Patents by Inventor Evgeni Aizikovich
Evgeni Aizikovich has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12155681Abstract: Disclosed embodiments relate to systems and methods for securely and privately auditing web sessions. Techniques include receiving encrypted browser session data; storing the encrypted browser session data at a server; receiving an audit request associated with the stored encrypted browser session data; retrieving the stored encrypted browser session data based on the audit request; and transmitting the encrypted browser session data to an auditor endpoint device to enable access to the browser session data by the auditor endpoint device.Type: GrantFiled: May 2, 2022Date of Patent: November 26, 2024Assignee: CyberArk Software Ltd.Inventors: Arthur Bendersky, Evgeni Aizikovich
-
Publication number: 20230140559Abstract: Disclosed embodiments relate to systems and methods for securely and privately auditing web sessions. Techniques include receiving encrypted browser session data; storing the encrypted browser session data at a server; receiving an audit request associated with the stored encrypted browser session data; retrieving the stored encrypted browser session data based on the audit request; and transmitting the encrypted browser session data to an auditor endpoint device to enable access to the browser session data by the auditor endpoint device.Type: ApplicationFiled: May 2, 2022Publication date: May 4, 2023Applicant: CyberArk Software Ltd.Inventors: Arthur Bendersky, Evgeni Aizikovich
-
Patent number: 11321472Abstract: Disclosed embodiments relate to systems and methods for securely and privately auditing web sessions. Techniques include receiving, from a browser extension executing on a user endpoint device, encrypted browser session data and an encrypted session key, storing the encrypted browser session data and the encrypted session key; receiving, from an auditor endpoint device, an audit request associated with the stored encrypted browser session data; retrieving the stored encrypted browser session data and the stored encrypted session key based on the audit request; and transmitting at least some of the encrypted browser session data and the encrypted session key to the auditor endpoint device to enable access to the browser session data by the auditor endpoint device.Type: GrantFiled: October 29, 2021Date of Patent: May 3, 2022Assignee: CyberArk Software Ltd.Inventor: Evgeni Aizikovich
-
Patent number: 10985924Abstract: Disclosed embodiments relate to verifying identities based on identity-inherent data that is inaccessible to the system. Techniques include receiving, from a client, an encrypted token, the encrypted token having been encrypted at the client using a cryptographic key created at the client based on identity-inherent data of an identity of the client; wherein the identity-inherent data of the identity is not itself received by the system, and wherein the cryptographic key is accessible only to the client; and storing the encrypted token in association with a hash of a decrypted version of the encrypted token to allow for comparing the stored hash with a created hash and determining whether to verify the identity based on a result of the comparing.Type: GrantFiled: August 4, 2020Date of Patent: April 20, 2021Assignee: CYBERARK SOFTWARE LTD.Inventors: Evgeni Aizikovich, Boris Spivak, Michael Yavnilovich, Tal Kandel, Hadas Elkabir
-
Publication number: 20210028941Abstract: Disclosed embodiments relate to verifying identities based on identity-inherent data that is inaccessible to the system. Techniques include receiving, from a client, an encrypted token, the encrypted token having been encrypted at the client using a cryptographic key created at the client based on identity-inherent data of an identity of the client; wherein the identity-inherent data of the identity is not itself received by the system, and wherein the cryptographic key is accessible only to the client; and storing the encrypted token in association with a hash of a decrypted version of the encrypted token to allow for comparing the stored hash with a created hash and determining whether to verify the identity based on a result of the comparing.Type: ApplicationFiled: August 4, 2020Publication date: January 28, 2021Applicant: CyberArk Software Ltd.Inventors: Evgeni AIZIKOVICH, Boris Spivak, Michael Yavnilovich, Tal Kandel, Hadas Elkabir
-
Patent number: 10862689Abstract: Disclosed embodiments relate to verifying identities based on identity-inherent data that is inaccessible to the system. Techniques include receiving, from a client, an encrypted token, the encrypted token having been encrypted at the client using a cryptographic key created at the client based on identity-inherent data of an identity of the client; wherein the identity-inherent data of the identity is not itself received by the system, and wherein the cryptographic key is accessible only to the client; and storing the encrypted token in association with a hash of a decrypted version of the encrypted token to allow for comparing the stored hash with a created hash and determining whether to verify the identity based on a result of the comparing.Type: GrantFiled: July 23, 2019Date of Patent: December 8, 2020Assignee: CYBERARK SOFTWARE LTD.Inventors: Evgeni Aizikovich, Boris Spivak, Michael Yavnilovich, Tal Kandel, Hadas Elkabir
-
Patent number: 10411894Abstract: Disclosed embodiments relate to systems and methods for authenticating users of personal computing devices using encoded versions of the temporary and unique codes. Techniques include receiving a first cryptographic key having been created by a personal computing device and corresponding to a second cryptographic key maintained on the personal computing device; associating a user identifier with the first cryptographic key; accessing a temporary and unique code; accessing an encoded version of the temporary and unique code; making available to the personal computing device the encoded version of the temporary and unique code; receiving, from the personal computing device, a signed version of the temporary and unique code, the signed version having been signed by the second cryptographic key; verifying, using the first cryptographic key, the signed version of the temporary and unique code; and determining, based on the verifying, whether to authenticate the user of the personal computing device.Type: GrantFiled: May 17, 2019Date of Patent: September 10, 2019Assignee: CYBERARK SOFTWARE LTD.Inventors: Michael Yavnilovich, Evgeni Aizikovich, Boris Spivak
-
Publication number: 20190207784Abstract: Disclosed embodiments include engaging in a control session between a tunneling control service located in a first network and a tunneling control agent located in a second network, identifying a request, from a requesting resource in the first network, to establish a secure remote connection with a target resource in the second network, the target resource having a network address in the second network, sending, from the tunneling control service in the first network to the tunneling control agent in the second network, a request to establish a reverse tunnel between the first network and the second network, transmitting a request for a reverse tunnel connection between a tunneling server in the first network and a tunneling agent in the second network, the tunneling agent being configured to redirect traffic from the reverse tunnel to the target resource at the network address in the second network, and transmitting data traffic from the requesting resource in the first network through the reverse tunnel toType: ApplicationFiled: January 3, 2018Publication date: July 4, 2019Applicant: CyberArk Software Ltd.Inventor: Evgeni Aizikovich
-
Publication number: 20190182242Abstract: Disclosed embodiments include receiving, at a first identity provider configured to authenticate a plurality of network clients, a request from a first network client to establish a connection with an access-restricted network resource, the first network client having been redirected to the first identity provider from a service provider; sending, from the first identity provider to the first network client, a redirect message automatically directing the first network client to authenticate itself at a second identity provider that is separate from the first identity provider; receiving, from the second identity provider, a result of the first network client authenticating itself at the second identity provider; and sending, from the first identity provider and to the service provider, an authentication message based on the result, the authentication message determining whether the first network client is authenticated and is permitted to establish the connection with the access-restricted network resource.Type: ApplicationFiled: December 11, 2017Publication date: June 13, 2019Inventor: Evgeni Aizikovich
-
Patent number: 10250677Abstract: Systems and methods are provided for decentralized network address control, including a computer-implemented method for decentralized load balancing for a plurality of network resources. The method can include determining a load characteristic for the first network resource. The load characteristic can be determined by a first load balancing application associated with a first network resource. The method can further include sending a report to a network address resolution resource, based on the determined load characteristic. The network address resolution resource can be configured to also receive reports from other load balancing applications associated with other network resources based on determined load characteristics for the other network resources. Both the first network resource and the other network resources can be associated with a common network resource name.Type: GrantFiled: May 2, 2018Date of Patent: April 2, 2019Assignee: CyberArk Software Ltd.Inventor: Evgeni Aizikovich