Patents by Inventor Amir Herzberg
Amir Herzberg has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11954516Abstract: A system and method for inspecting managed workloads in a cloud computing environment for cybersecurity threats improves inspection of managed workload service repositories, by only inspecting bases of managed workload deployed in the cloud computing environment. The method includes discovering a managed workload deployed in a cloud computing environment; determining an identifier of the managed workload, wherein the identifier includes an indicator to a base repository in which a base is stored, and wherein the managed workload is currently deployed in the cloud computing environment, the base repository further storing a plurality of bases, wherein a portion of the plurality of bases do not correspond to a deployed workload; accessing the base repository to pull the base; and inspecting the base of the deployed managed workload for a cybersecurity threat.Type: GrantFiled: September 15, 2023Date of Patent: April 9, 2024Assignee: WIZ, INC.Inventors: Niv Roit Ben David, Yaniv Shaked, Yarin Miran, Raaz Herzberg, Amir Lande Blau
-
Patent number: 10972441Abstract: In some implementations, a scheme for data communication in an automobile includes generating a cleartext message to be transmitted to a second ECU, generating a pseudo-random counter by applying a pseudorandom function to a counter value that is incremented for each cleartext message generated by the ECU; combining the cleartext message and the pseudo-random counter to create a randomized message; selecting from a plurality of available cryptography techniques, a selected cryptography technique; applying to the randomized message, the selected cryptography technique to create a ciphertext; and transmitting to the second ECU over the CAN bus, the ciphertext.Type: GrantFiled: January 24, 2019Date of Patent: April 6, 2021Assignee: KARAMBA SECURITY LTDInventors: Amir Herzberg, Assaf Harel, Eli Mordechai, Tal Efraim Ben David, Amiram Dotan, David Barzilai, Itay Khazon
-
Patent number: 10903986Abstract: Technology can be used for sending and receiving messages on a CAN bus with a plurality of ECUs. The technology can include identifying a first message to send to a receiving ECU from a sending ECU; incrementing a sender-version message counter for the message type; determining to create a second session for the message type in the sending ECU; generating a second sender-version session key to be used during the second session in the sending ECU; and resetting the sender-version message counter. The technology further includes processing the first message using the second sender-version session key, including performing an operation to combine the sender-version message counter with the first message to create a combined message and encoding the combined message using the second sender-version session key to create an encoded message. The technology further includes sending the encoded message to the receiving ECU on the CAN bus.Type: GrantFiled: January 18, 2019Date of Patent: January 26, 2021Assignee: KARAMBA SECURITY LTD.Inventors: Amir Herzberg, Assaf Harel, Eli Mordechai, Tai Efraim Ben David, Amiram Dotan, David Barzilai, Itay Khazon
-
Publication number: 20200099665Abstract: In some implementations, a scheme for data communication in an automobile includes generating a cleartext message to be transmitted to a second ECU, generating a pseudo-random counter by applying a pseudorandom function to a counter value that is incremented for each cleartext message generated by the ECU; combining the cleartext message and the pseudo-random counter to create a randomized message; selecting from a plurality of available cryptography techniques, a selected cryptography technique; applying to the randomized message, the selected cryptography technique to create a ciphertext; and transmiting to the second ECU over the CAN bus, the ciphertext.Type: ApplicationFiled: January 24, 2019Publication date: March 26, 2020Inventors: Amir HERZBERG, Assaf HAREL, Eli MORDECHAI, Tal Efraim Ben DAVID, Amiram DOTAN, David BARZILAI, Itay KHAZON
-
Patent number: 10419408Abstract: In some implementations, a scheme for data communication in an automobile includes generating a cleartext message to be transmitted to a second ECU, generating a pseudo-random counter by applying a pseudorandom function to a counter value that is incremented for each cleartext message generated by the ECU; combining the cleartext message and the pseudo-random counter to create a randomized message; selecting from a plurality of available cryptography techniques, a selected cryptography technique; applying to the randomized message, the selected cryptography technique to create a ciphertext; and transmitting to the second ECU over the CAN bus, the ciphertext.Type: GrantFiled: September 24, 2018Date of Patent: September 17, 2019Assignee: KARAMBA SECURITYInventors: Amir Herzberg, Assaf Harel, Eli Mordechai, Tal Efraim Ben David, Amiram Dotan, David Barzilai, Itay Khazon
-
Patent number: 7546275Abstract: A method for deposit of an electronic payment order by a first intermediary processor among a plurality of intermediary processors linked by a communication network. A routing message is received at the first intermediary processor, the message identifying one or more deposit target processors accessible through the network via the second intermediary processor and providing a respective secure identifier for each of the accessible deposit target processors. When the first intermediary processor receives the electronic payment order drawn on a specified one of the deposit target processors conveyed over the network from a depositing processor, it clears the payment order intermediary processor by checking the payment order against the secure identifier of the specified deposit target processor provided in the routing message.Type: GrantFiled: July 20, 2000Date of Patent: June 9, 2009Assignee: International Business Machines CorporationInventors: Amir Herzberg, Eldad Shai, Ilan Zisser
-
Patent number: 7124115Abstract: A method for electronic advertising by an advertiser includes posting an advertisement for an item offered to a buyer for purchase from a merchant on a page per fee basis at a predetermined price via a network link to a network address represented in the advertisement by an alias, which conceals the network address from the buyer. Upon receiving an invocation of the link from the buyer, an order is transmitted to the merchant for supply of the item to the buyer in exchange for payment of the price by the buyer. The item is conveyed, responsive to the order, from the merchant to the buyer, and the advertiser receives a predefined portion of the price paid by the buyer in consideration for posting the advertisement.Type: GrantFiled: July 25, 2000Date of Patent: October 17, 2006Assignee: International Business Machines CorporationInventors: Amir Herzberg, Yehiel Yochai, Eldad Shai, Boaz Binnun
-
Patent number: 7024691Abstract: A system for trusting sites in a communication network, the communication network including a plurality of user nodes inter-linked through a proxy node to a site server. The system includes the proxy that is associated with an advanced policy being responsive to input certificates for verifying one or more declarations. Each one of the declarations is associated with a symbol. A user accessing from a user node, through a proxy node to a server site. The proxy node authenticating the site and then the server site providing to the proxy node, through said communication network, one or more credentials that refer to the site. The proxy node testing the credentials against the advanced policy in order to verify the declarations and displaying in respect of each verified declaration the corresponding symbol.Type: GrantFiled: October 17, 2000Date of Patent: April 4, 2006Assignee: International Business Machines CorporationInventors: Amir Herzberg, Yosi Mass
-
Patent number: 7003677Abstract: A method for providing a proactive security in proactive operating environment. The proactive operating environment includes a group of proactive servers communicating over a network. Each proactive server (PSI) includes a storage that includes a non erasable part that stores a public, non proactive related, key VIStart. The storage further includes an erasable part for storing private and public data. The proactive server has a discardable one-time private key SIStart that corresponds to the public key VIStart. The proactive server further has configuration data C. There is further provided a processor for providing a proactive services to applications. The proactive server has a group public proactive key VCERT common to the group of proactive servers and a share SICERT of a corresponding private proactive key SCERT.Type: GrantFiled: November 1, 1999Date of Patent: February 21, 2006Assignee: International Business Machines CorporationInventors: Amir Herzberg, Dalit Naor, Eldad Shai, Boaz Barak
-
Publication number: 20050022132Abstract: A method for managing objects for users including providing a set of attributes and a set of containers each having attributes from the set. The method further provides a user interface for dynamically assigning attributes to the objects. The method further provides for selectively displaying, through a user interface, containers and objects in the containers. An object is displayed in a container if a condition is met. The condition is applied to the attributes of the container and the attributes of the object.Type: ApplicationFiled: April 28, 2004Publication date: January 27, 2005Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Amir Herzberg, Yiftach Ravid
-
Patent number: 6380952Abstract: System for continuous display and navigation in a virtual reality world comprising display means, a server, a computer including browsing means for communicating with the server, storage means for storing a plurality of files defining three dimensional virtual spaces which can be displayed on display means on request of browsing means, and virtual reality managing means for, upon receiving coordinates of the current viewpoint of the user from browsing means, directly requesting to server appropriate files, the selection of which is based on an evaluation of which three-dimensional virtual space will be most needed and loading these files into browsing means for displaying this three-dimensional space.Type: GrantFiled: March 22, 1999Date of Patent: April 30, 2002Assignee: International Business Machines CorporationInventors: Yossi Mass, Amir Herzberg
-
Patent number: 5745678Abstract: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.Type: GrantFiled: August 18, 1997Date of Patent: April 28, 1998Assignee: International Business Machines CorporationInventors: Amir Herzberg, Hugo Mario Krawczyk, Shay Kutten, An Van Le, Stephen Michael Matyas, Marcel Mordechay Yung
-
Patent number: 5625692Abstract: A proactive threshold secret sharing cryptosystem using a set of servers. The cryptosystem is a threshold cryptosystem, in the sense that service is maintained if at least (k+1) out of n servers are active and honest. The secret signature key is compromised only if the adversary breaks into at least (k+1) servers. It is robust in the sense that the honest servers detect faulty ones and the service is not disrupted. It is recoverable, because if the adversary erases all the local information on the server it compromised, the information can be restored as soon as the server comes back to performing the correct protocol. The method and system has proactiveness, which means that in order to learn the secret, the adversary has to break into (k+1) servers during the same round of the algorithm because the shares of the secret are periodically redistributed and rerandomized. The present invention uses a verifiable secret sharing mechanism to get the security requirements during the update between two rounds.Type: GrantFiled: January 23, 1995Date of Patent: April 29, 1997Assignee: International Business Machines CorporationInventors: Amir Herzberg, Stanislaw M. Jarecki, Hugo M. Krawczyk, Marcel M. Yung
-
Patent number: 5539824Abstract: This invention deals with a safe key distribution and authentication in a data communication network (e.g. wireless LAN type of network).The network includes a network manager to which are connected, via a LAN wired circuit, one or more base stations. Individual remote stations are, in turn, wirelessly connected to an installed base station.One essential function for achieving security in such a network, is a mechanism to reliably authenticate the exchanges of data between communicating parties. This involves the establishment of session keys, which keys need to be distributed safely to the network components. An original and safe method is provided with this invention for key distribution and authentication during network installation, said method including using the first installed base station for generating a network key and a backbone key, and then using said first installed base station for subsequent remote station or additional base station installations while avoiding communicating said network key.Type: GrantFiled: December 2, 1994Date of Patent: July 23, 1996Assignee: International Business Machines CorporationInventors: Ronald E. Bjorklund, Frederic Bauchot, Michele M. Wetterwald, Shay Kutten, Amir Herzberg
-
Patent number: 5515439Abstract: In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements: the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate.Type: GrantFiled: November 9, 1994Date of Patent: May 7, 1996Assignee: International Business Machines CorporationInventors: David Bantz, Frederic Bauchot, Eliane D. Bello, Shay Kutten, Hugo Krawczyk, Amir Herzberg, Yishay Mansour
-
Patent number: 5469507Abstract: A mechanism which secures the communication and computation between processors in an insecure distributed environment implements efficient "compilers" for a protocol between processors. The protocol is one that assures some input-output relation when executed by processors which are not all trusted but with secret and authenticated communication links between every two processors. This protocol is transformed by a compiler into a protocol that guarantees essentially the same input-output relations in the presence of (the same type of) insecure processors and insecure communication links. Additionally, a method maintains secret values for a sequence of periods, each secret value being shared by two or more processors for one or several periods, where the processors are connected by a communication network.Another mechanism establishes different cryptographic keys established for each period of communication.Type: GrantFiled: March 1, 1994Date of Patent: November 21, 1995Assignee: International Business Machines CorporationInventors: Ran Canetti, Amir Herzberg
-
Patent number: 5412723Abstract: A method is provided which allows a set of servers to maintain a set of keys, shared with a client, in the presence of mobile eavesdroppers that occasionally break into servers and learn the entire contents of their memories. Static and dynamic schemes maintain secret keys common to the user and each of several servers in the presence of a mobile, transient adversary that occasionally breaks into servers in order to gather information on the users' secret keys. The schemes use periodic "refreshments" of every user's private keys. In each round the servers involve in a computation in which each server computes a new private key to be shared with the user, in a way that allows the user to keep track of the changing keys without any communication with the servers. The schemes are very efficient. In particular, a user has to interact only with one server in order to obtain a session key. The user may choose the server with whom it wants to interact. The method may be used to securely generate random numbers (i.e.Type: GrantFiled: March 1, 1994Date of Patent: May 2, 1995Assignee: International Business Machines CorporationInventors: Ran Canetti, Amir Herzberg
-
Patent number: 5369705Abstract: A method and apparatus for providing authentication among a dynamically selected group of users in a communication system with a dynamically changing network topology. With this invention, freshness information and alleged identity information are transmitted from each of the users in the group using available paths in the network. A group key is then generated, and coded information, derived from the group key and the above transmitted information, is sent to each of the users. Each unit of coded information is accompanied by an identifying tag so as to identify which of the users is to use the appropriate unit of coded information. Each alleged user will then extract the group key from a corresponding coded information unit only if it shares an appropriate secret with a server. Without knowledge of the group key, a user cannot be authenticated.Type: GrantFiled: June 3, 1992Date of Patent: November 29, 1994Assignee: International Business Machines CorporationInventors: Raymond F. Bird, Amir Herzberg, Philippe A. Janson, Shay Kutten, Refik A. Molva, Marcel M. Yung
-
Patent number: 5345507Abstract: A method of verifying the authenticity of a message transmitted from a sender to a receiver in a communication system is partitioned into three stages. In the first stage, a key is secretly exchanged between the sender and receiver. This key is a binary irreducible polynomial p(x) of degree n. In addition, the sender and receiver share an encryption key composed of a stream of secret random, or pseudo-random bits. In the second stage, the sender appends a leading non-zero string of bits, which, in the simplest case, may be a single "1" bit, and n tail bits "0" to M to generate an augmented message, this augmented message considered as a polynomial having coefficients corresponding to the message bits. If the length of the message is known and cryptographically verified, then there is no need for a leading "1". The sender then computes a polynomial residue resulting from the division of the augmented message polynomial generated by the key polynomial p(x) exchanged by the sender and receiver.Type: GrantFiled: September 8, 1993Date of Patent: September 6, 1994Assignee: International Business Machines CorporationInventors: Amir Herzberg, Hugo M. Krawczyk, Shay Kutten, Yishay Mansour
-
Patent number: RE38375Abstract: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.Type: GrantFiled: April 27, 2000Date of Patent: December 30, 2003Assignee: International Business Machines CorporationInventors: Amir Herzberg, Hugo Mario Krawczyk, Shay Kutten, An Van Le, Stephen Michael Matyas, Marcel Mordechay Yung