Patents by Inventor Mordhai GENDELMAN

Mordhai GENDELMAN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240250929
    Abstract: A computing system is configured to perform zero-trust domain name resolution. The computing system includes applications coupled to a zero-trust client. The zero-trust client is configured to receive requests for IP addresses corresponding to endpoint identifiers for internet connected endpoints. The zero-trust client includes a synthetic DNS service configured to identify synthetic IP addresses for the endpoint identifiers. The zero-trust client provides the synthetic IP addresses for the endpoint identifiers to the applications. The zero-trust client sends data traffic from the applications to a zero-trust service with the synthetic IP addresses where corresponding synthetic IP addresses are correlated to the endpoint identifiers at the zero-trust service.
    Type: Application
    Filed: January 18, 2024
    Publication date: July 25, 2024
    Inventors: Ashish JAIN, Mordhai GENDELMAN, Or MORAN, Omer KATTAN, Yair TOR, Ronen Shmuel GOLDSMITH, Liraz BARAK
  • Patent number: 11943195
    Abstract: A computing system is configured to perform zero-trust domain name resolution. The computing system includes applications coupled to a zero-trust client. The zero-trust client is configured to receive requests for IP addresses corresponding to endpoint identifiers for internet connected endpoints. The zero-trust client includes a synthetic DNS service configured to identify synthetic IP addresses for the endpoint identifiers. The zero-trust client provides the synthetic IP addresses for the endpoint identifiers to the applications. The zero-trust client sends data traffic from the applications to a zero-trust service with the synthetic IP addresses and sends corresponding endpoint identifiers to the zero-trust service in a fashion that allows the synthetic IP addresses to be correlated to the endpoint identifiers at the zero-trust service.
    Type: Grant
    Filed: January 20, 2023
    Date of Patent: March 26, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ashish Jain, Mordhai Gendelman, Or Moran, Omer Kattan, Yair Tor, Ronen Shmuel Goldsmith, Liraz Barak
  • Publication number: 20240064147
    Abstract: Methods, systems and computer program products are provided for granular secure user access to private resources. Increased granularity of security policies for user access may reduce security threats to resources. Security policies indicating user access to secure resources may be based on various combinations of user identities, client-side process (e.g., sub-process) identities, device identities, device types, device locations, resource access types, intelligent access (e.g., selective traffic routing), etc. For example, a security policy may indicate user A, using computing device B executing process C with process signature S (e.g., a signing signature thumbprint, etc.) may access private resource D. A process identity may be indicated by at least one of a process name, a code signing signature, a thumbprint, a process version, or a process publisher. Resource access security policy determinations and/or enforcement may be performed by security clients and/or security engines (e.g.
    Type: Application
    Filed: August 16, 2022
    Publication date: February 22, 2024
    Inventors: Ashish JAIN, Ronnie GREENSTEIN, Mordhai GENDELMAN, Avraham CARMON, Sinead C. O'DONOVAN, Yair TOR
  • Publication number: 20240064138
    Abstract: Methods, systems and computer program products are provided for intelligent secure access to private resources. A security service (e.g., SASE ZTNA) may maintain the same or similar security posture for users who work remotely and/or locally by providing authentication, authorization, and/or ongoing conditional access via a security service (e.g., private or public SASE) while intelligently routing remote client traffic to private resources through the security service and routing local client traffic to private resources locally. A traffic routing determination may be made by a security client and/or security server. A traffic routing determination may be based on the location of a client computing device, such as a trusted network detection for a private/trusted network. Traffic routing determinations may be based on conditions alternative or in addition to location, such as the type of private resource or information being accessed by a client computing device.
    Type: Application
    Filed: August 16, 2022
    Publication date: February 22, 2024
    Inventors: Ashish JAIN, Mordhai GENDELMAN, Jeevan Singh BISHT, Avraham CARMON, Sinead C. O'DONOVAN, Yair TOR