Patents by Inventor Nir MARDIKS RAPPAPORT
Nir MARDIKS RAPPAPORT has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230409680Abstract: Systems and methods are described for authenticating a client device through remote browser isolation (RBI). An RBI service determines that a remote browser thereof is configured to issue an authentication request to an identity provider to access a resource of a resource provider and, in response, transmits a command to an RBI frontend of a client browser executing on a client computing device. The RBI frontend receives the command and, in response, generates a browsing context that issues a client-side authentication request to the identity provider that includes information accessible to the client computing device. Responsive to issuing the client-side authentication request, the browsing context receives an authentication artifact from an access service and transmits the authentication artifact to the RBI service.Type: ApplicationFiled: June 15, 2022Publication date: December 21, 2023Inventors: Meir Baruch BLACHMAN, Guy LEWIN, Nir Mardiks RAPPAPORT
-
Patent number: 11750684Abstract: According to examples, an apparatus may include a processor that may identify a navigation event responsive to a URL being entered into an address bar of a web browser, the URL having a domain and a URL component, and may determine whether the web browser received an instruction to navigate to a return URL, in which the return URL includes a suffix domain for a proxy and does not include the URL component. The processor may also, based on a determination that the web browser received the instruction to navigate to the return URL, generate a modified URL by appending the suffix domain to the URL to restore context of the URL for the proxy and navigate the web browser to the modified URL.Type: GrantFiled: May 20, 2022Date of Patent: September 5, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Vikas Malik, Nir Mardiks Rappaport, Idan Gadot
-
Publication number: 20230247004Abstract: The disclosure is generally directed towards a client device agent (e.g., a network agent) learning that a service domain is authenticated via a corresponding suffix proxy domain. The network agent may then direct a service domain request to the suffix proxy domain. The learning process generally involves evaluating headers in URL redirection communications between the client device and an authentication service, such as an identity provider (IDP). Based on a session control policy, the IDP may “bounce” the user to a proxy service (e.g., a suffix proxy). Accordingly, the IDP may include a “bouncer”. The network agent generally learns from the headers that a request to a service domain gets redirected (e.g., bounced) to a suffix proxy domain. The agent intercepts subsequent requests to the service domain, updates the request URL, and sends the updated request to the suffix proxy domain.Type: ApplicationFiled: January 31, 2022Publication date: August 3, 2023Inventors: Vikas MALIK, Nir Mardiks RAPPAPORT
-
Publication number: 20220279033Abstract: According to examples, an apparatus may include a processor that may identify a navigation event responsive to a URL being entered into an address bar of a web browser, the URL having a domain and a URL component, and may determine whether the web browser received an instruction to navigate to a return URL, in which the return URL includes a suffix domain for a proxy and does not include the URL component. The processor may also, based on a determination that the web browser received the instruction to navigate to the return URL, generate a modified URL by appending the suffix domain to the URL to restore context of the URL for the proxy and navigate the web browser to the modified URL.Type: ApplicationFiled: May 20, 2022Publication date: September 1, 2022Applicant: Microsoft Technology Licensing, LLCInventors: Vikas MALIK, Nir Mardiks Rappaport, Idan Gadot
-
Patent number: 11356495Abstract: According to examples, an apparatus may include a processor that may identify a navigation event responsive to a URL being entered into an address bar of a web browser, the URL having a domain and a URL component, and may determine whether the web browser received an instruction to navigate to a return URL, in which the return URL includes a suffix domain for a proxy and does not include the URL component. The processor may also, based on a determination that the web browser received the instruction to navigate to the return URL, generate a modified URL by appending the suffix domain to the URL to restore context of the URL for the proxy and navigate the web browser to the modified URL.Type: GrantFiled: October 29, 2020Date of Patent: June 7, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Vikas Malik, Nir Mardiks Rappaport, Idan Gadot
-
Publication number: 20220141278Abstract: According to examples, an apparatus may include a processor that may identify a navigation event responsive to a URL being entered into an address bar of a web browser, the URL having a domain and a URL component, and may determine whether the web browser received an instruction to navigate to a return URL, in which the return URL includes a suffix domain for a proxy and does not include the URL component. The processor may also, based on a determination that the web browser received the instruction to navigate to the return URL, generate a modified URL by appending the suffix domain to the URL to restore context of the URL for the proxy and navigate the web browser to the modified URL.Type: ApplicationFiled: October 29, 2020Publication date: May 5, 2022Applicant: Microsoft Technology Licensing, LLCInventors: Vikas MALIK, Nir MARDIKS RAPPAPORT, Idan GADOT
-
Patent number: 11200367Abstract: Securing inter-frame communication within a web page. First, receipt of a request from a client for accessing a web page document is detected. The request includes a URL that identifies the web page document. The web page document has a tree structure that includes a top parent object and multiple child objects. The multiple child objects include at least a first child object associated with a first domain and a second child object associated with a second domain. The web page document is retrieved from a location corresponding to the URL. The code of the retrieved web page document is then modified to enable secure communication between modified code of the first child object and modified code of the second object. Finally, the modified web page document is sent to the client.Type: GrantFiled: October 14, 2019Date of Patent: December 14, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Nir Mardiks Rappaport, Vikas Malik, Itamar Azulay
-
Publication number: 20210160220Abstract: A security service to verify a network resource accessed from a resource address in an application at client device is disclosed. The resource address is converted into a proxy address with a suffix domain of a proxy server. The proxy server is coupled to the client device. The network resource is verified at the proxy server.Type: ApplicationFiled: November 25, 2019Publication date: May 27, 2021Applicant: Microsoft Technology Licensing, LLCInventors: Nir Mardiks Rappaport, Alexander Esibov
-
Publication number: 20210109992Abstract: Securing inter-frame communication within a web page. First, receipt of a request from a client for accessing a web page document is detected. The request includes a URL that identifies the web page document. The web page document has a tree structure that includes a top parent object and multiple child objects. The multiple child objects include at least a first child object associated with a first domain and a second child object associated with a second domain. The web page document is retrieved from a location corresponding to the URL. The code of the retrieved web page document is then modified to enable secure communication between modified code of the first child object and modified code of the second object. Finally, the modified web page document is sent to the client.Type: ApplicationFiled: October 14, 2019Publication date: April 15, 2021Inventors: Nir Mardiks RAPPAPORT, Vikas MALIK, Itamar AZULAY
-
Patent number: 10938801Abstract: Methods, systems, and media are shown for providing a reverse proxy system with SSO capability involving receiving an authentication response message from a client that includes an authentication token and a unique session identifier and determining whether the identifier is stored on the proxy service. If the session identifier is stored on the proxy service, sending the authentication response message to a service provider to which the authentication response message is directed. If the session identifier in the authentication response message is not stored on the proxy service: sending a login request message to the service provider to which the authentication response message is directed, receiving an authentication request message from the service provider that includes an other unique session identifier and redirects the authentication request message to an identity provider, storing the other session identifier, and sending the authentication request message with the other identifier to the client.Type: GrantFiled: September 21, 2018Date of Patent: March 2, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Nir Mardiks Rappaport, Vikas Malik
-
Publication number: 20200404064Abstract: A proxy server to retrieve a web address received from a client to a webserver is disclosed. The proxy server can include a reverse proxy server. The web address is converted into proxy address at the proxy server. The proxy address is wrapped into a wrapper domain with a wrapping frame.Type: ApplicationFiled: June 21, 2019Publication date: December 24, 2020Applicant: Microsoft Technology Licensing, LLCInventors: Nir Mardiks Rappaport, Vikas Malik
-
Patent number: 10873644Abstract: A proxy server to retrieve a web address received from a client to a webserver is disclosed. The proxy server can include a reverse proxy server. The web address is converted into proxy address at the proxy server. The proxy address is wrapped into a wrapper domain with a wrapping frame.Type: GrantFiled: June 21, 2019Date of Patent: December 22, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Nir Mardiks Rappaport, Vikas Malik
-
Publication number: 20200099675Abstract: Methods, systems, and media are shown for providing a reverse proxy system with SSO capability involving receiving an authentication response message from a client that includes an authentication token and a unique session identifier and determining whether the identifier is stored on the proxy service. If the session identifier is stored on the proxy service, sending the authentication response message to a service provider to which the authentication response message is directed. If the session identifier in the authentication response message is not stored on the proxy service: sending a login request message to the service provider to which the authentication response message is directed, receiving an authentication request message from the service provider that includes an other unique session identifier and redirects the authentication request message to an identity provider, storing the other session identifier, and sending the authentication request message with the other identifier to the client.Type: ApplicationFiled: September 21, 2018Publication date: March 26, 2020Inventors: Nir MARDIKS RAPPAPORT, Vikas MALIK