Patents by Inventor Yossi HABER
Yossi HABER has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240106802Abstract: The implementation of application layer-based and transport-layer based security rules via a reverse proxy server chain is described. Each reverse proxy server in the chain is configured to perform a particular function with respect to client messages intended for a destination server and/or convey contextual information pertaining to the messages to a subsequent reverse proxy server in the chain. For instance, a first reverse proxy server in the chain is configured to include client-specific metadata in the transport layer of the message. A second reverse proxy server in the chain enforces transport layer-based policy rules based on the metadata. This enables the second reverse proxy server to manage transport layer connections on a client-by-client basis, thereby enabling the second reverse proxy server to block unauthorized clients, while maintaining the transport layer connections for authorized clients. A third reverse proxy server in the chain enforces application layer-based policy rules.Type: ApplicationFiled: October 17, 2023Publication date: March 28, 2024Inventors: Guy LEWIN, Vitaly KHAIT, Yossi HABER
-
Publication number: 20230418692Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.Type: ApplicationFiled: June 27, 2023Publication date: December 28, 2023Inventors: Guy LEWIN, Amir GERI, Yossi HABER
-
Publication number: 20230412693Abstract: Methods for network aware endpoint data loss prevention (DLP) in web transactions are performed by systems and devices, which includes implementing DLP on endpoint devices and focuses on web traffic events from web browsers, while also associating the events to the network source entity. File download and upload events are intercepted from the operating system by a file system filter that determines the process creating events is a web browser based on process identifiers and comparing process names and process executable signatures. A uniform resource locator (URL) from a current tab or session is retrieved for the web browser. Policies for events are evaluated via a policy server or via cache, and additional data from the file is provided for policy decisions when necessary. DLP actions taken via the file system filter to block or allow events, including encrypting file data, are based on the policy decisions.Type: ApplicationFiled: June 15, 2022Publication date: December 21, 2023Inventors: Guy LEWIN, Yossi HABER, Meital BEN DAVID
-
Patent number: 11831616Abstract: The implementation of application layer-based and transport-layer based security rules via a reverse proxy server chain is described. Each reverse proxy server in the chain is configured to perform a particular function with respect to client messages intended for a destination server and/or convey contextual information pertaining to the messages to a subsequent reverse proxy server in the chain. For instance, a first reverse proxy server in the chain is configured to include client-specific metadata in the transport layer of the message. A second reverse proxy server in the chain enforces transport layer-based policy rules based on the metadata. This enables the second reverse proxy server to manage transport layer connections on a client-by-client basis, thereby enabling the second reverse proxy server to block unauthorized clients, while maintaining the transport layer connections for authorized clients. A third reverse proxy server in the chain enforces application layer-based policy rules.Type: GrantFiled: March 24, 2020Date of Patent: November 28, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Guy Lewin, Vitaly Khait, Yossi Haber
-
Patent number: 11770439Abstract: A proxy server to receive a request from a client to a webserver and a response corresponding with the request from the webserver to the client is disclosed. The request is wrapped, and a wrapped request is received at the proxy server. The wrapped request is read at the proxy server. Metadata is added to a response corresponding with the wrapped request at the proxy server. The metadata can be based on the read wrapped request or the corresponding response.Type: GrantFiled: June 14, 2022Date of Patent: September 26, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Guy Lewin, Itamar Azulay, Yossi Haber
-
Patent number: 11726843Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.Type: GrantFiled: March 30, 2022Date of Patent: August 15, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Guy Lewin, Amir Geri, Yossi Haber
-
Publication number: 20230236853Abstract: Methods and systems are provided for a browser in a client device that receives a user interface script-code snippet from a web page. A chain logic engine determines whether an in-memory map indicates an output value of prior execution of the UI script-code snippet. If the in-memory map does indicate the output value, it is returned from the in-memory map to generate the user interface. If not, the engine determines whether an in-local storage map indicates the prior executed snippet output. If the in-local storage map indicates the prior executed snippet output, it is returned from the in-local storage map to generate the user interface, and it is stored in the in-memory map. If not, the UI script-code snippet is executed to generate the output value, which is used to generate the user interface, and is stored in the in-memory map and in the in-local storage map.Type: ApplicationFiled: March 31, 2023Publication date: July 27, 2023Inventors: Itamar AZULAY, Amir GERI, Guy LEWIN, Yossi HABER, Meir Baruch BLACHMAN
-
Patent number: 11620141Abstract: Methods and systems are provided for a browser in a client device that receives a user interface script-code snippet from a web page. A chain logic engine determines whether an in-memory map indicates an output value of prior execution of the UI script-code snippet. If the in-memory map does indicate the output value, it is returned from the in-memory map to generate the user interface. If not, the engine determines whether an in-local storage map indicates the prior executed snippet output. If the in-local storage map indicates the prior executed snippet output, it is returned from the in-local storage map to generate the user interface, and it is stored in the in-memory map. If not, the UI script-code snippet is executed to generate the output value, which is used to generate the user interface, and is stored in the in-memory map and in the in-local storage map.Type: GrantFiled: July 9, 2020Date of Patent: April 4, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Itamar Azulay, Amir Geri, Guy Lewin, Yossi Haber, Meir Baruch Blachman
-
Publication number: 20220311820Abstract: A proxy server to receive a request from a client to a webserver and a response corresponding with the request from the webserver to the client is disclosed. The request is wrapped, and a wrapped request is received at the proxy server. The wrapped request is read at the proxy server. Metadata is added to a response corresponding with the wrapped request at the proxy server. The metadata can be based on the read wrapped request or the corresponding response.Type: ApplicationFiled: June 14, 2022Publication date: September 29, 2022Applicant: Microsoft Technology Licensing, LLCInventors: Guy Lewin, Itamar Azulay, Yossi Haber
-
Publication number: 20220229710Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.Type: ApplicationFiled: March 30, 2022Publication date: July 21, 2022Inventors: Guy Lewin, Amir Geri, Yossi Haber
-
Patent number: 11394765Abstract: A proxy server to receive a request from a client to a webserver and a response corresponding with the request from the webserver to the client is disclosed. The request is wrapped, and a wrapped request is received at the proxy server. The wrapped request is read at the proxy server. Metadata is added to a response corresponding with the wrapped request at the proxy server. The metadata can be based on the read wrapped request or the corresponding response.Type: GrantFiled: June 18, 2019Date of Patent: July 19, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Guy Lewin, Itamar Azulay, Yossi Haber
-
Patent number: 11307911Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.Type: GrantFiled: May 29, 2020Date of Patent: April 19, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Guy Lewin, Amir Geri, Yossi Haber
-
Patent number: 11233749Abstract: Providing fluid external access to a resource that is internal to a network from external to that network. From within the network, the internal user simply provides an internal identifier, and the external user accesses not the internal identifier, but an external uniform resource identifier (URL) that the external user can simply select to obtain access to the internal resource of the network. This is accomplished by translating the internal identifier to an external URL having a proxy server as its domain name. When the external URL selects the URL, a request with that external URL is made to the proxy server, which translates the external URL back to the internal identifier, and coordinates with the network to obtain the resource for the external user.Type: GrantFiled: October 23, 2019Date of Patent: January 25, 2022Assignee: MICROSOFT TECHNOLOGLY LICENSING, LLCInventors: Guy Lewin, Vitaly Khait, Yossi Haber, Ami Luttwak, Alexander Esibov
-
Publication number: 20220012070Abstract: Methods and systems are provided for a browser in a client device that receives a user interface script-code snippet from a web page. A chain logic engine determines whether an in-memory map indicates an output value of prior execution of the UI script-code snippet. If the in-memory map does indicate the output value, it is returned from the in-memory map to generate the user interface. If not, the engine determines whether an in-local storage map indicates the prior executed snippet output. If the in-local storage map indicates the prior executed snippet output, it is returned from the in-local storage map to generate the user interface, and it is stored in the in-memory map. If not, the UI script-code snippet is executed to generate the output value, which is used to generate the user interface, and is stored in the in-memory map and in the in-local storage map.Type: ApplicationFiled: July 9, 2020Publication date: January 13, 2022Inventors: Itamar Azulay, Amir Geri, Guy Lewin, Yossi Haber, Meir Baruch Blachman
-
Publication number: 20210373979Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.Type: ApplicationFiled: May 29, 2020Publication date: December 2, 2021Inventors: Guy Lewin, Amir Geri, Yossi Haber
-
Patent number: 11178112Abstract: A proxy server intercepts a message, including a script, from a back-end component of an application, wherein the message is directed to a front-end component of the application executing on a client computing device. The proxy server identifies code in the script that can prompt a download event of a client-side generated content at the client computing device without having to communicate with the back-end component of the application. The proxy server modifies the identified code to cause the front-end component of the application to execute a custom code component for inspecting a download event prompted by the identified code in place of executing the identified code, thereby generating a modified script which is passed to the client computing device. Additionally, the client computing device executes the custom code component configured to inspect the code to determine if the code will prompt the download event of the client-side generated content.Type: GrantFiled: July 23, 2019Date of Patent: November 16, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Guy Lewin, Lucy Goldberg, Yossi Haber
-
Publication number: 20210337041Abstract: An example proxy server is disclosed. The proxy server includes a plurality of services to process a received network message. Proxy services applicable to the received network message are determined. The applicable proxy services are selected from the plurality of proxy services. The network message is routed to the applicable proxy services for processing.Type: ApplicationFiled: April 27, 2020Publication date: October 28, 2021Applicant: Microsoft Technology Licensing, LLCInventors: Guy Lewin, Vitaly Khait, Yossi Haber
-
Publication number: 20210306303Abstract: The implementation of application layer-based and transport-layer based security rules via a reverse proxy server chain is described. Each reverse proxy server in the chain is configured to perform a particular function with respect to client messages intended for a destination server and/or convey contextual information pertaining to the messages to a subsequent reverse proxy server in the chain. For instance, a first reverse proxy server in the chain is configured to include client-specific metadata in the transport layer of the message. A second reverse proxy server in the chain enforces transport layer-based policy rules based on the metadata. This enables the second reverse proxy server to manage transport layer connections on a client-by-client basis, thereby enabling the second reverse proxy server to block unauthorized clients, while maintaining the transport layer connections for authorized clients. A third reverse proxy server in the chain enforces application layer-based policy rules.Type: ApplicationFiled: March 24, 2020Publication date: September 30, 2021Inventors: Guy Lewin, Vitaly Khait, Yossi Haber
-
Patent number: 11036447Abstract: Restricting the printing of sensitive electronic documents. After the client downloads a document (e.g., by viewing the document in a web browser), the client intercepts a print command, pauses the print, and issues a print request to a server. From a server perspective, upon receiving the request, the server determines whether the document is print restricted. If not, the print operation is permitted to proceed. If so, the server responds negatively to the print request and alters the document so that, even if printed, sensitive information is not printed. In another embodiment, the server may restrict printing prior to downloading a document. For example, the server may make the document read-only, or replace the document with another printable document that does not contain sensitive content.Type: GrantFiled: October 29, 2019Date of Patent: June 15, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Itamar Azulay, Itay Levy, Yossi Haber
-
Publication number: 20210126872Abstract: Providing fluid external access to a resource that is internal to a network from external to that network. From within the network, the internal user simply provides an internal identifier, and the external user accesses not the internal identifier, but an external uniform resource identifier (URL) that the external user can simply select to obtain access to the internal resource of the network. This is accomplished by translating the internal identifier to an external URL having a proxy server as its domain name. When the external URL selects the URL, a request with that external URL is made to the proxy server, which translates the external URL back to the internal identifier, and coordinates with the network to obtain the resource for the external user.Type: ApplicationFiled: October 23, 2019Publication date: April 29, 2021Inventors: Guy LEWIN, Vitaly KHAIT, Yossi HABER, Ami LUTTWAK, Alexander ESIBOV