Patents by Inventor Noam LIRAN
Noam LIRAN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10872023Abstract: Methods for application session monitoring and control are performed by systems and apparatuses. User requests for application sessions are directed to identity providers that authenticate the users, generate responses to the requests, and determine if sessions to be established should be checked for monitoring. Session monitoring decision (SMD) systems receive the responses and data associated with the user, the user device, and/or the application and determine if monitoring is required for a session. When monitoring is required, the response to the request is provided from the SMD system to a proxy application service of an identity and access management (IAM) system which authenticates the session on behalf of the user and monitors the session. The proxy application service also takes actions against the session based on the monitoring. This overall, integrated IAM system simplifies installation, improves trust relationship uses, and improves system capabilities such as decision making and actions taken.Type: GrantFiled: September 26, 2017Date of Patent: December 22, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Noam Liran, Vitaly Khait
-
Patent number: 10834055Abstract: A system and method for cross-tenant data leakage isolation in a multi-tenant database are provided. The method includes monitoring, by a proxy device, traffic flows between a server executing at least one cloud-based application and the multi-tenant database, wherein the proxy device is connected between the server and the multi-tenant database; capturing, by the proxy device, at least a response from the multi-tenant database, wherein the response includes returned data; analyzing the response to determine if the returned data relates to a global-tenant table; upon determining that the returned data relates to the global-tenant table, modifying the response to designate at least one tenant-specific table name that the returned data belongs to; and sending the modified response to the server.Type: GrantFiled: April 25, 2019Date of Patent: November 10, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Liran Moysi, Noam Liran
-
Patent number: 10558641Abstract: A proxy module for monitoring modifications to a database and external to the database includes a query processing module to monitor traffic to and from the database. The traffic includes queries to the database. The query processing module is further to identify a query corresponding to a request to modify the database. A trigger event module is to generate a trigger event based on the request. The trigger event indicates a modification of the database associated with the request. The trigger event module is further to cause the trigger event to be communicated from the proxy module to at least one entity accessing the database.Type: GrantFiled: April 21, 2017Date of Patent: February 11, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Liran Moysi, Aviram Cohen, Noam Liran
-
Patent number: 10496664Abstract: A device configured to operate in a distributed network system includes a key-value processing system to generate at least one of a first request and a second request. The first request is to retrieve a selected one of a plurality of sub-groups of data. The first request includes a plurality of keys each including a first value identifying the selected one of the plurality of sub-groups and a respective one of a plurality of second values. Each of the second values identifies a respective subset of data within the selected one of the plurality of sub-groups. The second request is to retrieve a selected one of the subsets of data within the selected one of the plurality of sub-groups and includes a key. The key includes the first value and a selected one of the second values, and the selected one of the second values corresponds to a hash value.Type: GrantFiled: March 31, 2017Date of Patent: December 3, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Shai Kaplan, Yaniv Joseph Oliver, Noam Liran, Ido Yehiel Preizler
-
Patent number: 10452610Abstract: A storage cluster includes a plurality of key-value storage nodes categorized into sub-groups of data associated with a first value identifying the sub-group and second values identifying respective subsets of data. A key-value processing system receives at least one of a first request to retrieve a selected one of the sub-groups of data, the first request including a plurality of keys, each of the plurality of keys including the first value and a respective one of the second values, and a second request to retrieve a selected one of the subsets of data. The second request includes a key having the first value and a selected one of the second values. The selected one of the second values corresponds to a hash value. The storage cluster selectively provides at least one of the selected one of the sub-groups of data and the selected one of the subsets of data.Type: GrantFiled: March 31, 2017Date of Patent: October 22, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Shai Kaplan, Yaniv Joseph Oliver, Noam Liran, Ido Yehiel Preizler
-
Publication number: 20190319929Abstract: A system and method for cross-tenant data leakage isolation in a multi-tenant database are provided. The method includes monitoring, by a proxy device, traffic flows between a server executing at least one cloud-based application and the multi-tenant database, wherein the proxy device is connected between the server and the multi-tenant database; capturing, by the proxy device, at least a response from the multi-tenant database, wherein the response includes returned data; analyzing the response to determine if the returned data relates to a global-tenant table; upon determining that the returned data relates to the global-tenant table, modifying the response to designate at least one tenant-specific table name that the returned data belongs to; and sending the modified response to the server.Type: ApplicationFiled: April 25, 2019Publication date: October 17, 2019Applicant: Microsoft Technology Licensing, LLC.Inventors: Liran MOYSI, Noam LIRAN
-
Patent number: 10389528Abstract: A method and proxy device for on-demand generation of cryptographic certificates. The method includes receiving, by a proxy device, a request to access a cloud application; identifying a domain name designated in the received request; determining if the identified domain name is signed by a valid cryptographic certificate saved locally in the proxy device; and sending, to a certificate generator system, a certification request to issue a new cryptographic certificate to sign the identified domain name, when the identified domain name is not a signed domain name.Type: GrantFiled: March 2, 2017Date of Patent: August 20, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Liran Moysi, Aviram Cohen, Noam Liran
-
Patent number: 10305861Abstract: A method and proxy device for cross-tenant data leakage isolation in a multi-tenant database are provided. The method includes monitoring, by a proxy device, traffic flows between a server executing at least one cloud-based application and the multi-tenant database, wherein the proxy device is communicatively connected between the server and the multi-tenant database; capturing, by the proxy device, at least a request to access the multi-tenant database, wherein the request is communicated using a database-specific protocol; analyzing the request to determine if the request is legitimate; upon determining that the request is not legitimate, modifying the request to point to a global-tenant table and to designate a unique tenant identifier, wherein the unique tenant identifier corresponds to a tenant-specific table name designated in the global-tenant table; and sending the modified request to the multi-tenant database using the database-specific protocol.Type: GrantFiled: August 29, 2016Date of Patent: May 28, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Liran Moysi, Noam Liran
-
Publication number: 20190095310Abstract: Methods for application session monitoring and control are performed by systems and apparatuses. User requests for application sessions are directed to identity providers that authenticate the users, generate responses to the requests, and determine if sessions to be established should be checked for monitoring. Session monitoring decision (SMD) systems receive the responses and data associated with the user, the user device, and/or the application and determine if monitoring is required for a session. When monitoring is required, the response to the request is provided from the SMD system to a proxy application service of an identity and access management (IAM) system which authenticates the session on behalf of the user and monitors the session. The proxy application service also takes actions against the session based on the monitoring. This overall, integrated IAM system simplifies installation, improves trust relationship uses, and improves system capabilities such as decision making and actions taken.Type: ApplicationFiled: September 26, 2017Publication date: March 28, 2019Inventors: Noam Liran, Vitaly Khait
-
Publication number: 20180307717Abstract: A proxy module for monitoring modifications to a database and external to the database includes a query processing module to monitor traffic to and from the database. The traffic includes queries to the database. The query processing module is further to identify a query corresponding to a request to modify the database. A trigger event module is to generate a trigger event based on the request. The trigger event indicates a modification of the database associated with the request. The trigger event module is further to cause the trigger event to be communicated from the proxy module to at least one entity accessing the database.Type: ApplicationFiled: April 21, 2017Publication date: October 25, 2018Inventors: Liran MOYSI, Aviram COHEN, Noam LIRAN
-
Publication number: 20180285441Abstract: A storage cluster includes a plurality of key-value storage nodes categorized into sub-groups of data associated with a first value identifying the sub-group and second values identifying respective subsets of data. A key-value processing system receives at least one of a first request to retrieve a selected one of the sub-groups of data, the first request including a plurality of keys, each of the plurality of keys including the first value and a respective one of the second values, and a second request to retrieve a selected one of the subsets of data. The second request includes a key having the first value and a selected one of the second values. The selected one of the second values corresponds to a hash value. The storage cluster selectively provides at least one of the selected one of the sub-groups of data and the selected one of the subsets of data.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventors: Shai KAPLAN, Yaniv Joseph OLIVER, Noam LIRAN, ldo Yehiel PREIZLER
-
Publication number: 20180285427Abstract: A device configured to operate in a distributed network system includes a key-value processing system to generate at least one of a first request and a second request. The first request is to retrieve a selected one of a plurality of sub-groups of data. The first request includes a plurality of keys each including a first value identifying the selected one of the plurality of sub-groups and a respective one of a plurality of second values. Each of the second values identifies a respective subset of data within the selected one of the plurality of sub-groups. The second request is to retrieve a selected one of the subsets of data within the selected one of the plurality of sub-groups and includes a key. The key includes the first value and a selected one of the second values, and the selected one of the second values corresponds to a hash value.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventors: Shai KAPLAN, Yaniv Joseph OLIVER, Noam LIRAN, Ido Yehiel PREIZLER
-
Publication number: 20180254896Abstract: A method and proxy device for on-demand generation of cryptographic certificates. The method includes receiving, by a proxy device, a request to access a cloud application; identifying a domain name designated in the received request; determining if the identified domain name is signed by a valid cryptographic certificate saved locally in the proxy device; and sending, to a certificate generator system, a certification request to issue a new cryptographic certificate to sign the identified domain name, when the identified domain name is not a signed domain name.Type: ApplicationFiled: March 2, 2017Publication date: September 6, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Liran MOYSI, Aviram COHEN, Noam LIRAN
-
Publication number: 20180063089Abstract: A method and proxy device for cross-tenant data leakage isolation in a multi-tenant database are provided. The method includes monitoring, by a proxy device, traffic flows between a server executing at least one cloud-based application and the multi-tenant database, wherein the proxy device is communicatively connected between the server and the multi-tenant database; capturing, by the proxy device, at least a request to access the multi-tenant database, wherein the request is communicated using a database-specific protocol; analyzing the request to determine if the request is legitimate; upon determining that the request is not legitimate, modifying the request to point to a global-tenant table and to designate a unique tenant identifier, wherein the unique tenant identifier corresponds to a tenant-specific table name designated in the global-tenant table; and sending the modified request to the multi-tenant database using the database-specific protocol.Type: ApplicationFiled: August 29, 2016Publication date: March 1, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Liran MOYSI, Noam LIRAN