Patents by Inventor Amir Jerbi
Amir Jerbi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10326765Abstract: According to one embodiment, a system comprises one or more processors coupled to a memory. The one or more processors when executing logic encoded in the memory provide a topology manager. The topology manager is configured to maintain a security topology of a plurality of hosts. The security topology associates one or more virtual hosts policies with a plurality of virtual hosts in a cloud computing deployment. The topology manager is also configured to request a query for one or more hosts that are candidates to be enforced. A portability manager is configured to receive a request to deploy an access control agent on the one or more candidate hosts, determine an optimal agent to be deployed from a list of available agents, and deploy the optimal agent on the one or more candidate hosts.Type: GrantFiled: November 8, 2016Date of Patent: June 18, 2019Assignee: CA, Inc.Inventors: Ethan Hadar, Nimrod Vax, Amir Jerbi, Michael Kletskin
-
Patent number: 10237266Abstract: Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.Type: GrantFiled: February 10, 2016Date of Patent: March 19, 2019Assignee: CA, Inc.Inventors: Itzhak Fadida, Guy Balzam, Amir Jerbi, Nir Barak
-
Patent number: 9838383Abstract: A method includes receiving a target credential object having administrative rights over a first user account located on a target system. The first user account includes a log-in permission for the target system. The method also includes receiving data indicative of a second user account corresponding to the first user account, wherein the second user account is located on a local system. The method further includes sending a first request to remove the log-in permission from the first user account to the target system using the target credential object. The method still further includes receiving a log-in request corresponding to the second user account on the local system. The method additionally includes, in response to receiving the log-in request for the second user account, sending a second request to add the log-in permission on the first user account to the target system using the target credential object.Type: GrantFiled: July 9, 2013Date of Patent: December 5, 2017Assignee: CA, Inc.Inventors: Ron Perlmuter, Amir Jerbi, Nir Barak, Miron Gross
-
Patent number: 9727712Abstract: A method for requiring justifications for predetermined user operations may include maintaining a plurality of policies in a policy store, and detecting a user operation, via a policy module, that triggers a policy of the plurality of policies. The method may also include pausing user operation, notifying the user of the impact of the user operation that triggered the policy, and requesting justification from the user for the user operation. The method may further include storing user-provided justification in a predetermined location, and then resuming the user operation.Type: GrantFiled: May 15, 2014Date of Patent: August 8, 2017Assignee: CA, Inc.Inventors: Miamon Dahan, Ilan Kleinberger, Amir Jerbi, Nir Barak
-
Patent number: 9678984Abstract: A method of operating a virtual computer system including a file access interceptor and multiple virtual machines that are logically arranged in a virtualization environment that is managed by a virtualization environment manager is provided. The method includes reading file settings definitions that include identifications and properties of files that are configured to be accessed by a computer application, replacing operations of a file interface in the computer application using with file access interceptor operations that use the file settings to decouple file attributes from the computer application, managing file access via the file access interceptor operations to provide data file storage and read access to the files, and synchronizing file actions in each of a plurality of instances of the files. Related systems and computer program products are disclosed.Type: GrantFiled: September 6, 2012Date of Patent: June 13, 2017Assignee: CA, INC.Inventors: Yaron Holland, Amir Jerbi, Avi Kessel, Shalom Shimoni
-
Patent number: 9626526Abstract: Systems and methods of implementing a secured cloud environment allow for design and instantiation of a security policy at the infrastructure level. An example system may comprise a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog. The system may comprise a second module to facilitate defining a connection between the at least two selected cloud computing component templates. The system may comprise a third module to facilitate assigning a security level and a policy to at least one of the at least two selected cloud computing component templates. The system may comprise a fourth module to facilitate building a cloud computing component blueprint.Type: GrantFiled: April 30, 2012Date of Patent: April 18, 2017Assignee: CA, Inc.Inventors: Eitan Hadar, Michael Kletskin, Nir Barak, Amir Jerbi, Yaacov Bezalel
-
Publication number: 20170054728Abstract: According to one embodiment, a system comprises one or more processors coupled to a memory. The one or more processors when executing logic encoded in the memory provide a topology manager. The topology manager is configured to maintain a security topology of a plurality of hosts. The security topology associates one or more virtual hosts policies with a plurality of virtual hosts in a cloud computing deployment. The topology manager is also configured to request a query for one or more hosts that are candidates to be enforced. A portability manager is configured to receive a request to deploy an access control agent on the one or more candidate hosts, determine an optimal agent to be deployed from a list of available agents, and deploy the optimal agent on the one or more candidate hosts.Type: ApplicationFiled: November 8, 2016Publication date: February 23, 2017Inventors: Ethan HADAR, Nimrod VAX, Amir JERBI, Michael Kletskin
-
Patent number: 9535727Abstract: Methods, systems and computer program products for identifying virtual machines that perform inconsistent with a profile are provided. Methods may include collecting initial virtual machine data corresponding to multiple virtual machines. Multiple virtual machine profiles are generated and each of the virtual machine profiles is associated with one of multiple virtual machine types. Ones of the virtual machines are associated with one of the virtual machine profiles based on the virtual machine data. Additional virtual machine data corresponding to ones of the virtual machines is collected. The additional virtual machine data is analyzed to detect a deviation of one of the virtual machines.Type: GrantFiled: February 7, 2013Date of Patent: January 3, 2017Assignee: CA, Inc.Inventors: Amir Jerbi, Avi Kessel, Shalom Shimoni, Yaron Holland
-
Publication number: 20160359911Abstract: Systems and methods of implementing a secured cloud environment allow for design and instantiation of a security policy at the infrastructure level. An example system may comprise a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog. The system may comprise a second module to facilitate defining a connection between the at least two selected cloud computing component templates. The system may comprise a third module to facilitate assigning a security level and a policy to at least one of the at least two selected cloud computing component templates. The system may comprise a fourth module to facilitate building a cloud computing component blueprint.Type: ApplicationFiled: June 25, 2015Publication date: December 8, 2016Inventors: Eitan Hadar, Michael Kletskin, Nir Barak, Amir Jerbi, Yaacov Bezalel
-
Patent number: 9509672Abstract: A method for providing seamless access to a first account using authentication information associated with a second account includes receiving a first account identifier corresponding to the first account, the first account being a shared account on a computer system. The method also includes receiving submitted authentication information associated with the second account. The method also includes comparing the submitted authentication information with stored authentication information that is associated with a plurality of authorized accounts. The plurality of authorized accounts is associated with clients authorized to access the first account. The method also includes determining whether the second account is an authorized account based on comparing the submitted authentication information with the stored authentication information. The method also includes providing seamless access to the first account in response to determining that the second account is an authorized account.Type: GrantFiled: November 8, 2013Date of Patent: November 29, 2016Assignee: CA, Inc.Inventors: Nir Barak, Itzhak Fadida, Shalom Shimoni, Amir Jerbi
-
Publication number: 20160299778Abstract: Systems and methods associated with virtual machine security are described herein. One example method includes instantiating a guest virtual machine in a virtual computing environment. The method also includes installing a life cycle agent on the guest virtual machine, assigning an identifying certificate, a set of policies, and an encryption key to the guest virtual machine, and providing the certificate, policies, and encryption key to the guest virtual machine. The certificate, policies, and encryption key may then be used by the guest virtual machine to authenticate itself within the virtual computing environment and to protect data stored on the guest virtual machine.Type: ApplicationFiled: June 16, 2016Publication date: October 13, 2016Inventors: Nir BARAK, Amir JERBI, Eitan HADAR, Michael KLETSKIN
-
Patent number: 9400727Abstract: A virtual machine console is recorded. A method for monitoring a virtual machine may comprise monitoring a virtualization environment, detecting a new virtual machine and associated console, creating an additional instantiation of the console by generating a reflection of the console on a video capture device and recording a real time video of an image of the additional instantiation of the console on the video capture device. Prior to recording, the image may be analyzed to determine a change and the recording of the image can be triggered based upon the analysis.Type: GrantFiled: May 15, 2012Date of Patent: July 26, 2016Assignee: CA, Inc.Inventors: Nir Barak, Itzhak Fadida, Amir Jerbi
-
Patent number: 9389898Abstract: Systems and methods associated with virtual machine security are described herein. One example method includes instantiating a guest virtual machine in a virtual computing environment. The method also includes installing a life cycle agent on the guest virtual machine, assigning an identifying certificate, a set of policies, and an encryption key to the guest virtual machine, and providing the certificate, policies, and encryption key to the guest virtual machine. The certificate, policies, and encryption key may then be used by the guest virtual machine to authenticate itself within the virtual computing environment and to protect data stored on the guest virtual machine.Type: GrantFiled: October 2, 2012Date of Patent: July 12, 2016Assignee: CA, INC.Inventors: Nir Barak, Amir Jerbi, Eitan Hadar, Michael Kletskin
-
Patent number: 9386019Abstract: In one embodiment, a system includes a non-transitory computer readable medium comprising one or more rules associated with access to a first server. The system further includes a processor configured to receive, a first request from a client to access a first server, the first request comprising first access information associated with a user of the client. The processor is further configured to determine, based on the one or more rules and the first access information, that the client may access the first server and retrieve second access information associated with the first server in response to determining that the client may access the first server. The processor is also configured to receive data from the first server using the retrieved second access information and the first request and send the data from the first server to the client using the one or more rules.Type: GrantFiled: March 14, 2013Date of Patent: July 5, 2016Assignee: CA, Inc.Inventors: Nir Barak, Itzhak Fadida, Amir Jerbi, Azy Shalom
-
Publication number: 20160191495Abstract: Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.Type: ApplicationFiled: February 10, 2016Publication date: June 30, 2016Inventors: Itzhak Fadida, Guy Balzam, Amir Jerbi, Nir Barak
-
Patent number: 9369450Abstract: A method of accepting a remote access at a target machine from a source machine may include receiving a login request at the target machine from the source machine, wherein the login request includes a user identification for the target machine. Responsive to accepting the login request, a session may be provided between the source and target machines using the user identification for the target machine. In addition, a user identification for the source machine may be received, and the user identification for the source machine may be locked at the target machine so that the user identification for the source machine is associated with target machine actions relating to the session between the source and target machines. For example, the user identification for the source machine may be received as an environment variable.Type: GrantFiled: December 19, 2013Date of Patent: June 14, 2016Assignee: CA, Inc.Inventors: Nir Barak, Amir Jerbi, Stefano Sali, Gabriel Kalmar
-
Patent number: 9367673Abstract: Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.Type: GrantFiled: March 3, 2014Date of Patent: June 14, 2016Assignee: CA, Inc.Inventors: Itzhak Fadida, Guy Balzam, Amir Jerbi, Nir Barak
-
Patent number: 9300671Abstract: A restricted account may be created responsive to a successful login by a user for a shared account. The restricted account may have fewer access privileges to resources of the computer system than the shared account. The user may have access to the operating system through the restricted account rather than the shared account. The user is prompted for higher authentication information responsive to a request by the user to promote the restricted account to a higher authentication account during the session. The restricted account is promoted to the higher authentication account during the session. The higher authentication account has greater access privileges to resources of the computer system than the restricted account.Type: GrantFiled: December 30, 2013Date of Patent: March 29, 2016Assignee: CA, Inc.Inventors: Nir Barak, Amir Jerbi, Laurent Lankri
-
Patent number: 9268917Abstract: A method includes detecting an identity change instruction. The method also includes identifying a target account associated with the identity change instruction. The method also includes determining whether the target account is checked out. The method also includes passing the identity change instruction to a kernel in response to determining that the target account is checked out. The method also includes blocking the identity change instruction in response to determining that the target account is not checked out.Type: GrantFiled: August 30, 2013Date of Patent: February 23, 2016Assignee: CA, Inc.Inventors: Nir Barak, Miron Gross, Amir Jerbi, Ron Perlmuter
-
Publication number: 20150332028Abstract: A method for requiring justifications for predetermined user operations may include maintaining a plurality of policies in a policy store, and detecting a user operation, via a policy module, that triggers a policy of the plurality of policies. The method may also include pausing user operation, notifying the user of the impact of the user operation that triggered the policy, and requesting justification from the user for the user operation. The method may further include storing user-provided justification in a predetermined location, and then resuming the user operation.Type: ApplicationFiled: May 15, 2014Publication date: November 19, 2015Applicant: CA, INC.Inventors: Maimon DAHON, Ilan KLEINBERGER, Amir JERBI, Nir BARAK