Patents by Inventor Leonid Sandler
Leonid Sandler has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11595201Abstract: Systems and methods of generating a software module, including: receiving a cryptographic key identification (ID) and a cryptographic operation type from at least one executable program, generating a software module configured to perform the cryptographic operation with a cryptographic key, sending the software module to the at least one executable program, and performing the operation having the cryptographic operation type with the software module, wherein the software module is generated based on at least one of: a transformation of the cryptographic key corresponding to the received cryptographic key ID, and the received cryptographic operation.Type: GrantFiled: February 21, 2020Date of Patent: February 28, 2023Assignee: CYBER ARMOR LTD.Inventors: Benyamin Hirschberg, Leonid Sandler
-
Patent number: 11139983Abstract: Systems and methods of verifying runtime integrity with a trusted execution environment (TEE) may include generating, by a processor in communication with the TEE, a secure communication channel between the TEE and at least one executable program attempting to communicate with the TEE, providing, by the processor, a moving target defense (MTD) module to the at least one executable program via the generated secure communication channel, wherein the MTD module comprises disposable polymorphic code, sending over the secured communication channel, by the processor: data, received from the at least one executable program, and a transformed runtime digest of the at least one executable program, and allowing, by the processor, communication with the TEE when the validity of the transformed runtime digest of the corresponding at least one executable program is verified.Type: GrantFiled: July 11, 2019Date of Patent: October 5, 2021Assignee: CYBER ARMOR LTD.Inventors: Leonid Sandler, Benyamin Hirschberg
-
Publication number: 20210266158Abstract: Systems and methods of generating a software module, including: receiving a cryptographic key identification (ID) and a cryptographic operation type from at least one executable program, generating a software module configured to perform the cryptographic operation with a cryptographic key, sending the software module to the at least one executable program, and performing the operation having the cryptographic operation type with the software module, wherein the software module is generated based on at least one of: a transformation of the cryptographic key corresponding to the received cryptographic key ID, and the received cryptographic operation.Type: ApplicationFiled: February 21, 2020Publication date: August 26, 2021Applicant: CYBER ARMOR LTD.Inventors: Benyamin HIRSCHBERG, Leonid SANDLER
-
Publication number: 20210014068Abstract: Systems and methods of verifying runtime integrity with a trusted execution environment (TEE) may include generating, by a processor in communication with the TEE, a secure communication channel between the TEE and at least one executable program attempting to communicate with the TEE, providing, by the processor, a moving target defense (MTD) module to the at least one executable program via the generated secure communication channel, wherein the MTD module comprises disposable polymorphic code, sending over the secured communication channel, by the processor: data, received from the at least one executable program, and a transformed runtime digest of the at least one executable program, and allowing, by the processor, communication with the TEE when the validity of the transformed runtime digest of the corresponding at least one executable program is verified.Type: ApplicationFiled: July 11, 2019Publication date: January 14, 2021Applicant: CYBER ARMOR LTD.Inventors: Leonid SANDLER, Benyamin HIRSCHBERG
-
Patent number: 10609042Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.Type: GrantFiled: December 21, 2016Date of Patent: March 31, 2020Assignee: Cisco Technology, Inc.Inventors: Paul Quinn, Michael E. Lipman, Mike Milano, David D. Ward, James Guichard, Leonid Sandler, Moshe Kravchik, Alena Lifar, Darrin Miller
-
Publication number: 20170237747Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.Type: ApplicationFiled: December 21, 2016Publication date: August 17, 2017Inventors: Paul Quinn, Michael E. Lipman, Mike Milano, David D. Ward, James Guichard, Leonid Sandler, Moshe Kravchik, Alena Lifar, Darrin Miller
-
Patent number: 9223945Abstract: In one embodiment, a processing device includes a memory to store an executable program including a multiplicity of encrypted component blocks such that different combinations of blocks selected from the encrypted component blocks are operative when decrypted and executed to perform a same functionally equivalent data transformation, each of the component blocks being operative upon execution to convert input data into output data, and a processor operative to receive a selection of cryptographic keys, decrypt some of the encrypted component blocks using the cryptographic keys such that each one of the some encrypted component blocks is decrypted with a different one of the cryptographic keys yielding a multiplicity of decrypted component blocks, and execute the executable program including the multiplicity of decrypted component blocks to perform the same functionally equivalent data transformation. Related apparatus and methods are also described.Type: GrantFiled: May 20, 2015Date of Patent: December 29, 2015Assignee: Cisco Technology, Inc.Inventors: Leonid Sandler, Michael Burns
-
Publication number: 20150373140Abstract: A method, system and related apparatus are described, the system comprising a caching-capable element which is part of a data network, which receives a request from a downstream client device, the request including a content request, the content request including a Universal Resource Identifier (URI) and an explicit caching request, the caching request includes a unique content identifier which is independent of the URI, and optional expiration date information, a comparator included at the caching-capable element which compares the caching request against the existing cached content, and if the requested content is cached then the caching-capable element forwards the cached copy of the requested content to the client device, and if the requested content is not cached, then the caching-capable element forwards the request to a further upstream device, and, upon reception of the requested content from the further upstream device, returns the requested content to the requesting downstream device, and caches theType: ApplicationFiled: June 20, 2013Publication date: December 24, 2015Inventors: Arie HAENEL, Leonid SANDLER, Tomer AVITZUR
-
Publication number: 20150269367Abstract: In one embodiment, a processing device includes a memory to store an executable program including a multiplicity of encrypted component blocks such that different combinations of blocks selected from the encrypted component blocks are operative when decrypted and executed to perform a same functionally equivalent data transformation, each of the component blocks being operative upon execution to convert input data into output data, and a processor operative to receive a selection of cryptographic keys, decrypt some of the encrypted component blocks using the cryptographic keys such that each one of the some encrypted component blocks is decrypted with a different one of the cryptographic keys yielding a multiplicity of decrypted component blocks, and execute the executable program including the multiplicity of decrypted component blocks to perform the same functionally equivalent data transformation. Related apparatus and methods are also described.Type: ApplicationFiled: May 20, 2015Publication date: September 24, 2015Inventors: Leonid SANDLER, Michael Burns
-
Patent number: 9118461Abstract: A software diversity system including an executable provider to provide an executable program including component blocks such that different combinations of blocks are operative to perform a functionally encryption keys functionally equivalent data transformation, a cipher to encrypt the component blocks with cryptographic keys, a key selector to select a first selection of keys for a first device, such that the first selection is operative to decrypt a first combination of the blocks operative when executed to perform the same functionally equivalent data transformation, and select a second selection of keys for a second device, such that the second selection is operative to decrypt a second combination of the blocks operative when executed to perform the same functionally equivalent data transformation, and a transfer module to prepare for transfer the first and second selection of cryptographic keys for transfer to the first and second device, respectively. Related apparatus and methods are also included.Type: GrantFiled: September 12, 2011Date of Patent: August 25, 2015Assignee: CISCO TECHNOLOGY, INC.Inventors: Leonid Sandler, Michael Burns
-
Patent number: 8527756Abstract: A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described.Type: GrantFiled: September 27, 2006Date of Patent: September 3, 2013Assignee: Cisco Technology, Inc.Inventors: Leonid Sandler, Yaron Sella, Erez Waisbard
-
Publication number: 20130108051Abstract: A software diversity system including an executable provider to provide an executable program including component blocks such that different combinations of blocks are operative to perform a functionally encryption keys functionally equivalent data transformation, a cipher to encrypt the component blocks with cryptographic keys, a key selector to select a first selection of keys for a first device, such that the first selection is operative to decrypt a first combination of the blocks operative when executed to perform the same functionally equivalent data transformation, and select a second selection of keys for a second device, such that the second selection is operative to decrypt a second combination of the blocks operative when executed to perform the same functionally equivalent data transformation, and a transfer module to prepare for transfer the first and second selection of cryptographic keys for transfer to the first and second device, respectively. Related apparatus and methods are also included.Type: ApplicationFiled: September 12, 2011Publication date: May 2, 2013Applicant: NDS LimitedInventors: Leonid Sandler, Michael Burns
-
Publication number: 20120110335Abstract: A method and system for associating metadata with an encrypted content item, the method including receiving metadata for association with a content item, receiving an entitlement control packet (ECP) associated with the content item, applying a cryptographic hash function to the ECP, thereby generating an ECP hash value, combining the ECP hash value with the metadata, thereby creating a data control object, performing a cryptographic operation on the data control object, thereby generating cryptographic integrity data, and joining the cryptographic integrity data to the data control object after the cryptographic operation, wherein usage of the content by the recipient is dependent on both a validation of the ECP hash value and a validation of the cryptographic integrity data. Related apparatus and methods are also described.Type: ApplicationFiled: May 13, 2010Publication date: May 3, 2012Applicant: NDS LimitedInventors: Leonid Sandler, Yossi Tsuria
-
Publication number: 20110271104Abstract: A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described.Type: ApplicationFiled: September 27, 2006Publication date: November 3, 2011Applicant: NDS LimitedInventors: Leonid Sandler, Yaron Sella, Erez Waisbard
-
Patent number: 7895614Abstract: A method for controlling access to content, the method comprising: receiving content in an area in which access to the content is blacked out, the content corresponding to a blacked out event; preventing display of the content at the time of receipt; recording the received content; and allowing access to the recorded content after a time criterion is met, wherein the time criterion comprises an elapse of a predetermined period of time measured from a specified one of the following: commencement of the blacked out event and termination of the blacked out event.Type: GrantFiled: March 12, 2009Date of Patent: February 22, 2011Assignee: NDS LimitedInventors: Yossi Tsuria, Moshe Shlissel, Ezra Darshan, Stephanie Wald, Reuven Wachtfogel, Aharon Rozenhauz, Leonid Sandler
-
Publication number: 20100153717Abstract: A method and system of securing content is described, the method including establishing communication between a secure module source and a content rendering device, loading a dynamically generated pseudo-unique secure module to the content rendering device from the secure module source, establishing communication between the secure module source and the dynamically generated pseudo-unique secure module, and transferring a decryption key from the secure module source to the dynamically generated pseudo-unique secure module, thereby enabling decryption of encrypted content, the encrypted content being encrypted according to the decryption key. Related methods and apparatus are also described.Type: ApplicationFiled: September 27, 2006Publication date: June 17, 2010Applicant: NDS LimitedInventors: Leonid Sandler, Yaron Sella, Erez Waisbard
-
Publication number: 20090178073Abstract: A method for controlling access to content, the method comprising: receiving content in an area in which access to the content is blacked out, the content corresponding to a blacked out event; preventing display of the content at the time of receipt; recording the received content; and allowing access to the recorded content after a time criterion is met, wherein the time criterion comprises an elapse of a predetermined period of time measured from a specified one of the following: commencement of the blacked out event and termination of the blacked out event.Type: ApplicationFiled: March 12, 2009Publication date: July 9, 2009Applicant: NDS LimitedInventors: Yossi Tsuria, Moshe Shlissel, Ezra Darshan, Stephanie Wald, Reuven Wachtfogel, Aharon Rozenhauz, Leonid Sandler
-
Patent number: 7530085Abstract: A method for controlling access to content, including preventing access to content that corresponds to a blacked out event, until at least one of a time criterion and payment criterion is met. Related methods and apparatus are also disclosed.Type: GrantFiled: December 24, 2001Date of Patent: May 5, 2009Assignee: NDS LimitedInventors: Yossi Tsuria, Moshe Shlissel, Ezra Darshan, Stephanie Wald, Reuven Wachtfogel, Aharon Rozenhauz, Leonid Sandler
-
Publication number: 20030126594Abstract: A method for controlling access to content, including preventing access to content that corresponds to a blacked out event, until at least one of a time criterion and payment criterion is met. Related methods and apparatus are also disclosed.Type: ApplicationFiled: July 30, 2002Publication date: July 3, 2003Inventors: Yossi Tsuria, Moshe Shlissel, Ezra Darshan, Stephanie Wald, Reuven Wachtfogel, Aharon Rozenhaus, Leonid Sandler