Patents by Inventor Sara Bitan
Sara Bitan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220182229Abstract: One of the main obstacles of securing industrial control systems is the lack of an appropriate security model that is both implementable by vendors and addresses the inherent security and usability issues needed by organizations. Current solutions such as device passwords and IPSec lack scalable key management infrastructure and fine granularity access control mechanisms. A security model for industrial control systems that supports organizational level authorizations and authentication requirements, while hiding the low-level details (e.g., keys and passwords) from the users is disclosed. It also enables easy addition and removal of PLCs, engineering station, HMI devices and users, and assigning permission to them. A major advantage is its support for hybrid ICS systems, characterized by co-existence of legacy devices and new devices, while using the same protocol. Devices may communicate therein either natively, or by a connected converter.Type: ApplicationFiled: December 7, 2021Publication date: June 9, 2022Applicant: Technion Research & Development Foundation LimitedInventors: Eli BIHAM, Sara BITAN-ERLICH, Alon DANKNER
-
Patent number: 11245550Abstract: A system for authenticating messages transmitted on a bus based on physical location of transmitting units, comprising a reflector adapted to inject a plurality of reflection signals at a first point of a line topology bus, each in response to each of a plurality of messages transmitted by a plurality of bus connected units and a probe adapted to intercept the messages and the reflection signals at a second point of the bus. The probe calculates propagation timing between a reception time of the message and a reception time of an associated reflection signal transmitted in response to the message and determines validity of the message according to a match between the calculated propagation timing and a predefined propagation timings associated with the bus connected units. Wherein the bus connected units are statically connected to the bus between the first point and the second point.Type: GrantFiled: December 18, 2018Date of Patent: February 8, 2022Assignee: Technion Research & Development Foundation LimitedInventors: Eli Biham, Eli Gavril, Sara Bitan-Erlich
-
Publication number: 20200403825Abstract: A system for authenticating messages transmitted on a bus based on physical location of transmitting units, comprising a reflector adapted to inject a plurality of reflection signals at a first point of a line topology bus, each in response to each of a plurality of messages transmitted by a plurality of bus connected units and a probe adapted to intercept the messages and the reflection signals at a second point of the bus. The probe calculates propagation timing between a reception time of the message and a reception time of an associated reflection signal transmitted in response to the message and determines validity of the message according to a match between the calculated propagation timing and a predefined propagation timings associated with the bus connected units. Wherein the bus connected units are statically connected to the bus between the first point and the second point.Type: ApplicationFiled: December 18, 2018Publication date: December 24, 2020Applicant: Technion Research & Development Foundation LimitedInventors: Eli BIHAM, Eli GAVRIL, Sara BITAN-ERLICH
-
Patent number: 8369526Abstract: Device, system, and method of executing secure-processing (SEP) applications. Some demonstrative embodiments include a secure-processing (SEP) hardware module including a processor capable of executing at least one SEP application, wherein the SEP hardware module is configured to perform at least one of encrypting and decrypting data handled by the SEP application using an application-specific application-key corresponding to the SEP application, only if the processor begins execution of the SEP application at an approved entry point of the SEP application, and wherein the application-key corresponding to the SEP application is based at least on an internal key internally stored by the SEP hardware module and on application-specific information corresponding to the SEP application. Other embodiments are described and claimed.Type: GrantFiled: February 12, 2009Date of Patent: February 5, 2013Assignee: Discretix Technologies Ltd.Inventors: Hagai Bar-El, Sara Bitan-Erlich
-
Patent number: 8275989Abstract: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.Type: GrantFiled: July 9, 2009Date of Patent: September 25, 2012Assignee: Microsoft CorporationInventors: Christian Huitema, Paul G. Mayfield, Brian D. Swander, Sara Bitan, Daniel R. Simon
-
Patent number: 8020197Abstract: Systems and methods for performing explicit delegation with strong authentication are described herein. Systems can include one or more clients, one or more end servers, and one or more gateways intermediate or between the client and the end server. The client may include an explicit strong delegation component that is adapted to strongly authenticate the client to the gateway. The explicit strong delegation component may also explicitly delegate to the gateway a right to authenticate on behalf of the client, and to define a period of time over which the explicit delegation is valid. The system may be viewed as being self-contained, in the sense that the system need not access third-party certificate or key distribution authorities. Finally, the client controls the gateways or end servers to which the gateway may authenticate on the client's behalf.Type: GrantFiled: February 15, 2006Date of Patent: September 13, 2011Assignee: Microsoft CorporationInventors: Tomer Shiran, Sara Bitan, Nir Nice, Jeroen de Borst, Dave Field, Shai Herzog
-
Patent number: 7653200Abstract: A multiple entity gateway for supporting cellular authentication from a non-cellular network, the gateway comprising a plurality of entities each located at a different one of a plurality of secure zones and having at least one gap between said entities across said secure zones, said gateway being configured to predefine communication signals allowed across said gap between said entities, thereby to filter out non-allowed signals, and provide secure cellular authentication for a communication originating from said non-cellular network. The gateway allows cellular users to connect to a cellular network via a wireless local area network such as a hotspot, use the services of the cellular network, the Internet and the hotspot at will, and be securely authenticated and charged through the cellular infrastructure.Type: GrantFiled: March 13, 2003Date of Patent: January 26, 2010Assignee: Flash Networks LtdInventors: Yair Karmi, Sara Bitan-Erlich, Stuart Jeffery, Eyal Katz, Yaron Peleg
-
Publication number: 20090276828Abstract: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.Type: ApplicationFiled: July 9, 2009Publication date: November 5, 2009Applicant: Microsoft CorporationInventors: Brian D. Swander, Sara Bitan, Christian Huitema, Paul G. Mayfield, Daniel R. Simon
-
Patent number: 7584505Abstract: A technique for establishing inspected secure communication includes establishing a first secure connection between a client device and a client-side device and a second secure connection between the client-side device and a server device. The client-side device establishes the first secure communication channel by providing a certificate impersonating the server device to the client device. The first and second communication channels enable client-side inspection of communications.Type: GrantFiled: June 30, 2005Date of Patent: September 1, 2009Assignee: Microsoft CorporationInventors: Ron Mondri, Sara Bitan
-
Publication number: 20090202078Abstract: Device, system, and method of executing secure-processing (SEP) applications. Some demonstrative embodiments include a secure-processing (SEP) hardware module including a processor capable of executing at least one SEP application, wherein the SEP hardware module is configured to perform at least one of encrypting and decrypting data handled by the SEP application using an application-specific application-key corresponding to the SEP application, only if the processor begins execution of the SEP application at an approved entry point of the SEP application, and wherein the application-key corresponding to the SEP application is based at least on an internal key internally stored by the SEP hardware module and on application-specific information corresponding to the SEP application. Other embodiments are described and claimed.Type: ApplicationFiled: February 12, 2009Publication date: August 13, 2009Inventors: Hagai BAR-EL, Sara BITAN-ERLICH
-
Patent number: 7574603Abstract: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.Type: GrantFiled: November 14, 2003Date of Patent: August 11, 2009Assignee: Microsoft CorporationInventors: Brian D. Swander, Sara Bitan, Christian Huitema, Paul G. Mayfield, Daniel R. Simon
-
Publication number: 20080263130Abstract: A system and apparatus for content delivery to storage. Delivery may be performed according to content types, which may be, for example, content object identifier, a flow of content objects, and store channel levels. Delivery may be performed according to a virtual network defined over a physical network infrastructure and further using peer-to-peer, multicast and/or unicast protocols.Type: ApplicationFiled: March 13, 2008Publication date: October 23, 2008Inventors: Nir MICHALOWITZ, Sara Bitan-Erlich, Ronen Hod, Itamar Gilad, Yechiam Yemini, Amit Shaked, Roni Rosen, Baruch Even, Rennen Hallak
-
Publication number: 20080215437Abstract: A system, method, and apparatus for downloading advertisements, storing advertisements on a storage device, selecting advertisements for presentation, and presenting selected advertisements. In some embodiments of the invention, advertisements may be dynamically associated and presented in coordination with content according to predefined parameters, stored information, and other criteria. Advertisement credits may be allocated in exchange for advertisement consumption. Advertisements and other information may be exchanged with remote servers. Other embodiments are described and claimed.Type: ApplicationFiled: January 29, 2008Publication date: September 4, 2008Inventors: Jimmy Levy, Nir Michalowitz, Ronen Hod, Itamar Gilad, Sivan Perry Tafla, Yechiam Yemini, Sara Bitan-Erlich
-
Publication number: 20080208715Abstract: According to embodiments of the present invention, a user's local storage system may be used to create a virtual personal mall comprising one or more virtual personal stores and configured for purchasing products by one or several providers. The virtual personal store and/or virtual personal mall may be organized in virtual shelves. Each virtual shelf may contain a group of products with one or more common properties, for example, books by a certain author and/or published by a certain publisher, and/or supplied by the same virtual personal store provider, etc. The groups may be defined by the virtual personal store provider and/or by the user and/or by a group of users.Type: ApplicationFiled: February 27, 2008Publication date: August 28, 2008Inventors: Ronen HOD, Itamar Gilad, Yechiam Yemini, Sivan Perry Tafla, Jimmy Levy, Nir Michalowitz, Shirley Grill, Sara Bitan-Erlich
-
Publication number: 20070192836Abstract: Systems and methods for performing explicit delegation with strong authentication are described herein. Systems can include one or more clients, one or more end servers, and one or more gateways intermediate or between the client and the end server. The client may include an explicit strong delegation component that is adapted to strongly authenticate the client to the gateway. The explicit strong delegation component may also explicitly delegate to the gateway a right to authenticate on behalf of the client, and to define a period of time over which the explicit delegation is valid. The system may be viewed as being self-contained, in the sense that the system need not access third-party certificate or key distribution authorities. Finally, the client controls the gateways or end servers to which the gateway may authenticate on the client's behalf.Type: ApplicationFiled: February 15, 2006Publication date: August 16, 2007Applicant: Microsoft CorporationInventors: Tomer Shiran, Sara Bitan, Nir Nice, Jeroen de Borst, Dave Field, Shai Herzog
-
Publication number: 20060005239Abstract: A technique for establishing inspected secure communication includes establishing a first secure connection between a client device and a client-side device and a second secure connection between the client-side device and a server device. The client-side device establishes the first secure communication channel by providing a certificate impersonating the server device to the client device. The first and second communication channels enable client-side inspection of communications.Type: ApplicationFiled: June 30, 2005Publication date: January 5, 2006Applicant: Microsoft CorporationInventors: Ron Mondri, Sara Bitan
-
Publication number: 20050124288Abstract: A multiple entity gateway for supporting cellular authentication from a non-cellular network, the gateway comprising a plurality of entities each located at a different one of a plurality of secure zones and having at least one gap between said entities across said secure zones, said gateway being configured to predefine communication signals allowed across said gap between said entities, thereby to filter out non-allowed signals, and provide secure cellular authentication for a communication originating from said non-cellular network. The gateway allows cellular users to connect to a cellular network via a wireless local area network such as a hotspot, use the services of the cellular network, the Internet and the hotspot at will, and be securely authenticated and charged through the cellular infrastructure.Type: ApplicationFiled: March 13, 2003Publication date: June 9, 2005Inventors: Yair Karmi, Sara Bitan-Erlich, Stuart Jeffery, Eyal Katz, Yaron Peleg
-
Publication number: 20050108531Abstract: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.Type: ApplicationFiled: November 14, 2003Publication date: May 19, 2005Applicant: Microsoft CorporationInventors: Brian Swander, Sara Bitan, Christian Huitema, Paul Mayfield, Daniel Simon