, Jason Robert McGee, William Thomas Newport
  • Publication number: 20090031024
    Abstract: In a method and system for monitoring events occurring at respective servers of a configuration of nodes, a first server located at a first node receives information from a messaging system pertaining to events at servers located at other nodes. The messaging system usefully comprises a highly available (HA) bulletin board or the like. When the first server receives a start event notification pertaining to a second server located at a second node, a direct communication path is established between the first and second servers. The first server identifies events in the second server that affect or are of interest to services of the first server. The first server then registers with the second server, to receive notification through the direct communication path when respective identified events occur.
    Type: Application
    Filed: September 19, 2008
    Publication date: January 29, 2009
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Thomas R. Gissel, Brian Keith Martin, Jason Robert McGee, William Thomas Newport
  • Publication number: 20080295106
    Abstract: A method for improving the availability characteristics of a constant throughput system that generates scores for multiple resources within multiple nodes in a software stack during a full stack update is disclosed. Each score includes at least a first weighted portion corresponding to a cost of bringing a resource offline, and a second weighted portion corresponding to a cost of re-routing service requests around the resource. An operating system (OS) selects a first node that has a lowest total score, re-routes service requests away from the resources of the first node, and brings the first node offline. The OS updates software of the resources in the first node with minimal disruption and brings the first node back online. The OS re-calculates the scores for the resources, and the OS selects a second node that has a new lowest total score. The OS repeats the process until all nodes are updated.
    Type: Application
    Filed: May 22, 2007
    Publication date: November 27, 2008
    Inventors: THOMAS R. GISSEL, Marc Edward Haberkorn, Viswanath Srikanth
  • Publication number: 20080244595
    Abstract: System for managing a life cycle of a virtual resource. One or more virtual resources are defined. The one or more defined virtual resources are created. The created virtual resources are instantiated. Then, a topology of a virtual resource is constructed using a plurality of virtual resources that are in at least one of a defined, a created, or an instantiated state.
    Type: Application
    Filed: March 29, 2007
    Publication date: October 2, 2008
    Inventors: Tamar Eilam, Thomas R. Gissel, Guerney Douglass Holloway Hunt, Alexander V. Konstantinou, Giovanni Pacifici, Hidayatullah Habeebullah Shaikh, Andrew Neil Trossman