Allan C Hsu

US Patent:

7549166, Jun 16, 2009

Filed:

Dec 5, 2002

Appl. No.:

10/313728

Inventors:

Paul T. Baffes - Austin TX, US
John Michael Garrison - Austin TX, US
Michael Gilfix - Austin TX, US
Allan Hsu - Centerville OH, US
Tyron Jerrod Stading - Austin TX, US
Ronald S. Woan - Austin TX, US
John D. Wolpert - Austin TX, US
Shawn L. Young - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 11/00
G06F 7/04

US Classification:

726 23, 726 24, 726 27

Abstract:

A method and system for handling a malicious intrusion to a machine in a networked group of computers. The malicious intrusion is an unauthorized access to the machine, such as a server in a server farm. When the intrusion is detected, the machine is isolated from the rest of the server farm, and the machine is reprovisioned as a decoy system having access to only data that is ersatz or at least non-sensitive. If the intrusion is determined to be non-malicious, then the machine is functionally reconnected to the server farm, and the machine is reprovisioned to a state held before the reprovisioning of the machine as a decoy machine.

US Patent:

7552472, Jun 23, 2009

Filed:

Dec 19, 2002

Appl. No.:

10/324502

Inventors:

Paul T. Baffes - Austin TX, US
John Michael Garrison - Austin TX, US
Michael Gilfix - Austin TX, US
Allan Hsu - Centerville OH, US
Tyron Jerrod Stading - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 15/177

US Classification:

726 22, 726 1, 709223, 709224, 709225

Abstract:

A system and method for developing network policy document and assuring up-to-date monitoring and automated refinement and classification of the network policy. The system administrator defines an initial policy document that is provided as the initial symbolic classifier. The classification rules remain in human readable form throughout the process. Network system data is fed through the classifier, which labels the data according to whether a policy constraint is violated. The labels are tagged to the data. The user then reviews the labels to determine whether the classification is satisfactory. If the classification of the data is satisfactory, the label is unaltered; However, if the classification is not satisfactory, the data is re-labeled. The re-labeled data is then introduced into a refinement algorithm, which determines what policy must be modified to correct classification of network events in accordance with the re-labeling. The network administrator then inspects the resulting new policy and modifies it if necessary.

US Patent:

7702914, Apr 20, 2010

Filed:

Apr 16, 2008

Appl. No.:

12/104146

Inventors:

Paul T. Baffes - Austin TX, US
John Michael Garrison - Austin TX, US
Michael Gilfix - Austin TX, US
Allan Hsu - Centerville OH, US
Tyron Jerrod Stading - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 21/00
G06F 7/04

US Classification:

713182, 726 8, 726 26

Abstract:

A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

US Patent:

7941854, May 10, 2011

Filed:

Dec 5, 2002

Appl. No.:

10/313732

Inventors:

Paul T. Baffes - Austin TX, US
John Michael Garrison - Austin TX, US
Michael Gilfix - Austin TX, US
Allan Hsu - Centerville OH, US
Tyron Jerrod Stading - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 12/14
G08B 23/00

US Classification:

726 23, 726 22, 726 24, 713164, 713167

Abstract:

A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.

US Patent:

8229903, Jul 24, 2012

Filed:

Dec 19, 2002

Appl. No.:

10/324514

Inventors:

Paul T. Baffes - Austin TX, US
John Michael Garrison - Austin TX, US
Michael Gilfix - Austin TX, US
Allan Hsu - Centerville OH, US
Tyron Jerrod Stading - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 7/00
G06F 17/00

US Classification:

707694, 707661, 707634

Abstract:

A system and method for utilizing data mining to generate a policy document or to revise theory within a policy document. A data base of unknown events is mined for application to the development of a system management policy document. The results of the data mining of the database of unknown events are automatically incorporated into a policy document, subject to user approval, to produce a new policy document or an updated version of an existing policy document.

US Patent:

20040111645, Jun 10, 2004

Filed:

Dec 5, 2002

Appl. No.:

10/313708

Inventors:

Paul Baffes - Austin TX, US
John Garrison - Austin TX, US
Michael Gilfix - Austin TX, US
Allan Hsu - Centerville OH, US
Tyron Stading - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L009/32

US Classification:

713/202000

Abstract:

A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.