Patents by Inventor David Goldschlag
David Goldschlag has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11962572Abstract: A system for providing policy-controlled communication over the Internet includes a client endpoint function that executes on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function includes a first VPN endpoint component, and the service endpoint function includes a second VPN endpoint component. A router component operates to route network packet traffic between the first and second VPN tunnels via a route specified by a plurality of policies, an inspection component that analyzes network packet traffic in accordance with the plurality of policies. The plurality of policies for the network packet traffic and the content mediation selected dynamically on the basis of one or more of a user, an application, an endpoint, and a session.Type: GrantFiled: November 21, 2022Date of Patent: April 16, 2024Assignee: Netskope, Inc.Inventors: Kevin Eugene Sapp, Victor Ronin, David Goldschlag, Vadim Tarnavsky
-
Publication number: 20230091527Abstract: A system for providing policy-controlled communication over the Internet includes a client endpoint function that executes on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function includes a first VPN endpoint component, and the service endpoint function includes a second VPN endpoint component. A router component operates to route network packet traffic between the first and second VPN tunnels via a route specified by a plurality of policies, an inspection component that analyzes network packet traffic in accordance with the plurality of policies. The plurality of policies for the network packet traffic and the content mediation selected dynamically on the basis of one or more of a user, an application, an endpoint, and a session.Type: ApplicationFiled: November 21, 2022Publication date: March 23, 2023Applicant: Netskope, Inc.Inventors: Kevin Eugene Sapp, Victor Ronin, David Goldschlag, Vadim Tarnavsky
-
Patent number: 11606338Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, a gateway server including a first VPN termination point that authenticates and terminates the first VPN tunnel, a stitcher server including a second VPN termination point that authenticates and terminates a second VPN tunnel, and a mid-link server coupled to the first VPN tunnel and the second VPN tunnel. The mid-link server may include a plurality of Access Resource Servers (ARSs), and the gateway server and the stitcher server may communicate via a network connecting the plurality of ARSs.Type: GrantFiled: January 29, 2021Date of Patent: March 14, 2023Assignee: Netskope, Inc.Inventors: Kevin Eugene Sapp, Victor Ronin, David Goldschlag, Vadim Tarnavsky
-
Patent number: 11575714Abstract: This invention provides secure, policy-based separation of data and applications on computer, especially personal computers that operate in different environments, such as those including personal applications and corporate applications, so that both types of applications can run simultaneously while complying with all required policies. The invention enables employees to use their personal devices for work purposes, or work devices for personal purposes. The secure, policy-based separation is created by dividing the data processing device into two or more “domains,” each with its own policies. These policies may be configured by the device owner, an IT department, or other data or application owner.Type: GrantFiled: October 28, 2021Date of Patent: February 7, 2023Assignee: Pulse Secure, LLCInventors: Yoav Weiss, David Goldschlag, Karl Ginter, Michael Bartman
-
Patent number: 11539669Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The mid-link server may include an inspection component that analyzes network packet traffic in accordance with a plurality of policies. The inspection component may inspect the network packet traffic for specific content and provide instructions to a router component and/or a mediation component of the mid-link server. The instructions may be a function of at least one policy that applies to the specific content.Type: GrantFiled: January 29, 2021Date of Patent: December 27, 2022Assignee: Netskope, Inc.Inventors: Victor Ronin, David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp
-
Patent number: 11528255Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function may include a first VPN endpoint component, and the service endpoint function may include a second VPN endpoint component. The mid-link server may include a first VPN termination point that authenticates and terminates the first VPN tunnel and a second VPN termination point that authenticates and terminates the second VPN tunnel. The first VPN termination point may re-authenticate the client device based on a first characteristic of the first VPN endpoint component and/or a second characteristic of the second VPN endpoint component.Type: GrantFiled: January 29, 2021Date of Patent: December 13, 2022Assignee: Netskope, Inc.Inventors: David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp, Victor Ronin
-
Patent number: 11329958Abstract: Systems and methods for policy-controlled communication over the Internet between third party client applications and remote services. A client device enforces policies on the communication between the applications and services. The communication is redirected through a mid-link server using a digitally protected tunnel. Network addresses of the client device and remote service are masked.Type: GrantFiled: July 7, 2020Date of Patent: May 10, 2022Assignee: Netskope, Inc.Inventors: Vadim Tarnavsky, David Goldschlag, Kevin Eugene Sapp, Victor Ronin
-
Publication number: 20220053027Abstract: This invention provides secure, policy-based separation of data and applications on computer, especially personal computers that operate in different environments, such as those including personal applications and corporate applications, so that both types of applications can run simultaneously while complying with all required policies. The invention enables employees to use their personal devices for work purposes, or work devices for personal purposes. The secure, policy-based separation is created by dividing the data processing device into two or more “domains,” each with its own policies. These policies may be configured by the device owner, an IT department, or other data or application owner.Type: ApplicationFiled: October 28, 2021Publication date: February 17, 2022Applicant: Cellsec, Inc.Inventors: Yoav Weiss, David Goldschlag, Karl Ginter, Michael Bartman
-
Patent number: 11096054Abstract: The invention provides a method for managing access to a network resource on a network from a mobile device, the method including the steps of intercepting a data stream from the mobile device attempting to access the network resource, extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device, accessing at least one of enterprise service based information and third party information regarding at least one of the mobile device or the user of the mobile device, determining whether the mobile device is authorized to access the network resource, preparing an access decision that specifies whether the mobile device is authorized to access the network resource, and storing the access decision in a database on the network.Type: GrantFiled: June 9, 2014Date of Patent: August 17, 2021Inventors: Norm Laudermilch, William Supernor, Roman Boroday, David Goldschlag
-
Publication number: 20210185015Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, a gateway server including a first VPN termination point that authenticates and terminates the first VPN tunnel, a stitcher server including a second VPN termination point that authenticates and terminates a second VPN tunnel, and a mid-link server coupled to the first VPN tunnel and the second VPN tunnel. The mid-link server may include a plurality of Access Resource Servers (ARSs), and the gateway server and the stitcher server may communicate via a network connecting the plurality of ARSs.Type: ApplicationFiled: January 29, 2021Publication date: June 17, 2021Applicant: Netskope, Inc.Inventors: Kevin Eugene Sapp, Victor Ronin, David Goldschlag, Vadim Tamavsky
-
Publication number: 20210185016Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The mid-link server may include an inspection component that analyzes network packet traffic in accordance with a plurality of policies. The inspection component may inspect the network packet traffic for specific content and provide instructions to a router component and/or a mediation component of the mid-link server. The instructions may be a function of at least one policy that applies to the specific content.Type: ApplicationFiled: January 29, 2021Publication date: June 17, 2021Applicant: Netskope, Inc.Inventors: VICTOR RONIN, David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp
-
Publication number: 20210160219Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function may include a first VPN endpoint component, and the service endpoint function may include a second VPN endpoint component. The mid-link server may include a first VPN termination point that authenticates and terminates the first VPN tunnel and a second VPN termination point that authenticates and terminates the second VPN tunnel. The first VPN termination point may re-authenticate the client device based on a first characteristic of the first VPN endpoint component and/or a second characteristic of the second VPN endpoint component.Type: ApplicationFiled: January 29, 2021Publication date: May 27, 2021Applicant: Netskope, Inc.Inventors: David Goldschlag, Vadim Tamavsky, Kevin Eugene Sapp, Victor Ronin
-
Publication number: 20200336466Abstract: Systems, software, and methods are provided for providing simpler and more secure ARSs that operate to separate and isolate configuration details from connecting systems by: moving most of the connection information to the easily secured ARS; requiring endpoints to initiate outbound connections to that server instead of exposing the systems to inbound connections from the internet; consolidating policy enforcement and routing decisions from the individual endpoints to an ARS; and consolidating network packet traffic filtering and monitoring in an ARS. The present invention substantially reduces the complexity of endpoint configurations by offloading most of the connection and endpoint validation, policy enforcement, information leakage management, and routing decisions from the endpoints to an ARS.Type: ApplicationFiled: July 7, 2020Publication date: October 22, 2020Inventors: David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp, Victor Ronin
-
Patent number: 10771435Abstract: Systems, software, and methods are provided for providing simpler and more secure ARSs that operate to separate and isolate configuration details from connecting systems by: moving most of the connection information to the easily secured ARS; requiring endpoints to initiate outbound connections to that server instead of exposing the systems to inbound connections from the internet; consolidating policy enforcement and routing decisions from the individual endpoints to an ARS; and consolidating network packet traffic filtering and monitoring in an ARS. The present invention substantially reduces the complexity of endpoint configurations by offloading most of the connection and endpoint validation, policy enforcement, information leakage management, and routing decisions from the endpoints to an ARS.Type: GrantFiled: November 20, 2019Date of Patent: September 8, 2020Assignee: Netskope, Inc.Inventors: David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp, Victor Ronin
-
Patent number: 10706427Abstract: Systems and methods are described for determining whether an electronic computing device complies with the security policy for a network.Type: GrantFiled: January 4, 2019Date of Patent: July 7, 2020Assignee: Cellsec, Inc.Inventors: David Goldschlag, Erik Dahl
-
Publication number: 20200162431Abstract: Systems, software, and methods are provided for providing simpler and more secure ARSs that operate to separate and isolate configuration details from connecting systems by: moving most of the connection information to the easily secured ARS; requiring endpoints to initiate outbound connections to that server instead of exposing the systems to inbound connections from the internet; consolidating policy enforcement and routing decisions from the individual endpoints to an ARS; and consolidating network packet traffic filtering and monitoring in an ARS. The present invention substantially reduces the complexity of endpoint configurations by offloading most of the connection and endpoint validation, policy enforcement, information leakage management, and routing decisions from the endpoints to an ARS.Type: ApplicationFiled: November 20, 2019Publication date: May 21, 2020Inventors: David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp, Victor Ronin
-
Patent number: 10601875Abstract: Methods, apparatus, systems, and non-transitory computer-readable media for managing a plurality of disparate computer application and data control policies on a computing device, especially a computing device connected to a computer network, are described. In one example, at least one policy distribution point is provided that includes least one policy distribution point including at least one information management policy. A plurality of policy enforcement points, including a first policy enforcement point operating at a first policy enforcement level, and a second enforcement point operating at second policy enforcement level, are also provided. A first policy element to the first policy enforcement point, and a second policy element to the second policy enforcement point, are allocated.Type: GrantFiled: January 24, 2019Date of Patent: March 24, 2020Assignee: CELLSEC, INC.Inventors: David Goldschlag, Yoav Weiss, Karl Ginter, Michael Bartman
-
Patent number: 10511630Abstract: This invention provides secure, policy-based separation of data and applications on computer, especially personal computers that operate in different environments, such as those including personal applications and corporate applications, so that both types of applications can run simultaneously while complying with all required policies. The invention enables employees to use their personal devices for work purposes, or work devices for personal purposes. The secure, policy-based separation is created by dividing the data processing device into two or more “domains,” each with its own policies. These policies may be configured by the device owner, an IT department, or other data or application owner.Type: GrantFiled: December 10, 2012Date of Patent: December 17, 2019Assignee: Cellsec, Inc.Inventors: Yoav Weiss, David Goldschlag, Karl Ginter, Michael Bartman
-
Publication number: 20190173922Abstract: Methods, apparatus, systems, and non-transitory computer-readable media for managing a plurality of disparate computer application and data control policies on a computing device, especially a computing device connected to a computer network, are described. In one example, at least one policy distribution point is provided that includes least one policy distribution point including at least one information management policy. A plurality of policy enforcement points, including a first policy enforcement point operating at a first policy enforcement level, and a second enforcement point operating at second policy enforcement level, are also provided. A first policy element to the first policy enforcement point, and a second policy element to the second policy enforcement point, are allocated.Type: ApplicationFiled: January 24, 2019Publication date: June 6, 2019Inventors: David Goldschlag, Yoav Weiss, Karl Ginter, Michael Bartman
-
Patent number: 10313394Abstract: Methods, apparatus, systems, and non-transitory computer-readable media for managing a plurality of disparate computer application and data control policies on a computing device, especially a computing device connected to a computer network, are described. In one example, at least one policy distribution point is provided that includes least one policy distribution point including at least one information management policy. A plurality of policy enforcement points, including a first policy enforcement point operating at a first policy enforcement level, and a second enforcement point operating at second policy enforcement level, are also provided. A first policy element to the first policy enforcement point, and a second policy element to the second policy enforcement point, are allocated.Type: GrantFiled: March 17, 2016Date of Patent: June 4, 2019Assignee: Cellsec, Inc.Inventors: David Goldschlag, Karl Ginter, Yoav Weiss, Michael Bartman