公开(公告)号：US09787717B2

公开(公告)日：2017-10-10

申请号：US15403269

申请日：2017-01-11

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: G06F21/00 ,  H04L29/06

CPC classification number: H04L63/168 ,  G06F21/606 ,  G06F2221/2113 ,  H04L63/0428 ,  H04L63/105 ,  H04L63/164 ,  H04L63/166 ,  H04L63/20 ,  H04L63/205 ,  H04W12/02

Abstract: An approach is provided for managing a message in a transfer from a computer. A level of security protecting the transfer of the data is determined. The level of security is determined to satisfy or not satisfy a threshold level. If the level of security satisfies the threshold level, the computer is connected and the message is transferred using the level of security. If the level of security does not satisfy the threshold level, then based on the level of security, an action to change the level of security is determined so that the changed level of security satisfies the threshold level. The action changes a method of network layer encryption for the transfer and/or a protocol specifying whether application layer encryption is utilized for the transfer. The action is executed to connect the computer and transfer the message using the changed level of security.

公开(公告)号：US09756060B2

公开(公告)日：2017-09-05

申请号：US15351601

申请日：2016-11-15

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L29/06 ,  G06F21/55 ,  H04L29/08

CPC classification number: H04L63/1433 ,  G06F21/55 ,  G06F21/552 ,  G06F21/554 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/20 ,  H04L67/02

Abstract: An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level.

公开(公告)号：US20170126739A1

公开(公告)日：2017-05-04

申请号：US15403269

申请日：2017-01-11

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L29/06

CPC classification number: H04L63/168 ,  G06F21/606 ,  G06F2221/2113 ,  H04L63/0428 ,  H04L63/105 ,  H04L63/164 ,  H04L63/166 ,  H04L63/20 ,  H04L63/205 ,  H04W12/02

Abstract: An approach is provided for managing a message in a transfer from a computer. A level of security protecting the transfer of the data is determined. The level of security is determined to satisfy or not satisfy a threshold level. If the level of security satisfies the threshold level, the computer is connected and the message is transferred using the level of security. If the level of security does not satisfy the threshold level, then based on the level of security, an action to change the level of security is determined so that the changed level of security satisfies the threshold level. The action changes a method of network layer encryption for the transfer and/or a protocol specifying whether application layer encryption is utilized for the transfer. The action is executed to connect the computer and transfer the message using the changed level of security.

公开(公告)号：US09569476B2

公开(公告)日：2017-02-14

申请号：US13855364

申请日：2013-04-02

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Ryan G. Dejana ,  Lisa Seacat Deluca ,  Brian D. Goodman ,  Daniel C. Krook

IPC: G06F17/30 ,  G06F3/06

CPC classification number: G06F17/302 ,  G06F3/0608 ,  G06F3/0631 ,  G06F3/0635 ,  G06F3/0643 ,  G06F3/0665 ,  G06F3/067 ,  G06F17/30312

Abstract: Approaches for routing data to storage are provided. An approach includes determining implicit metadata from explicit metadata received with a request from a user to store a file. The approach also includes determining a storage resource based on the explicit metadata, the implicit metadata, and a registry of storage resources. The approach additionally includes routing data of the file to the determined storage resource.

Abstract translation: 提供了将数据路由到存储的方法。 一种方法包括根据来自用户的用于存储文件的请求接收的显式元数据来确定隐式元数据。 该方法还包括基于显式元数据，隐式元数据和存储资源的注册表来确定存储资源。 该方法另外包括文件的路由数据到确定的存储资源。

公开(公告)号：US20160359920A1

公开(公告)日：2016-12-08

申请号：US15241226

申请日：2016-08-19

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/20 ,  G06F21/121 ,  G06F21/123 ,  G06F21/6209 ,  G06F2221/2111 ,  H04L41/0893 ,  H04L41/5096 ,  H04L67/10 ,  H04L67/18 ,  H04W12/08

Abstract: Embodiments of the present invention provide approaches for enforcing runtime policies in a networked computing environment (e.g., a cloud computing environment). Specifically, in a typical embodiment, computer code and data of an application is annotated with metadata defining a set of runtime policies for executing the computer code and data. Once a request is received to run the application, a set of parameters (e.g., geographic location) corresponding to the execution of the computer code and data of the application is dynamically determined, and compared to the runtime policies. The runtime policies for executing the computer code and data are then enforced at runtime. This includes either running the application, or preventing the running of the application in the case that the set of parameters corresponding to the execution of the computer code and data of the application do not satisfy the runtime policies.

公开(公告)号：US20160269499A1

公开(公告)日：2016-09-15

申请号：US15163983

申请日：2016-05-25

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L29/08 ,  H04L12/26

CPC classification number: H04L67/22 ,  H04L43/16 ,  H04L67/10 ,  H04L67/30 ,  H04W4/046 ,  H04W4/60

Abstract: An approach for user identity management in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, historical command usage within a server environment is analyzed to determine the characteristics of the commands being run against a cloud resource to determine with a confidence rating the likelihood the commands are being executed by a certain user. Such an approach allows for more efficient user identity management in order to optimize cloud security and system administration.

Abstract translation: 提供了一种用于虚拟化/联网（例如，云）计算环境中的用户身份管理的方法。 在典型的实施例中，分析服务器环境内的历史命令使用以确定针对云资源运行的命令的特性，以确定命中由某个用户执行的可能性的置信度。 这种方法允许更有效的用户身份管理，以优化云安全性和系统管理。

公开(公告)号：US20150324593A1

公开(公告)日：2015-11-12

申请号：US14274167

申请日：2014-05-09

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: G06F21/60 ,  H04W12/02 ,  H04L29/06

CPC classification number: H04L63/168 ,  G06F21/606 ,  G06F2221/2113 ,  H04L63/0428 ,  H04L63/105 ,  H04L63/164 ,  H04L63/166 ,  H04L63/20 ,  H04L63/205 ,  H04W12/02

Abstract: An approach is provided for managing a message in a transfer from a computer. A level of sensitivity of data in a payload of the message is determined. A level of security protecting the transfer of the data is determined. Based on the level of sensitivity, the level of security is determined to satisfy or not satisfy a threshold level. If the level of security satisfies the threshold level, the computer is connected and the message is transferred using the level of security. If the level of security does not satisfy the threshold level, then based on the levels of sensitivity and security, an action to change the level of security is determined so that the changed level of security satisfies the threshold level. The action is executed to connect the computer and transfer the message using the changed level of security.

Abstract translation: 提供了一种用于管理来自计算机的传送中的消息的方法。 确定消息的有效载荷中的数据的灵敏度级别。 确定保护数据传输的安全级别。 基于灵敏度级别，确定安全级别以满足或不满足阈值级别。 如果安全级别达到阈值级别，则计算机连接，并且使用安全级别传输消息。 如果安全级别不满足阈值级别，则基于灵敏度和安全级别，确定改变安全级别的动作，使得安全级别的变化满足阈值级别。 执行该操作以连接计算机并使用更改的安全级别传输消息。

公开(公告)号：US20150101017A1

公开(公告)日：2015-04-09

申请号：US14049553

申请日：2013-10-09

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L41/5061 ,  H04L41/5064 ,  H04L67/10 ,  H04W4/60

Abstract: An approach for facilitating collaborative support to a user in a networked computing environment (e.g., a cloud computing environment) is provided. In one aspect, specifications that describe a networked resource (e.g., a cloud resource) are retrieved. A set of preferences that specify a set of collaborators and a set of access limitations for the set of collaborators with respect to the networked resource are gathered in response to a request for help by a user. Also in response to the request, a clone of the networked resource is created. A collaborator from the set of collaborators is granted access to clone the networked resource having the set of access limitations. The collaborator can access the clone of the networked resource (e.g., to provide support to the user) until a terminating condition is met, at which time the collaborators' access to the clone is terminated.

Abstract translation: 提供了一种用于在网络计算环境（例如，云计算环境）中促进对用户的协作支持的方法。 在一个方面，检索描述网络资源（例如，云资源）的规范。 响应于用户的帮助请求，收集指定一组协作者的一组偏好以及针对联网的资源的一组协作者的一组访问限制。 另外，响应该请求，创建联网资源的克隆。 来自该组合作者的协作者被授予访问权以克隆具有一组访问限制的联网资源。 协作者可以访问联网资源的克隆（例如，为用户提供支持），直到满足终止条件，此时协作者对克隆的访问被终止。

公开(公告)号：US20140359110A1

公开(公告)日：2014-12-04

申请号：US13909127

申请日：2013-06-04

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L12/911

CPC classification number: H04L47/70 ,  G06F9/50

Abstract: An approach for authorizing an action requested by a user in a networked computing environment (e.g., a cloud computing environment) is provided. In a typical embodiment, a request for a particular action associated with a computing resource is received. The connected systems which may be affected by the requested action are identified. The actual users of the connected systems are determined. A response from each of the actual users is requested. The responses are collected and weighted to determine if authorization for the requested action is granted.

Abstract translation: 提供了一种用于授权用户在网络计算环境（例如，云计算环境）中请求的动作的方法。 在典型的实施例中，接收与计算资源相关联的特定动作的请求。 识别可能受到请求动作影响的连接系统。 确定连接系统的实际用户。 请求来自每个实际用户的响应。 收集和加权回复以确定是否授予所请求的操作的授权。

公开(公告)号：US20140330782A1

公开(公告)日：2014-11-06

申请号：US13875839

申请日：2013-05-02

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: G06F17/30

Abstract: An approach is provided to automatically replicate content to certain servers in a networking environment based on, amongst other metrics, location of third parties accessing information in a social networking environment. The approach includes obtaining content from a user within a networked environment and analyzing information of one or more third parties that have access to the networked environment and who have an association with the user. The approach further includes replicating the content to one or more servers within the networked environment based on the analyzed information of the one or more third parties.

Abstract translation: 提供了一种方法，用于基于在社交网络环境中访问信息的第三方的位置以及其他指标，在网络环境中自动复制内容到某些服务器。 该方法包括从网络环境中的用户获得内容，并分析访问网络环境并与用户具有关联性的一个或多个第三方的信息。 该方法还包括基于所分析的一个或多个第三方的信息将内容复制到联网环境中的一个或多个服务器。