Patents by Inventor Emanuel Bronshtein
Emanuel Bronshtein has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11005877Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: GrantFiled: March 14, 2019Date of Patent: May 11, 2021Assignee: HCL Technologies LimitedInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20190215333Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: ApplicationFiled: March 14, 2019Publication date: July 11, 2019Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10305903Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: GrantFiled: August 27, 2018Date of Patent: May 28, 2019Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10264011Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: GrantFiled: March 7, 2018Date of Patent: April 16, 2019Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20190014115Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: ApplicationFiled: August 27, 2018Publication date: January 10, 2019Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10091187Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: GrantFiled: September 26, 2017Date of Patent: October 2, 2018Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10084781Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: GrantFiled: April 26, 2016Date of Patent: September 25, 2018Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10084772Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: GrantFiled: September 26, 2017Date of Patent: September 25, 2018Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20180198817Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: ApplicationFiled: March 7, 2018Publication date: July 12, 2018Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 9948665Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: GrantFiled: June 4, 2015Date of Patent: April 17, 2018Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20180013753Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: ApplicationFiled: September 26, 2017Publication date: January 11, 2018Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20180013754Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: ApplicationFiled: September 26, 2017Publication date: January 11, 2018Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20170310670Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: ApplicationFiled: April 26, 2016Publication date: October 26, 2017Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 9781145Abstract: A system and program product are described herein for various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, the techniques include detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The techniques also include detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the techniques include receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: GrantFiled: November 25, 2014Date of Patent: October 3, 2017Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 9774590Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: GrantFiled: December 20, 2016Date of Patent: September 26, 2017Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20160149947Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: ApplicationFiled: June 4, 2015Publication date: May 26, 2016Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20160149946Abstract: A system and program product are described herein for various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, the techniques include detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The techniques also include detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the techniques include receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: ApplicationFiled: November 25, 2014Publication date: May 26, 2016Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi