Patents by Inventor Ilan Shimony
Ilan Shimony has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220224673Abstract: Methods and systems for isolating data flow between a secured network and an unsecured network may include a configurable flow control module, communicatively connected to the secured network and to the unsecured network; and a state selector module, associated with the flow control module and adapted to dynamically configure a state of the flow control module. The flow control module may include at least one hardware switch, configured to isolate between the secured network and the unsecured network, by allowing unidirectional transfer of data from the secured network to the unsecured network via a communication channel, based on the configured state.Type: ApplicationFiled: January 13, 2021Publication date: July 14, 2022Applicant: Terafence Ltd.Inventors: Ilan Shimony, Ayal Avrech
-
Patent number: 8949569Abstract: A method for facilitating direct memory access in a computing system in response to a request to transfer data is provided. The method comprises selecting a thread for transferring the data, wherein the thread executes on a processing core within the computing system; providing the thread with the request, wherein the request comprises information for carrying out a data transfer; and transferring the data according to the request. The method may further comprise: coordinating the request with a memory management unit, such that virtual addresses may be used to transfer data; invalidating a cache line associated with the source address or flushing a cache line associated with the destination address, if requested. Multiple threads can be selected to transfer data based on their proximity to the destination address.Type: GrantFiled: April 30, 2008Date of Patent: February 3, 2015Assignee: International Business Machines CorporationInventors: Alan Frederic Benner, Shmuel Ben-Yehuda, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III
-
Patent number: 8898665Abstract: A method for accessing a memory space allocated to a virtual machine, the method includes: receiving a request from the virtual machine to generate, for another virtual machine, a memory credential associated with a certain memory space allocated to the virtual machine; generating, in response to the request, a cryptographically signed credential; sending the cryptographically signed credential to the other virtual machine; receiving from the other virtual machine an access request to access at least one memory entry within the certain memory space; and accessing the at least one memory entry, if the access request complies with the memory credential.Type: GrantFiled: February 29, 2012Date of Patent: November 25, 2014Assignee: International Business Machines CorporationInventors: Shmuel Ben-Yehuda, Zorik Machulsky, Julian Satran, Edward J. Seminaro, Leah Shalev, Ilan Shimony
-
Patent number: 8752164Abstract: The present invention prevents illegitimate access to a user computing machine. A method in accordance with an embodiment includes: setting an authentication routine in the user computing machine; generating a virtual keyboard on the user computing machine; entering a user identification through the virtual keyboard, the user identification being entered according to a virtual keyboard form factor; comparing the entered user identification with a secure user identification previously stored in the user computing machine; and validating the user access to the user computing machine if a match occurs, otherwise denying access.Type: GrantFiled: May 25, 2008Date of Patent: June 10, 2014Assignee: International Business Machines CorporationInventors: Oded Dubovsky, Itzhack Goldberg, Ido Levy, Ilan Shimony, Grant D. Williamson
-
Patent number: 8745295Abstract: A method for executing a migrated execution context by a storage controller, the method includes: determining, by a management entity, to migrate an execution context from a source computer to the storage controller in response to a fulfillment of a first criterion; and migrating the execution context to the storage controller; wherein the source computer is coupled to the storage controller.Type: GrantFiled: February 12, 2007Date of Patent: June 3, 2014Assignee: International Business Machines CorporationInventors: Alain Charles Azagury, Shmuel Ben-Yehuda, Michael E. Factor, Ilan Shimony
-
Patent number: 8650406Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: GrantFiled: February 27, 2012Date of Patent: February 11, 2014Assignee: International Business Machines CorporationInventors: Michael Backes, Shmuel S Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Patent number: 8625129Abstract: A method for separating multiple print jobs sent by one or more computers to a document printer, the method including printing a first banner at the edge of a top sheet of a first print job, and printing a second banner at the edge of a top sheet of a second print job.Type: GrantFiled: November 7, 2007Date of Patent: January 7, 2014Assignee: International Business Machines CorporationInventors: Amir Noy, Ilan Shimony
-
Publication number: 20120159610Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: ApplicationFiled: February 27, 2012Publication date: June 21, 2012Applicant: International Business Machine CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Publication number: 20120159486Abstract: A method for accessing a memory space allocated to a virtual machine, the method includes: receiving a request from the virtual machine to generate, for another virtual machine, a memory credential associated with a certain memory space allocated to the virtual machine; generating, in response to the request, a cryptographically signed credential; sending the cryptographically signed credential to the other virtual machine; receiving from the other virtual machine an access request to access at least one memory entry within the certain memory space; and accessing the at least one memory entry, if the access request complies with the memory credential.Type: ApplicationFiled: February 29, 2012Publication date: June 21, 2012Applicant: International Business Machines CorporationInventors: Shmuel Ben-Yehuda, Zorik Machulsky, Julian Satran, Edward J. Seminaro, Leah Shalev, Ilan Shimony
-
Patent number: 8161287Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: GrantFiled: June 3, 2010Date of Patent: April 17, 2012Assignee: International Business Machines CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, Michael Waidner
-
Patent number: 8156503Abstract: A method for accessing a memory space allocated to a virtual machine, the method includes: receiving a request from the virtual machine to generate, for another virtual machine, a memory credential associated with a certain memory space allocated to the virtual machine; generating, in response to the request, a cryptographically signed credential; sending the cryptographically signed credential to the other virtual machine; receiving from the other virtual machine an access request to access at least one memory entry within the certain memory space; and accessing the at least one memory entry, if the access request complies with the memory credential.Type: GrantFiled: February 12, 2008Date of Patent: April 10, 2012Assignee: International Business Machines CorporationInventors: Shmuel Ben-Yehuda, Zorik MacHulsky, Julian Satran, Edward J. Seminaro, Leah Shalev, Ilan Shimony
-
Patent number: 8037154Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), and providing an asynchronous dual-queue interface for exchanging information between the streamer and TCE, wherein the streamer and TCE are adapted to operate asynchronously and independently of one another.Type: GrantFiled: May 19, 2005Date of Patent: October 11, 2011Assignee: International Business Machines CorporationInventors: Giora Biran, Zorik Machulsky, Vadim Makhervaks, Renato John Recio, Julian Satran, Leah Shalev, Ilan Shimony
-
Patent number: 7925801Abstract: A method and system for protection and security of IO devices using credential are provided. The system may include at least one consumer arranged to initiate IO requests from the IO device, and the IO requests may include IO capability allocation and additional parameters. The system may also include an IO resource manager (IORM) arranged to translate the IO capability allocation and additional parameters included in said IO request to a set of capability tokens for the consumer or for a group of consumers, to generate a global key to protect the capability tokens, and further arranged to manage the IO device. The system may further include a channel component arranged to transfer and receive the IO request to and from the IO device.Type: GrantFiled: January 17, 2006Date of Patent: April 12, 2011Assignee: International Business Machines CorporationInventors: Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III
-
Patent number: 7924848Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), wherein the streamer and the TCE are adapted to operate asynchronously and independently of one another, and receiving an inbound TCP segment with the streamer.Type: GrantFiled: May 18, 2005Date of Patent: April 12, 2011Assignee: International Business Machines CorporationInventors: Giora Biran, Zorik Machulsky, Vadim Makhervaks, Renato John Recio, Julian Satran, Leah Shalev, Ilan Shimony
-
Publication number: 20100242108Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.Type: ApplicationFiled: June 3, 2010Publication date: September 23, 2010Applicant: International Business Machines CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Patent number: 7760741Abstract: A network acceleration architecture for use with TCP, iSCSI and/or RDMA over TCP, including a hardware acceleration engine adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, a software protocol processor adapted for carrying out TCP implementation, and an asynchronous dual-queue interface for exchanging information between the hardware acceleration engine and the software protocol processor, wherein the hardware acceleration engine and the software protocol processor are adapted to operate asynchronously and independently of one another.Type: GrantFiled: May 18, 2005Date of Patent: July 20, 2010Assignee: International Business Machines CorporationInventors: Giora Biran, Zorik Machulsky, Vadim Makhervaks, Renato John Recio, Julian Satran, Leah Shalev, Ilan Shimony
-
Patent number: 7757280Abstract: A computer-implemented method for protecting a memory is provided. The method includes responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to the memory, the request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB), forming a credential from CAP and CAPB, appending the credential to the IO command, configuring the IO device according to the credential and the IO command, transmitting the data from the IO device to the memory and prior to allowing execution of the DMA, authenticating that the credential is valid, further includes regenerating CAPB from a key available to an authenticating entity and from the CAP (included in CAPB) and verifying that the memory region information described in the cryptographically signed capability is the same as the requested region that was originally created, and that the cryptographically signed capability encompasses the IO command.Type: GrantFiled: January 17, 2006Date of Patent: July 13, 2010Assignee: International Business Machines CorporationInventors: Michael Backes, Shmuel Ben-Yehuda, Jan Leonhard Camenisch, Ton Engbersen, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, Thomas Basil Smith, III, Michael Waidner
-
Publication number: 20100141985Abstract: A method for separating multiple print jobs sent by one or more computers to a document printer, the method including printing a first banner at the edge of a top sheet of a first print job, and printing a second banner at the edge of a top sheet of a second print job.Type: ApplicationFiled: November 7, 2007Publication date: June 10, 2010Inventors: Amir Noy, Ilan Shimony
-
Patent number: 7733875Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and/or RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), wherein the streamer and the TCE are adapted to operate asynchronously and independently of one another, and transmitting a TCP segment with the streamer.Type: GrantFiled: May 19, 2005Date of Patent: June 8, 2010Assignee: International Business Machines CorporationInventors: Giora Biran, Zorik Machulsky, Vadim Makhervaks, Renato John Recio, Julian Satran, Leah Shalev, Ilan Shimony
-
Publication number: 20100049883Abstract: A method and system for memory address translation and pinning are provided. The method includes attaching a memory address space identifier to a direct memory access (DMA) request, the DMA request is sent by a consumer and using a virtual address in a given address space. The method further includes looking up for the memory address space identifier to find a translation of the virtual address in the given address space used in the DMA request to a physical page frame. Provided that the physical page frame is found, pinning the physical page frame as long as the DMA request is in progress to prevent an unmapping operation of said virtual address in said given address space, and completing the DMA request, wherein the steps of attaching, looking up and pinning are centrally controlled by a host gateway.Type: ApplicationFiled: September 29, 2009Publication date: February 25, 2010Inventors: Shmuel Ben-Yehuda, Scott Guthridge, Orran Yaakov Krieger, Zorik Machulsky, Julian Satran, Leah Shalev, Ilan Shimony, James Xenidis