Patents by Inventor Guy Lewin

Guy Lewin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20230006968
    Abstract: Methods, systems, and computer storage media for providing a local protocol server associated with a secure networking engine that provides client-side forwarding in a secure networking system. The local protocol server (e.g., local TCP/UDP server)—on a client device—operates based on client-side forwarding operations that include: IP assignment, operating system (OS) routing, destination network address translation, and original destination retrieval to support accessing a network resource (e.g., socket connection) on the client device and support communications between client applications on the client device and the local protocol server on the same client device. In this way, the local protocol server supports communications of a diverse set of data traffic or network traffic (e.g.
    Type: Application
    Filed: December 9, 2021
    Publication date: January 5, 2023
    Inventors: Alon CATZ, Guy LEWIN, Gal LUVTON
  • Publication number: 20230007016
    Abstract: The disclosure is directed towards proxy services for the secure uploading of file-system tree structures. A method includes receiving, at a web security service, an indication that client device to upload content to a storage cloud provider. The proxy service performs a security scan of the content while the content is stored on the client device. A security and/or a privacy concern is identified in the content stored on the client device. A security and/or privacy mitigation action is performed in response to identifying the security and/or privacy concern.
    Type: Application
    Filed: June 30, 2021
    Publication date: January 5, 2023
    Inventors: Itamar AZULAY, Guy LEWIN, Sharon LIFSHITS
  • Publication number: 20220353245
    Abstract: A computer-implemented method includes receiving, by a proxy device, a document from a service provider in response to a request to the service provider from a client device. The proxy device injects into the document event monitoring code for monitoring user actions on the client device. The proxy device sends the document with the event monitoring code to the client device. The event monitoring code intercepts a user request for a file upload event using a client-side application on the client device. The proxy device receives a client request including file information regarding the file upload event from the event monitoring code. The proxy device determines whether the file upload event should be allowed or blocked based on the received file information and stored policy data.
    Type: Application
    Filed: July 11, 2022
    Publication date: November 3, 2022
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Guy Lewin, Amir Geri
  • Publication number: 20220311820
    Abstract: A proxy server to receive a request from a client to a webserver and a response corresponding with the request from the webserver to the client is disclosed. The request is wrapped, and a wrapped request is received at the proxy server. The wrapped request is read at the proxy server. Metadata is added to a response corresponding with the wrapped request at the proxy server. The metadata can be based on the read wrapped request or the corresponding response.
    Type: Application
    Filed: June 14, 2022
    Publication date: September 29, 2022
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Guy Lewin, Itamar Azulay, Yossi Haber
  • Patent number: 11429637
    Abstract: Techniques are described herein that are capable of providing offline support for a database cluster that includes online nodes and an offline-compatible node. For example, an operation may be performed with regard to information, which is stored by the offline-compatible node while the offline-compatible node is not connected to the online nodes via the network, based at least in part on the offline-compatible node being connected to the online nodes. In another example, an operation may be performed with regard to information, which is stored by any one or more of the online nodes while the offline-compatible node is not connected to the online nodes via the network, based at least in part on the offline-compatible node being connected to the online nodes.
    Type: Grant
    Filed: October 13, 2020
    Date of Patent: August 30, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Michel Peterson, Guy Lewin
  • Patent number: 11405363
    Abstract: A computer-implemented method includes receiving, by a proxy device, a document from a service provider in response to a request to the service provider from a client device. The proxy device injects into the document event monitoring code for monitoring user actions on the client device. The proxy device sends the document with the event monitoring code to the client device. The event monitoring code intercepts a user request for a file upload event using a client-side application on the client device. The proxy device receives a client request including file information regarding the file upload event from the event monitoring code. The proxy device determines whether the file upload event should be allowed or blocked based on the received file information and stored policy data.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: August 2, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Guy Lewin, Amir Geri
  • Publication number: 20220229710
    Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.
    Type: Application
    Filed: March 30, 2022
    Publication date: July 21, 2022
    Inventors: Guy Lewin, Amir Geri, Yossi Haber
  • Patent number: 11394765
    Abstract: A proxy server to receive a request from a client to a webserver and a response corresponding with the request from the webserver to the client is disclosed. The request is wrapped, and a wrapped request is received at the proxy server. The wrapped request is read at the proxy server. Metadata is added to a response corresponding with the wrapped request at the proxy server. The metadata can be based on the read wrapped request or the corresponding response.
    Type: Grant
    Filed: June 18, 2019
    Date of Patent: July 19, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Guy Lewin, Itamar Azulay, Yossi Haber
  • Publication number: 20220188438
    Abstract: A file is enabled to be downloaded from a web server on behalf of a client browser, via an isolated browser of an RBI server. An isolated browser engine detects the file download and notifies an isolated browser controller. The isolated browser controller determines whether the file download is permitted. Responsive to determining that the file download is not permitted, the file is deleted at the RBI server and a policy event is transmitted to the client browser. Responsive to determining that the file download is permitted, the file is transmitted to the client browser. The file may be streamed to the client browser, or it may be published via an independent web server and a notification is transmitted to the client browser. The client browser is controlled to issue a request to the independent web server to download the file to the client browser.
    Type: Application
    Filed: December 15, 2020
    Publication date: June 16, 2022
    Inventors: Guy LEWIN, Vitaly KHAIT, Alexander ESIBOV
  • Patent number: 11307911
    Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.
    Type: Grant
    Filed: May 29, 2020
    Date of Patent: April 19, 2022
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Guy Lewin, Amir Geri, Yossi Haber
  • Publication number: 20220116361
    Abstract: Methods for dynamic forward proxy chaining are performed by systems and devices. A forward proxy server receives an electronic communication message that includes destination information in a header and payload information. Destination information includes an ordered set of subsequent destination identifiers associated with subsequent forward proxy servers and an ultimate destination identifier for the electronic communication message. The destination information in the electronic communication message is modified by the forward proxy server to generate a modified electronic communication message. Based on proxy operations performed by the forward proxy server, destination information is modified by removing destinations, adding destinations, altering ports for destinations, and other modifications.
    Type: Application
    Filed: October 13, 2020
    Publication date: April 14, 2022
    Inventors: Guy LEWIN, Michel PETERSON
  • Publication number: 20220114191
    Abstract: Techniques are described herein that are capable of providing offline support for a database cluster that includes online nodes and an offline-compatible node. For example, an operation may be performed with regard to information, which is stored by the offline-compatible node while the offline-compatible node is not connected to the online nodes via the network, based at least in part on the offline-compatible node being connected to the online nodes. In another example, an operation may be performed with regard to information, which is stored by any one or more of the online nodes while the offline-compatible node is not connected to the online nodes via the network, based at least in part on the offline-compatible node being connected to the online nodes.
    Type: Application
    Filed: October 13, 2020
    Publication date: April 14, 2022
    Inventors: Michel Peterson, Guy Lewin
  • Publication number: 20220116406
    Abstract: Methods, systems, apparatuses, and computer-readable storage mediums are described for performing malware detection and mitigation on behalf of a client device by a forward proxy server. For example, the client device is configured to route network traffic through the forward proxy server. The forward proxy server is configured to detect file transfer operations between the client device and a destination server. Responsive to detecting a file transfer operation, the forward proxy server obtains a copy of the file to be transferred and provides it to a malware identification service, which analyzes the file for malware. The malware identification service may execute on the forward proxy server or another server communicatively coupled thereto. Responsive to determining that the file has been compromised with malware, the forward proxy server performs one or more actions to mitigate the malware.
    Type: Application
    Filed: October 12, 2020
    Publication date: April 14, 2022
    Inventors: Guy LEWIN, Tomer CHERNI, Daniel SENDEROVICH, Itamar NIDDAM
  • Patent number: 11265297
    Abstract: Sharing context between web frames increases consistent application of security policies, without requiring changes to a document object model. A proxy receives a first request implicating a first web frame and its URL, potentially issues a sub-request and gets a sub-response, and creates a first response to the first request, including a context in frame creation or frame navigation code. Thus, context such as a domain identification is made available for sharing between the first web frame and a second web frame without altering a document object model of a web page of the first web frame, and without imposing a same-origin policy workaround. Sharing the context allows the proxy to ascertain a policy based on the context, so it can apply the policy in reactions to subsequent requests. Context sharing allows window frames to be associated together in the proxy, and informs browser rendering.
    Type: Grant
    Filed: July 3, 2019
    Date of Patent: March 1, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Guy Lewin, Itamar Azulay, Lucy Goldberg
  • Publication number: 20220029967
    Abstract: Techniques are described herein that are capable of implementing a client-side policy on client-side logic. The client-side policy is configured to support client-side hooks by configuring a rule in the client-side policy to be applied to the client-side logic, which is configured to be executed in a browser of a client device in a network-based system. The rule indicates an administrator-defined action to be performed in response to a request to execute the client-side logic. The request to execute the client-side logic in the browser is received. The administrator-defined action is performed based at least in part on the rule in the client-side policy in response to receipt of the request.
    Type: Application
    Filed: October 8, 2021
    Publication date: January 27, 2022
    Inventors: Guy LEWIN, Yossef HABER, Vitaly KHAIT
  • Patent number: 11233749
    Abstract: Providing fluid external access to a resource that is internal to a network from external to that network. From within the network, the internal user simply provides an internal identifier, and the external user accesses not the internal identifier, but an external uniform resource identifier (URL) that the external user can simply select to obtain access to the internal resource of the network. This is accomplished by translating the internal identifier to an external URL having a proxy server as its domain name. When the external URL selects the URL, a request with that external URL is made to the proxy server, which translates the external URL back to the internal identifier, and coordinates with the network to obtain the resource for the external user.
    Type: Grant
    Filed: October 23, 2019
    Date of Patent: January 25, 2022
    Assignee: MICROSOFT TECHNOLOGLY LICENSING, LLC
    Inventors: Guy Lewin, Vitaly Khait, Yossi Haber, Ami Luttwak, Alexander Esibov
  • Publication number: 20220012070
    Abstract: Methods and systems are provided for a browser in a client device that receives a user interface script-code snippet from a web page. A chain logic engine determines whether an in-memory map indicates an output value of prior execution of the UI script-code snippet. If the in-memory map does indicate the output value, it is returned from the in-memory map to generate the user interface. If not, the engine determines whether an in-local storage map indicates the prior executed snippet output. If the in-local storage map indicates the prior executed snippet output, it is returned from the in-local storage map to generate the user interface, and it is stored in the in-memory map. If not, the UI script-code snippet is executed to generate the output value, which is used to generate the user interface, and is stored in the in-memory map and in the in-local storage map.
    Type: Application
    Filed: July 9, 2020
    Publication date: January 13, 2022
    Inventors: Itamar Azulay, Amir Geri, Guy Lewin, Yossi Haber, Meir Baruch Blachman
  • Publication number: 20210409403
    Abstract: Methods, systems and computer program products are provided for service to service SSH with authentication and SSH session reauthentication. A client service initiates an SSH session by automatically providing authentication information to an authentication provider service, which returns access information. The client service uses an SSH client to automatically provide the access information to an SSH server, which receives and validates the access information. A service-to-service SSH session is created between the SSH client and SSH server. The client service and a server service may communicate securely via the service-to-service SSH session. Security may be maintained for any type of SSH connection (e.g., user to service, service to service) by periodically and automatically providing and validating reauthentication and refresh information. AN SSH connection/session is maintained if periodic access information is validated.
    Type: Application
    Filed: June 25, 2020
    Publication date: December 30, 2021
    Inventors: Guy LEWIN, Vitaly KHAIT, Liran MOYSI
  • Publication number: 20210373979
    Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.
    Type: Application
    Filed: May 29, 2020
    Publication date: December 2, 2021
    Inventors: Guy Lewin, Amir Geri, Yossi Haber
  • Publication number: 20210360080
    Abstract: An example inline frame monitor is disclosed. The inline frame monitor injects monitoring logic into a document object model to monitor an activity within a dynamically loaded inline frame of a web page. Data regarding the activity within the dynamically loaded inline frame is received. A policy is applied to validate or invalidate the activity within the dynamically loaded inline frame.
    Type: Application
    Filed: May 13, 2020
    Publication date: November 18, 2021
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Meir Blachman, Itamar Azulay, Guy Lewin