Patents by Inventor Itai Ephraim Zilbershtein
Itai Ephraim Zilbershtein has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11954185Abstract: Techniques for preventing rendering content from content delivery network (CDN) to unauthorized users are described herein. In accordance with various embodiments, a CDN includes one or more processors and a non-transitory memory. The CDN receives a request from a client device for a media content item, where the request indicates an identifier of a client. The CDN further provisions an encrypted media content item corresponding to the media content item for the client, where at least a portion of the encrypted media content item is encrypted using at least one personalized key assigned to the client. The CDN also facilitates obtaining a manifest corresponding to the encrypted media content item, where the manifest specifies encryption metadata for retrieving the at least one personalized key by the client. The CDN additionally sends the encrypted media content item and the manifest to the client device.Type: GrantFiled: March 23, 2022Date of Patent: April 9, 2024Assignee: Synamedia LimitedInventors: Moshe Elad, David Livshits, Itai Ephraim Zilbershtein
-
Publication number: 20240086550Abstract: Techniques for zero-trust cloud deployment are described herein. In accordance with various embodiments, a device including a processor and a non-transitory memory derives a key from deployment metadata of a virtual machine, where the deployment metadata change with each deployment of the virtual machine. The device then encrypts secrets using the key to bind the key to the virtual machine. The device further deploys the virtual machine in a cloud using the deployment metadata, including loading the encrypted secrets to the deployed virtual machine in the cloud.Type: ApplicationFiled: September 13, 2022Publication date: March 14, 2024Inventors: Assaf Yosef Tamir, Itai Ephraim Zilbershtein, Steven Jason Epstein, Michal Irit Devir
-
Publication number: 20230306090Abstract: Techniques for preventing rendering content from content delivery network (CDN) to unauthorized users are described herein. In accordance with various embodiments, a CDN includes one or more processors and a non-transitory memory. The CDN receives a request from a client device for a media content item, where the request indicates an identifier of a client. The CDN further provisions an encrypted media content item corresponding to the media content item for the client, where at least a portion of the encrypted media content item is encrypted using at least one personalized key assigned to the client. The CDN also facilitates obtaining a manifest corresponding to the encrypted media content item, where the manifest specifies encryption metadata for retrieving the at least one personalized key by the client. The CDN additionally sends the encrypted media content item and the manifest to the client device.Type: ApplicationFiled: March 23, 2022Publication date: September 28, 2023Inventors: Moshe Elad, David Livshits, Itai Ephraim Zilbershtein
-
Publication number: 20230113594Abstract: Techniques for embedding secure feature selection at content delivery network (CDN) edge are described. In accordance with various embodiments, server(s) in a cloud receive from a client device a request for a media URL associated with a media asset. The server(s) identify feature state(s) associated with the client device and the media asset on a CDN edge node hosting the media asset. The server(s) then selectively generate a unique token or a common token specifying the feature state(s) before sending the media URL including the unique token or the common token to the client device. Upon receiving the media URL, the CDN edge node in an edge node with features deployed, determines whether the media URL causes a cache miss. Upon determining that the media URL causes the cache miss, the CDN edge node changes a feature state of a feature, applies the feature, and provides the media asset.Type: ApplicationFiled: October 13, 2021Publication date: April 13, 2023Inventors: Assaf Yosef Tamir, Vered Anikster, Steven Jason Epstein, Itai Ephraim Zilbershtein
-
Patent number: 11570192Abstract: Techniques for detection over-the-top piracy are described. In some embodiments, a piracy detection method is performed at a server by a piracy detector. The piracy detector obtains records associated with requests for access from a plurality of client devices. The piracy detector further distributes the records to a plurality of nodes according to distribution keys extracted from the records, where each of the plurality of nodes receives a respective set of records associated with a respective distribution key and generates a set of respective watch session records based on the respective set of records. The piracy detector also generates watch session records associated with the distribution keys by aggregating the respective watch session records from the plurality of nodes. The piracy detector additionally identifies one or more pirated client devices among the plurality of client devices based on clusters established from the watch session records.Type: GrantFiled: April 26, 2021Date of Patent: January 31, 2023Assignee: Synamedia LimitedInventors: Itai Ephraim Zilbershtein, Assaf Yosef Tamir, Imri Paran, Itzchak Bak, Vered Anikster
-
Publication number: 20220417241Abstract: Techniques for server control of client authorization proof of possession are described herein. In various embodiments, a first server provisions client authorization proof of possession for a client device a real-world time, a client public key, and a client private key. The first server generates provisioning response message(s) including the client public key, the client private key, the real-world time, and/or an assertion object, and sends the message(s) to the client device. In various embodiments, a client device obtains an authorization proof token generated based on a client public key, a client private key, and a real-world time provisioned by a first server. The client device generates a request and sends the request to a second server, the request includes the authorization proof token and an assertion object from the first server signed by a server private key and an expiration time and a reference to the client public key.Type: ApplicationFiled: January 26, 2022Publication date: December 29, 2022Inventors: Itai Ephraim Zilbershtein, Moshe Elad, Ezra Darshan, David Livshits, Michael Joseph Burns, Assaf Yosef Tamir
-
Publication number: 20220417028Abstract: Techniques for server control of client authorization proof of possession are described herein. In various embodiments, a first server provisions client authorization proof of possession for a client device a real-world time, a client public key, and a client private key. The first server generates provisioning response message(s) including the client public key, the client private key, the real-world time, and/or an assertion object, and sends the message(s) to the client device. In various embodiments, a client device obtains an authorization proof token generated based on a client public key, a client private key, and a real-world time provisioned by a first server. The client device generates a request and sends the request to a second server, the request includes the authorization proof token and an assertion object from the first server signed by a server private key and an expiration time and a reference to the client public key.Type: ApplicationFiled: January 26, 2022Publication date: December 29, 2022Inventors: Itai Ephraim Zilbershtein, Moshe Elad, Ezra Darshan, David Livshits, Michael Joseph Burns, Assaf Yosef Tamir
-
Patent number: 11516239Abstract: System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group.Type: GrantFiled: November 4, 2020Date of Patent: November 29, 2022Assignee: ALLOT LTD.Inventors: Nimrod Dezent, Itai Ephraim Zilbershtein, Asaf Shahar
-
Publication number: 20220345474Abstract: Techniques for detection over-the-top piracy are described. In some embodiments, a piracy detection method is performed at a server by a piracy detector. The piracy detector obtains records associated with requests for access from a plurality of client devices. The piracy detector further distributes the records to a plurality of nodes according to distribution keys extracted from the records, where each of the plurality of nodes receives a respective set of records associated with a respective distribution key and generates a set of respective watch session records based on the respective set of records. The piracy detector also generates watch session records associated with the distribution keys by aggregating the respective watch session records from the plurality of nodes. The piracy detector additionally identifies one or more pirated client devices among the plurality of client devices based on clusters established from the watch session records.Type: ApplicationFiled: April 26, 2021Publication date: October 27, 2022Inventors: Itai Ephraim Zilbershtein, Assaf Yosef Tamir, Imri Paran, Itzchak Bak, Vered Anikster
-
Patent number: 11323884Abstract: Detecting, mitigating and isolating a Signaling Storm, particularly in 5G communication networks. A Control Plane signal probe is connected at a first network node located between a Radio Access Network and a 5G Core Network, to monitor control messages originating from 5G-capable devices. A User Plane signal probe is connected at a second network node located between the 5G Core Network and remote entities to which the 5G-capable devices are sending messages, to monitor control messages passing through the second network node. An Inventory Management sub-system stores data correlating between 5G-capable devices and IMSI numbers. A Protector Unit is configured to receive (i) data collected by the Control Plane signal probe, and (ii) data collected by the User Plane signal probe, and (iii) a subset of IMSI numbers. The Protector Unit performs Machine Learning analysis, and detects and quarantines particular 5G-capable devices that are compromised or malfunctioning.Type: GrantFiled: August 20, 2019Date of Patent: May 3, 2022Assignee: ALLOT LTD.Inventors: Boris Lifshitz, Itai Weissman, Itai Ephraim Zilbershtein, Nimrod Dezent
-
Patent number: 11323310Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.Type: GrantFiled: October 22, 2020Date of Patent: May 3, 2022Assignee: ALLOT LTD.Inventors: Itai Ephraim Zilbershtein, Nimrod Dezent, Alon Hazay, Itai Weissman, Boris Lifshitz
-
Publication number: 20210051167Abstract: System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group.Type: ApplicationFiled: November 4, 2020Publication date: February 18, 2021Inventors: Nimrod Dezent, Itai Ephraim Zilbershtein, Asaf Shahar
-
Publication number: 20210044476Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.Type: ApplicationFiled: October 22, 2020Publication date: February 11, 2021Inventors: Itai Ephraim Zilbershtein, Nimrod Dezent, Alon Hazay, Itai Weissman, Boris Lifshitz
-
Patent number: 10862911Abstract: System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group.Type: GrantFiled: June 26, 2018Date of Patent: December 8, 2020Assignee: ALLOT LTD.Inventors: Nimrod Dezent, Itai Ephraim Zilbershtein, Asaf Shahar
-
Patent number: 10833981Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.Type: GrantFiled: June 24, 2019Date of Patent: November 10, 2020Assignee: ALLOT LTD.Inventors: Itai Ephraim Zilbershtein, Nimrod Dezent, Alon Hazay, Itai Weissman, Boris Lifshitz
-
Publication number: 20190380037Abstract: Detecting, mitigating and isolating a Signaling Storm, particularly in 5G communication networks. A Control Plane signal probe is connected at a first network node located between a Radio Access Network and a 5G Core Network, to monitor control messages originating from 5G-capable devices. A User Plane signal probe is connected at a second network node located between the 5G Core Network and remote entities to which the 5G-capable devices are sending messages, to monitor control messages passing through the second network node. An Inventory Management sub-system stores data correlating between 5G-capable devices and IMSI numbers. A Protector Unit is configured to receive (i) data collected by the Control Plane signal probe, and (ii) data collected by the User Plane signal probe, and (iii) a subset of IMSI numbers. The Protector Unit performs Machine Learning analysis, and detects and quarantines particular 5G-capable devices that are compromised or malfunctioning.Type: ApplicationFiled: August 20, 2019Publication date: December 12, 2019Inventors: Boris Lifshitz, Itai Weissman, Itai Ephraim Zilbershtein, Nimrod Dezent
-
Publication number: 20180375887Abstract: System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group.Type: ApplicationFiled: June 26, 2018Publication date: December 27, 2018Inventors: Nimrod Dezent, Itai Ephraim Zilbershtein, Asaf Shahar
-
Patent number: 9088494Abstract: A method of avoiding packet fragmentation. The method includes receiving a data packet belonging to a data connection, determining whether the received data packet was fragmented or determining whether the received data packet is expected to be fragmented on the way to its destination and registering the data connection of the received packet in a list of connections that carried packets that were fragmented or were expected to be fragmented.Type: GrantFiled: June 26, 2002Date of Patent: July 21, 2015Assignee: Avaya Communication Israel LTD.Inventors: Emek Sadot, Itai Ephraim Zilbershtein
-
Patent number: 9009585Abstract: A method of creating a software wizard. The method involves receiving, by a computer, an instruction to create a wizard, displaying by the computer one or more forms, created before receiving the instruction to create the wizard, receiving by the computer one or more customization instructions of at least one of the displayed one or more forms and storing a file defining a wizard including the displayed one or more forms as customized by the one or more customization instructions.Type: GrantFiled: March 18, 2008Date of Patent: April 14, 2015Assignees: Avaya Technology LLC, Avaya Communication Israel Ltd.Inventors: Ronen Ben Chetrit, Dan Gluskin, Nimrod Dezent, Itai Ephraim Zilbershtein, Kurt H. Haserodt
-
Patent number: 8990396Abstract: An improved caching method comprising: (a) employing circuitry to identify and analyze a plurality of data streams, each of said data streams resulting from a request to access a same content item stored in a cache; (b) calculating an initial access interval for said content item based upon said analyzing; and (c) adjusting a data transfer rate in at least one of said data streams in order to reduce said initial access interval to a reduced access interval.Type: GrantFiled: July 7, 2006Date of Patent: March 24, 2015Assignee: Avaya Communication Israel Ltd.Inventors: Itai Ephraim Zilbershtein, Shlomo Biton, Dan Gluskin