Patents by Inventor Avraham Michael Ben-Menahem
Avraham Michael Ben-Menahem has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10204241Abstract: Systems and methods are provided for adding security to client data by maintaining keys providing access to the client data remotely from the client data. In some circumstances, the systems encrypt a cluster of data using an encryption key, associate the cluster of encrypted data with a unique identifier and send the unique identifier and the decryption key to a server for storage. The decryption key is then received from the server and is used to decrypt the cluster of encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to a key. Furthermore, in some instances, the server can also prevent access to the stored keys in response to anomalies, such as decommissioning and other asset management events.Type: GrantFiled: June 30, 2017Date of Patent: February 12, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Scott A. Field, Aravind N. Thoram, John Michael Walton, Dayi Zhou, Alex M. Semenko, Avraham Michael Ben-Menahem
-
Patent number: 10200194Abstract: Systems and methods are provided for adding security to client data by maintaining decryption keys at a server that provide access to encrypted keys that are maintained at a client system with encrypted client data. A specialized protocol is utilized for accessing the decryption keys from the server. Once obtained, the decryption key is used to decrypt the encrypted key at the client and then the newly decrypted decryption key is used to decrypt the encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to the server decryption key. Furthermore, in some instances, the server can also prevent access to the server decryption keys in response to anomalies, such as decommissioning and other asset management events.Type: GrantFiled: June 30, 2017Date of Patent: February 5, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Scott A. Field, Aravind N. Thoram, John Michael Walton, Dayi Zhou, Alex M. Semenko, Avraham Michael Ben-Menahem
-
Publication number: 20190005274Abstract: Systems and methods are provided for adding security to client data by maintaining keys providing access to the client data remotely from the client data. In some circumstances, the systems encrypt a cluster of data using an encryption key, associate the cluster of encrypted data with a unique identifier and send the unique identifier and the decryption key to a server for storage. The decryption key is then received from the server and is used to decrypt the cluster of encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to a key. Furthermore, in some instances, the server can also prevent access to the stored keys in response to anomalies, such as decommissioning and other asset management events.Type: ApplicationFiled: June 30, 2017Publication date: January 3, 2019Inventors: Scott A. Field, Aravind N. Thoram, John Michael Walton, Dayi Zhou, Alex M. Semenko, Avraham Michael Ben-Menahem
-
Publication number: 20190007204Abstract: Systems and methods are provided for adding security to client data by maintaining decryption keys at a server that provide access to encrypted keys that are maintained at a client system with encrypted client data. A specialized protocol is utilized for accessing the decryption keys from the server. Once obtained, the decryption key is used to decrypt the encrypted key at the client and then the newly decrypted decryption key is used to decrypt the encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to the server decryption key. Furthermore, in some instances, the server can also prevent access to the server decryption keys in response to anomalies, such as decommissioning and other asset management events.Type: ApplicationFiled: June 30, 2017Publication date: January 3, 2019Inventors: Scott A. Field, Aravind N. Thoram, John Michael Walton, Dayi Zhou, Alex M. Semenko, Avraham Michael Ben-Menahem
-
Patent number: 9118700Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.Type: GrantFiled: October 1, 2013Date of Patent: August 25, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Vladimir Lifliand, Avraham Michael Ben-Menahem
-
Publication number: 20140215610Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.Type: ApplicationFiled: October 1, 2013Publication date: July 31, 2014Applicant: Microsoft CorporationInventors: Vladimir Lifliand, Avraham Michael Ben-Menahem
-
Patent number: 8578486Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.Type: GrantFiled: June 18, 2010Date of Patent: November 5, 2013Assignee: Microsoft CorporationInventors: Vladimir Lifliand, Avraham Michael Ben-Menahem
-
Publication number: 20110314270Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.Type: ApplicationFiled: June 18, 2010Publication date: December 22, 2011Applicant: Microsoft CorporationInventors: Vladimir Lifliand, Avraham Michael Ben-Menahem