Patents by Inventor Yedidya Dotan
Yedidya Dotan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10666683Abstract: In one embodiment, a system includes a processor, and a memory to store data used by the processor, the processor being operative to prepare a first user interface including a security policy selection section, interpret user input data to include performing at least one security policy selection action in the security policy selection section yielding selection of a first security policy for a first device, and update the first user interface yielding an updated first user interface including the first security policy, and a first security policy activation key for inputting into a second user interface to be generated when the first device is installed, the first security policy activation key being associated with providing authentication for downloading the first security policy to the first device.Type: GrantFiled: July 30, 2017Date of Patent: May 26, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: David Sward, Denis Knjazihhin, Keying Bi, David Sounthiraraj, Ashok Javvaji, Jared Smith, Yedidya Dotan
-
Patent number: 10623371Abstract: A network management entity is configured to communicate with one or more network security devices. Each network security device is configured to store in a respective event queue an event for each attempt to access a network accessible destination through the security device. Each event indicates the destination of the attempted access. The management entity periodically collects from the event queues the stored events so that less that all of the events stored in the event queues over a given time period are collected. The management entity determines, based on the collected events, top destinations as the destinations that occur most frequently in the collected events. The management entity determines, based on the collected events, bottom destinations as the destinations that occur least frequently in the collected events. The management entity generates for display indications of the top destinations and generates for display indications of the bottom destinations.Type: GrantFiled: August 15, 2016Date of Patent: April 14, 2020Assignee: Cisco Technology, Inc.Inventors: Sachin Vasant, Umesh Kumar Miglani, Zachary D. Siswick, Doron Levari, Yedidya Dotan
-
Patent number: 10182055Abstract: A management entity communicates over a network with devices on which security rules are configured to control network access. Data that indicates a hit count for each security rule across the devices is repeatedly collected from the devices. The indicated hit counts for each security rule are aggregated over different repeating time intervals to produce repeatedly aggregated hit counts for respective ones of the different repeating time intervals. The security rules are generated for display on a user interface screen as selectable options. Responsive to a selection of one of the security rules, a selected security rule and most recently aggregated hit counts for the different repeating time intervals for the selected security rule are generated for concurrent display on the user interface screen. The display of the most recently aggregated hit counts for the selected security rule is updated as time progresses.Type: GrantFiled: February 7, 2017Date of Patent: January 15, 2019Assignee: Cisco Technology, Inc.Inventors: Joe Lawrence, Jason M. Perry, Yedidya Dotan, Denis Knjazihhin, Umesh Kumar Miglani
-
Publication number: 20180365687Abstract: There is disclosed a technique for use in fraud detection. In one embodiment, the technique comprises identifying an amendment to user contactable information associated with a user profile which belongs to a user with access to a protected resource. The technique also comprises obtaining the amended user contactable information associated with the user profile. The technique further comprises providing the amended user contactable information associated with the user profile for use in processing an electronic transaction.Type: ApplicationFiled: August 28, 2018Publication date: December 20, 2018Inventors: Lior Asher, Yedidya Dotan, Ido Zilberberg
-
Patent number: 10116702Abstract: A management entity generates for display multiple icons, each icon representing an actor or a resource in a networking environment, and defines a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource. The management entity translates the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices, and supply data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies.Type: GrantFiled: April 27, 2017Date of Patent: October 30, 2018Assignee: Cisco Technology, Inc.Inventors: Denis Knjazihhin, Yedidya Dotan, Burak Say, Robin Martherus, Sachin Vasant
-
Patent number: 10075439Abstract: A method is provided in which a development environment sends commands to an on-premises device that are signed by both (a) development environment and by (b) an execution environment (trusted source), and account for versioning. In so doing, the on-premises device that receives the command is able to authenticate both the sending entity, i.e., a production server, and the source of the command files to determine that the command is a valid configuration/upgrade package that may be safely installed and executed.Type: GrantFiled: May 19, 2016Date of Patent: September 11, 2018Assignee: Cisco Technology, Inc.Inventors: Ryan J. Mullens, Sachin Vasant, Raphael Luckom, Denis Knjazihhin, Yedidya Dotan
-
Patent number: 10063549Abstract: A technique of supporting multi-factor authentication uses a database server. The technique involves receiving suspicious user activity data from a first set of authentication servers and storing the suspicious user activity data from the first set of authentication servers, as sharable authentication data, in a database of the database server. The technique further involves providing the sharable authentication data from the database to a second set of authentication servers. Each authentication server of the second set of authentication servers performs multi-factor authentication operations based on (i) local authentication data which is gathered by that authentication server and (ii) the sharable authentication data provided from the database. Accordingly, useful authentication data from one authentication server (e.g.Type: GrantFiled: June 27, 2011Date of Patent: August 28, 2018Assignee: EMC IP Holding Company LLCInventors: Yedidya Dotan, Lawrence N. Friedman, Sean Patrick Doyle
-
Determining similarity between security rules based on weighted comparisons of their rule parameters
Patent number: 10038697Abstract: First and second security rules are accessed in a configuration file. Comparison points for comparing the first and second security rules are determined. Each comparison point identifies respective rule parameters of the first and second security rules. Respective weights are assigned to the comparison points. For each comparison point, the respective rule parameters are compared against each other to produce a corresponding comparison score indicative of a level similarity. Each comparison score is weighted by the weight assigned to the comparison point corresponding to the comparison score. The weighted comparison scores are combined into a total score indicative of an overall level of similarity between the first and second security rules.Type: GrantFiled: July 23, 2015Date of Patent: July 31, 2018Assignee: Cisco Technology, Inc.Inventors: Yedidya Dotan, Christopher Duane, Daniel Hollingshead, Denis Knjazihhin -
Patent number: 10015153Abstract: A technique performs authentication. The technique involves performing, by processing circuitry, a set of authentication operations in response to a set of authentication requests, and updating a set of velocity metrics which identifies authentication performance for a set of authentication request sources that originated the set of authentication requests. The technique further involves, after updating the set of velocity metrics, receiving, by the processing circuitry, an authentication request from an authentication request source. The technique further involves providing, by the processing circuitry, an authentication result in response to the authentication request from the authentication request source. The authentication result (i) is based on the set of velocity metrics and (ii) indicates whether the authentication request is considered to be legitimate.Type: GrantFiled: December 23, 2013Date of Patent: July 3, 2018Assignee: EMC IP Holding Company LLCInventors: Yedidya Dotan, Lakshmi Suresh, John Watts, Marcelo Blatt
-
Publication number: 20180159899Abstract: In one embodiment, a system includes a processor, and a memory to store data used by the processor, the processor being operative to prepare a first user interface including a security policy selection section, interpret user input data to include performing at least one security policy selection action in the security policy selection section yielding selection of a first security policy for a first device, and update the first user interface yielding an updated first user interface including the first security policy, and a first security policy activation key for inputting into a second user interface to be generated when the first device is installed, the first security policy activation key being associated with providing authentication for downloading the first security policy to the first device.Type: ApplicationFiled: July 30, 2017Publication date: June 7, 2018Inventors: David SWARD, Denis KNJAZIHHIN, Keying BI, David SOUNTHIRARAJ, Ashok JAVVAJI, Jared SMITH, Yedidya DOTAN
-
Patent number: 9992232Abstract: Presented herein are techniques for creating a policy block comprised of a group of lines of rules/statements across configuration files for network devices. An algorithm is provided that determines when multiple policies are to be merged together into one policy. In one embodiment, data is uploaded from a network that includes a plurality of network devices. The data represents policy rules configured on the plurality of network devices. The data representing the policy rules is compared for similarities in order to group together policy rules based on their similarities. Data is stored representing a plurality of clusters, each cluster representing a group of policy rules that have been grouped together. One or more configuration policies are generated to be applied across the plurality of network devices using the data representing each of the plurality of clusters, while maintaining context of policy rule processing.Type: GrantFiled: April 18, 2016Date of Patent: June 5, 2018Assignee: Cisco Technology, Inc.Inventors: Daniel Hollingshead, Sachin Vasant, Yedidya Dotan, Umesh Kumar Miglani, Denis Knjazihhin
-
Patent number: 9948679Abstract: In a computer implemented method, selectable device icons that represent respective network security devices are generated for display. Responsive to a selection of one of the device icons, selectable interface icons that represent respective network interfaces used by the network security device represented by the selected device icon are generated for display. Responsive to a selection of one of the interface icons, selectable policy icons that represent respective security polices applied to the network interface represented by the selected interface icon are generated for display. Responsive to a selection of one of the policy icons, selectable object group icons that represent respective groups of security rule objects used in the network security policy represented by the selected policy icon are generated for display.Type: GrantFiled: December 21, 2015Date of Patent: April 17, 2018Assignee: Cisco Technology, Inc.Inventors: Zachary D Siswick, Umesh Kumar Miglani, Daniel Hollingshead, Karyll Catubig, Yedidya Dotan, Denis Knjazihhin
-
Patent number: 9882879Abstract: Methods, apparatus and articles of manufacture for using steganography to protect cryptographic information on a mobile device are provided herein. A method includes querying a user to select one or more items of data stored on a computing device to be used in connection with one or more cryptographic actions associated with said computing device, and protecting one or more items of cryptographic information within the one or more selected items of data.Type: GrantFiled: June 27, 2013Date of Patent: January 30, 2018Assignee: EMC IP Holding Company LLCInventors: Yedidya Dotan, Lawrence N. Friedman, William M. Duane, John Brainard
-
Publication number: 20170353459Abstract: A management entity communicates over a network with devices on which security rules are configured to control network access. Data that indicates a hit count for each security rule across the devices is repeatedly collected from the devices. The indicated hit counts for each security rule are aggregated over different repeating time intervals to produce repeatedly aggregated hit counts for respective ones of the different repeating time intervals. The security rules are generated for display on a user interface screen as selectable options. Responsive to a selection of one of the security rules, a selected security rule and most recently aggregated hit counts for the different repeating time intervals for the selected security rule are generated for concurrent display on the user interface screen. The display of the most recently aggregated hit counts for the selected security rule is updated as time progresses.Type: ApplicationFiled: February 7, 2017Publication date: December 7, 2017Inventors: Joe Lawrence, Jason M. Perry, Yedidya Dotan, Denis Knjazihhin, Umesh Kumar Miglani
-
Patent number: 9838355Abstract: A method includes receiving a first analytics set performed on a first network security appliance operated internal to a first organization, receiving a second analytics set performed on a second network security appliance operated internal to a second organization, processing the first analytics set and the second analytics set, and responsive to the processing, disseminating to the second network security appliance information indicating that the second analytics set has also been performed on at least the first network security appliance, without revealing an identity of the first organization. In one embodiment at least part of the first analytics set or the second analytics set is hashed.Type: GrantFiled: September 26, 2016Date of Patent: December 5, 2017Assignee: EMC IP Holding Company LLCInventors: Yedidya Dotan, Brian P. Girardi, Marcelo Blatt, Oleg Freylafert, Kevin D. Bowers, Michael S. Shreve
-
Publication number: 20170317999Abstract: Presented herein are techniques for remotely releasing bootstrap credentials to a cloud management proxy device. In particular, a cloud management proxy device that is associated with a cloud system commences a boot operation. The cloud management proxy device then initiates a remote credential release process to obtain the bootstrap credentials, which are useable by the cloud management proxy device to complete the boot operation. Upon completion of the remote credential release process, the bootstrap credentials are received from a remote credential manager system.Type: ApplicationFiled: April 27, 2016Publication date: November 2, 2017Inventors: Denis Knjazihhin, Yedidya Dotan, Christopher Duane, Jason M. Perry
-
Patent number: 9787722Abstract: An integrated development environment (IDE) preprocesses a configuration file including security rules. The preprocessing maps object names in the security rules to associated object values based on object definitions for the object names. Responsive to the configuration file being opened in an editor, the IDE provides the editor with access to preprocessing results. Each security rule in the opened configuration file is searched for object names. The IDE links each object name found in the search to an associated object value mapped thereto by the mapping performed during the preprocessing. The IDE receives a selection of an object name in a security rule of the opened configuration file and generates for display the associated object value linked to the selected object name.Type: GrantFiled: June 30, 2015Date of Patent: October 10, 2017Assignee: Cisco Technology, Inc.Inventors: Denis Knjazihhin, Yedidya Dotan, Zachary D. Siswick, Christopher Duane, Daniel Hollingshead
-
Patent number: 9781130Abstract: A method, system and computer program product for use in managing policies is disclosed. Policies associated with a communications device are correlated with respective locations. The location of the communications device is determined. The policy correlated with the determined location is applied to the communications device.Type: GrantFiled: June 28, 2012Date of Patent: October 3, 2017Assignee: EMC IP Holding Company LLCInventors: Daniel V. Bailey, Lawrence N. Friedman, Riaz Zolfonoon, Yedidya Dotan
-
Patent number: 9781129Abstract: There is disclosed a method and system for use in authenticating an entity. An authentication request is received from the entity. An input signal is received from a communications device associated with the entity. The input signal comprises the current location of the communications device. The current location of the communications device is derived from the input signal. Based on the current location of the communications device, an event is detected at substantially the same location as the current location of the communications device. An analysis is performed between the current location of the communications device and the event. An authentication result is generated based on the analysis between the current location of the communications device and the event. The authentication result can be used for authenticating the entity.Type: GrantFiled: June 28, 2012Date of Patent: October 3, 2017Assignee: EMC IP Holding Company LLCInventors: Daniel V. Bailey, Lawrence N. Friedman, Samuel Curry, Yedidya Dotan
-
Patent number: 9769210Abstract: A management entity imports information included in security policies from security devices configured to operate in accordance with respective ones of the security policies. The information is classified into security policy classifications based on commonality in the information across the security policies. The security policy classifications are displayed as selectable security policy classifications. An entry of a policy template name and selections of multiple security policy classifications are received. The security policies in the multiple selected security policy classifications are assigned to a security policy template identified by the entered policy template name.Type: GrantFiled: June 22, 2016Date of Patent: September 19, 2017Assignee: Cisco Technology, Inc.Inventors: Yedidya Dotan, Sanjay Agarwal, Robin Martherus