Patents by Inventor Efi Levi

Efi Levi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20250132908
    Abstract: Methods and systems for managing operation of endpoint devices are disclosed. The operation of the endpoint devices may be managed by requiring that the endpoint devices use a communication management framework to selective send communications via network and audio interfaces. Additionally, the communication management framework may cause the endpoint devices to update the manner in which audio communications are used over time to distribute data. The updates to the manner in which the audio communications are used over time may reduce the likelihood of a malicious entity from injecting malicious communications and/or snooping audio communications between endpoint devices.
    Type: Application
    Filed: October 20, 2023
    Publication date: April 24, 2025
    Inventors: MAXIM BALIN, EFI LEVI, LIOR BENISTY
  • Publication number: 20250080524
    Abstract: Methods and systems for managing operation of endpoint devices are disclosed. To manage the operation of endpoint devices, clusters of endpoint devices may be established. The members of the cluster may utilize synchronized data across the cluster to provide various computer implemented services. To synchronize the synchronized data, updates made to local copies of the synchronized data may be distributed to maintain synchronization of other copies of the synchronized data. By doing so, different members of the cluster may have access to synchronized data.
    Type: Application
    Filed: August 31, 2023
    Publication date: March 6, 2025
    Inventors: MAXIM BALIN, EFI LEVI, LIOR BENISTY
  • Publication number: 20250038989
    Abstract: Methods and systems for securing access of storage array services are disclosed. The storage array services may be secured by responding to an inquiry from the host bus adapter of a host with a payload. The contents of the payload may require authentication by the host to enable access to the storage array. The contents of the payload may include one or more messages and a digital signature. The digital signature may be signed with a private key from the storage array and verified with a public key from the host. The messages may be authenticated using the digital signature and/or other messages in the payload. Should the any of the contents of the payload be unable to be authenticated by the host, the host bus adapter may be remediated for hardware errors of malicious activity.
    Type: Application
    Filed: July 25, 2023
    Publication date: January 30, 2025
    Inventors: EFI LEVI, ARIEH DON, LIOR BENISTY
  • Publication number: 20250036813
    Abstract: Methods and systems for managing data storage are disclosed. The storage of data may be managed by implementing a framework for checking whether payloads requested for storage have been modified prior to storage. The checks may be performed using integrity verification data that is based on corresponding payloads and keys. The payloads and integrity verification data may be directed to storage along a storage pipeline. The integrity of the payloads may be verified along the storage pipeline. Once received, the storage may perform the checks using the integrity verification data as a final check before storage.
    Type: Application
    Filed: July 25, 2023
    Publication date: January 30, 2025
    Inventors: ARIEH DON, EFI LEVI, LIOR BENISTY, CHING-YUN CHAO
  • Publication number: 20250036757
    Abstract: Methods and systems for managing storage services provided by storage arrays are disclosed. The storage services may be managed by proactively identifying and remediating malicious activity that may impact the storage services. The malicious activity may be identified by monitoring activity of adapters used by host devices to communicate with the storage arrays. The activity may be monitored to identify patterns of reset commands that are likely to negatively impact storage services provided by the storage arrays.
    Type: Application
    Filed: July 25, 2023
    Publication date: January 30, 2025
    Inventors: LIOR BENISTY, EFI LEVI, ARIEH DON
  • Publication number: 20250036727
    Abstract: Methods and systems for securing data are disclosed. To secure data, signed tokens may be used to authenticate operations to be performed by storage arrays. The operations may modify data stored in the storage array and/or provide copies of stored data. The signed token may specify limits on the authority of various entities to invoke various functions of storage arrays, and include cryptographic data usable by the storage arrays to authenticate the tokens. By requiring that tokens be included with operations to be performed by storage arrays, the storage arrays may be less likely to perform undesired operations.
    Type: Application
    Filed: July 25, 2023
    Publication date: January 30, 2025
    Inventors: BORIS GITERMAN, ARIEH DON, EFI LEVI, LIOR BENISTY
  • Patent number: 12204767
    Abstract: Methods and systems for managing data storage are disclosed. The storage of data may be managed by implementing a framework for checking whether payloads requested for storage have been modified prior to storage. The checks may be performed using integrity verification data that is based on corresponding payloads. The payloads and integrity verification data may be generated by an application, and both may be directed to storage. Once received, the storage may perform the checks using the integrity verification data.
    Type: Grant
    Filed: April 13, 2023
    Date of Patent: January 21, 2025
    Assignee: Dell Products L.P.
    Inventors: Ching-Yun Chao, Efi Levi, Lior Benisty, Arieh Don
  • Publication number: 20240345741
    Abstract: Methods and systems for managing data storage are disclosed. The storage of data may be managed by implementing a framework for checking whether payloads requested for storage have been modified prior to storage. The checks may be performed using integrity verification data that is based on corresponding payloads. The payloads and integrity verification data may be generated by an application, and both may be directed to storage. Once received, the storage may perform the checks using the integrity verification data.
    Type: Application
    Filed: April 13, 2023
    Publication date: October 17, 2024
    Inventors: CHING-YUN CHAO, EFI LEVI, LIOR BENISTY, ARIEH DON
  • Publication number: 20240348445
    Abstract: An identifier, such as a worldwide name, corresponding to a host computing device, or corresponding to a host bus adapter corresponding to the host computing device, may be transmitted to a storage array to configure the storage array to be accessed by the host computing device. The host may request a token from the array. The host may embed the token into a token block of a command message that is transmitted to the storage array requesting access to the array. Before performing an action corresponding to the command message, the storage array may verify that the token is a valid token and thus that the host computing device that transmitted the command message is a host computing device that has been authorized to access the storage array. If the storage array determines that the token is valid the storage array may perform an action corresponding to the command message.
    Type: Application
    Filed: April 17, 2023
    Publication date: October 17, 2024
    Inventors: Arieh Don, Efi Levi, Lior Benisty
  • Publication number: 20240345752
    Abstract: A storage array is configured with an allowed process configuration. An allowed process may correspond to an application or process executed by a host computing system that may seek to access a volume of the storage array via a command descriptor block message or a corresponding block command message, which may comprise a data field and a metadata field. The host may embed a process identifier corresponding to a process seeking to access the storage array in the metadata field. The storage array may receive the block command message and determine whether the metadata field comprises a process identifier that is included in the allowed process configuration. If so, the storage array may perform the access command corresponding to the block command message. If not, the storage array may reject performing the access command. The storage array may report access commands that were performed or rejected.
    Type: Application
    Filed: April 17, 2023
    Publication date: October 17, 2024
    Inventors: Arieh Don, Efi Levi, Lior Benisty
  • Publication number: 20240314150
    Abstract: Different management applications corresponding to different private computing systems that are untrusted with respect to each other reciprocally agree to store for each other replicated versions of logical volumes of storage arrays as backups. A management server corresponding to one or more storage arrays at a local one of the computing systems encrypts a volume to be backed up at the other remote computing system and transmits the encrypted version to the remote computing system. The remote computing system cannot modify or delete a portion of an array that has stored thereon the encrypted version of the logical volume without having a configuration-change key generated by the local management server, which may generate the configuration-change key to facilitate mirroring at the remote storage array a modification made to the local storage array.
    Type: Application
    Filed: March 14, 2023
    Publication date: September 19, 2024
    Inventors: Lior Benisty, Arieh Don, Efi Levi
  • Publication number: 20240244077
    Abstract: A network storage array may detect a malware infection and report the detected infection to a monitoring system, which may monitor more than one storage array at one or more data centers via one or more array management host computing systems. Storage arrays may report to the monitoring system replication information regarding data replication operations among the arrays. The monitoring system may receive access information regarding access of the storage arrays by server host computing systems. Based on the access and replication information the monitoring system may determine, or infer, an infection of an array, or a volume of an array, which array or volume may not be capable of self-determining an infection. The monitoring system may cause a mitigation action with respect to an infected array or with respect to a server host computing system that may have accessed an infected array.
    Type: Application
    Filed: January 13, 2023
    Publication date: July 18, 2024
    Inventors: Lior Benisty, Efi Levi, Arieh Don
  • Patent number: 11651066
    Abstract: An apparatus comprises at least one processing device that is configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The at least one processing device is further configured to generate a plurality of authentication tokens over time utilizing seed information of the host device, and for each of one or more of the input-output operations, to incorporate a particular one of the authentication tokens into the input-output operation, to send the input-output operation to the storage system, and to receive an indication from the storage system, responsive to the input-output operation sent to the storage system, as to whether or not the authentication token incorporated into the input-output operation matches a corresponding authentication token generated by the storage system. The at least one processing device illustratively comprises at least a portion of the host device.
    Type: Grant
    Filed: January 7, 2021
    Date of Patent: May 16, 2023
    Assignee: EMC IP Holding Company LLC
    Inventors: Efi Levi, Boris Giterman, Arieh Don
  • Publication number: 20220215084
    Abstract: An apparatus comprises at least one processing device that is configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The at least one processing device is further configured to generate a plurality of authentication tokens over time utilizing seed information of the host device, and for each of one or more of the input-output operations, to incorporate a particular one of the authentication tokens into the input-output operation, to send the input-output operation to the storage system, and to receive an indication from the storage system, responsive to the input-output operation sent to the storage system, as to whether or not the authentication token incorporated into the input-output operation matches a corresponding authentication token generated by the storage system. The at least one processing device illustratively comprises at least a portion of the host device.
    Type: Application
    Filed: January 7, 2021
    Publication date: July 7, 2022
    Inventors: Efi Levi, Boris Giterman, Arieh Don