Patents by Inventor Efi Levi
Efi Levi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20250132908Abstract: Methods and systems for managing operation of endpoint devices are disclosed. The operation of the endpoint devices may be managed by requiring that the endpoint devices use a communication management framework to selective send communications via network and audio interfaces. Additionally, the communication management framework may cause the endpoint devices to update the manner in which audio communications are used over time to distribute data. The updates to the manner in which the audio communications are used over time may reduce the likelihood of a malicious entity from injecting malicious communications and/or snooping audio communications between endpoint devices.Type: ApplicationFiled: October 20, 2023Publication date: April 24, 2025Inventors: MAXIM BALIN, EFI LEVI, LIOR BENISTY
-
Publication number: 20250080524Abstract: Methods and systems for managing operation of endpoint devices are disclosed. To manage the operation of endpoint devices, clusters of endpoint devices may be established. The members of the cluster may utilize synchronized data across the cluster to provide various computer implemented services. To synchronize the synchronized data, updates made to local copies of the synchronized data may be distributed to maintain synchronization of other copies of the synchronized data. By doing so, different members of the cluster may have access to synchronized data.Type: ApplicationFiled: August 31, 2023Publication date: March 6, 2025Inventors: MAXIM BALIN, EFI LEVI, LIOR BENISTY
-
Publication number: 20250038989Abstract: Methods and systems for securing access of storage array services are disclosed. The storage array services may be secured by responding to an inquiry from the host bus adapter of a host with a payload. The contents of the payload may require authentication by the host to enable access to the storage array. The contents of the payload may include one or more messages and a digital signature. The digital signature may be signed with a private key from the storage array and verified with a public key from the host. The messages may be authenticated using the digital signature and/or other messages in the payload. Should the any of the contents of the payload be unable to be authenticated by the host, the host bus adapter may be remediated for hardware errors of malicious activity.Type: ApplicationFiled: July 25, 2023Publication date: January 30, 2025Inventors: EFI LEVI, ARIEH DON, LIOR BENISTY
-
Publication number: 20250036813Abstract: Methods and systems for managing data storage are disclosed. The storage of data may be managed by implementing a framework for checking whether payloads requested for storage have been modified prior to storage. The checks may be performed using integrity verification data that is based on corresponding payloads and keys. The payloads and integrity verification data may be directed to storage along a storage pipeline. The integrity of the payloads may be verified along the storage pipeline. Once received, the storage may perform the checks using the integrity verification data as a final check before storage.Type: ApplicationFiled: July 25, 2023Publication date: January 30, 2025Inventors: ARIEH DON, EFI LEVI, LIOR BENISTY, CHING-YUN CHAO
-
Publication number: 20250036757Abstract: Methods and systems for managing storage services provided by storage arrays are disclosed. The storage services may be managed by proactively identifying and remediating malicious activity that may impact the storage services. The malicious activity may be identified by monitoring activity of adapters used by host devices to communicate with the storage arrays. The activity may be monitored to identify patterns of reset commands that are likely to negatively impact storage services provided by the storage arrays.Type: ApplicationFiled: July 25, 2023Publication date: January 30, 2025Inventors: LIOR BENISTY, EFI LEVI, ARIEH DON
-
Publication number: 20250036727Abstract: Methods and systems for securing data are disclosed. To secure data, signed tokens may be used to authenticate operations to be performed by storage arrays. The operations may modify data stored in the storage array and/or provide copies of stored data. The signed token may specify limits on the authority of various entities to invoke various functions of storage arrays, and include cryptographic data usable by the storage arrays to authenticate the tokens. By requiring that tokens be included with operations to be performed by storage arrays, the storage arrays may be less likely to perform undesired operations.Type: ApplicationFiled: July 25, 2023Publication date: January 30, 2025Inventors: BORIS GITERMAN, ARIEH DON, EFI LEVI, LIOR BENISTY
-
Patent number: 12204767Abstract: Methods and systems for managing data storage are disclosed. The storage of data may be managed by implementing a framework for checking whether payloads requested for storage have been modified prior to storage. The checks may be performed using integrity verification data that is based on corresponding payloads. The payloads and integrity verification data may be generated by an application, and both may be directed to storage. Once received, the storage may perform the checks using the integrity verification data.Type: GrantFiled: April 13, 2023Date of Patent: January 21, 2025Assignee: Dell Products L.P.Inventors: Ching-Yun Chao, Efi Levi, Lior Benisty, Arieh Don
-
Publication number: 20240345741Abstract: Methods and systems for managing data storage are disclosed. The storage of data may be managed by implementing a framework for checking whether payloads requested for storage have been modified prior to storage. The checks may be performed using integrity verification data that is based on corresponding payloads. The payloads and integrity verification data may be generated by an application, and both may be directed to storage. Once received, the storage may perform the checks using the integrity verification data.Type: ApplicationFiled: April 13, 2023Publication date: October 17, 2024Inventors: CHING-YUN CHAO, EFI LEVI, LIOR BENISTY, ARIEH DON
-
Publication number: 20240348445Abstract: An identifier, such as a worldwide name, corresponding to a host computing device, or corresponding to a host bus adapter corresponding to the host computing device, may be transmitted to a storage array to configure the storage array to be accessed by the host computing device. The host may request a token from the array. The host may embed the token into a token block of a command message that is transmitted to the storage array requesting access to the array. Before performing an action corresponding to the command message, the storage array may verify that the token is a valid token and thus that the host computing device that transmitted the command message is a host computing device that has been authorized to access the storage array. If the storage array determines that the token is valid the storage array may perform an action corresponding to the command message.Type: ApplicationFiled: April 17, 2023Publication date: October 17, 2024Inventors: Arieh Don, Efi Levi, Lior Benisty
-
Publication number: 20240345752Abstract: A storage array is configured with an allowed process configuration. An allowed process may correspond to an application or process executed by a host computing system that may seek to access a volume of the storage array via a command descriptor block message or a corresponding block command message, which may comprise a data field and a metadata field. The host may embed a process identifier corresponding to a process seeking to access the storage array in the metadata field. The storage array may receive the block command message and determine whether the metadata field comprises a process identifier that is included in the allowed process configuration. If so, the storage array may perform the access command corresponding to the block command message. If not, the storage array may reject performing the access command. The storage array may report access commands that were performed or rejected.Type: ApplicationFiled: April 17, 2023Publication date: October 17, 2024Inventors: Arieh Don, Efi Levi, Lior Benisty
-
Publication number: 20240314150Abstract: Different management applications corresponding to different private computing systems that are untrusted with respect to each other reciprocally agree to store for each other replicated versions of logical volumes of storage arrays as backups. A management server corresponding to one or more storage arrays at a local one of the computing systems encrypts a volume to be backed up at the other remote computing system and transmits the encrypted version to the remote computing system. The remote computing system cannot modify or delete a portion of an array that has stored thereon the encrypted version of the logical volume without having a configuration-change key generated by the local management server, which may generate the configuration-change key to facilitate mirroring at the remote storage array a modification made to the local storage array.Type: ApplicationFiled: March 14, 2023Publication date: September 19, 2024Inventors: Lior Benisty, Arieh Don, Efi Levi
-
Publication number: 20240244077Abstract: A network storage array may detect a malware infection and report the detected infection to a monitoring system, which may monitor more than one storage array at one or more data centers via one or more array management host computing systems. Storage arrays may report to the monitoring system replication information regarding data replication operations among the arrays. The monitoring system may receive access information regarding access of the storage arrays by server host computing systems. Based on the access and replication information the monitoring system may determine, or infer, an infection of an array, or a volume of an array, which array or volume may not be capable of self-determining an infection. The monitoring system may cause a mitigation action with respect to an infected array or with respect to a server host computing system that may have accessed an infected array.Type: ApplicationFiled: January 13, 2023Publication date: July 18, 2024Inventors: Lior Benisty, Efi Levi, Arieh Don
-
Patent number: 11651066Abstract: An apparatus comprises at least one processing device that is configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The at least one processing device is further configured to generate a plurality of authentication tokens over time utilizing seed information of the host device, and for each of one or more of the input-output operations, to incorporate a particular one of the authentication tokens into the input-output operation, to send the input-output operation to the storage system, and to receive an indication from the storage system, responsive to the input-output operation sent to the storage system, as to whether or not the authentication token incorporated into the input-output operation matches a corresponding authentication token generated by the storage system. The at least one processing device illustratively comprises at least a portion of the host device.Type: GrantFiled: January 7, 2021Date of Patent: May 16, 2023Assignee: EMC IP Holding Company LLCInventors: Efi Levi, Boris Giterman, Arieh Don
-
Publication number: 20220215084Abstract: An apparatus comprises at least one processing device that is configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The at least one processing device is further configured to generate a plurality of authentication tokens over time utilizing seed information of the host device, and for each of one or more of the input-output operations, to incorporate a particular one of the authentication tokens into the input-output operation, to send the input-output operation to the storage system, and to receive an indication from the storage system, responsive to the input-output operation sent to the storage system, as to whether or not the authentication token incorporated into the input-output operation matches a corresponding authentication token generated by the storage system. The at least one processing device illustratively comprises at least a portion of the host device.Type: ApplicationFiled: January 7, 2021Publication date: July 7, 2022Inventors: Efi Levi, Boris Giterman, Arieh Don