Patents by Inventor Amir Jerbi
Amir Jerbi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9158913Abstract: A computer system is disclosed that includes a host operating system and a virtual hypervisor that operates under management of the host operating system to control operations of virtual machines operating under management of the virtual hypervisor. The virtual hypervisor provides an interface between the virtual machines and the host operating system. A signing component generates digital signatures which identify owners of the virtual machines and associates the digital signatures with the virtual machines. A signature validation component determines the owners of the virtual machines using the digital signatures and responsive to occurrence of defined events. Related methods and computer program products for operating computer systems are also disclosed.Type: GrantFiled: July 9, 2012Date of Patent: October 13, 2015Assignee: CA, Inc.Inventors: Shalom Shimoni, Nir Barak, Amir Jerbi, Yaron Holland
-
Patent number: 9154497Abstract: A network server verifies a requesting user's permission to use a password to access a shared account hosted on a network server. The requesting user may be the person to whom the password was assigned, or in some cases, permission to use the password may have been granted to the requesting user by the person to whom the password is assigned. Provided the requesting user has permission to use the password, the system authenticates the requesting user for access to the shared account, and maintains accountability of the password.Type: GrantFiled: March 24, 2014Date of Patent: October 6, 2015Assignee: CA, Inc.Inventors: Guy Balzam, Itzhak Fadida, Amir Jerbi, Aviva Weinberg
-
Publication number: 20150248544Abstract: Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.Type: ApplicationFiled: March 3, 2014Publication date: September 3, 2015Applicant: CA, Inc.Inventors: Itzhak Fadida, Guy Balzam, Amir Jerbi, Nir Barak
-
Patent number: 9009471Abstract: Systems and methods for providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of the local agent and the environment-based monitor, providing for secure yet administrable sensitive data protection.Type: GrantFiled: March 14, 2014Date of Patent: April 14, 2015Assignee: CA, Inc.Inventors: Alex Korthny, Nir Barak, Amir Jerbi
-
Patent number: 8997195Abstract: In an example computer-implemented method, a password management (PM) server receives an access request message from a login computer at which a resource requiring vaulted credentials has been requested. The access request message identifies the requested resource and the login computer. A session identifier (ID) is generated that is linked to the login computer and to the requested resource, and is transmitted to the login computer. The PM server receives, from a mobile computing device, a user ID and a value indicative of the session ID. If the user ID is not authorized to access the requested resource, the PM server transmits the vaulted credentials to the login computer or the mobile computing device only if an approval message indicative of a confirmation code is received from a manager computing device authorizing release of the vaulted credentials for the user ID.Type: GrantFiled: March 27, 2014Date of Patent: March 31, 2015Assignee: CA, Inc.Inventors: Itzhak Fadida, Guy Balzam, Amir Jerbi, Nir Barak
-
Patent number: 8959583Abstract: According to an example computer-implemented method, a password management server receives an access request message from a login computer at which a resource requiring vaulted credentials has been requested. The access request message identifies the requested resource and the login computer. A session identifier (ID) is generated for enabling release of the vaulted credentials. The session ID is linked to the login computer and to the requested resource. The session ID is transmitted to the login computer. Responsive to receiving a value indicative of the session ID from a mobile computing device, the password management server transmits the vaulted credentials to the login computer or to the mobile computing device.Type: GrantFiled: February 5, 2013Date of Patent: February 17, 2015Assignee: CA, Inc.Inventors: Itzhak Fadida, Guy Balzam, Amir Jerbi
-
Patent number: 8826275Abstract: According to one embodiment of the present disclosure, a method includes receiving a request to instantiate a virtual machine image in a virtualization environment. The method also includes sending a request for verification of the virtualization environment. The method further includes receiving information from the enforcement module in response to the request for verification of the virtualization environment. The method further includes determining whether the virtualization environment is verified based on the information received.Type: GrantFiled: September 1, 2011Date of Patent: September 2, 2014Assignee: CA, Inc.Inventors: Amir Jerbi, Michael Kletskin, Eitan Hadar
-
Publication number: 20140223525Abstract: According to an example computer-implemented method, a password management server receives an access request message from a login computer at which a resource requiring vaulted credentials has been requested. The access request message identifies the requested resource and the login computer. A session identifier (ID) is generated for enabling release of the vaulted credentials. The session ID is linked to the login computer and to the requested resource. The session ID is transmitted to the login computer. Responsive to receiving a value indicative of the session ID from a mobile computing device, the password management server transmits the vaulted credentials to the login computer or to the mobile computing device.Type: ApplicationFiled: February 5, 2013Publication date: August 7, 2014Applicant: CA, Inc.Inventors: Itzhak Fadida, Guy Balzam, Amir Jerbi
-
Publication number: 20140201525Abstract: Systems and methods for providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of the local agent and the environment-based monitor, providing for secure yet administrable sensitive data protection.Type: ApplicationFiled: March 14, 2014Publication date: July 17, 2014Applicant: CA, Inc.Inventors: Alex Korthny, Nir Barak, Amir Jerbi
-
Patent number: 8700898Abstract: Systems and methods for providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of the local agent and the environment-based monitor, providing for secure yet administrable sensitive data protection.Type: GrantFiled: October 2, 2012Date of Patent: April 15, 2014Assignee: CA, Inc.Inventors: Alex Korthny, Nir Barak, Amir Jerbi
-
Publication number: 20140096134Abstract: Systems and methods associated with virtual machine security are described herein. One example method includes instantiating a guest virtual machine in a virtual computing environment. The method also includes installing a life cycle agent on the guest virtual machine, assigning an identifying certificate, a set of policies, and an encryption key to the guest virtual machine, and providing the certificate, policies, and encryption key to the guest virtual machine. The certificate, policies, and encryption key may then be used by the guest virtual machine to authenticate itself within the virtual computing environment and to protect data stored on the guest virtual machine.Type: ApplicationFiled: October 2, 2012Publication date: April 3, 2014Applicant: CA, Inc.Inventors: Nir Barak, Amir Jerbi, Eitan Hadar, Michael Kletskin
-
Publication number: 20140095868Abstract: Systems and methods for providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of the local agent and the environment-based monitor, providing for secure yet administrable sensitive data protection.Type: ApplicationFiled: October 2, 2012Publication date: April 3, 2014Applicant: CA, Inc.Inventors: Alex Korthny, Nir Barak, Amir Jerbi
-
Publication number: 20140067864Abstract: A method of operating a virtual computer system including a file access interceptor and multiple virtual machines that are logically arranged in a virtualization environment that is managed by a virtualization environment manager is provided. The method includes reading file settings definitions that include identifications and properties of files that are configured to be accessed by a computer application, replacing operations of a file interface in the computer application using with file access interceptor operations that use the file settings to decouple file attributes from the computer application, managing file access via the file access interceptor operations to provide data file storage and read access to the files, and synchronizing file actions in each of a plurality of instances of the files. Related systems and computer program products are disclosed.Type: ApplicationFiled: September 6, 2012Publication date: March 6, 2014Inventors: Yaron Holland, Amir Jerbi, Avi Kessel, Shalom Shimoni
-
Publication number: 20140013325Abstract: A computer system is disclosed that includes a host operating system and a virtual hypervisor that operates under management of the host operating system to control operations of virtual machines operating under management of the virtual hypervisor. The virtual hypervisor provides an interface between the virtual machines and the host operating system. A signing component generates digital signatures which identify owners of the virtual machines and associates the digital signatures with the virtual machines. A signature validation component determines the owners of the virtual machines using the digital signatures and responsive to occurrence of defined events. Related methods and computer program products for operating computer systems are also disclosed.Type: ApplicationFiled: July 9, 2012Publication date: January 9, 2014Inventors: Shalom Shimoni, Nir Barak, Amir Jerbi, Yaron Holland
-
Publication number: 20130307970Abstract: A virtual machine console is recorded. A method for monitoring a virtual machine may comprise monitoring a virtualization environment, detecting a new virtual machine and associated console, creating an additional instantiation of the console by generating a reflection of the console on a video capture device and recording a real time video of an image of the additional instantiation of the console on the video capture device. Prior to recording, the image may be analyzed to determine a change and the recording of the image can be triggered based upon the analysis.Type: ApplicationFiled: May 15, 2012Publication date: November 21, 2013Applicant: CA, INC.Inventors: Nir Barak, Itzhak Fadida, Amir Jerbi
-
Publication number: 20130291052Abstract: Systems and methods of implementing a secured cloud environment allow for design and instantiation of a security policy at the infrastructure level. An example system may comprise a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog. The system may comprise a second module to facilitate defining a connection between the at least two selected cloud computing component templates. The system may comprise a third module to facilitate assigning a security level and a policy to at least one of the at least two selected cloud computing component templates. The system may comprise a fourth module to facilitate building a cloud computing component blueprint.Type: ApplicationFiled: April 30, 2012Publication date: October 31, 2013Applicant: CA, Inc.Inventors: Eitan Hadar, Michael Kletskin, Nir Barak, Amir Jerbi, Yaacov Bezalel
-
Patent number: 8490150Abstract: According to one embodiment, a system comprises one or more processors coupled to a memory and executing logic. A policy life cycle component is configured to maintain a repository of security policies. The repository of security policies comprises policies governing access to a virtual host and to a plurality of virtual machines running on the virtual host. The policy life cycle component is also configured to issue a compound policy for an identified virtual operating system running on the virtual host. The compound policy provides a virtual host policy and access rules for each of the plurality of virtual machines running on the virtual host. A topology manager is configured to receive the compound policy from the policy life cycle component, assign the compound to an access control agent, and maintain a security policy topology. The security policy topology stores associations between access control agents and compound policies.Type: GrantFiled: September 23, 2009Date of Patent: July 16, 2013Assignee: CA, Inc.Inventors: Ethan Hadar, Nimrod Vax, Amir Jerbi, Michael Kletskin
-
Publication number: 20130152194Abstract: A system and method for controlling access to virtual machine consoles. The system includes a console access controller configured to register an owner to a virtual machine to open a defined limit of consoles and capture the defined limit of consoles. An image console control is configured to receive a request to check-out one or more of the captured consoles in one of an exclusive mode and a shared mode and determine whether the check-out request was made by the owner. The console access controller is further configured to open the one or more captured consoles in the exclusive mode to the owner if the check-out request is made by the owner and recapturing the one ore more consoles in response to a check-in request from the owner.Type: ApplicationFiled: December 7, 2011Publication date: June 13, 2013Applicant: COMPUTER ASSOCIATES THINK, INC.Inventors: Nir Barak, Itzhak Fadida, Amir Jerbi
-
Publication number: 20130061219Abstract: According to one embodiment of the present disclosure, a method includes receiving a request to instantiate a virtual machine image in a virtualization environment. The method also includes sending a request for verification of the virtualization environment. The method further includes receiving information from the enforcement module in response to the request for verification of the virtualization environment. The method further includes determining whether the virtualization environment is verified based on the information received.Type: ApplicationFiled: September 1, 2011Publication date: March 7, 2013Applicant: Computer Associates Think, Inc.Inventors: Amir Jerbi, Michael Kletskin, Eitan Hadar
-
Publication number: 20110072487Abstract: According to one embodiment, a system comprises one or more processors coupled to a memory. The one or more processors when executing logic encoded in the memory provide a topology manager. The topology manager is configured to maintain a security topology of a plurality of hosts. The security topology associates one or more virtual hosts policies with a plurality of virtual hosts in a cloud computing deployment. The topology manager is also configured to request a query for one or more hosts that are candidates to be enforced. A portability manager is configured to receive a request to deploy an access control agent on the one or more candidate hosts, determine an optimal agent to be deployed from a list of available agents, and deploy the optimal agent on the one or more candidate hosts.Type: ApplicationFiled: September 23, 2009Publication date: March 24, 2011Applicant: Computer Associates Think, Inc.Inventors: Ethan Hadar, Nimrod Vax, Amir Jerbi, Michael Kletskin