Carlton Keith Mason

US Patent:

6826716, Nov 30, 2004

Filed:

Sep 26, 2001

Appl. No.:

09/963712

Inventors:

Carlton Keith Mason - Austin TX

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 1100

US Classification:

714 38, 713202, 717131

Abstract:

Testing J2EE applications, wherein J2EE applications comprise modules, the testing including identifying ( ), from an application deployment descriptor, modules comprised within the J2EE application; identifying, from an identified module, at least one QOS element; and identifying, from the identified QOS element, a software resource to be tested. Typical embodiments further including generating Java test code; identifying, for the software resource to be tested, a user identification and a user password for a user that is a member of a role intended to protect the software resource; and testing the software resource to be tested by use of the Java test code, including passing as parameters to the Java test code at run time the user identification and user password.

US Patent:

6950825, Sep 27, 2005

Filed:

May 30, 2002

Appl. No.:

10/159482

Inventors:

David Yu Chang - Austin TX, US
Ching-Yun Chao - Austin TX, US
Hyen Vui Chung - Round Rock TX, US
Carlton Keith Mason - Austin TX, US
Vishwanath Venkataramappa - Austin TX, US
Leigh Allen Williamson - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F017/30

US Classification:

707100, 707 10, 707103, 707 9, 709203, 709225

Abstract:

A security policy process which provides role-based permissions for hierarchically organized system resources such as domains, clusters, application servers, and resources, as well as topic structures for messaging services. Groups of permissions are assigned to roles, and each user is assigned a role and a level of access within the hierarchy of system resources or topics. Forward or reverse inheritance is applied to each user level-role assignment such that each user is allowed all permissions for ancestors to the assigned level or descendants to the assigned level. This allows simplified security policy definition and maintenance of user permissions as each user's permission list must only be configured and managed at one hierarchical level with one role.

US Patent:

7448066, Nov 4, 2008

Filed:

Sep 19, 2002

Appl. No.:

10/246909

Inventors:

Peter Daniel Birk - Austin TX, US
Ching-Yun Chao - Austin TX, US
Hyen Vui Chung - Round Rock TX, US
Carlton Keith Mason - Austin TX, US
Ajaykumar Karkala Reddy - Austin TX, US
Vishwanath Venkataramappa - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 7/04
G06F 17/30
G06F 9/32
H04L 9/00

US Classification:

726 1, 726 6, 713155, 713157

Abstract:

Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.

US Patent:

7810132, Oct 5, 2010

Filed:

May 20, 2008

Appl. No.:

12/123693

Inventors:

Peter Daniel Birk - Austin TX, US
Ching-Yun Chao - Austin TX, US
Hyen Vui Chung - Round Rock TX, US
Carlton Keith Mason - Austin TX, US
Ajaykumar Karkala Reddy - Austin TX, US
Vishwanath Venkataramappa - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 29/06
G06F 17/00
G06F 15/16
G06F 9/44
G06F 9/00

US Classification:

726 1, 726 6, 726 14, 713155, 713157, 719315, 719316, 709225

Abstract:

Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.

US Patent:

20050154886, Jul 14, 2005

Filed:

Jan 12, 2004

Appl. No.:

10/755828

Inventors:

Peter Birk - Austin TX, US
Ching-Yun Chao - Austin TX, US
Hyen Chung - Round Rock TX, US
Ajay Karkala - Austin TX, US
Carlton Mason - Austin TX, US
Nataraj Nagaratnam - Morrisville NC, US
Brian Smith - Raleigh NC, US
Vishwanath Venkataramappa - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L009/00

US Classification:

713168000

Abstract:

A method and system for providing a declarative trust association model that formalizes the way trust is established and requires corresponding authentication information to be presented in a standard format. Consequently, the application server may provide a guaranteed level of protection. The mechanism of the present invention provides a framework that allows an application server to enforce a trust evaluation and allows reverse proxy security server to assert a client's security identity, as well as other client security credential information. A known trust association interceptor model is extended to allow the reverse proxy security server to assert the authenticated user's security attributes. Such security attributes include, for example, group information, authentication strength, and location (i.e., where does the user enter the request, intranet vs. internet, IP address, etc.,). The security attributes can be used in making authorization decisions.

US Patent:

20050154887, Jul 14, 2005

Filed:

Jan 12, 2004

Appl. No.:

10/755835

Inventors:

Peter Birk - Austin TX, US
Ching-Yun Chao - Austin TX, US
Hyen Chung - Round Rock TX, US
Carlton Mason - Austin TX, US
Karkala Reddy - Austin TX, US
Vishwanath Venkataramappa - Austin TX, US
Dennis Riddlemoser - Austin TX, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F011/30
H04L009/00

US Classification:

713168000, 713201000, 713150000

Abstract:

State management (cookie) data is encrypted so that access control data included in the cookie is unable to be modified by the user. A hashing algorithm is performed using various fields in the cookie data and the hash value is encrypted. The hash value is combined with other data such as the user identifier and a time stamp and encrypted to form a cookie value. When a request is received, the cookie data is checked. If the token value is not in the server's cache then the token is authenticated facilitating movement of the client between servers. If the cookie does not exist or is timed out, then the user is authenticated using traditional means.

US Patent:

62532537, Jun 26, 2001

Filed:

Aug 25, 1997

Appl. No.:

8/917992

Inventors:

Carlton Keith Mason - Austin TX
Mohamad Kodeih - Austin TX
Robert Howard High - Round Rock TX

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 954

US Classification:

709315

Abstract:

A method and apparatus for optimizing references to objects in a distributed data processing system. A method is invoked in a client process by client application on a target object. In response to determining that the target object is on a remote process reference, a smart proxy determines whether the message can be processed within the client process. In response to determining that the message can be processed in the client process, the message is processed locally. Otherwise the message is sent to the target object for processing.