Patents by Inventor Alexandra Shulman-Peleg
Alexandra Shulman-Peleg has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11652852Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: GrantFiled: December 9, 2020Date of Patent: May 16, 2023Assignee: International Business Machines CorporationInventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Patent number: 11496323Abstract: Systems and methods for container orchestration security employ one or more processors that separate a lifecycle of one or more containers into a plurality of predefined container image lifecycle phases; segregates control of the plurality of predefined container image lifecycle phases into a plurality of control environments separately controlled by different enterprise control components isolated from one another. In addition, one or more external processors may generate one or more certificates that are based on the platform, state attributes and meta data for interaction of the container with one or more external nodes. The one or more processors may also control the promotion, update and deletion of container images between the plurality of lifecycle phases and registries in different control environments as well as between the enterprise registries and the plurality of other registries that are part of multiple external clouds.Type: GrantFiled: July 19, 2019Date of Patent: November 8, 2022Assignee: CITIGROUP TECHNOLOGY, INC.Inventors: Javier Caceres, Robert Dailey, Bartlomiej Dolata, Carlos Lopes, Damodhar Neelagiri, Ramkumar Pandurangan, Alexandra Shulman-Peleg
-
Publication number: 20210120045Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: ApplicationFiled: December 9, 2020Publication date: April 22, 2021Inventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Patent number: 10965717Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: GrantFiled: November 6, 2019Date of Patent: March 30, 2021Assignee: International Business Machines CorporationInventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Patent number: 10951633Abstract: Systems and methods involve an input layer function of a function-as-a-service (FaaS) pipeline that receives trigger data from a trigger layer function of one or more processors of enterprise processing systems, calls one or more processors of an enrich layer function of the FaaS pipeline that adds enriching context to the trigger data, and creates an event based at least in part on the enriched trigger data. A route layer function of the FaaS pipeline invoked by the input layer function creates an action based on the event created by the input layer function. An action layer function of the FaaS pipeline invoked by the route layer function creates a command based on the action created by the route layer function, and the action layer function sends a remediation action to a command layer function of the enterprise processor based on the action created by the route layer function.Type: GrantFiled: March 30, 2018Date of Patent: March 16, 2021Assignee: CITIGROUP TECHNOLOGY, INC.Inventors: Alexandra Shulman-Peleg, Daniel Tylman
-
Patent number: 10599330Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.Type: GrantFiled: September 23, 2018Date of Patent: March 24, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ayman Jarrous, Alexandra Shulman-Peleg, Eitan Menahem
-
Publication number: 20200076861Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: ApplicationFiled: November 6, 2019Publication date: March 5, 2020Inventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Patent number: 10560487Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: GrantFiled: July 26, 2017Date of Patent: February 11, 2020Assignee: International Business Machines CorporationInventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Patent number: 10467394Abstract: There is provided, in accordance with some embodiments, a method comprising using one or more hardware processors for receiving a behavioral biometric model that characterizes a human user according to pointing device data of the human user, where the pointing device data comprises screen coordinate and time stamp pairs. The method comprises an action of monitoring an input data stream from a pointing device in real time, wherein the input data stream covers two or more spatial regions of a display screen, and an action of segregating the input data stream into one or more subset streams that is restricted to one of the plurality of spatial regions. The method comprises an action of computing a similarity score based on one or more comparisons of the behavioral biometric model and the one or more subset streams, and an action of sending the similarity score to a user authorization system.Type: GrantFiled: July 11, 2016Date of Patent: November 5, 2019Assignee: International Business Machines CorporationInventors: David Asulin, Oded Margalit, Ron Peleg, Shmulik Regev, Alexandra Shulman-Peleg
-
Publication number: 20190294326Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.Type: ApplicationFiled: September 23, 2018Publication date: September 26, 2019Inventors: AYMAN JARROUS, ALEXANDRA SHULMAN-PELEG, EITAN MENAHEM
-
Patent number: 10404474Abstract: Systems and methods for container orchestration security employ one or more processors that separate a lifecycle of one or more containers into a plurality of predefined container image lifecycle phases; segregates control of the plurality of predefined container image lifecycle phases into a plurality of control environments separately controlled by different enterprise control components isolated from one another. In addition, one or more external processors may generate one or more certificates that are based on the platform, state attributes and meta data for interaction of the container with one or more external nodes. The one or more processors may also control the promotion, update and deletion of container images between the plurality of lifecycle phases and registries in different control environments as well as between the enterprise registries and the plurality of other registries that are part of multiple external clouds.Type: GrantFiled: February 2, 2017Date of Patent: September 3, 2019Assignee: CITIGROUP TECHNOLOGY, INC.Inventors: Javier Caceres, Robert Dailey, Bartlomiej Dolata, Carlos Lopes, Damodhar R. Neelagiri, Ramkumar Pandurangan, Alexandra Shulman-Peleg
-
Publication number: 20190036978Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: ApplicationFiled: July 26, 2017Publication date: January 31, 2019Inventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Patent number: 10082954Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.Type: GrantFiled: September 4, 2015Date of Patent: September 25, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ayman Jarrous, Alexandra Shulman-Peleg, Eitan Menahem
-
Patent number: 9900775Abstract: A method, system and computer-usable medium for performing an authorization operation on an Internet of Things (IoT) type device, comprising: providing each of a plurality of IoT type devices with a respective authorization system; receiving a request to share resources at one of the plurality of IoT type devices; determining via the respective authorization system whether the one of the plurality of IoT devices has an IoT resource available for sharing; and, enabling sharing of the IoT resource when the respective authorization system determines that the IoT resource is available for sharing.Type: GrantFiled: September 2, 2015Date of Patent: February 20, 2018Assignee: International Business Machines CorporationInventors: Yossi Gilad, Ayman Jarrous, Ravid Sagy, Alexandra Shulman-Peleg
-
Publication number: 20180012003Abstract: There is provided, in accordance with some embodiments, a method comprising using one or more hardware processors for receiving a behavioral biometric model that characterizes a human user according to pointing device data of the human user, where the pointing device data comprises screen coordinate and time stamp pairs. The method comprises an action of monitoring an input data stream from a pointing device in real time, wherein the input data stream covers two or more spatial regions of a display screen, and an action of segregating the input data stream into one or more subset streams that is restricted to one of the plurality of spatial regions. The method comprises an action of computing a similarity score based on one or more comparisons of the behavioral biometric model and the one or more subset streams, and an action of sending the similarity score to a user authorization system.Type: ApplicationFiled: July 11, 2016Publication date: January 11, 2018Inventors: David ASULIN, ODED MARGALIT, RON PELEG, SHMULIK REGEV, ALEXANDRA SHULMAN-PELEG
-
Patent number: 9824231Abstract: A computing facility, including a storage management system belonging to a first trust zone having a first privilege level, a metadata management system belonging to a second trust zone having a second privilege level higher than the first privilege level, and a security management system belonging to a third trust zone having a third privilege level higher than or equal to the second privilege level. The storage management system is and configured to store multiple content entities, and the metadata management system is configured to manage, for each of the multiple content entities, metadata including a respective content encryption key and a respective retention time, each of the content entities being encrypted by its respective content encryption key. The security management system is configured to manage a master encryption key used to create the respective content encryption keys, and to confirm expiration of the respective retention times.Type: GrantFiled: December 24, 2014Date of Patent: November 21, 2017Assignee: International Business Machines CorporationInventors: Michael Factor, Daivid Lebutsch, Alexandra Shulman-Peleg, Tim Waizenegger
-
Patent number: 9646019Abstract: Machines, systems and methods for handling a client request in a hierarchical multi-tenant data storage system, the method comprising processing a request in subtasks, wherein a subtask is executed with a minimal set of privileges associated with a specific subtenant; extracting a claimed n-level hierarchy of a tenant and sub-tenant identities from the request; extracting authentication signatures or credentials that correspond to a level in the hierarchy; for a first level in the hierarchy, sending the request to a dedicated subtenant authenticator with privilege to validate credentials for a subtenant at the first level; and receiving a confirmation from the dedicated subtenant authenticator, whether the request is authentic.Type: GrantFiled: May 17, 2016Date of Patent: May 9, 2017Assignee: International Business Machines CorporationInventors: Michael E. Factor, David Hadas, Elliot K. Kolodner, Anil Kurmus, Alexandra Shulman-Peleg, Alessandro Sorniotti
-
Patent number: 9641536Abstract: Methods, storage systems and computer program products implement embodiments of the present invention that include defining, for an entity, a policy access control list including one or more access rules, each of the access rules including one or more user conditions and one or more entity conditions. Upon receiving a request from a user to access a given entity, one or more user attributes associated with the user and one or more entity attributes associated with the given entity are identified. For each of the access rules, the one or more user conditions are applied to the one or more user attributes, the one or more entity conditions are applied to the one or more entity attributes. Access to the given content entity is granted to the user upon determining that a minimum threshold of the one or more user conditions and the one or more entity conditions are met.Type: GrantFiled: May 2, 2016Date of Patent: May 2, 2017Assignee: International Business Machines CorporationInventors: Michael Factor, Elliot K Kolodner, Alexandra Shulman-Peleg
-
Patent number: 9613038Abstract: Embodiments relate to digital data retention management. An aspect includes calculating a retention date associated with a data object in a storage system. Another aspect includes generating a cryptographic checksum for metadata relating to said data object, the metadata comprising the retention date. Another aspect includes storing said metadata and said cryptographic checksum. Another aspect includes, based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system: verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.Type: GrantFiled: August 21, 2014Date of Patent: April 4, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael E. Factor, Bernhard Kurtz, David Lebutsch, Cataldo Mega, Alexandra Shulman-Peleg, Tim Waizenegger
-
Publication number: 20170070511Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.Type: ApplicationFiled: November 24, 2015Publication date: March 9, 2017Inventors: AYMAN JARROUS, ALEXANDRA SHULMAN-PELEG, EITAN MENAHEM