-
公开(公告)号:US20170104587A1
公开(公告)日:2017-04-13
申请号:US15386693
申请日:2016-12-21
Applicant: International Business Machines Corporation
Inventor: Jonathan M. Barney , Cataldo Mega , Edmond Plattier , Daniel Suski
CPC classification number: H04L9/083 , G06F21/602 , H04L9/0643 , H04L9/0841 , H04L9/0869 , H04L9/32 , H04L63/0272 , H04L63/0428 , H04L63/0471 , H04L63/0478 , H04L63/062
Abstract: In response to at least one message received by a processor of a gateway server from a user device wherein each message requests that an encryption key be downloaded to the user device, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.
-
公开(公告)号:US10270593B2
公开(公告)日:2019-04-23
申请号:US15884588
申请日:2018-01-31
Applicant: International Business Machines Corporation
Inventor: Jonathan M. Barney , Cataldo Mega , Edmond Plattier , Daniel Suski
Abstract: In response to at least one message received by a processor of a gateway server from a user device wherein each message requests that an encryption key be downloaded to the user device, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.
-
公开(公告)号:US20180152291A1
公开(公告)日:2018-05-31
申请号:US15884588
申请日:2018-01-31
Applicant: International Business Machines Corporation
Inventor: Jonathan M. Barney , Cataldo Mega , Edmond Plattier , Daniel Suski
CPC classification number: H04L9/083 , G06F21/602 , H04L9/0643 , H04L9/0841 , H04L9/0869 , H04L9/32 , H04L63/0272 , H04L63/0428 , H04L63/0471 , H04L63/0478 , H04L63/062
Abstract: In response to at least one message received by a processor of a gateway server from a user device wherein each message requests that an encryption key be downloaded to the user device, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.
-
公开(公告)号:US09705884B2
公开(公告)日:2017-07-11
申请号:US14865662
申请日:2015-09-25
Applicant: International Business Machines Corporation
Inventor: Tamer E. Abuelsaad , Jonathan M. Barney , Carlos A. Hoyos , Robert R. Wentworth
IPC: H04L29/06
CPC classification number: H04L63/101 , H04L63/104
Abstract: Embodiments of the present invention disclose a method, system, and computer program product for intelligent access control. A computer detects a new user or modifications made to an existing user in an access control list. The computer determines which other users share an attribute with the newly added or modified employee and then determines which asset(s) are associated with the determined group(s). The computer determines the correlation value between the group(s) and the asset. Based on the determined correlation value, the computer determines whether the newly added or modified employee should have access to the asset.
-
公开(公告)号:US09003480B2
公开(公告)日:2015-04-07
申请号:US13799257
申请日:2013-03-13
Applicant: International Business Machines Corporation
Inventor: Jonathan M. Barney , Carlos A. Hoyos , Ryan G. Dejana , Daniel C. Krook
CPC classification number: G06F21/6218 , G06F21/554 , G06F21/604 , G06F2221/2105 , G06F2221/2143 , H04L63/20
Abstract: A client computer extracts contextual information associated with a file that is created. The client computer generates scores for the file by utilizing the contextual information that is extracted. The client computer assigns a value to the file, based on an aggregation of the scores that are generated. The client computer monitors activities on the client computer, wherein the activities trigger an event on the client computer. The client computer determines whether the event is in violation of one or more computer security policies on a server computer, wherein the one or more computer security policies require work-related files to be deleted or encrypted. The client computer classifies the file as personal data or work-related business data. The client computer secures the file, if the file is classified as work-related business data.
Abstract translation: 客户端计算机提取与创建的文件相关联的上下文信息。 客户端计算机通过利用提取的上下文信息来生成文件的分数。 客户端计算机根据生成的分数的聚合为文件分配一个值。 客户端计算机监视客户端计算机上的活动,其中活动触发客户端计算机上的事件。 客户端计算机确定事件是否违反服务器计算机上的一个或多个计算机安全策略,其中一个或多个计算机安全策略要求删除或加密工作相关文件。 客户端计算机将文件分类为个人数据或与工作相关的业务数据。 如果文件被归类为工作相关业务数据,则客户端计算机将文件保护。
-
Patent Agency Ranking
公开(公告)号:US09560019B2
公开(公告)日:2017-01-31
申请号:US14183735
申请日:2014-02-19
Applicant: International Business Machines Corporation
Inventor: Jonathan M. Barney , Cataldo Mega , Edmond Plattier , Daniel Suski
IPC: H04L29/06
CPC classification number: H04L9/083 , G06F21/602 , H04L9/0643 , H04L9/0841 , H04L9/0869 , H04L9/32 , H04L63/0272 , H04L63/0428 , H04L63/0471 , H04L63/0478 , H04L63/062
Abstract: A method and system for managing data security in a computing environment. A processor at the gateway server receives, from a user device, at least one message. Each message requests that an encryption key be downloaded to the user device. The gateway server interfaces between the user device and a cloud that includes interconnected computing systems external to the user device. In response to the received at least one message, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.
Abstract translation: 一种用于在计算环境中管理数据安全性的方法和系统。 网关服务器处的处理器从用户设备接收至少一个消息。 每个消息请求将加密密钥下载到用户设备。 网关服务器在用户设备和包括用户设备外部的互连计算系统的云之间进行接口。 响应于接收到的至少一个消息,处理器为每个消息生成至少一个唯一的加密密钥,并将至少一个所生成的加密密钥发送给用户设备,但不将所生成的任何加密密钥存储在云中。 对于已经发送到用户设备的每个加密密钥,处理器接收从用户设备返回的每个加密密钥。 对于从用户设备接收的每个加密密钥,处理器将每个接收的加密密钥存储在云中。
-
公开(公告)号:US09548866B2
公开(公告)日:2017-01-17
申请号:US15046673
申请日:2016-02-18
Applicant: International Business Machines Corporation
Inventor: Jonathan M. Barney , David Lebutsch , Cataldo Mega , Stefan Schleipen , Tim Waizenegger
CPC classification number: H04L9/3242 , G06F12/1408 , G06F21/6218 , G06F21/78 , G06F2212/1052 , G06F2221/2143 , H04L9/14 , H04L2209/24
Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.
Abstract translation: 数据处理和存储装置具有硬件安全模块和存储加密数据对象的数据存储介质和形成有根树的加密分区表和散列节点的分层数据维护结构,其中给定的分区表包括对 给定的加密数据对象和用于解密的第一加密密钥,其中给定的散列节点包括对分区表或散列节点的第二参考,以及适合于其解密的第二密码密钥,并且其中根节点可以使用 存储在硬件安全模块中的主密码密钥,给定的数据对象经由给定分区表的第一和第二参考以及给定的散列节点分配给根节点,该散列节点形成有根树中的一组连续节点。
-
公开(公告)号:US20140310513A1
公开(公告)日:2014-10-16
申请号:US14183735
申请日:2014-02-19
Applicant: International Business Machines Corporation
Inventor: Jonathan M. Barney , Cataldo Mega , Edmond Plattier , Daniel Suski
CPC classification number: H04L9/083 , G06F21/602 , H04L9/0643 , H04L9/0841 , H04L9/0869 , H04L9/32 , H04L63/0272 , H04L63/0428 , H04L63/0471 , H04L63/0478 , H04L63/062
Abstract: A method and system for managing data security in a computing environment. A processor at the gateway server receives, from a user device, at least one message. Each message requests that an encryption key be downloaded to the user device. The gateway server interfaces between the user device and a cloud that includes interconnected computing systems external to the user device. In response to the received at least one message, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.
Abstract translation: 一种用于在计算环境中管理数据安全性的方法和系统。 网关服务器处的处理器从用户设备接收至少一个消息。 每个消息请求将加密密钥下载到用户设备。 网关服务器在用户设备和包括用户设备外部的互连计算系统的云之间进行接口。 响应于接收到的至少一个消息,处理器为每个消息生成至少一个唯一的加密密钥,并将至少一个所生成的加密密钥发送给用户设备,但不将所生成的任何加密密钥存储在云中。 对于已经发送到用户设备的每个加密密钥,处理器接收从用户设备返回的每个加密密钥。 对于从用户设备接收的每个加密密钥,处理器将每个接收的加密密钥存储在云中。
-
公开(公告)号:US09948458B2
公开(公告)日:2018-04-17
申请号:US15386693
申请日:2016-12-21
Applicant: International Business Machines Corporation
Inventor: Jonathan M. Barney , Cataldo Mega , Edmond Plattier , Daniel Suski
CPC classification number: H04L9/083 , G06F21/602 , H04L9/0643 , H04L9/0841 , H04L9/0869 , H04L9/32 , H04L63/0272 , H04L63/0428 , H04L63/0471 , H04L63/0478 , H04L63/062
Abstract: In response to at least one message received by a processor of a gateway server from a user device wherein each message requests that an encryption key be downloaded to the user device, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.
-
公开(公告)号:US20170093871A1
公开(公告)日:2017-03-30
申请号:US14865662
申请日:2015-09-25
Applicant: International Business Machines Corporation
Inventor: Tamer E. Abuelsaad , Jonathan M. Barney , Carlos A. Hoyos , Robert R. Wentworth
IPC: H04L29/06
CPC classification number: H04L63/101 , H04L63/104
Abstract: Embodiments of the present invention disclose a method, system, and computer program product for intelligent access control. A computer detects a new user or modifications made to an existing user in an access control list. The computer determines which other users share an attribute with the newly added or modified employee and then determines which asset(s) are associated with the determined group(s). The computer determines the correlation value between the group(s) and the asset. Based on the determined correlation value, the computer determines whether the newly added or modified employee should have access to the asset.
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.018 seconds)
