公开(公告)号：US20170187531A1

公开(公告)日：2017-06-29

申请号：US14981160

申请日：2015-12-28

Applicant: International Business Machines Corporation

Inventor： Arun K. Iyengar ,  Ashish Kundu

IPC: H04L9/32 ,  H04L9/30 ,  H04L29/06 ,  H04L9/14

CPC classification number: H04L9/32 ,  H04L9/14 ,  H04L9/30 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/123 ,  H04L63/205 ,  H04L67/02

Abstract: A request is received for personal data associated with a user from an application. One or more policies are established for release of the requested personal data. The requested personal data is provided to the application in encrypted form. One or more decryption keys are then sent to the application in accordance with the established policies, the one or more decryption keys being utilizable for decrypting the encrypted personal data.

公开(公告)号：US20170104675A1

公开(公告)日：2017-04-13

申请号：US14876882

申请日：2015-10-07

Applicant: International Business Machines Corporation

Inventor： Arup Acharya ,  Ashish Kundu

IPC: H04L12/721 ,  H04L12/26 ,  H04L29/08

CPC classification number: H04L43/08 ,  H04L45/306 ,  H04L45/70 ,  H04L63/0421 ,  H04L63/10 ,  H04L63/1475 ,  H04L65/1006 ,  H04L65/1069 ,  H04L67/10 ,  H04L67/14 ,  H04L67/148 ,  H04L67/42

Abstract: A computer-implemented method of obfuscating communication traffic patterns occurring over a cloud-based communication infrastructure includes detecting first data communication sessions between a first communications device a second communications device via a first computer server using a network protocol. An information content threshold value associated with the first data communication sessions is accessed. A traffic pattern based on the first data communication sessions is also accessed, whereby the traffic pattern determines communication occurrences between the first and the second communication devices over a predefined time period. An information content value associated with the accessed traffic pattern is determined. Using the network protocol, the first data communication sessions via the first computer server is re-routed to a second data communication session via a second computer server based on a detection of the information content value associated with the accessed traffic pattern exceeding the information content threshold value.

公开(公告)号：US09577952B2

公开(公告)日：2017-02-21

申请号：US14836272

申请日：2015-08-26

Applicant: International Business Machines Corporation

Inventor： Kirk A. Beaty ,  Ashish Kundu ,  Ajay Mohindra ,  Vijay K. Naik

IPC: H04L12/26 ,  H04L29/08 ,  H04L29/06 ,  H04L12/911 ,  H04L12/24 ,  H04L12/927

CPC classification number: H04L47/826 ,  H04L41/5035 ,  H04L43/04 ,  H04L47/803 ,  H04L63/0428 ,  H04L67/1097 ,  H04L67/16

Abstract: Managing a service is provided. Information is collected about use of a set of resources by the service. A request is received to verify information regarding a selected portion of a period of time during the use of the set of resources by the service. A description of the use of the set of resources by the service during the selected portion of the period of time is generated using the collected information in response to receiving the request to verify the information regarding the selected portion of the period of time during the use of the set of resources by the service. A response to the request is created using the generated description of the use of the set of resources by the service during the selected portion of the period of time as proof of validity of the information.

Abstract translation: 提供管理服务。 收集关于服务使用一组资源的信息。 接收到一个请求，用于在服务中使用该组资源期间验证关于一段时间内的所选部分的信息。 响应于接收到在使用期间验证关于所选择的部分时间段的信息的请求，使用所收集的信息来生成在该时间段的选定部分期间由服务使用该资源集合的描述 的服务集资源。 在该时间段的所选择的部分期间，使用生成的对服务集合的使用的描述来创建对该请求的响应，作为信息的有效性的证明。

公开(公告)号：US20170046883A1

公开(公告)日：2017-02-16

申请号：US14823221

申请日：2015-08-11

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Michael S. Gordon ,  James R. Kozloski ,  Ashish Kundu ,  Peter K. Malkin ,  Clifford A. Pickover

IPC: G07B15/06 ,  G06Q50/30 ,  G05D1/00 ,  G06Q30/02

CPC classification number: G07B15/06 ,  G05D1/0088 ,  G06Q30/0283 ,  G06Q50/30 ,  G07B15/063

Abstract: A computer-implemented method, system, and/or computer program product enables automatic toll booth interaction with self-driving vehicles (SDVs). An SDV interrogation transceiver at a toll booth interrogates a driving mode module on an SDV. The SDV is capable of being operated in autonomous mode by an on-board SDV control processor. The driving mode module selectively controls the SDV to be operated in the autonomous mode or in manual mode, in which a human driver of the SDV manually operates the SDV. The SDV interrogation transceiver receives a driving mode descriptor of the SDV, which identifies whether the SDV currently is operating in the autonomous mode or in the manual mode while traveling on a toll road. An adjusted toll charge for the SDV to travel on the toll road is then transmitted based on the driving mode descriptor.

Abstract translation: 计算机实现的方法，系统和/或计算机程序产品使自动收费站与自驾车（SDV）的交互。 收费站的SDV询问收发器询问SDV上的驱动模式模块。 SDV能够通过板载SDV控制处理器在自主模式下运行。 驱动模式模块选择性地控制SDV在自主模式或手动模式下操作，其中SDV的人员驱动器手动操作SDV。 SDV询问收发器接收SDV的驱动模式描述符，SDV当前在收费公路上行驶时识别SDV当前是以自主模式操作还是以手动模式操作。 然后基于驾驶模式描述符传送SDV在收费公路上行驶的经调整的费用。

公开(公告)号：US09473374B2

公开(公告)日：2016-10-18

申请号：US15054955

申请日：2016-02-26

Applicant: International Business Machines Corporation

Inventor： Kirk A. Beaty ,  John G. Buckley ,  Yasuharu Katsuno ,  Ashish Kundu ,  Vijay K. Naik ,  Julia L. O'Halloran

IPC: G06F15/173 ,  H04L12/26 ,  H04L29/08 ,  H04L12/24 ,  G06F9/50 ,  G06F11/30

CPC classification number: H04L43/0876 ,  G06F9/5072 ,  G06F9/5077 ,  G06F11/3003 ,  G06F11/3006 ,  G06F11/3082 ,  G06F11/3093 ,  G06F2201/86 ,  G06F2201/875 ,  H04L41/0806 ,  H04L43/06 ,  H04L67/1002 ,  H04L67/20

Abstract: A hybrid cloud environment is provided where a user of cloud computing services is disposed to consume cloud provided services delivered by each of a plurality of cloud computing service providers. Specified event data is received at an MCS component. The event data pertains to metering events related to the cloud provided services delivered by one or more cloud service providers. Event data include event data furnished by one or more entities that actively monitor metering events at one or more local or remote cloud service provider locations. Event data are sent from the MCS component to a metering system. The metering system generates reports from the event data that contains usage information on services provided by one or more cloud service providers. Information for a provider specifies amounts and quality of each type of service delivered to users by the provider.

Abstract translation: 提供了混合云环境，其中处理云计算服务的用户以消耗由多个云计算服务提供商中的每一个提供的云提供的服务。 在MCS组件处接收指定的事件数据。 事件数据涉及与云提供的一个或多个云服务提供商提供的服务相关的计量事件。 事件数据包括由一个或多个实体提供的事件数据，其主动监视在一个或多个本地或远程云服务提供商位置处的计量事件。 事件数据从MCS组件发送到计量系统。 计量系统从包含由一个或多个云服务提供商提供的服务的使用信息的事件数据生成报告。 提供者的信息指定供应商向用户传送的每种类型的服务的数量和质量。

公开(公告)号：US09396006B2

公开(公告)日：2016-07-19

申请号：US13651266

申请日：2012-10-12

Applicant: International Business Machines Corporation

Inventor： Ashish Kundu ,  Ajay Mohindra

IPC: G06F9/455 ,  G06F9/445 ,  G06F9/50 ,  G06F21/57 ,  G06F21/00

CPC classification number: G06F9/455 ,  G06F8/63 ,  G06F9/45533 ,  G06F9/5072 ,  G06F21/00 ,  G06F21/57 ,  G06F2009/4557 ,  G06F2009/45587

Abstract: A computer implemented method distributes a virtual machine image. A request for a virtual machine image is received. Responsive to receiving the request or the virtual machine image, the authenticity of a virtual machine image catalog associated with the virtual machine image is identified. Responsive to identifying that the virtual machine image catalog is authentic, a first digital signature to be sent with the virtual machine image is determined. Responsive to determining the signature, the virtual machine image and the signature is sent.

Abstract translation: 计算机实现的方法分配虚拟机映像。 接收到对虚拟机映像的请求。 响应于接收请求或虚拟机映像，识别与虚拟机映像关联的虚拟机映像目录的真实性。 响应于识别虚拟机图像目录是真实的，将确定要与虚拟机图像一起发送的第一数字签名。 响应于确定签名，虚拟机映像和签名被发送。

公开(公告)号：US09325703B2

公开(公告)日：2016-04-26

申请号：US14192204

申请日：2014-02-27

Applicant: International Business Machines Corporation

Inventor： Ashish Kundu ,  Ruchi Mahindru ,  Ajay Mohindra ,  Valentina Salapura ,  Mahesh Viswanathan

IPC: H04L29/06

CPC classification number: H04L63/06 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/0846 ,  H04L63/20

Abstract: A method of automatic security parameter renewal including determining if a security parameter satisfies a renewal condition and automatically updating the security parameter when the renewal condition is satisfied.

Abstract translation: 一种自动安全参数更新方法，包括确定安全参数是否满足更新条件，并且在更新条件满足时自动更新安全参数。

公开(公告)号：US09300633B2

公开(公告)日：2016-03-29

申请号：US14223327

申请日：2014-03-24

Applicant: International Business Machines Corporation

Inventor： Arup Acharya ,  Kirk Alan Beaty ,  Ashish Kundu ,  Vijay K. Naik

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/0236 ,  H04L29/12386 ,  H04L61/2514 ,  H04L61/2521 ,  H04L61/2564 ,  H04L61/2575

Abstract: A cloud access manager obtains input regarding access control for at least one application deployed on a plurality of virtual machine instances in a cloud computing environment; the virtual machine instances are divided into at least first and second access zones. A cloud access manager registrar located in the cloud computing environment registers internet protocol addresses of external clients as seen from the cloud computing environment; at least some of the addresses are assigned to the clients via network address translation (NAT). Session traversal utility for NAT (STUN) is carried out to determine public internet protocol addresses assigned to the clients via NAT. The cloud access manager controls (i) access of the external clients to the plurality of virtual machine instances; and (ii) access of the plurality of virtual machine instances to each other, based on the registered internet protocol addresses, in accordance with the access zones.

Abstract translation: 云访问管理器获得关于部署在云计算环境中的多个虚拟机实例上的至少一个应用的访问控制的输入; 虚拟机实例被分成至少第一和第二接入区。 位于云计算环境中的云访问管理器注册商从云计算环境中注册外部客户端的互联网协议地址; 至少一些地址通过网络地址转换（NAT）分配给客户端。 进行NAT（STUN）的会话遍历实用程序，以确定通过NAT分配给客户端的公共网络协议地址。 云访问管理器控制（i）外部客户端对多个虚拟机实例的访问; 以及（ii）根据所述访问区域，基于所登记的因特网协议地址来访问所述多个虚拟机实例。

公开(公告)号：US09275213B2

公开(公告)日：2016-03-01

申请号：US13863255

申请日：2013-04-15

Applicant: International Business Machines Corporation

Inventor： Ashish Kundu ,  Amit A Nanavati ,  Danny Soroker

IPC: G06F21/00 ,  G06F21/35

CPC classification number: H04L9/3231 ,  G06F21/35 ,  G06F2221/031 ,  H04L9/3226

Abstract: A method and structure for entering authentication data into a device by displaying in an optical unit a key map which correlates data input into the device with keys of the device, the key map indicating data different from that of the keys of the device.

Abstract translation: 一种用于通过在光学单元中显示将输入到设备中的数据与设备的密钥相关联的键映射来将认证数据输入到设备中的方法和结构，该键映射表示与设备的键的数据不同的密钥映射。

公开(公告)号：US20140289791A1

公开(公告)日：2014-09-25

申请号：US14223327

申请日：2014-03-24

Applicant: International Business Machines Corporation

Inventor： Arup Acharya ,  Kirk Alan Beaty ,  Ashish Kundu ,  Vijay K. Naik

IPC: H04L29/06

CPC classification number: H04L63/0236 ,  H04L29/12386 ,  H04L61/2514 ,  H04L61/2521 ,  H04L61/2564 ,  H04L61/2575

Abstract: A cloud access manager obtains input regarding access control for at least one application deployed on a plurality of virtual machine instances in a cloud computing environment; the virtual machine instances are divided into at least first and second access zones. A cloud access manager registrar located in the cloud computing environment registers internet protocol addresses of external clients as seen from the cloud computing environment; at least some of the addresses are assigned to the clients via network address translation (NAT). Session traversal utility for NAT (STUN) is carried out to determine public internet protocol addresses assigned to the clients via NAT. The cloud access manager controls (i) access of the external clients to the plurality of virtual machine instances; and (ii) access of the plurality of virtual machine instances to each other, based on the registered internet protocol addresses, in accordance with the access zones.

Abstract translation: 云访问管理器获得关于部署在云计算环境中的多个虚拟机实例上的至少一个应用的访问控制的输入; 虚拟机实例被分成至少第一和第二接入区。 位于云计算环境中的云访问管理器注册商从云计算环境中注册外部客户端的互联网协议地址; 至少一些地址通过网络地址转换（NAT）分配给客户端。 进行NAT（STUN）的会话遍历实用程序，以确定通过NAT分配给客户端的公共网络协议地址。 云访问管理器控制（i）外部客户端对多个虚拟机实例的访问; 以及（ii）根据所述访问区域，基于所登记的因特网协议地址来访问所述多个虚拟机实例。