Patents by Inventor Amit Finkelstein
Amit Finkelstein has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8935742Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: GrantFiled: August 18, 2008Date of Patent: January 13, 2015Assignee: Microsoft CorporationInventors: Nir Nice, Oleg Ananiev, John Wohlfert, Amit Finkelstein, Alik Teplitsky
-
Patent number: 8910255Abstract: Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.Type: GrantFiled: May 27, 2008Date of Patent: December 9, 2014Assignee: Microsoft CorporationInventors: Nir Nice, Oleg Ananiev, John F. Wohlfert, Amit Finkelstein, Alexander Teplitsky
-
Patent number: 8910270Abstract: In some embodiments of the invention, techniques may make private identifiers for private network resources usable to establish connections to those private network resources from computing devices connected to an outside network. For example, when a computing device is connected to an outside network and attempting to contact a private network resource, DNS may be used to resolve a domain name for the private network resource to an IP address for an edge resource of the private network. Communications may be passed between the computing device and the edge resource according to protocols which embed the identifier originally used to identify the private network resource. The edge resource of the private network may analyze communications over the connection to determine this identifier, and use it to pass the communication to the desired private network resource.Type: GrantFiled: January 20, 2009Date of Patent: December 9, 2014Assignee: Microsoft CorporationInventors: Nir Nice, Amit Finkelstein, Dror Kremer, Noam Ben-Yochanan, Shyam Seshadri
-
Patent number: 8353020Abstract: A generic master-slave mechanism enables a single processor of a cluster of firewall processors to define the behavior of the other processors in the cluster for a specific logical connection. The cluster of firewall processors utilizes virtual adapters representing physical adapters on other processors in the firewall cluster. This virtualization allows each cluster member to act as though it is a standalone machine that owns all local IP addresses of the entire cluster. When traffic is received by a firewall processor, the firewall processor determines if there is a master associated with the logical connection for the traffic. If so, the traffic is routed to the master. If no master is associated, in an example configuration, the receiving firewall processor becomes the master. A message traffic logical connection has a single master. A master remains the master of a logical connection until the connection is terminated.Type: GrantFiled: June 14, 2006Date of Patent: January 8, 2013Assignee: Microsoft CorporationInventors: Amit Finkelstein, Avihai Lifschitz, Yosef Dinerstein, Ziv Caspi
-
Patent number: 7860982Abstract: Verification of Internet connectivity using multiple prior connection attempts to Internet destination(s). The Internet destinations may be destinations that have high reliability and that do not easily have intermediating systems that might deny a connection request. Such an Internet destination might be, for example, root Domain Name Server (DNS) servers. Connection attempt results are obtained by for at least some of the connection attempts, tracking which resulted in success and failure. Internet connectivity is then verified based on the collective results, rather than relying on any one single connection attempt. In one embodiment, the frequency of the connection attempts may depend on a current state of the Internet connection.Type: GrantFiled: March 14, 2008Date of Patent: December 28, 2010Assignee: Microsoft CorporationInventors: Amit Finkelstein, Lior Alon, Stanislav Galpert, Michael Pechuk
-
Publication number: 20100186079Abstract: In some embodiments of the invention, techniques may make private identifiers for private network resources usable to establish connections to those private network resources from computing devices connected to an outside network. For example, when a computing device is connected to an outside network and attempting to contact a private network resource, DNS may be used to resolve a domain name for the private network resource to an IP address for an edge resource of the private network. Communications may be passed between the computing device and the edge resource according to protocols which embed the identifier originally used to identify the private network resource. The edge resource of the private network may analyze communications over the connection to determine this identifier, and use it to pass the communication to the desired private network resource.Type: ApplicationFiled: January 20, 2009Publication date: July 22, 2010Applicant: Microsoft CorporationInventors: Nir Nice, Amit Finkelstein, Dror Kremer, Noam Ben-Yochanan, Shyam Seshadri
-
Publication number: 20090300739Abstract: Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.Type: ApplicationFiled: May 27, 2008Publication date: December 3, 2009Applicant: MICROSOFT CORPORATIONInventors: Nir Nice, Oleg Ananiev, John F. Wohlfert, Amit Finkelstein, Alexander Teplitsky
-
Patent number: 7603333Abstract: The evaluation of a policy can be delayed until all rules criteria needed for evaluation are available. Also, new types of rules criteria can be registered without requiring changes to a rules engine. A policy manager allows rules to be evaluated and decisions made at different stages of the request handling. The policy manager facilitates interaction with the rules engine until all criteria are evaluated. The policy manager also allows modules developed by third parties to provide notification when criteria can be decided and thus complete evaluation.Type: GrantFiled: June 14, 2006Date of Patent: October 13, 2009Assignee: Microsoft CorporationInventors: Amit Finkelstein, Avihai Lifschitz, Yosef Dinerstein, Ziv Caspi
-
Publication number: 20090232009Abstract: Verification of Internet connectivity using multiple prior connection attempts to Internet destination(s). The Internet destinations may be destinations that have high reliability and that do not easily have intermediating systems that might deny a connection request. Such an Internet destination might be, for example, root Domain Name Server (DNS) servers. Connection attempt results are obtained by for at least some of the connection attempts, tracking which resulted in success and failure. Internet connectivity is then verified based on the collective results, rather than relying on any one single connection attempt. In one embodiment, the frequency of the connection attempts may depend on a current state of the Internet connection.Type: ApplicationFiled: March 14, 2008Publication date: September 17, 2009Applicant: Microsoft CorporationInventors: Amit Finkelstein, Lior Alon, Stanislav Galpert, Michael Pechuk
-
Publication number: 20090178109Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: ApplicationFiled: August 18, 2008Publication date: July 9, 2009Applicant: Microsoft CorporationInventors: Nir Nice, Oleg Ananiev, John Wohlfert, Amit Finkelstein, Alik Teplitsky
-
Method and data structure for performing regular expression searches in a fixed length word language
Patent number: 7412443Abstract: Given a language with all words in a fixed length, and a set of regular expressions composed only from characters in the alphabet of the language or the “?” sign (any single character), the method of the invention defines a data structure that is used to efficiently find the set of matching regular expressions for a given query word. The method may be adjusted by appropriate selection of a control variable to vary the storage space required and the search time necessary to complete the query. Specifically, the method of the present invention provides a space versus time trade-off between the storage space required for the data structures of the present invention and the amount of time to search those data structures to determine the matching set of regular expressions.Type: GrantFiled: August 3, 2005Date of Patent: August 12, 2008Assignee: Microsoft CorporationInventor: Amit Finkelstein -
Method and data structure for performing regular expression searches in a fixed length word language
Patent number: 7386548Abstract: Given a language with all words in a fixed length, and a set of regular expressions composed only from characters in the alphabet of the language or the “?” sign (any single character), the system of the invention defines a data structure that is used to efficiently find the set of matching regular expressions for a given query word. The system may be adjusted by appropriate selection of a control variable to vary the storage space required and the search time necessary to complete the query. Specifically, the system of the present invention provides a space versus time trade-off between the storage space required for the data structures of the present invention and the amount of time to search those data structures to determine the matching set of regular expressions.Type: GrantFiled: November 10, 2005Date of Patent: June 10, 2008Assignee: Microsoft CorporationInventor: Amit Finkelstein -
Publication number: 20070294198Abstract: The evaluation of a policy can be delayed until all rules criteria needed for evaluation are available. Also, new types of rules criteria can be registered without requiring changes to a rules engine. A policy manager allows rules to be evaluated and decisions made at different stages of the request handling. The policy manager facilitates interaction with the rules engine until all criteria are evaluated. The policy manager also allows modules developed by third parties to provide notification when criteria can be decided and thus complete evaluation.Type: ApplicationFiled: June 14, 2006Publication date: December 20, 2007Applicant: Microsoft CorporationInventors: Amit Finkelstein, Avihai Lifschitz, Yosef Dinerstein, Ziv Caspi
-
Publication number: 20070294754Abstract: A generic master-slave mechanism enables a single processor of a cluster of firewall processors to define the behavior of the other processors in the cluster for a specific logical connection. The cluster of firewall processors utilizes virtual adapters representing physical adapters on other processors in the firewall cluster. This virtualization allows each cluster member to act as though it is a standalone machine that owns all local IP addresses of the entire cluster. When traffic is received by a firewall processor, the firewall processor determines if there is a master associated with the logical connection for the traffic. If so, the traffic is routed to the master. If no master is associated, in an example configuration, the receiving firewall processor becomes the master. A message traffic logical connection has a single master. A master remains the master of a logical connection until the connection is terminated.Type: ApplicationFiled: June 14, 2006Publication date: December 20, 2007Applicant: Microsoft CorporationInventors: Amit Finkelstein, Avihai Lifschitz, Yosef Dinerstein, Ziv Caspi
-
Method and data structure for performing regular expression searches in a fixed length word language
Publication number: 20060074852Abstract: Given a language with all words in a fixed length, and a set of regular expressions composed only from characters in the alphabet of the language or the “?” sign (any single character), the system of the invention defines a data structure that is used to efficiently find the set of matching regular expressions for a given query word. The system may be adjusted by appropriate selection of a control variable to vary the storage space required and the search time necessary to complete the query. Specifically, the system of the present invention provides a space versus time trade-off between the storage space required for the data structures of the present invention and the amount of time to search those data structures to determine the matching set of regular expressions.Type: ApplicationFiled: November 10, 2005Publication date: April 6, 2006Applicant: Microsoft CorporationInventor: Amit Finkelstein -
Method and data structure for performing regular expression searches in a fixed length word language
Patent number: 6996562Abstract: Given a language with all words in a fixed length, and a set of regular expressions composed only from characters in the alphabet of the language or the “?” sign (any single character), the method of the invention defines a data structure that is used to efficiently find the set of matching regular expressions for a given query word. The method may be adjusted by appropriate selection of a control variable to vary the storage space required and the search time necessary to complete the query. Specifically, the method of the present invention provides a space versus time trade-off between the storage space required for the data structures of the present invention and the amount of time to search those data structures to determine the matching set of regular expressions.Type: GrantFiled: July 29, 2002Date of Patent: February 7, 2006Assignee: Microsoft CorporationInventor: Amit Finkelstein -
Method and data structure for performing regular expression searches in a fixed length word language
Publication number: 20050267905Abstract: Given a language with all words in a fixed length, and a set of regular expressions composed only from characters in the alphabet of the language or the “?” sign (any single character), the method of the invention defines a data structure that is used to efficiently find the set of matching regular expressions for a given query word. The method may be adjusted by appropriate selection of a control variable to vary the storage space required and the search time necessary to complete the query. Specifically, the method of the present invention provides a space versus time trade-off between the storage space required for the data structures of the present invention and the amount of time to search those data structures to determine the matching set of regular expressions.Type: ApplicationFiled: August 3, 2005Publication date: December 1, 2005Applicant: Microsoft CorporationInventor: Amit Finkelstein -
Method and data structure for performing regular expression searches in a fixed length word language
Publication number: 20040019477Abstract: Given a language with all words in a fixed length, and a set of regular expressions composed only from characters in the alphabet of the language or the “?” sign (any single character), the method of the invention defines a data structure that is used to efficiently find the set of matching regular expressions for a given query word. The method may be adjusted by appropriate selection of a control variable to vary the storage space required and the search time necessary to complete the query. Specifically, the method of the present invention provides a space versus time trade-off between the storage space required for the data structures of the present invention and the amount of time to search those data structures to determine the matching set of regular expressions.Type: ApplicationFiled: July 29, 2002Publication date: January 29, 2004Applicant: Microsoft CorporationInventor: Amit Finkelstein