Patents by Inventor Michael Dubinsky
Michael Dubinsky has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11818228Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.Type: GrantFiled: September 22, 2016Date of Patent: November 14, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Tal Arieh Be'ery, Itai Grady, Tom Jurgenson, Idan Plotnik, Sivan Krigsman, Michael Dubinsky, Gil David
-
Patent number: 11025668Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.Type: GrantFiled: November 13, 2018Date of Patent: June 1, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
-
Patent number: 10587611Abstract: The network logon protocol used in a pass-through authentication request embedded in an encrypted network packet is identified. A protocol detection engine correlates events and network requests received at a domain controller in order to use the data contained in a correlated pair to determine a size of a challenge response in the encrypted network packet. The size of the response is used to identify the network logon protocol used in the pass-through authentication request.Type: GrantFiled: August 29, 2017Date of Patent: March 10, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Tal Joseph Maor, Itai Grady Ashkenazy, Michael Dubinsky, Marina Simakov
-
Patent number: 10505894Abstract: A system and method for performing IP to name resolution in organizational environments. IP addresses are determined for devices utilizing the corporate network. An IP address is resolved to a first device name and then the same IP address is subsequently resolved to a second device name. A profile is generated such as a timeline for the IP address including both the first and second device names. The timeline may be queried to determine whether the first device name or the second device name was associated with the IP address during a period of time.Type: GrantFiled: February 6, 2017Date of Patent: December 10, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Idan Plotnik, Sivan Krigsman, Benny Lakunishok, Tal Arieh Be'ery, Michael Dubinsky, Michael Dolinsky
-
Patent number: 10333944Abstract: Determining impossible travel for a specific user entity associated with an on-premises site. A method includes identifying an estimated location of an on-premises site associated with an organization network. Identifying the estimated location of an on-premises site comprises aggregating connection information of remote devices, remote from the on-premises site connecting to the on-premises site. Information related to an on-premises connection event is identified including the estimated location, time information, and a first user identification for an entity. Information is identified related to a different connection event. The information comprises location information, time information and a second user identification for the entity. The information related to the on-premises connection event and the information related to the different connection event are used to detect impossible travel for the entity. An alert indicating an impossible travel condition is provided.Type: GrantFiled: November 3, 2016Date of Patent: June 25, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Tom Jurgenson, Sivan Krigsman, Michael Dubinsky, Tal Arieh Be'ery, Idan Plotnik, Gil David
-
Patent number: 10298699Abstract: The present disclosure provides for improved computational efficiency and security in a network by determining the physical location of network connected components, without requiring the components to self-locate. The locations of devices remotely connected to a site within the network are geolocated so that the physical location of that site may be inferred from a centralized point to the remote devices' locations. This calculate site location may be compared against a known site location to improve a generalized algorithm for determining the calculated location of a site with an unknown location, and may be applied to devices that are locally connected to the network, which may be otherwise incapable of being geolocated.Type: GrantFiled: September 8, 2016Date of Patent: May 21, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Tom Jurgenson, Tal Arieh Be'ery, Idan Plotnik, Michael Dubinsky, Sivan Krigsman, Gil David
-
Publication number: 20190104153Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.Type: ApplicationFiled: November 13, 2018Publication date: April 4, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
-
Publication number: 20190068573Abstract: The network logon protocol used in a pass-through authentication request embedded in an encrypted network packet is identified. A protocol detection engine correlates events and network requests received at a domain controller in order to use the data contained in a correlated pair to determine a size of a challenge response in the encrypted network packet. The size of the response is used to identify the network logon protocol used in the pass-through authentication request.Type: ApplicationFiled: August 29, 2017Publication date: February 28, 2019Inventors: TAL JOSEPH MAOR, ITAI GRADY ASHKENAZY, MICHAEL DUBINSKY, MARINA SIMAKOV
-
Patent number: 10129298Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.Type: GrantFiled: June 30, 2016Date of Patent: November 13, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery
-
Publication number: 20180124065Abstract: Determining impossible travel for a specific user entity associated with an on-premises site. A method includes identifying an estimated location of an on-premises site associated with an organization network. Identifying the estimated location of an on-premises site comprises aggregating connection information of remote devices, remote from the on-premises site connecting to the on-premises site. Information related to an on-premises connection event is identified including the estimated location, time information, and a first user identification for an entity. Information is identified related to a different connection event. The information comprises location information, time information and a second user identification for the entity. The information related to the on-premises connection event and the information related to the different connection event are used to detect impossible travel for the entity. An alert indicating an impossible travel condition is provided.Type: ApplicationFiled: November 3, 2016Publication date: May 3, 2018Inventors: Tom Jurgenson, Sivan Krigsman, Michael Dubinsky, Tal Arieh Be'ery, Idan Plotnik, Gil David
-
Publication number: 20180109490Abstract: A system and method for performing IP to name resolution in organizational environments. IP addresses are determined for devices utilizing the corporate network. An IP address is resolved to a first device name and then the same IP address is subsequently resolved to a second device name. A profile is generated such as a timeline for the IP address including both the first and second device names. The timeline may be queried to determine whether the first device name or the second device name was associated with the IP address during a period of time.Type: ApplicationFiled: February 6, 2017Publication date: April 19, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Idan Plotnik, Sivan Krigsman, Benny Lakunishok, Tal Arieh Be'ery, Michael Dubinsky, Michael Dolinsky
-
Publication number: 20180084069Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.Type: ApplicationFiled: September 22, 2016Publication date: March 22, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Tal Arieh Be'ery, Itai Grady, Tom Jurgenson, Idan Plotnik, Sivan Krigsman, Michael Dubinsky, Gil David
-
Publication number: 20180069934Abstract: The present disclosure provides for improved computational efficiency and security in a network by determining the physical location of network connected components, without requiring the components to self-locate. The locations of devices remotely connected to a site within the network are geolocated so that the physical location of that site may be inferred from a centralized point to the remote devices' locations. This calculate site location may be compared against a known site location to improve a generalized algorithm for determining the calculated location of a site with an unknown location, and may be applied to devices that are locally connected to the network, which may be otherwise incapable of being geolocated.Type: ApplicationFiled: September 8, 2016Publication date: March 8, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Tom Jurgenson, Tal Arieh Be'ery, Idan Plotnik, Michael Dubinsky, Sivan Krigsman, Gil David
-
Publication number: 20180007087Abstract: The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.Type: ApplicationFiled: June 30, 2016Publication date: January 4, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Itai Grady, Michael Dubinsky, Benny Lakunishok, Idan Plotnik, Tal Arieh Be'ery