Patents by Inventor Nir Nice
Nir Nice has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20110313857Abstract: A client-based ad agent dynamically determines whether an advertisement campaign should bid on an impression for an end user and/or sets the bid price of the advertisement campaign for the impression. When an opportunity for an impression on a web page is identified, the ad agent accesses user data associated with an end user. The ad agent analyzes the user data to identify the relevance and/or value of serving an impression to the end user to the advertisement campaign. Based on the analysis, the ad agent controls whether the advertisement campaign bids on the impression for the end user and/or sets the bid price of the advertisement campaign for the impression.Type: ApplicationFiled: June 18, 2010Publication date: December 22, 2011Applicant: MICROSOFT CORPORATIONInventors: NIR NICE, URI BARASH, YING LI, MICHAEL J. GOLDBACH, WILLIAM H. GATES, III
-
Patent number: 8020197Abstract: Systems and methods for performing explicit delegation with strong authentication are described herein. Systems can include one or more clients, one or more end servers, and one or more gateways intermediate or between the client and the end server. The client may include an explicit strong delegation component that is adapted to strongly authenticate the client to the gateway. The explicit strong delegation component may also explicitly delegate to the gateway a right to authenticate on behalf of the client, and to define a period of time over which the explicit delegation is valid. The system may be viewed as being self-contained, in the sense that the system need not access third-party certificate or key distribution authorities. Finally, the client controls the gateways or end servers to which the gateway may authenticate on the client's behalf.Type: GrantFiled: February 15, 2006Date of Patent: September 13, 2011Assignee: Microsoft CorporationInventors: Tomer Shiran, Sara Bitan, Nir Nice, Jeroen de Borst, Dave Field, Shai Herzog
-
Publication number: 20110164746Abstract: Systems, methods, and computer storage media having computer-executable instructions embodied thereon that maintain privacy during user profiling are provided. A profiling service receives, from a first device, rules for profiling a user. The rules were encrypted using a private key. The profiling service also receives, from a second device, user data. The user data was encrypted using a public key communicated to the second device by the first device. The profiling service then matches the encrypted rules with the encrypted user data, and based on the matching, generates a profile for the user. In embodiments, such a user profile can be utilized to deliver personalized digital content to a user.Type: ApplicationFiled: January 7, 2010Publication date: July 7, 2011Applicant: MICROSOFT CORPORATIONInventors: NIR NICE, EHUD WIEDER, BOAZ FELDBAUM, SEFY OPHIR, ERAN SHAMIR, YACOV YACOBI, ARIE FRIEDMAN
-
Publication number: 20110167003Abstract: Embodiments of the present invention relate to systems, methods, and computer-storage media for maintaining privacy while delivering advertisements based on encrypted user profile identifiers. In embodiments, a Public key Encryption with Keyword Search (PEKS) is used to generate a public key and a private key. In embodiments, a public key and a private key are used to encrypt user profile identifiers and generate trapdoors associated with defined profile identifiers, respectively. A portion of the encrypted user profile identifiers are compared to a portion of the trapdoors. If a match is present between at least one encrypted user profile identifier and an associated trapdoor, a delivery engine is provided with an identification of content to be delivered to the user. The provided description is then used to determine an advertisement to present to a user. The advertisement is then presented to the user.Type: ApplicationFiled: January 7, 2010Publication date: July 7, 2011Applicant: MICROSOFT CORPORATIONInventors: NIR NICE, EHUD WIEDER, ARIE FRIEDMAN
-
Publication number: 20110145566Abstract: Described is a technology comprising a system in which two distrusting parties can submit sets of encrypted keywords using two independent secret keys to a third party who can decide, using only public keys, if the underlying cleartext message of a cryptogram produced by one distrusting party matches that of a cryptogram produced by the other. The third party (e.g., a server) uses generator information corresponding to a generator of an elliptic curve group to determine whether the sets of encrypted keywords match each other. Various ways to provide the generator information based upon the generator are described. Also described is the use of one-ray randomization and two-way randomization as part of the system to protect against dictionary attacks.Type: ApplicationFiled: December 15, 2009Publication date: June 16, 2011Applicant: Microsoft CorporationInventors: Nir Nice, Yacov Yacobi
-
Patent number: 7957399Abstract: A method of load balancing data packets at an array is disclosed. The method includes receiving a data packet encoded in a first format at an input of the array. The received data packet is assigned to an assigned element of the array, and the data packet is routed to a device. A message encoded in a second format is received from the device at the array. Information is extracted from a payload portion of the message, and the message is assigned to the assigned element of the array based on the information extracted from the payload portion of the message.Type: GrantFiled: December 19, 2008Date of Patent: June 7, 2011Assignee: Microsoft CorporationInventors: Nir Nice, Anat Eyal, Lior Alon, Ori Yosefi, Samer Karim
-
Publication number: 20110083013Abstract: Methods, systems, and computer-readable media for facilitating personalization of web content is provided, while protecting the privacy of the user data utilized to personalize the user's experience. A privacy vault may collect user data including user activity data, demographic data, and user interests submitted by a user. In one embodiment, the privacy vault operates on a user client device. The privacy vault sends the user data to a community vault that collects user data from multiple users. The community vault generates segment rules that whether a user belongs to a user segment, which expresses a user's interest. The segment rules are then communicated back to the privacy vault, which assigns one or more user segments to the user based on the user data available to the privacy vault and the segment rules. The privacy vault may communicate user segments to one or more content providers that supply personalized content that is selected based on the user segments provided.Type: ApplicationFiled: October 7, 2009Publication date: April 7, 2011Applicant: MICROSOFT CORPORATIONInventors: Nir Nice, Melissa W. Dunn, Eric Picard, Amit Shaked, Eric Don Van Valkenburg, Alexander George Gounares, Friedman Arie, Sefy Ophir, Boaz Feldbaum, Vu A. Ha, Teresa Mah, Darrell Jay Cannon, Michael Joseph Toutonghi, Uri Barash, Cynthia Dwork, Ying Li
-
Publication number: 20100263049Abstract: Methods, systems, and computer-readable media are disclosed for detecting vulnerabilities based on aggregated primitives. A particular method includes receiving a plurality of data transmissions. At least one of the data transmissions includes a protocol anomaly that is not indicative of a security threat. The method includes identifying a plurality of primitives associated with the data transmissions. The primitives are aggregated, and an attack condition is identified based on the aggregated primitives. A security alert is generated based on the identified attack condition.Type: ApplicationFiled: April 14, 2009Publication date: October 14, 2010Applicant: Microsoft CorporationInventors: David B. Cross, Nir Nice
-
Publication number: 20100228989Abstract: Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.Type: ApplicationFiled: March 3, 2009Publication date: September 9, 2010Applicant: Microsoft CorporationInventors: John Neystadt, Nir Nice
-
Publication number: 20100218247Abstract: A method is disclosed that includes assigning a service address to a service of a private network. The service of the private network is accessible, via a gateway, by a client computer. The method also includes turning off duplicate address detection at the gateway. The gateway is associated with a public network address that is different from the service address.Type: ApplicationFiled: February 20, 2009Publication date: August 26, 2010Applicant: Microsoft CorporationInventors: Nir Nice, Jeromy S. Statia, Samer J. Karim
-
Publication number: 20100217890Abstract: Aspects of the subject matter described herein relate to using server type to obtain a network address. In aspects, a gateway that sits between a single network protocol client and a server receives a request from the client for a network address of the server. The gateway issues multiple name resolution requests and waits for a first response. Depending on various factors, the gateway determines whether or not to wait for additional responses before responding to the client. If needed, the gateway may obtain an address of a translating device to assist the client in communicating with the server.Type: ApplicationFiled: February 20, 2009Publication date: August 26, 2010Applicant: Microsoft CorporationInventors: Nir Nice, Philip Derbeko, Anat Bar-Anan, Anat Eyal
-
Publication number: 20100218248Abstract: Methods, systems, and computer-readable media are disclosed for processing a secure data connection request. A particular method receives, at a first gateway, a secure data connection request from a client identifying a server to connect to. The first gateway sends the client device a redirect message instructing the client device to attempt alternate connection via a second gateway. The client sends a secure data connection request to the second gateway and the second gateway facilitates the secure data connection between the client and the server.Type: ApplicationFiled: February 26, 2009Publication date: August 26, 2010Applicant: Microsoft CorporationInventors: Nir Nice, Benjamin M. Schultz, Narasimhan A. Venkataramaiah
-
Publication number: 20100186079Abstract: In some embodiments of the invention, techniques may make private identifiers for private network resources usable to establish connections to those private network resources from computing devices connected to an outside network. For example, when a computing device is connected to an outside network and attempting to contact a private network resource, DNS may be used to resolve a domain name for the private network resource to an IP address for an edge resource of the private network. Communications may be passed between the computing device and the edge resource according to protocols which embed the identifier originally used to identify the private network resource. The edge resource of the private network may analyze communications over the connection to determine this identifier, and use it to pass the communication to the desired private network resource.Type: ApplicationFiled: January 20, 2009Publication date: July 22, 2010Applicant: Microsoft CorporationInventors: Nir Nice, Amit Finkelstein, Dror Kremer, Noam Ben-Yochanan, Shyam Seshadri
-
Publication number: 20100180332Abstract: Methods, systems, and computer-readable media are disclosed for applying information protection. A particular method includes receiving a data file at a gateway coupled to a network. The data file is to be sent to a destination device that is external to the network. The method also includes selectively applying information protection to the data file at the gateway prior to sending the data file to the destination device. The information protection is selectively applied based on information associated with the destination device, information associated with the data file, and information associated with a user of the destination device.Type: ApplicationFiled: January 9, 2009Publication date: July 15, 2010Applicant: Microsoft CorporationInventors: Noam Ben-Yochanan, John Neystadt, Nir Nice, Max Uritsky, Rushmi Malaviarachchi
-
Publication number: 20100157799Abstract: A method of load balancing data packets at an array is disclosed. The method includes receiving a data packet encoded in a first format at an input of the array. The received data packet is assigned to an assigned element of the array, and the data packet is routed to a device. A message encoded in a second format is received from the device at the array. Information is extracted from a payload portion of the message, and the message is assigned to the assigned element of the array based on the information extracted from the payload portion of the message.Type: ApplicationFiled: December 19, 2008Publication date: June 24, 2010Applicant: Microsoft CorporationInventors: Nir Nice, Anat Eyal, Lior Alon, Ori Yosefi, Samer Karim
-
Publication number: 20100125904Abstract: A mobile device, such as a mobile phone, smart phone, personal music player, handheld game device, and the like, when operatively combined with a PC, creates a secure and personalized computing platform through configuration of the mobile device's CPU (central processing unit) and OS (operating system) to function as an immutable trusted core. The trusted core in the mobile device verifies the integrity of the PC including, for example, that its drivers, applications, and other software are trusted and unmodified, and thus safe to use without presenting a threat to the integrity of the combined computing platform. The mobile device can further optionally store and transport the user's personalization data—including, for example, the user's desktop, applications, data, certificates, settings, and preferences—which can be accessed by the PC when the devices are combined to thus create a personalized computing environment.Type: ApplicationFiled: November 14, 2008Publication date: May 20, 2010Applicant: MICROSOFT CORPORATIONInventors: Nir Nice, Hen Fitoussi
-
Publication number: 20100115578Abstract: A network with authentication implemented using a client health enforcement framework. The framework is adapted to receive plug-ins on clients that generate health information. Corresponding plug-ins on a server validate that health information. Based on the results of validation, the server may instruct the client to remediate or may authorize an underlying access enforcement mechanism to allow access. A client plug-in that generates authentication information formatted as a statement of health may be incorporated into such a framework. Similarly, on the server, a validator to determine, based on the authentication information, whether the client should be granted network access can be incorporated into the framework. Authentication can be simply applied or modified by changing the plug-ins, while relying on the framework to interface with an enforcement mechanism.Type: ApplicationFiled: December 18, 2008Publication date: May 6, 2010Applicant: Microsoft CorporationInventors: Nir Nice, Anat Eyal, Chandrasekhar Nukala, Sreenivas Addagatla, Eugene Neystadt
-
Publication number: 20100058432Abstract: In a virtualization environment, a host machine on which a guest machine is operable is monitored to determine that it is healthy by being compliant with applicable policies (such as being up to date with the current security patches, running an anti-virus program, certified to run a guest machine, etc.) and free from malicious software or “malware” that could potentially disrupt or compromise the security of the guest machine. If the host machine is found to be non-compliant, then the guest machine is prevented from either booting up on the host machine or connecting to a network to ensure that the entire virtualization environment is compliant and that the guest machine, including its data and applications, etc., is protected against attacks that may be launched against it via malicious code that runs on the unhealthy host machine, or is isolated from the network until the non-compliancy is remediated.Type: ApplicationFiled: August 28, 2008Publication date: March 4, 2010Applicant: Microsoft CorporationInventors: John Neystadt, Noam Ben-Yochanan, Nir Nice
-
Publication number: 20100011432Abstract: A network protection solution is provided by which security capabilities of a client machine are communicated to a network security gateway so that a variety of processes can be automatically and dynamically distributed between the gateway and the client machine in a way that achieves a target level of security for the client while consuming the least possible amount of resources on the gateway. For example, for a client that is compliant with specified health and/or corporate governance policies and which is known to have A/V capabilities that are deployed and operational, the network security gateway will not need to perform additional A/V scanning on incoming network traffic to the client which can thus save resources at the gateway and lower operating costs.Type: ApplicationFiled: November 24, 2008Publication date: January 14, 2010Applicant: MICROSOFT CORPORATIONInventors: Yigal Edery, Nir Nice, David B. Cross
-
Publication number: 20090327497Abstract: Described is a technology by which a seamless automatic connection to an (e.g., corporate) network is made for a client device. Upon detecting a need for a connection to a network, such as by intercepting a communication directed towards a network destination, a list of available connection methods is automatically obtained based on the device's current location data (e.g., LAN or remote) and policy information. An available connection method from the list is selected, e.g., in order, and an attempt is made to establish a connection via that connection method. If the attempt fails, another attempt is made with a different connection method, and so on, until a connection method succeeds. Additional seamlessness from the user's perspective is provided via a credentials vault, by which stored credentials may be retrieved and used in association with the access method being attempted.Type: ApplicationFiled: June 27, 2008Publication date: December 31, 2009Applicant: MICROSOFT CORPORATIONInventors: Ehud Mordechai Itshaki, Nir Nice, Eugene John Neystadt, Noam Gershon Ben-Yochanan