Patents by Inventor Nir Nice

Nir Nice has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20110313857
    Abstract: A client-based ad agent dynamically determines whether an advertisement campaign should bid on an impression for an end user and/or sets the bid price of the advertisement campaign for the impression. When an opportunity for an impression on a web page is identified, the ad agent accesses user data associated with an end user. The ad agent analyzes the user data to identify the relevance and/or value of serving an impression to the end user to the advertisement campaign. Based on the analysis, the ad agent controls whether the advertisement campaign bids on the impression for the end user and/or sets the bid price of the advertisement campaign for the impression.
    Type: Application
    Filed: June 18, 2010
    Publication date: December 22, 2011
    Applicant: MICROSOFT CORPORATION
    Inventors: NIR NICE, URI BARASH, YING LI, MICHAEL J. GOLDBACH, WILLIAM H. GATES, III
  • Patent number: 8020197
    Abstract: Systems and methods for performing explicit delegation with strong authentication are described herein. Systems can include one or more clients, one or more end servers, and one or more gateways intermediate or between the client and the end server. The client may include an explicit strong delegation component that is adapted to strongly authenticate the client to the gateway. The explicit strong delegation component may also explicitly delegate to the gateway a right to authenticate on behalf of the client, and to define a period of time over which the explicit delegation is valid. The system may be viewed as being self-contained, in the sense that the system need not access third-party certificate or key distribution authorities. Finally, the client controls the gateways or end servers to which the gateway may authenticate on the client's behalf.
    Type: Grant
    Filed: February 15, 2006
    Date of Patent: September 13, 2011
    Assignee: Microsoft Corporation
    Inventors: Tomer Shiran, Sara Bitan, Nir Nice, Jeroen de Borst, Dave Field, Shai Herzog
  • Publication number: 20110164746
    Abstract: Systems, methods, and computer storage media having computer-executable instructions embodied thereon that maintain privacy during user profiling are provided. A profiling service receives, from a first device, rules for profiling a user. The rules were encrypted using a private key. The profiling service also receives, from a second device, user data. The user data was encrypted using a public key communicated to the second device by the first device. The profiling service then matches the encrypted rules with the encrypted user data, and based on the matching, generates a profile for the user. In embodiments, such a user profile can be utilized to deliver personalized digital content to a user.
    Type: Application
    Filed: January 7, 2010
    Publication date: July 7, 2011
    Applicant: MICROSOFT CORPORATION
    Inventors: NIR NICE, EHUD WIEDER, BOAZ FELDBAUM, SEFY OPHIR, ERAN SHAMIR, YACOV YACOBI, ARIE FRIEDMAN
  • Publication number: 20110167003
    Abstract: Embodiments of the present invention relate to systems, methods, and computer-storage media for maintaining privacy while delivering advertisements based on encrypted user profile identifiers. In embodiments, a Public key Encryption with Keyword Search (PEKS) is used to generate a public key and a private key. In embodiments, a public key and a private key are used to encrypt user profile identifiers and generate trapdoors associated with defined profile identifiers, respectively. A portion of the encrypted user profile identifiers are compared to a portion of the trapdoors. If a match is present between at least one encrypted user profile identifier and an associated trapdoor, a delivery engine is provided with an identification of content to be delivered to the user. The provided description is then used to determine an advertisement to present to a user. The advertisement is then presented to the user.
    Type: Application
    Filed: January 7, 2010
    Publication date: July 7, 2011
    Applicant: MICROSOFT CORPORATION
    Inventors: NIR NICE, EHUD WIEDER, ARIE FRIEDMAN
  • Publication number: 20110145566
    Abstract: Described is a technology comprising a system in which two distrusting parties can submit sets of encrypted keywords using two independent secret keys to a third party who can decide, using only public keys, if the underlying cleartext message of a cryptogram produced by one distrusting party matches that of a cryptogram produced by the other. The third party (e.g., a server) uses generator information corresponding to a generator of an elliptic curve group to determine whether the sets of encrypted keywords match each other. Various ways to provide the generator information based upon the generator are described. Also described is the use of one-ray randomization and two-way randomization as part of the system to protect against dictionary attacks.
    Type: Application
    Filed: December 15, 2009
    Publication date: June 16, 2011
    Applicant: Microsoft Corporation
    Inventors: Nir Nice, Yacov Yacobi
  • Patent number: 7957399
    Abstract: A method of load balancing data packets at an array is disclosed. The method includes receiving a data packet encoded in a first format at an input of the array. The received data packet is assigned to an assigned element of the array, and the data packet is routed to a device. A message encoded in a second format is received from the device at the array. Information is extracted from a payload portion of the message, and the message is assigned to the assigned element of the array based on the information extracted from the payload portion of the message.
    Type: Grant
    Filed: December 19, 2008
    Date of Patent: June 7, 2011
    Assignee: Microsoft Corporation
    Inventors: Nir Nice, Anat Eyal, Lior Alon, Ori Yosefi, Samer Karim
  • Publication number: 20110083013
    Abstract: Methods, systems, and computer-readable media for facilitating personalization of web content is provided, while protecting the privacy of the user data utilized to personalize the user's experience. A privacy vault may collect user data including user activity data, demographic data, and user interests submitted by a user. In one embodiment, the privacy vault operates on a user client device. The privacy vault sends the user data to a community vault that collects user data from multiple users. The community vault generates segment rules that whether a user belongs to a user segment, which expresses a user's interest. The segment rules are then communicated back to the privacy vault, which assigns one or more user segments to the user based on the user data available to the privacy vault and the segment rules. The privacy vault may communicate user segments to one or more content providers that supply personalized content that is selected based on the user segments provided.
    Type: Application
    Filed: October 7, 2009
    Publication date: April 7, 2011
    Applicant: MICROSOFT CORPORATION
    Inventors: Nir Nice, Melissa W. Dunn, Eric Picard, Amit Shaked, Eric Don Van Valkenburg, Alexander George Gounares, Friedman Arie, Sefy Ophir, Boaz Feldbaum, Vu A. Ha, Teresa Mah, Darrell Jay Cannon, Michael Joseph Toutonghi, Uri Barash, Cynthia Dwork, Ying Li
  • Publication number: 20100263049
    Abstract: Methods, systems, and computer-readable media are disclosed for detecting vulnerabilities based on aggregated primitives. A particular method includes receiving a plurality of data transmissions. At least one of the data transmissions includes a protocol anomaly that is not indicative of a security threat. The method includes identifying a plurality of primitives associated with the data transmissions. The primitives are aggregated, and an attack condition is identified based on the aggregated primitives. A security alert is generated based on the identified attack condition.
    Type: Application
    Filed: April 14, 2009
    Publication date: October 14, 2010
    Applicant: Microsoft Corporation
    Inventors: David B. Cross, Nir Nice
  • Publication number: 20100228989
    Abstract: Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.
    Type: Application
    Filed: March 3, 2009
    Publication date: September 9, 2010
    Applicant: Microsoft Corporation
    Inventors: John Neystadt, Nir Nice
  • Publication number: 20100218247
    Abstract: A method is disclosed that includes assigning a service address to a service of a private network. The service of the private network is accessible, via a gateway, by a client computer. The method also includes turning off duplicate address detection at the gateway. The gateway is associated with a public network address that is different from the service address.
    Type: Application
    Filed: February 20, 2009
    Publication date: August 26, 2010
    Applicant: Microsoft Corporation
    Inventors: Nir Nice, Jeromy S. Statia, Samer J. Karim
  • Publication number: 20100217890
    Abstract: Aspects of the subject matter described herein relate to using server type to obtain a network address. In aspects, a gateway that sits between a single network protocol client and a server receives a request from the client for a network address of the server. The gateway issues multiple name resolution requests and waits for a first response. Depending on various factors, the gateway determines whether or not to wait for additional responses before responding to the client. If needed, the gateway may obtain an address of a translating device to assist the client in communicating with the server.
    Type: Application
    Filed: February 20, 2009
    Publication date: August 26, 2010
    Applicant: Microsoft Corporation
    Inventors: Nir Nice, Philip Derbeko, Anat Bar-Anan, Anat Eyal
  • Publication number: 20100218248
    Abstract: Methods, systems, and computer-readable media are disclosed for processing a secure data connection request. A particular method receives, at a first gateway, a secure data connection request from a client identifying a server to connect to. The first gateway sends the client device a redirect message instructing the client device to attempt alternate connection via a second gateway. The client sends a secure data connection request to the second gateway and the second gateway facilitates the secure data connection between the client and the server.
    Type: Application
    Filed: February 26, 2009
    Publication date: August 26, 2010
    Applicant: Microsoft Corporation
    Inventors: Nir Nice, Benjamin M. Schultz, Narasimhan A. Venkataramaiah
  • Publication number: 20100186079
    Abstract: In some embodiments of the invention, techniques may make private identifiers for private network resources usable to establish connections to those private network resources from computing devices connected to an outside network. For example, when a computing device is connected to an outside network and attempting to contact a private network resource, DNS may be used to resolve a domain name for the private network resource to an IP address for an edge resource of the private network. Communications may be passed between the computing device and the edge resource according to protocols which embed the identifier originally used to identify the private network resource. The edge resource of the private network may analyze communications over the connection to determine this identifier, and use it to pass the communication to the desired private network resource.
    Type: Application
    Filed: January 20, 2009
    Publication date: July 22, 2010
    Applicant: Microsoft Corporation
    Inventors: Nir Nice, Amit Finkelstein, Dror Kremer, Noam Ben-Yochanan, Shyam Seshadri
  • Publication number: 20100180332
    Abstract: Methods, systems, and computer-readable media are disclosed for applying information protection. A particular method includes receiving a data file at a gateway coupled to a network. The data file is to be sent to a destination device that is external to the network. The method also includes selectively applying information protection to the data file at the gateway prior to sending the data file to the destination device. The information protection is selectively applied based on information associated with the destination device, information associated with the data file, and information associated with a user of the destination device.
    Type: Application
    Filed: January 9, 2009
    Publication date: July 15, 2010
    Applicant: Microsoft Corporation
    Inventors: Noam Ben-Yochanan, John Neystadt, Nir Nice, Max Uritsky, Rushmi Malaviarachchi
  • Publication number: 20100157799
    Abstract: A method of load balancing data packets at an array is disclosed. The method includes receiving a data packet encoded in a first format at an input of the array. The received data packet is assigned to an assigned element of the array, and the data packet is routed to a device. A message encoded in a second format is received from the device at the array. Information is extracted from a payload portion of the message, and the message is assigned to the assigned element of the array based on the information extracted from the payload portion of the message.
    Type: Application
    Filed: December 19, 2008
    Publication date: June 24, 2010
    Applicant: Microsoft Corporation
    Inventors: Nir Nice, Anat Eyal, Lior Alon, Ori Yosefi, Samer Karim
  • Publication number: 20100125904
    Abstract: A mobile device, such as a mobile phone, smart phone, personal music player, handheld game device, and the like, when operatively combined with a PC, creates a secure and personalized computing platform through configuration of the mobile device's CPU (central processing unit) and OS (operating system) to function as an immutable trusted core. The trusted core in the mobile device verifies the integrity of the PC including, for example, that its drivers, applications, and other software are trusted and unmodified, and thus safe to use without presenting a threat to the integrity of the combined computing platform. The mobile device can further optionally store and transport the user's personalization data—including, for example, the user's desktop, applications, data, certificates, settings, and preferences—which can be accessed by the PC when the devices are combined to thus create a personalized computing environment.
    Type: Application
    Filed: November 14, 2008
    Publication date: May 20, 2010
    Applicant: MICROSOFT CORPORATION
    Inventors: Nir Nice, Hen Fitoussi
  • Publication number: 20100115578
    Abstract: A network with authentication implemented using a client health enforcement framework. The framework is adapted to receive plug-ins on clients that generate health information. Corresponding plug-ins on a server validate that health information. Based on the results of validation, the server may instruct the client to remediate or may authorize an underlying access enforcement mechanism to allow access. A client plug-in that generates authentication information formatted as a statement of health may be incorporated into such a framework. Similarly, on the server, a validator to determine, based on the authentication information, whether the client should be granted network access can be incorporated into the framework. Authentication can be simply applied or modified by changing the plug-ins, while relying on the framework to interface with an enforcement mechanism.
    Type: Application
    Filed: December 18, 2008
    Publication date: May 6, 2010
    Applicant: Microsoft Corporation
    Inventors: Nir Nice, Anat Eyal, Chandrasekhar Nukala, Sreenivas Addagatla, Eugene Neystadt
  • Publication number: 20100058432
    Abstract: In a virtualization environment, a host machine on which a guest machine is operable is monitored to determine that it is healthy by being compliant with applicable policies (such as being up to date with the current security patches, running an anti-virus program, certified to run a guest machine, etc.) and free from malicious software or “malware” that could potentially disrupt or compromise the security of the guest machine. If the host machine is found to be non-compliant, then the guest machine is prevented from either booting up on the host machine or connecting to a network to ensure that the entire virtualization environment is compliant and that the guest machine, including its data and applications, etc., is protected against attacks that may be launched against it via malicious code that runs on the unhealthy host machine, or is isolated from the network until the non-compliancy is remediated.
    Type: Application
    Filed: August 28, 2008
    Publication date: March 4, 2010
    Applicant: Microsoft Corporation
    Inventors: John Neystadt, Noam Ben-Yochanan, Nir Nice
  • Publication number: 20100011432
    Abstract: A network protection solution is provided by which security capabilities of a client machine are communicated to a network security gateway so that a variety of processes can be automatically and dynamically distributed between the gateway and the client machine in a way that achieves a target level of security for the client while consuming the least possible amount of resources on the gateway. For example, for a client that is compliant with specified health and/or corporate governance policies and which is known to have A/V capabilities that are deployed and operational, the network security gateway will not need to perform additional A/V scanning on incoming network traffic to the client which can thus save resources at the gateway and lower operating costs.
    Type: Application
    Filed: November 24, 2008
    Publication date: January 14, 2010
    Applicant: MICROSOFT CORPORATION
    Inventors: Yigal Edery, Nir Nice, David B. Cross
  • Publication number: 20090327497
    Abstract: Described is a technology by which a seamless automatic connection to an (e.g., corporate) network is made for a client device. Upon detecting a need for a connection to a network, such as by intercepting a communication directed towards a network destination, a list of available connection methods is automatically obtained based on the device's current location data (e.g., LAN or remote) and policy information. An available connection method from the list is selected, e.g., in order, and an attempt is made to establish a connection via that connection method. If the attempt fails, another attempt is made with a different connection method, and so on, until a connection method succeeds. Additional seamlessness from the user's perspective is provided via a credentials vault, by which stored credentials may be retrieved and used in association with the access method being attempted.
    Type: Application
    Filed: June 27, 2008
    Publication date: December 31, 2009
    Applicant: MICROSOFT CORPORATION
    Inventors: Ehud Mordechai Itshaki, Nir Nice, Eugene John Neystadt, Noam Gershon Ben-Yochanan