Patents by Inventor Oded Gonda
Oded Gonda has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9137204Abstract: A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said security network components; The load-balancer balances load based on the control information. Preferably, network address translation is performed by the load-balancer based on the control information or network address translation is performed by the security network component and the control information includes information regarding an expected connection based on the network address translation.Type: GrantFiled: February 2, 2006Date of Patent: September 15, 2015Assignee: CHECK POINT SOFTWARE TECHNOLOGIES LTD.Inventors: Omer Schory, Ofer Raz, Oded Gonda
-
Patent number: 9130777Abstract: Disclosed are methods, media, and vault servers for providing a secure messaging system using vault servers in conjunction with client-side restricted-execution vault-mail environments. Methods include the steps of upon activating a vault-mail message containing sensitive content, removing the content from the vault-mail message; placing the content on a vault server; creating a link in the vault-mail message to the content on the vault server; sending the vault-mail message to a designated recipient; and upon activating the link, allowing the content to be only viewed in a restricted-execution session of a client application, wherein the restricted-execution session does not allow the content to be altered, copied, stored, printed, forwarded, or otherwise executed. Preferably, the activation of the vault-mail message is performed by a network-security gateway, and can be performed on a per-message basis.Type: GrantFiled: November 19, 2008Date of Patent: September 8, 2015Assignee: Check Point Software Technologies, LTD.Inventors: Oded Gonda, Ofer Raz, Alon Kantor, Uri Bialik, Yoav Kirsch
-
Patent number: 8776017Abstract: A data leak prevention application that categorizes documents by data type is provided, a data type being a sensitivity classification of a document based on what data the document contains. A scripting language processing engine is embedded into the data leak prevention application, the scripting language forming part of the application as hard code. A user configures interaction of the scripting language processing engine with the application. The configuring may include modifying or adding code or setting criteria for when code portions of the scripting language processing engine activates. The scripting language processing engine is activated to enhance an accuracy of an existing data type or so as to detect a new data type. Upon enhancing the accuracy of the data type, documents may be re-categorized.Type: GrantFiled: July 26, 2010Date of Patent: July 8, 2014Assignee: Check Point Software Technologies LtdInventors: Amnon Perlmutter, Aviad Mor, Oded Gonda, Ofer Raz, Matt LeGrow
-
Patent number: 8726008Abstract: A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said components; The load-balancer balances load based on the control information. Preferably, network address translation (NAT) is performed by the load-balancer based on the control information or NAT is performed by the security network component and the control information includes information regarding an expected connection based on NAT.Type: GrantFiled: March 28, 2012Date of Patent: May 13, 2014Assignee: Check Point Software Technologies Ltd.Inventors: Omer Schory, Ofer Raz, Oded Gonda
-
Publication number: 20120297491Abstract: A system and method for protecting data communications in a system including a toad-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said components; The load-balancer balances load based on the control information. Preferably, network address translation (NAT) is performed by the load-balancer based on the control information or NAT is performed by the security network component and the control information includes information regarding an expected connection based on NAT.Type: ApplicationFiled: March 28, 2012Publication date: November 22, 2012Applicant: CHECK POINT SOFTWARE TECHNOLOGIES LTD.Inventors: Omer Schory, Ofer Raz, Oded Gonda
-
Patent number: 8161188Abstract: Disclosed are devices and methods for providing network access control utilizing traffic-regulation hardware, the device including: at least one client-side port for operationally connecting to a client system; at least one network-side port for operationally connecting to a network; a logic module for regulating network traffic, based on device-related data, between the ports, the logic module including: a memory unit for storing and loading the device-related data; and a CPU for processing the device-related data; and at least one relay, between at least one respective client-side port and at least one respective network-side port, configured to open upon receiving a respective network-access-denial command from the logic module. Preferably, the logic module is configured to maintain an open-relay line-rate when at least one relay is open, and to maintain a closed-relay line-rate when at least one relay is closed.Type: GrantFiled: May 4, 2008Date of Patent: April 17, 2012Assignee: Check Point Software Technologies, LtdInventors: Oded Gonda, Yaron Sheffer
-
Publication number: 20120023480Abstract: A data leak prevention application that categorizes documents by data type is provided, a data type being a sensitivity classification of a document based on what data the document contains. A scripting language processing engine is embedded into the data leak prevention application, the scripting language forming part of the application as hard code. A user configures interaction of the scripting language processing engine with the application. The configuring may include modifying or adding code or setting criteria for when code portions of the scripting language processing engine activates. The scripting language processing engine is activated to enhance an accuracy of an existing data type or so as to detect a new data type. Upon enhancing the accuracy of the data type, documents may be re-categorized.Type: ApplicationFiled: July 26, 2010Publication date: January 26, 2012Applicant: Check Point Software Technologies Ltd.Inventors: Amnon Perlmutter, Aviad Mor, Oded Gonda, Ofer Raz, Matt LeGrow
-
Publication number: 20100125637Abstract: Disclosed are methods, media, and vault servers for providing a secure messaging system using vault servers in conjunction with client-side restricted-execution vault-mail environments. Methods include the steps of upon activating a vault-mail message containing sensitive content, removing the content from the vault-mail message; placing the content on a vault server; creating a link in the vault-mail message to the content on the vault server; sending the vault-mail message to a designated recipient; and upon activating the link, allowing the content to be only viewed in a restricted-execution session of a client application, wherein the restricted-execution session does not allow the content to be altered, copied, stored, printed, forwarded, or otherwise executed. Preferably, the activation of the vault-mail message is performed by a network-security gateway, and can be performed on a per-message basis.Type: ApplicationFiled: November 19, 2008Publication date: May 20, 2010Applicant: CHECK POINT SOFTWARE TECHNOLOGIES, LTD.Inventors: Oded GONDA, Ofer Raz, Alon Kantor, Uri Bialik, Yoav Kirsch
-
Publication number: 20090276538Abstract: Disclosed are devices and methods for providing network access control utilizing traffic-regulation hardware, the device including: at least one client-side port for operationally connecting to a client system; at least one network-side port for operationally connecting to a network; a logic module for regulating network traffic, based on device-related data, between the ports, the logic module including: a memory unit for storing and loading the device-related data; and a CPU for processing the device-related data; and at least one relay, between at least one respective client-side port and at least one respective network-side port, configured to open upon receiving a respective network-access-denial command from the logic module. Preferably, the logic module is configured to maintain an open-relay line-rate when at least one relay is open, and to maintain a closed-relay line-rate when at least one relay is closed.Type: ApplicationFiled: May 4, 2008Publication date: November 5, 2009Applicant: Check Point Software Technologies Ltd.Inventors: Oded Gonda, Yaron Sheffer
-
Publication number: 20070180226Abstract: A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said security network components; The load-balancer balances load based on the control information. Preferably, network address translation is performed by the load-balancer based on the control information or network address translation is performed by the security network component and the control information includes information regarding an expected connection based on the network address translation.Type: ApplicationFiled: February 2, 2006Publication date: August 2, 2007Inventors: Omer Schory, Ofer Raz, Oded Gonda