Patents by Inventor Tommy L. McLane
Tommy L. McLane has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9369485Abstract: Disclosed is a computer implemented method and apparatus for handling transport control protocol connections. The local host receives a transport control protocol socket connection request from a host. By subtracting a current port connection from maximum port connections to form a difference, the local host calculates the threshold based the difference divided by the tunable divisor, the tunable divisor not equal to one. The local host then determines whether the current port connections exceed the threshold. By responding to a determination that the current port connections exceed the threshold, the local host blocks the transport control protocol socket request based on the TCP socket connection request.Type: GrantFiled: December 11, 2015Date of Patent: June 14, 2016Assignee: International Business Machines CorporationInventors: Marco A. Cabrera Escandell, Tommy L. McLane
-
Publication number: 20160099965Abstract: Disclosed is a computer implemented method and apparatus for handling transport control protocol connections. The local host receives a transport control protocol socket connection request from a host. By subtracting a current port connection from maximum port connections to form a difference, the local host calculates the threshold based the difference divided by the tunable divisor, the tunable divisor not equal to one. The local host then determines whether the current port connections exceed the threshold. By responding to a determination that the current port connections exceed the threshold, the local host blocks the transport control protocol socket request based on the TCP socket connection request.Type: ApplicationFiled: December 11, 2015Publication date: April 7, 2016Inventors: Marco A. Cabrera Escandell, Tommy L. McLane
-
Patent number: 9232027Abstract: Disclosed is a computer implemented method and apparatus for handling transport control protocol connections. The local host receives a transport control protocol socket connection request from a host. By subtracting a current port connection from maximum port connections to form a difference, the local host calculates the threshold based the difference divided by the tunable divisor, the tunable divisor not equal to one. The local host then determines whether the current port connections exceeds the threshold. By responding to a determination that the current port connections exceed the threshold, the local host blocks the transport control protocol socket request based on the TCP socket connection request.Type: GrantFiled: August 25, 2008Date of Patent: January 5, 2016Assignee: International Business Machines CorporationInventors: Marco A. Cabrera Escandell, Tommy L. McLane
-
Patent number: 8683573Abstract: Provided are techniques for the prevention of certain types of attacks on computing systems. The current disclosure, which describes one particular type of attack, is directed to the detection and prevention of an attack rather than the mechanics of the particular described attack. The claimed subject matter both detects and prevents an attack without exposing a network to denial-of-service (DoS) attacks by being too restrictive.Type: GrantFiled: June 27, 2011Date of Patent: March 25, 2014Assignee: International Business Machines CorporationInventors: Paul S. Bostrom, Jason J. Jaramillo, Tommy L. McLane, Eduardo L. Reyes
-
Patent number: 8677474Abstract: Provided are techniques for the prevention of certain types of attacks on computing systems. The current disclosure, which describes one particular type of attack, is directed to the detection and prevention of an attack rather than the mechanics of the particular described attack. The claimed subject matter both detects and prevents an attack without exposing a network to denial-of-service (DoS) attacks by being too restrictive.Type: GrantFiled: July 25, 2012Date of Patent: March 18, 2014Assignee: International Business Machines CorporationInventors: Paul S. Bostrom, Jason J. Jaramillo, Tommy L. McLane, Eduardo L. Reyes
-
Patent number: 8484702Abstract: A method includes receiving a request from a network source to create a logical socket on a logical port. The method includes accessing a structure that indicates a plurality of logical socket allocation policies to select a first of the plurality of socket allocation policies that corresponds to the logical port. Each of the plurality of logical socket allocation policies governs logical socket allocation for one or more ports, wherein logical allocation policies govern at least one of 1) the number of logical sockets that are allocated to the one or more logical ports, 2) a maximum number of logical sockets shared between a grouping of two or more logical ports, and 3) a maximum number of logical sockets. The method includes determining if the first logical socket allocation policy allows for allocation of the logical socket for the network source to communicate. The method includes allocating a logical socket.Type: GrantFiled: August 1, 2012Date of Patent: July 9, 2013Assignee: International Business Machines CorporationInventors: Dwip N. Banerjee, Marco A. Cabrera, Tommy L. McLane, Eduardo L. Reyes
-
Publication number: 20120331543Abstract: Provided are techniques for the prevention of certain types of attacks on computing systems. The current disclosure, which describes one particular type of attack, is directed to the detection and prevention of an attack rather than the mechanics of the particular described attack. The claimed subject matter both detects and prevents an attack without exposing a network to denial-of-service (DoS) attacks by being too restrictive.Type: ApplicationFiled: June 27, 2011Publication date: December 27, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul S. Bostrom, Jason J. Jaramillo, Tommy L. McLane, Eduardo L. Reyes
-
Publication number: 20120331544Abstract: Provided are techniques for the prevention of certain types of attacks on computing systems. The current disclosure, which describes one particular type of attack, is directed to the detection and prevention of an attack rather than the mechanics of the particular described attack. The claimed subject matter both detects and prevents an attack without exposing a network to denial-of-service (DoS) attacks by being too restrictive.Type: ApplicationFiled: July 25, 2012Publication date: December 27, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Paul S. Bostrom, Jason J. Jaramillo, Tommy L. McLane, Eduardo L. Reyes
-
Publication number: 20120297072Abstract: A method includes receiving a request from a network source to create a logical socket on a logical port. The method includes accessing a structure that indicates a plurality of logical socket allocation policies to select a first of the plurality of socket allocation policies that corresponds to the logical port. Each of the plurality of logical socket allocation policies governs logical socket allocation for one or more ports, wherein logical allocation policies govern at least one of 1) the number of logical sockets that are allocated to the one or more logical ports, 2) a maximum number of logical sockets shared between a grouping of two or more logical ports, and 3) a maximum number of logical sockets. The method includes determining if the first logical socket allocation policy allows for allocation of the logical socket for the network source to communicate. The method includes allocating a logical socket.Type: ApplicationFiled: August 1, 2012Publication date: November 22, 2012Applicant: International Business Machines CorporationInventors: Dwip N. Banerjee, Marco A. Cabrera, Tommy L. McLane, Eduardo L. Reyes
-
Patent number: 8261323Abstract: Network attacks, such as a denial of service (DoS) attack, attempt to exhaust server resources and can cause a network to be unavailable for significant periods of time. Although a firewall can be utilized to defend a system from network attacks, the number of incoming connections created can be controlled to defend the system against network attacks. An operating system creates connections, known as sockets, on one or more logical ports. Incoming connections are connections whose creation requests originate from a source outside the operating system. Functionality to control socket creation can be implemented within the operating system, thus allowing a system to be placed directly on a network without a firewall. Implementing defense against network attacks within an operating system reduces the additional cost of having firewall products, and can lead to more efficient network configurations.Type: GrantFiled: July 11, 2008Date of Patent: September 4, 2012Assignee: International Business Machines CorporationInventors: Dwip N. Banerjee, Marco A. Cabrera, Tommy L. McLane, Eduardo L. Reyes
-
Patent number: 8196110Abstract: The present invention provides a computer implemented method, data processing system, and computer program product for verifying a return address. A computer stores the return address into a stack based on a function call. The computer generates a first hash based on a first stack frame and a second stack frame. The computer stores the first hash in a first canary location, wherein the first canary location is in the first stack frame. The computer executes at least one instruction of a routine referenced by the function call. The computer reads the first canary location to form a first suspect hash. The computer calculates a first verification hash based on the first stack frame and the second stack frame. The computer determines that the first verification hash matches the first suspect hash to form a first positive determination. The computer responsive to the first positive determination, the computer reads a second canary location to form a second suspect hash.Type: GrantFiled: November 30, 2007Date of Patent: June 5, 2012Assignee: International Business Machines CorporationInventors: Marco A. Cabrera Escandell, Tommy L. McLane, Elizabeth J. Murray
-
Publication number: 20100046538Abstract: Disclosed is a computer implemented method and apparatus for handling transport control protocol connections. The local host receives a transport control protocol socket connection request from a host. By subtracting a current port connection from maximum port connections to form a difference, the local host calculates the threshold based the difference divided by the tunable divisor, the tunable divisor not equal to one. The local host then determines whether the current port connections exceeds the threshold. By responding to a determination that the current port connections exceed the threshold, the local host blocks the transport control protocol socket request based on the TCP socket connection request.Type: ApplicationFiled: August 25, 2008Publication date: February 25, 2010Applicant: International Business Machines CorporationInventors: Marco A. Cabrera Escandell, Tommy L. McLane
-
Publication number: 20100011414Abstract: Network attacks, such as a denial of service (DoS) attack, attempt to exhaust server resources and can cause a network to be unavailable for significant periods of time. Although a firewall can be utilized to defend a system from network attacks, the number of incoming connections created can be controlled to defend the system against network attacks. An operating system creates connections, known as sockets, on one or more logical ports. Incoming connections are connections whose creation requests originate from a source outside the operating system. Functionality to control socket creation can be implemented within the operating system, thus allowing a system to be placed directly on a network without a firewall. Implementing defense against network attacks within an operating system reduces the additional cost of having firewall products, and can lead to more efficient network configurations.Type: ApplicationFiled: July 11, 2008Publication date: January 14, 2010Applicant: International Business Machines CorporationInventors: Dwip N. Banerjee, Marco A. Cabrera, Tommy L. McLane, Eduardo L. Reyes
-
Publication number: 20090279703Abstract: The present invention provides a computer implemented method, apparatus, and data processing system for associating a private part of a keystore of a user with a user authentication process in an encrypting file system. A secure shell daemon server establishes the user authentication process with a secure shell client such that the user authentication process is associated with a user and the user is authenticated. The secure shell daemon server obtains an acknowledgment from the secure shell client. The secure shell daemon server accesses a user public key of the user from the keystore of the user, responsive to receiving the acknowledgment. The secure shell daemon obtains a public secure shell cookie associated with the user from the keystore of the user. The public secure shell cookie is an access key in encrypted form. The access key is based on the user's public key to form the public secure shell cookie. The secure shell daemon server obtains the access key from the secure shell client.Type: ApplicationFiled: May 8, 2008Publication date: November 12, 2009Applicant: International Business Machines CorporationInventors: Tommy L. McLane, Shawn P. Mullen, Jyoti B. Tenginakai
-
Publication number: 20090144309Abstract: The present invention provides a computer implemented method, data processing system, and computer program product for verifying a return address. A computer stores the return address into a stack based on a function call. The computer generates a first hash based on a first stack frame and a second stack frame. The computer stores the first hash in a first canary location, wherein the first canary location is in the first stack frame. The computer executes at least one instruction of a routine referenced by the function call. The computer reads the first canary location to form a first suspect hash. The computer calculates a first verification hash based on the first stack frame and the second stack frame. The computer determines that the first verification hash matches the first suspect hash to form a first positive determination. The computer responsive to the first positive determination, the computer reads a second canary location to form a second suspect hash.Type: ApplicationFiled: November 30, 2007Publication date: June 4, 2009Inventors: Marco A. Cabrera Escandell, Tommy L. McLane, Elizabeth J. Murray