Patents by Inventor Wayne F. Tackabury
Wayne F. Tackabury has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11500554Abstract: An access revocation system for removing user data from a service provider device includes a processing device and a memory storing instructions for performing an access revocation method. The method includes receiving user data from a user device via a data channel, storing the user data in a data storage module, and receiving an access revocation message via a request channel separate from the data channel. The method also includes decrypting the access revocation message and performing at least one action defined by the access revocation message, the at least one action including scrubbing of user data from the data storage module.Type: GrantFiled: February 3, 2021Date of Patent: November 15, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Doga Tav, Wayne F. Tackabury
-
Patent number: 11290432Abstract: Embodiments are directed to a method of transferring data between a customer site and a benchmarking site, including: receiving, from the customer site, encrypted packet data, wherein the packet data is encrypted using a first key of a key pair; storing the encrypted packet data, by the processor, in a first cache at the benchmarking site; decrypting the encrypted packet data in the first cache, by the processor, using a second key of the key pair; storing decrypted packet data, by the processor, in a second cache at the benchmarking site; indexing the decrypted packet data in the second cache; storing indexed packet data as a dataset in a permanent storage device; and performing a benchmarking session on the indexed packet data.Type: GrantFiled: December 4, 2018Date of Patent: March 29, 2022Assignee: International Business Machines CorporationInventors: Doga Tav, Wayne F. Tackabury
-
Patent number: 11228619Abstract: A method, apparatus and computer program product for managing security threats to a distributed network. A set of events are aggregated from a plurality of event sources in the network for each of a set of security threats to the network. A magnitude of a characteristic of each of the set of security threats is determined. Each of the set of security threats is represented as a three dimensional graphical object in a three dimensional (3D) representation of the network according to the respective magnitude of the characteristic. A security action is taken based on the determined magnitude of one of the set of security threats.Type: GrantFiled: April 22, 2020Date of Patent: January 18, 2022Assignee: International Busuness Machines CorporationInventors: Russell Couturier, Jason Flood, Aidan Butler, Wayne F Tackabury, Patrick Hourigan
-
Patent number: 11204994Abstract: Injection attack identification and mitigation includes tracking characteristics of user input by a user to a computer system via input device(s), building and maintaining a user profile based on the tracking and that provides a baseline of expected characteristics of user input, the baseline defined by the tracked characteristics, monitoring input to the computer system in real time as the input is provided to the computer system, identifying, based on the monitoring and on a comparison of characteristics of the monitored input to the baseline of expected characteristics, a potential malicious code injection as part of the monitored input to the computer system, and performing mitigation processing based on identifying the potential malicious code injection.Type: GrantFiled: May 9, 2019Date of Patent: December 21, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Cesar Augusto Rodriguez Bravo, Craig M. Trim, Wayne F. Tackabury, John R. Feezell
-
Publication number: 20210336991Abstract: A method, apparatus and computer program product for managing security threats to a distributed network. A set of events are aggregated from a plurality of event sources in the network for each of a set of security threats to the network. A magnitude of a characteristic of each of the set of security threats is determined. Each of the set of security threats is represented as a three dimensional graphical object in a three dimensional (3D) representation of the network according to the respective magnitude of the characteristic. A security action is taken based on the determined magnitude of one of the set of security threats.Type: ApplicationFiled: April 22, 2020Publication date: October 28, 2021Inventors: Russell Couturier, Jason Flood, Aidan Butler, Wayne F. Tackabury, Patrick Hourigan
-
Patent number: 11151266Abstract: A technique for secure data storage and access during transition operations includes retrieving an encrypted instance of a data object from a data store. The retrieved encrypted instance of the data object is stored in a cryptcache. The encrypted instance in the cryptcache is decrypted to a cleartext instance of the data object and stored as the cleartext instance of the data object in a clearcache. The clearcache instance of the data object is secured by controlling an access window defining an amount of time the cleartext instance of the data object is accessible in the clearcache.Type: GrantFiled: December 6, 2017Date of Patent: October 19, 2021Assignee: International Business Machines CorporationInventors: Wayne F. Tackabury, Doga Tav, Ronald B. Williams
-
Publication number: 20210157490Abstract: An access revocation system for removing user data from a service provider device includes a processing device and a memory storing instructions for performing an access revocation method. The method includes receiving user data from a user device via a data channel, storing the user data in a data storage module, and receiving an access revocation message via a request channel separate from the data channel. The method also includes decrypting the access revocation message and performing at least one action defined by the access revocation message, the at least one action including scrubbing of user data from the data storage module.Type: ApplicationFiled: February 3, 2021Publication date: May 27, 2021Inventors: Doga Tav, Wayne F. Tackabury
-
Patent number: 10996874Abstract: An access revocation system for removing customer data from a service provider device includes a processing device and a memory storing instructions for performing an access revocation method. The method includes receiving customer data from a customer device via a data channel, storing the customer data in a data storage module, and receiving an access revocation message via a request channel separate from the data channel. The method also includes decrypting the access revocation message and performing at least one action defined by the access revocation message, the at least one action including scrubbing of customer data from the data storage module.Type: GrantFiled: July 23, 2019Date of Patent: May 4, 2021Assignee: International Business Machines CorporationInventors: Doga Tav, Wayne F. Tackabury
-
Publication number: 20210026544Abstract: An access revocation system for removing customer data from a service provider device includes a processing device and a memory storing instructions for performing an access revocation method. The method includes receiving customer data from a customer device via a data channel, storing the customer data in a data storage module, and receiving an access revocation message via a request channel separate from the data channel. The method also includes decrypting the access revocation message and performing at least one action defined by the access revocation message, the at least one action including scrubbing of customer data from the data storage module.Type: ApplicationFiled: July 23, 2019Publication date: January 28, 2021Inventors: Doga Tav, Wayne F. Tackabury
-
Patent number: 10887251Abstract: Embodiments are directed to a method of implementing a packet capture ring. The packet capture ring includes a plurality of appliances, and the plurality of appliances includes a first appliance and a second appliance. The first appliance and the second appliance are both attached to a network tap, and the first appliance works as a master appliance. The master appliance ingests packets from the network tap, encapsulates the packets and forwards encapsulated packets in the packet capture ring. The method includes: detecting, by the second appliance, a failure of the first appliance; working, by the second appliance, as the master appliance; and removing, by the second appliance, the first appliance from a forwarding designation list.Type: GrantFiled: September 13, 2018Date of Patent: January 5, 2021Assignee: International Business Machines CorporationInventors: Wayne F. Tackabury, Russell Couturier, William A. Bird, Thomas D. Silliman, Alex Omo Agerholm, Michael Milde Lilja, Peter Dahl Ekner, Philip Due Soeberg
-
Publication number: 20200356667Abstract: Injection attack identification and mitigation includes tracking characteristics of user input by a user to a computer system via input device(s), building and maintaining a user profile based on the tracking and that provides a baseline of expected characteristics of user input, the baseline defined by the tracked characteristics, monitoring input to the computer system in real time as the input is provided to the computer system, identifying, based on the monitoring and on a comparison of characteristics of the monitored input to the baseline of expected characteristics, a potential malicious code injection as part of the monitored input to the computer system, and performing mitigation processing based on identifying the potential malicious code injection.Type: ApplicationFiled: May 9, 2019Publication date: November 12, 2020Inventors: Cesar Augusto RODRIGUEZ BRAVO, Craig M. TRIM, Wayne F. TACKABURY, John R. FEEZELL
-
Publication number: 20200177562Abstract: Embodiments are directed to a method of transferring data between a customer site and a benchmarking site, including: receiving, from the customer site, encrypted packet data, wherein the packet data is encrypted using a first key of a key pair; storing the encrypted packet data, by the processor, in a first cache at the benchmarking site; decrypting the encrypted packet data in the first cache, by the processor, using a second key of the key pair; storing decrypted packet data, by the processor, in a second cache at the benchmarking site; indexing the decrypted packet data in the second cache; storing indexed packet data as a dataset in a permanent storage device; and performing a benchmarking session on the indexed packet data.Type: ApplicationFiled: December 4, 2018Publication date: June 4, 2020Inventors: Doga Tav, Wayne F. Tackabury
-
Publication number: 20200092227Abstract: Embodiments are directed to a method of implementing a packet capture ring. The packet capture ring includes a plurality of appliances, and the plurality of appliances includes a first appliance and a second appliance. The first appliance and the second appliance are both attached to a network tap, and the first appliance works as a master appliance. The master appliance ingests packets from the network tap, encapsulates the packets and forwards encapsulated packets in the packet capture ring. The method includes: detecting, by the second appliance, a failure of the first appliance; working, by the second appliance, as the master appliance; and removing, by the second appliance, the first appliance from a forwarding designation list.Type: ApplicationFiled: September 13, 2018Publication date: March 19, 2020Inventors: Wayne F. Tackabury, Russell Couturier, William A. Bird, Thomas D. Silliman, Alex Omo Agerholm, Michael Milde Lilja, Peter Dahl Ekner, Philip Due Soeberg
-
Publication number: 20190171829Abstract: A technique for secure data storage and access during transition operations includes retrieving an encrypted instance of a data object from a data store. The retrieved encrypted instance of the data object is stored in a cryptcache. The encrypted instance in the cryptcache is decrypted to a cleartext instance of the data object and stored as the cleartext instance of the data object in a clearcache. The clearcache instance of the data object is secured by controlling an access window defining an amount of time the cleartext instance of the data object is accessible in the clearcache.Type: ApplicationFiled: December 6, 2017Publication date: June 6, 2019Inventors: Wayne F. Tackabury, Doga Tav, Ronald B. Williams
-
Patent number: 7472412Abstract: A policy engine generates configlets that are vendor-neutral, vendor-specific or both, based on a selected target level and a selected device/device group. A translator translates and combines the configlets to form vendor-dependent configuration files. The policy engine generates the configlets using policies associated with the selected target level and its sub-target levels, as defined by a target level hierarchy. A policy includes at least a condition, and an action which the policy engine performs if the condition is true. In performing the action, the policy engine typically writes to at least a partial configlet. A policy may further include a verification clause, which is used to verify a running configuration. Policy dependencies may also be defined such that where a second policy is dependent on a first policy, the second policy must be evaluated after the first policy. This is necessary, where, for example, the first policy generates and stores a value to be used by the second policy.Type: GrantFiled: May 30, 2006Date of Patent: December 30, 2008Inventors: Jonathan S. Wolf, Arthur B. Mellor, Wayne F. Tackabury, Christopher B. Anderson, Robin M. Whitworth, Michael D. Haag, Brian A. Del Vecchio
-
Patent number: 7150037Abstract: A policy engine generates configlets that are vendor-neutral, vendor-specific or both, based on a selected target level and a selected device/device group. A translator translates and combines the configlets to form vendor-dependent configuration files. The policy engine generates the configlets using policies associated with the selected target level and its sub-target levels, as defined by a target level hierarchy. A policy includes at least a condition, and an action which the policy engine performs if the condition is true. In performing the action, the policy engine typically writes to at least a partial configlet. A policy may further include a verification clause, which is used to verify a running configuration. Policy dependencies may also be defined such that where a second policy is dependent on a first policy, the second policy must be evaluated after the first policy. This is necessary, where, for example, the first policy generates and stores a value to be used by the second policy.Type: GrantFiled: June 8, 2001Date of Patent: December 12, 2006Assignee: Intelliden, Inc.Inventors: Jonathan S. Wolf, Arthur B. Mellor, Wayne F. Tackabury, Christopher B. Anderson, Robin M. Whitworth, Michael D. Haag, Brian A. Del Vecchio
-
Publication number: 20020178380Abstract: A policy engine generates configlets that are vendor-neutral, vendor-specific or both, based on a selected target level and a selected device/device group. A translator translates and combines the configlets to form vendor-dependent configuration files. The policy engine generates the configlets using policies associated with the selected target level and its sub-target levels, as defined by a target level hierarchy. A policy includes at least a condition, and an action which the policy engine performs if the condition is true. In performing the action, the policy engine typically writes to at least a partial configlet. A policy may further include a verification clause, which is used to verify a running configuration. Policy dependencies may also be defined such that where a second policy is dependent on a first policy, the second policy must be evaluated after the first policy. This is necessary, where, for example, the first policy generates and stores a value to be used by the second policy.Type: ApplicationFiled: June 8, 2001Publication date: November 28, 2002Applicant: Gold Wire Technology Inc.Inventors: Jonathan S. Wolf, Arthur B. Mellor, Wayne F. Tackabury, Christopher B. Anderson, Robin M. Whitworth, Michael D. Haag, Brian A. Del Vecchio
-
Patent number: 6330005Abstract: A computer-implemented method of designing a network includes the steps of populating a network design sheet on a computer display with an intelligent device object that represents a device object having physical attributes and logical attributes, selecting a communication protocol object representing a communication protocol having logical attributes, determining if the communication protocol object can be validly bound to the intelligent device object by comparing the logical attributes of each, and binding the communication protocol object to the intelligent device object on the network design sheet only if the binding is valid.Type: GrantFiled: October 6, 1999Date of Patent: December 11, 2001Assignee: Visionael CorporationInventors: Daniel L. Tonelli, Wayne F. Tackabury