公开(公告)号：US20210058370A1

公开(公告)日：2021-02-25

申请号：US16545977

申请日：2019-08-20

Applicant: International Business Machines Corporation

Inventor： Constantin M. Adam ,  Jeffrey E. Lammers ,  Muhammed Fatih Bulut ,  Milton H. Hernandez ,  Maja Vukovic

IPC: H04L29/06 ,  G06F21/57

Abstract: A method provides for controlling compliance remediation that includes performing compliance inspection runs by account nodes for multiple accounts. Inspection results of the inspection runs from each account node are aggregated by an account cognitive policy advisory (CPA) service. The inspection results from each account are aggregated. It is determined whether remediations are required by analyzing the inspection results combined with a current compliance mode of a server. Upon a determination that the current compliance mode of the server is a first mode, the account CPA service determines whether a policy fingerprint has changed. Upon a change to the policy fingerprint, compliance enforcement runs on the account nodes are temporarily suspended.

公开(公告)号：US10452850B2

公开(公告)日：2019-10-22

申请号：US14462203

申请日：2014-08-18

Applicant: International Business Machines Corporation

Inventor： Constantin M. Adam ,  Shang Q. Guo ,  John J. Rofrano ,  Yaoping Ruan ,  Frederick Y. Wu ,  Sai Zeng

IPC: G06F21/00 ,  G06F21/57 ,  G06F21/56

Abstract: On a computer system, a shell is invoked, through which a plurality of commands and/or scripts can be executed. Individual ones of the plurality of commands and/or scripts are validated. Given individual ones of the plurality of commands and/or scripts, for which the validation is successful, are executed via the shell.

公开(公告)号：US10348727B2

公开(公告)日：2019-07-09

申请号：US14621852

申请日：2015-02-13

Applicant: International Business Machines Corporation

Inventor： Constantin M. Adam ,  Milton H. Hernandez ,  Vugranam C. Sreedhar ,  Prema Vivekanandan

IPC: H04L29/06 ,  H04L29/08

Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

公开(公告)号：US09736160B2

公开(公告)日：2017-08-15

申请号：US14447891

申请日：2014-07-31

Applicant: International Business Machines Corporation

Inventor： Constantin M. Adam ,  Shang Q. Guo ,  John J. Rofrano ,  Yaoping Ruan ,  Frederick Yung-Fung Wu ,  Sai Zeng

IPC: G06F3/0484 ,  H04L29/06 ,  G06F3/0481

CPC classification number: H04L63/10 ,  G05B2219/23247 ,  G06F3/04817 ,  G06F3/0484 ,  H04L63/104

Abstract: Methods, systems, and computer program products for a protected graphical user interface for role-based application and data access are provided herein. A method for controlling access on an endpoint device to at least a portion of an application includes obtaining a default configuration indicating whether one or more widget functions associated with the application are enabled in a graphical user interface; modifying one or more of the widget functions in the default configuration to a disabled status in the graphical user interface based on a privilege configuration; determining if one or more user click events generated using the graphical user interface are associated with a widget function having the disabled status; and preventing the user click events having the disabled status from being provided to an operating system for further processing, wherein at least one of the steps is carried out by a computing device.

公开(公告)号：US20170177878A1

公开(公告)日：2017-06-22

申请号：US15371392

申请日：2016-12-07

Applicant: International Business Machines Corporation

Inventor： Constantin M. Adam ,  Nikolaos Anerousis ,  Vysakh K. Chandran ,  Milton H. Hernandez ,  Debasisha K. Padhi ,  Yaoping Ruan ,  Fabio M. Tanada ,  Frederick Y.-F. Wu ,  Sai Zeng

IPC: G06F21/57 ,  H04L29/06 ,  H04L29/08

CPC classification number: G06F21/577 ,  G06F2221/034 ,  H04L41/0806 ,  H04L41/0866 ,  H04L41/22 ,  H04L41/28 ,  H04L67/30 ,  H04L67/42

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

公开(公告)号：US20160241397A1

公开(公告)日：2016-08-18

申请号：US14746051

申请日：2015-06-22

Applicant: International Business Machines Corporation

Inventor： Constantin M. Adam ,  Milton H. Hernandez ,  Vugranam C. Sreedhar ,  Prema Vivekanandan

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0863 ,  H04L9/0825 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/3226

Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

Abstract translation: 方法形成用户的密钥对。 密钥对具有用户唯一的公共密钥和私钥，并且使用由用户的企业密码形成的密码来加密，以及在企业中唯一地标识用户获得访问的设备的标识。 该方法将私钥存储在用户设备中，并将公钥存储在用户访问的企业服务器中。 该方法提供从用户设备到客户端（如SSH客户端）的私钥，与密码和标识相结合，解密私钥以获取解密的密码和身份，并允许用户访问企业 服务器只有在解密的密码和识别符合密码和提供私钥的标识。

公开(公告)号：US20160048685A1

公开(公告)日：2016-02-18

申请号：US14462203

申请日：2014-08-18

Applicant: International Business Machines Corporation

Inventor： Constantin M. Adam ,  Shang Q. Guo ,  John J. Rofrano ,  Yaoping Ruan ,  Frederick Y. Wu ,  Sai Zeng

IPC: G06F21/57 ,  G06F21/56

CPC classification number: G06F21/577 ,  G06F21/563 ,  G06F2221/033

Abstract: On a computer system, a shell is invoked, through which a plurality of commands and/or scripts can be executed. Individual ones of the plurality of commands and/or scripts are validated. Given individual ones of the plurality of commands and/or scripts, for which the validation is successful, are executed via the shell.

Abstract translation: 在计算机系统上，调用shell，通过该shell可以执行多个命令和/或脚本。 多个命令和/或脚本中的单个命令和/或脚本被验证。 给定验证成功的多个命令和/或脚本中的单独的命令和/或脚本通过shell被执行。