Patents by Inventor Yaacov Fenster
Yaacov Fenster has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240137346Abstract: Method for distributing content to endpoint computers by sending signed content from a content-providing server to customer special-user workstations each including an enclave networked to its own subpopulation of endpoint computers which is a subset of the endpoint computers' population; and/or, in each enclave, authenticating that content received was signed by the server and then generating non-identical copies of the content received to be used by endpoint computers belonging to the individual enclave's subpopulation, signing the non-identical copies and sending the non-identical signed copies to endpoint computer/s in the enclave's subpopulation of endpoint computers, and/or in at least one enclave, authenticating that content received was signed by the given special-user workstation and then using the content received that was signed by the given special-user workstation, on or in the endpoint computer/s.Type: ApplicationFiled: January 31, 2022Publication date: April 25, 2024Inventors: Daniel Mondy FINCHELSTEIN, Yaacov FENSTER, Alexey SHEVANDIN
-
Patent number: 11947656Abstract: A technique of proofing against tampering with a computer including a chassis with a plurality of fasteners. The technique includes obtaining by the computer data indicative of a sequence of implication events associated with the fasteners of the plurality of fasteners, generating a pattern corresponding to the sequence of implication events, matching between data corresponding to the generated pattern and a reference data, and initiating one or more anti-tampering actions responsive to a mismatching result. The method can further include generating a cryptographic signature corresponding to the generated pattern, wherein matching between data corresponding to the generated pattern and the reference data includes matching the generated cryptographic signature to a cryptographic reference corresponding to the reference data. Alternatively, or additionally, the generated cryptographic signature can be usable for secure access to information stored on the computer.Type: GrantFiled: March 26, 2019Date of Patent: April 2, 2024Assignee: KAZUAR ADVANCED TECHNOLOGIES LTD.Inventors: Daniel Mondy Finchelstein, Yuval Moshe Porat, Be'eri Berl Katznelson, Yaacov Fenster
-
Patent number: 11876783Abstract: There is provided a computerized method of secure communication between a source computer and a destination computer, the method performed by an inspection computer and comprising: receiving data sent by the source computer to the destination computer; inspecting the received data using one or more filtering mechanisms, giving rise to one or more inspection results; separately signing each of the one or more inspection results; determining, based on an inspection management policy, whether to send at least some of the inspection results and/or derivatives thereof for manual inspection; upon a positive determination, providing manual inspection of the at least some inspection results and/or derivatives thereof, and providing signing of the at least one manual inspection result; and analyzing signed inspection results and performing additional verification of the signed inspection results when a result of the analyzing meets a predefined criterion specified by the inspection management policy.Type: GrantFiled: November 13, 2019Date of Patent: January 16, 2024Assignee: KAZUAR ADVANCED TECHNOLOGIES LTD.Inventors: Daniel Mondy Finchelstein, Yuval Moshe Porat, Yaacov Fenster
-
Publication number: 20230251886Abstract: A computing system comprising: one or more processors configured to execute one or more computing environments (CEs) to access shared resources; a processor-based computing environment inspector unit (CEIU) operably connected to the one or more CEs and configured to inspect data generated by the one or more CEs; a processor-based mitigator unit (MET); and a storage medium; wherein the CEIU is further configured, responsive to detecting CE-generated data that is indicative of a compromise of a first CE, to notify the MU of the compromise of the first CE, and wherein the MU is configured, responsive to receiving notification of a compromise of the first CE, to disable access to the shared resources by the first CE.Type: ApplicationFiled: June 3, 2021Publication date: August 10, 2023Inventors: Daniel Mondy FINCHELSTEIN, Yuval Moshe PORAT, Yaacov FENSTER, Shlomi Raz MARCO
-
Patent number: 11693793Abstract: There is provided a method of communication among at least two processes miming on the same computer. The method comprises: generating, by at least one process of the at least two processes, a group key usable for encrypting/decrypting a data unit retrieved from/stored to shared access memory, wherein the generating utilizes, at least, a nonce provided by each of the at least two processes, and wherein the nonces are provided as encrypted integrity-protected data according to, at least, a platform-provided hiding function, wherein each process executes in a protected container, the processes are signed by a single signing authority, and the protected container infrastructure enables use of encrypted, integrity-protected data according to a platform-provided hiding function and a platform-provided revealing function; and verifying, by at least one process of the at least two processes, that a data unit read from shared access memory is successfully decrypted using the group key.Type: GrantFiled: March 26, 2019Date of Patent: July 4, 2023Assignee: KAZUAR ADVANCED TECHNOLOGIES LTD.Inventors: Daniel Mondy Finchelstein, Yuval Moshe Porat, Erez Gal-Betzer, Yaacov Fenster
-
Publication number: 20210377219Abstract: There is provided a computerized method of secure communication between a source computer and a destination computer, the method performed by an inspection computer and comprising: receiving data sent by the source computer to the destination computer; inspecting the received data using one or more filtering mechanisms, giving rise to one or more inspection results; separately signing each of the one or more inspection results; determining, based on an inspection management policy, whether to send at least some of the inspection results and/or derivatives thereof for manual inspection; upon a positive determination, providing manual inspection of the at least some inspection results and/or derivatives thereof, and providing signing of the at least one manual inspection result; and analyzing signed inspection results and performing additional verification of the signed inspection results when a result of the analyzing meets a predefined criterion specified by the inspection management policy.Type: ApplicationFiled: November 13, 2019Publication date: December 2, 2021Inventors: Daniel Mondy FINCHELSTEIN, Yuval Moshe PORAT, Yaacov FENSTER
-
Publication number: 20210026784Abstract: There is provided a method of communication among at least two processes miming on the same computer. The method comprises: generating, by at least one process of the at least two processes, a group key usable for encrypting/decrypting a data unit retrieved from/stored to shared access memory, wherein the generating utilizes, at least, a nonce provided by each of the at least two processes, and wherein the nonces are provided as encrypted integrity-protected data according to, at least, a platform-provided hiding function, wherein each process executes in a protected container, the processes are signed by a single signing authority, and the protected container infrastructure enables use of encrypted, integrity-protected data according to a platform-provided hiding function and a platform-provided revealing function; and verifying, by at least one process of the at least two processes, that a data unit read from shared access memory is successfully decrypted using the group key.Type: ApplicationFiled: March 26, 2019Publication date: January 28, 2021Inventors: Daniel Mondy FINCHELSTEIN, Yuval Moshe PORAT, Erez GAL-BETZER, Yaacov FENSTER
-
Publication number: 20210012037Abstract: There is provided a technique of proofing against tampering with a computer comprising a chassis with a plurality of fasteners. The technique comprises: obtaining by the computer data indicative of a sequence of implication events associated with the fasteners of the plurality of fasteners; generating a pattern corresponding to the sequence of implication events; matching between data corresponding to the generated pattern and a reference data; and initiating one or more anti-tampering actions responsive to a mismatching result. The method can further comprise generating a cryptographic signature corresponding to the generated pattern, wherein matching between data corresponding to the generated pattern and the reference data comprises matching the generated cryptographic signature to a cryptographic reference corresponding to the reference data. Alternatively or additionally, the generated cryptographic signature can be usable for secure access to information stored on the computer.Type: ApplicationFiled: March 26, 2019Publication date: January 14, 2021Inventors: Daniel Mondy FINCHELSTEIN, Yuval Moshe PORAT, Be'eri Berl KATZNELSON, Yaacov FENSTER
-
Patent number: 10341095Abstract: The presently disclosed subject matter includes a computerized method and system of implementing a secret management scheme. According to the proposed approach, values derived from a secret are not distributed to the participating entities. Instead, each participating entity provides a respective preexisting identifier that is not derived from the secret.Type: GrantFiled: February 10, 2016Date of Patent: July 2, 2019Assignee: Kaminario Technologies Ltd.Inventor: Yaacov Fenster
-
Publication number: 20190129865Abstract: The presently disclosed subject matter includes a computer system and method that enable to encrypt and persist data stored on a volatile memory during an event that may result in the data being unavailable or destroyed. According to the disclosed technique, once the computer system regains its ability to safely store data on the volatile memory, the encrypted data is copied from the non-volatile memory used for persisting the data “as is” i.e. without being decrypted. The decryption is performed by the system's processing circuitry external to the non-volatile memory.Type: ApplicationFiled: October 25, 2018Publication date: May 2, 2019Applicant: Kaminario Technologies Ltd.Inventor: Yaacov Fenster
-
Patent number: 10235278Abstract: Methods, apparatus and computer program products implement embodiments of the present invention that enable a device such as a disk drive, to receive a configuration message including an error in implementing an operation on the device and a statistical frequency of an occurrence of the error. Upon configuration, the device can receive multiple requests for the operation, and at the statistical frequency, respond to a given one of the requests with the error. In some embodiments the device may convey an error message indicating an occurrence of the error. Alternatively, the device may fail to complete the operation, delay in completing the operation or perform the operation incorrectly.Type: GrantFiled: March 7, 2013Date of Patent: March 19, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: Yaacov Fenster
-
Publication number: 20160241391Abstract: The presently disclosed subject matter includes a computerized method and system of implementing a secret management scheme. According to the proposed approach, values derived from a secret are not distributed to the participating entities. Instead, each participating entity provides a respective preexisting identifier that is not derived from the secret.Type: ApplicationFiled: February 10, 2016Publication date: August 18, 2016Applicant: Kaminario Technologies Ltd.Inventor: Yaacov FENSTER
-
Patent number: 8019818Abstract: A communications network system, comprising: a first user device, wherein the first user device uses a first communications protocol; a second user device, wherein the second user device uses a second communications protocol, different from the first communications protocol; and, a server, in operative communication with the first user device and the second user device, and wherein the server comprises a processor for translating the first communications protocol into the second communications protocol.Type: GrantFiled: January 16, 2007Date of Patent: September 13, 2011Assignee: Zlango Ltd.Inventors: Yoav Lorch, Ehud Spiegel, Yossef Ilkanaev, Yaacov Fenster, Andrew Weinstein
-
Publication number: 20090013087Abstract: A communications network system, comprising: a first user device, wherein the first user device uses a first communications protocol; a second user device, wherein the second user device uses a second communications protocol, different from the first communications protocol; and, a server, in operative communication with the first user device and the second user device, and wherein the server comprises a processor for translating the first communications protocol into the second communications protocol.Type: ApplicationFiled: January 16, 2007Publication date: January 8, 2009Applicant: Zlango Ltd.Inventors: Yoav Lorch, Ehud Spiegel, Yossef Ilkanaev, Yaacov Fenster, Andrew Weinstein