DR. RONALD P WILLIAMS, MD
Medical Practice at 38 St, Austin, TX

7647630, Jan 12, 2010

Dec 15, 2005

11/304971

Diana J. Arroyo - Austin TX, US
Damir A. Jamsek - Austin TX, US
Sridhar R. Muppidi - Austin TX, US
Kimberly D. Simon - Austin TX, US
Ronald B. Williams - Austin TX, US

International Business Machines Corporation - Armonk NY

G06F 7/04, G06F 12/00

726 21, 713167, 713170, 713181, 713166

A method for authorizing information flows based on security information associated with information objects is provided. A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.

7975295, Jul 5, 2011

May 30, 2008

12/130027

Diana J. Arroyo - Austin TX, US
Damir A. Jamsek - Austin TX, US
Sridhar R. Muppidi - Austin TX, US
Kimberly D. Simon - Austin TX, US
Ronald B. Williams - Austin TX, US

International Business Machines Corporation - Armonk NY

G06F 11/00

726 21, 713176, 713170, 713166, 713167, 726 4

A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.

7512792, Mar 31, 2009

Dec 15, 2005

11/304853

Diana J. Arroyo - Austin TX, US
Damir A. Jamsek - Austin TX, US
Sridhar R. Muppidi - Austin TX, US
Kimberly D. Simon - Austin TX, US
Ronald B. Williams - Austin TX, US

International Business Machines Corporation - Armonk NY

H04L 9/00, G06F 7/04, G06F 12/14

713167, 726 4, 726 17, 726 27

A reference monitor system, apparatus, computer program product and method are provided. In one illustrative embodiment, elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.

2007014, Jun 21, 2007

Dec 15, 2005

11/304933

Diana Arroyo - Austin TX, US
George Blakley - Round Rock TX, US
Damir Jamsek - Austin TX, US
Sridhar Muppidi - Austin TX, US
Kimberly Simon - Austin TX, US
Ronald Williams - Austin TX, US

H04L 9/32, H04N 7/16, G06F 17/30, H04L 9/00, G06F 12/14, G06F 7/04, G06F 12/00, G06K 9/00, G06F 13/00, H03M 1/68, H04K 1/00, G06F 7/58, G06K 19/00, G11C 7/00

713166000, 713165000, 713167000, 726026000, 726027000, 726030000, 726020000, 713175000, 713172000

A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.

8005965, Aug 23, 2011

Jun 30, 2001

09/896195

Ronald B. Williams - Austin TX, US

International Business Machines Corporation - Armonk NY

G06F 15/16

709228, 709224, 709227, 709229

A methodology for providing secure session management is presented. After a single-use token has been issued to a client, it presents the token, and the server may identify the client based upon the presented token. However, the token may be used only once without being refreshed prior to re-use, thereby causing the token to be essentially reissued upon each use. The token comprises a session identifier that allows the issuer of the token to perform session management with respect to the receiving entity. Tokens can be classified into two types: domain tokens and service tokens. Domain tokens represent a client identity to a secure domain, and service tokens represent a client identity to a specific service. A domain token may be used with any service within a domain that recognizes the domain token, but a service token is specific to the service from which it was obtained.

8527754, Sep 3, 2013

Aug 19, 2011

13/213799

Diana J. Arroyo - Austin TX, US
Damir A. Jamsek - Austin TX, US
Sridhar R. Muppidi - Austin TX, US
Kimberly D. Simon - Austin TX, US
Ronald B. Williams - Austin TX, US

International Business Machines Corporation - Armonk NY

H04L 29/06

713167, 709221

A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.