Patents by Inventor Jack Kabat
Jack Kabat has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190354691Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.Type: ApplicationFiled: June 19, 2019Publication date: November 21, 2019Inventors: Lynn AYRES, Jack KABAT, Raja Charu Vikram KAKUMANI, Mashuri LIBMAN, Benjamin STULL, Anatoly KORETSKY, Andrey SHUR, Joseph SCHULMAN
-
Patent number: 10372916Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.Type: GrantFiled: March 9, 2016Date of Patent: August 6, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Lynn Ayres, Jack Kabat, Raja Charu Vikram Kakumani, Mashuri Libman, Benjamin Stull, Anatoly Koretsky, Andrey Shur, Joseph Schulman
-
Patent number: 9832231Abstract: User input mechanisms are displayed for defining a compliance policy update. A unified compliance policy update is generated according to a unified schema that is consistent across different workloads. The unified compliance policy update is sent to a workload where it is deployed.Type: GrantFiled: May 26, 2016Date of Patent: November 28, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Hao Zhang, Anatoly Koretsky, Lucy Chao, Mashuri Libman, Neelamadhaba Mahapatro, Krishna Kumar Parthasarathy, Sowmy Srinivasan, Sridharan Ramanathan, Jack Kabat
-
Patent number: 9754098Abstract: A policy tip or end user notification is provided for data loss prevention in collaborative environments. A document interactivity application detects an action or trigger by an end user that affects a document. The document is processed, through a classification engine and a unified policy engine, with policies based on the action to detect a matched policy. A policy tip associated with the matched policy is identified and displayed on the display device in association with the document.Type: GrantFiled: February 26, 2015Date of Patent: September 5, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Yu Li, Richard Wesley Holley, Srivalli Chavali, Jack Kabat, Leif Brenne, Serguei Martchenko, Mark Mullins, Mashuri Libman
-
Publication number: 20160277449Abstract: User input mechanisms are displayed for defining a compliance policy update. A unified compliance policy update is generated according to a unified schema that is consistent across different workloads. The unified compliance policy update is sent to a workload where it is deployed.Type: ApplicationFiled: May 26, 2016Publication date: September 22, 2016Inventors: Hao Zhang, Anatoly Koretsky, Lucy Chao, Mashuri Libman, Neelamadhaba Mahapatro, Krishna Kumar Parthasarathy, Sowmy Srinivasan, Sridharan Ramanathan, Jack Kabat
-
Patent number: 9438547Abstract: System and methods for the implementation and/or enforcement of an email policy for an organization's email system are presented. A Data Loss Prevention (DLP) policy may be implemented on top of the email system. In one embodiment, the DLP policy may comprise modules and/or processing that tests emails for such sensitive data within emails. If an email comprises such sensitive data, then the DLP policy directives may specify processing to be applied as part of each stage of mail processing, from authoring to mail processing on the server and delivery. A single policy may be authored and managed that will apply the policy directives uniformly across all aspects of the message lifecycle. Each of the message policy enforcement systems may evaluate the single policy definition and apply the policy directives in a manner consistent with the contextual evaluation of the policy.Type: GrantFiled: July 10, 2012Date of Patent: September 6, 2016Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Lynn Ayres, Jack Kabat, Vikram Kakumani, Mashuri Libman, Benjamin Stull, Anatoly Koretsky, Vidyaraman Sankaranarayanan
-
Publication number: 20160203321Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.Type: ApplicationFiled: March 9, 2016Publication date: July 14, 2016Inventors: Lynn Ayres, Jack Kabat, Vikram Kakumani, Mashuri Libman, Benjamin Stull, Anatoly Koretsky, Andrey Shur, Joseph Schulman
-
Patent number: 9380074Abstract: User input mechanisms are displayed for defining a compliance policy update. A unified compliance policy update is generated according to a unified schema that is consistent across different workloads. The unified compliance policy update is sent to a workload where it is deployed.Type: GrantFiled: July 24, 2014Date of Patent: June 28, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Hao Zhang, Anatoly Koretsky, Lucy Chao, Mashuri Libman, Neelamadhaba Mahapatro, Krishna Kumar Parthasarathy, Sowmy Srinivasan, Sridharan Ramanathan, Jack Kabat
-
Publication number: 20160117517Abstract: A policy tip or end user notification is provided for data loss prevention in collaborative environments. A document interactivity application detects an action or trigger by an end user that affects a document. The document is processed, through a classification engine and a unified policy engine, with policies based on the action to detect a matched policy. A policy tip associated with the matched policy is identified and displayed on the display device in association with the document.Type: ApplicationFiled: February 26, 2015Publication date: April 28, 2016Inventors: Yu Li, Richard Wesley Holley, Srivalli Chavali, Jack Kabat, Leif Brenne, Serguei Martchenko, Mark Mullins, Mashuri Libman
-
Patent number: 9317696Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.Type: GrantFiled: July 10, 2012Date of Patent: April 19, 2016Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Lynn Ayres, Jack Kabat, Vikram Kakumani, Mashuri Libman, Benjamin Stull, Anatoly Koretsky, Andrey Shur
-
Publication number: 20150249684Abstract: User input mechanisms are displayed for defining a compliance policy update. A unified compliance policy update is generated according to a unified schema that is consistent across different workloads. The unified compliance policy update is sent to a workload where it is deployed.Type: ApplicationFiled: July 24, 2014Publication date: September 3, 2015Inventors: Hao Zhang, Anatoly Koretsky, Lucy Chao, Mashuri Libman, Neelamadhaba Mahapatro, Krishna Kumar Parthasarathy, Sowmy Srinivasan, Sridharan Ramanathan, Jack Kabat
-
Publication number: 20140020045Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.Type: ApplicationFiled: July 10, 2012Publication date: January 16, 2014Applicant: MICROSOFT CORPORATIONInventors: Lynn Ayres, Jack Kabat, Vikram Kakumani, Mashuri Libman, Benjamin Stull, Anatoly Koretsky, Andrey Shur, Joseph Schulman
-
Publication number: 20140020044Abstract: System and methods for the implementation and/or enforcement of an email policy for an organization's email system are presented. A Data Loss Prevention (DLP) policy may be implemented on top of the email system. In one embodiment, the DLP policy may comprise modules and/or processing that tests emails for such sensitive data within emails. If an email comprises such sensitive data, then the DLP policy directives may specify processing to be applied as part of each stage of mail processing, from authoring to mail processing on the server and delivery. A single policy may be authored and managed that will apply the policy directives uniformly across all aspects of the message lifecycle. Each of the message policy enforcement systems may evaluate the single policy definition and apply the policy directives in a manner consistent with the contextual evaluation of the policy.Type: ApplicationFiled: July 10, 2012Publication date: January 16, 2014Applicant: MICROSOFT CORPORATIONInventors: Lynn Ayres, Jack Kabat, Vikram Kakumani, Mashuri Libman, Benjamin Stull, Anatoly Koretsky, Vidyaraman Sankaranarayanan
-
Patent number: 8353005Abstract: Defining a unified access management policy expression that unifies access control policy with events or workflows. Unified management policy information is stored. The unified management policy information defines permissions for access to resources together with events or workflows. A request is received to execute the one or more operations on one or more objects. The requested operation is verified against the unified management rules. Verifying includes performing a single retrieval, retrieving both the access control information and the events or workflows and calculating the applicability of the rule to the conditions represented by the request. Matching rules are applied, access control decisions performed and associated workflows are executed.Type: GrantFiled: June 27, 2008Date of Patent: January 8, 2013Assignee: Microsoft CorporationInventors: Jack Kabat, Vadim Meleshuk, Jasjeet Gill, Alexander T. Weinert
-
Patent number: 8196187Abstract: Enforcing access control based on resource state. A method includes receiving a request for an operation on one or more objects stored on computer readable media. One or more pre-operation states of the one or more objects are determined. One or more post-operation states of the one or more objects are determined. One or more access control rules are referenced. The access control rules control access to resources based on pre-operation state and post operation state. It can then be determined that the one or more access control rules allow the operation to succeed based on the one or more pre-operation states and the one or more post operation states. Based on determining that the one or more access control rules allow the operation to succeed, the operation is allowed to succeed.Type: GrantFiled: June 27, 2008Date of Patent: June 5, 2012Assignee: Microsoft CorporationInventors: Jack Kabat, Vadim Meleshuk, Alexander T. Weinert
-
Publication number: 20090307172Abstract: Disclosed herein is a system and method for enforcement of management policies by automatically trigging action-based processes that are mapped to the management policies. This may occur when: a new management policy is created; a final set of a management policy is modified; a new workflow is added to the management policy; and the membership filter or explicit membership of a set referenced by the management policy's final set is modified.Type: ApplicationFiled: September 26, 2008Publication date: December 10, 2009Applicant: Microsoft CorporationInventors: Craig V. McMurtry, Jack Kabat, Nima Ganjeh
-
Publication number: 20090222882Abstract: Defining a unified access management policy expression that unifies access control policy with events or workflows. Unified management policy information is stored. The unified management policy information defines permissions for access to resources together with events or workflows. A request is received to execute the one or more operations on one or more objects. The requested operation is verified against the unified management rules. Verifying includes performing a single retrieval, retrieving both the access control information and the events or workflows and calculating the applicability of the rule to the conditions represented by the request. Matching rules are applied, access control decisions performed and associated workflows are executed.Type: ApplicationFiled: June 27, 2008Publication date: September 3, 2009Applicant: Microsoft CorporationInventors: Jack Kabat, Vadim Meleshuk, Jasjeet Gill, Alexander T. Weinert
-
Publication number: 20090222881Abstract: Enforcing access control based on resource state. A method includes receiving a request for an operation on one or more objects stored on computer readable media. One or more pre-operation states of the one or more objects are determined. One or more post-operation states of the one or more objects are determined. One or more access control rules are referenced. The access control rules control access to resources based on pre-operation state and post operation state. It can then be determined that the one or more access control rules allow the operation to succeed based on the one or more pre-operation states and the one or more post operation states. Based on determining that the one or more access control rules allow the operation to succeed, the operation is allowed to succeed.Type: ApplicationFiled: June 27, 2008Publication date: September 3, 2009Applicant: Microsoft CorporationInventors: Jack Kabat, Vadim Meleshuk, Alexander T. Weinert