Patents by Inventor Oleg Ananiev
Oleg Ananiev has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9344432Abstract: Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).Type: GrantFiled: June 24, 2010Date of Patent: May 17, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Yair Tor, Daniel Rose, Eugene (John) Neystadt, Patrik Schnell, Moshe Sapir, Oleg Ananiev, Arthur Zavalkovsky, Anat Eyal
-
Patent number: 8997196Abstract: Systems, methods and apparatus for accessing at least one resource hosted by at least one server of a cloud service provider. In some embodiments, a client computer sends authentication information associated with a user of the client computer and a statement of health regarding the client computer to an access control gateway deployed in an enterprise's managed network. The access control gateway authenticates the user and determines whether the user is authorized to access the at least one resource hosted in the cloud. If the user authentication and authorization succeeds, the access control gateway requests a security token from a security token service trusted by an access control component in the cloud and forwards the security token to the client computer. The client computer sends the security token to the access component in the cloud to access the at least one resource from the at least one server.Type: GrantFiled: June 14, 2010Date of Patent: March 31, 2015Assignee: Microsoft CorporationInventors: Asaf Kariv, Oleg Ananiev, Eli Tovbeyn, Daniel Kershaw, Eugene (John) Neystadt
-
Patent number: 8935742Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: GrantFiled: August 18, 2008Date of Patent: January 13, 2015Assignee: Microsoft CorporationInventors: Nir Nice, Oleg Ananiev, John Wohlfert, Amit Finkelstein, Alik Teplitsky
-
Patent number: 8918856Abstract: Embodiments of the invention provide a trusted intermediary for use in a system in which access control decisions may be based at least in part on information provided in claims. The intermediary may request claims on behalf of a network resource to which access is requested, and submit the claims for a decision whether to grant or deny access. The decision may be based at least in part on one or more access control policies, which may be pre-set or dynamically generated. Because the intermediary requests the claims and submits the claims for an access control decision, the network resource (e.g., a server application) need not be configured to process claims information.Type: GrantFiled: June 24, 2010Date of Patent: December 23, 2014Assignee: Microsoft CorporationInventors: Yair Tor, Eugene (John) Neystadt, Patrik Schnell, Oleg Ananiev, Arthur Zavalkovsky, Daniel Rose
-
Patent number: 8910268Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: GrantFiled: August 14, 2008Date of Patent: December 9, 2014Assignee: Microsoft CorporationInventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
-
Patent number: 8910255Abstract: Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.Type: GrantFiled: May 27, 2008Date of Patent: December 9, 2014Assignee: Microsoft CorporationInventors: Nir Nice, Oleg Ananiev, John F. Wohlfert, Amit Finkelstein, Alexander Teplitsky
-
Patent number: 8881223Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and off-premise or roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: GrantFiled: August 14, 2008Date of Patent: November 4, 2014Assignee: Microsoft CorporationInventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
-
Patent number: 8799985Abstract: Architecture that provides additional data that can be obtained and employed in security models in order to provide security to services over the service lifecycle. The architecture automatically propagates security classifications throughout the lifecycle of the service, which can include initial deployment, expansion, moving servers, monitoring, and reporting, for example, and further include classification propagation from the workload (computer), classification propagation in the model, classification propagation according to the lineage of the storage location (e.g., virtual hard drive), status propagation in the model and classification based on data stored in the machine.Type: GrantFiled: March 19, 2010Date of Patent: August 5, 2014Assignee: Microsoft CorporationInventors: Anders B. Vinberg, John Neystadt, Yair Tor, Oleg Ananiev
-
Patent number: 8296178Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: GrantFiled: August 14, 2008Date of Patent: October 23, 2012Assignee: Microsoft CorporationInventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
-
Publication number: 20110321130Abstract: Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).Type: ApplicationFiled: June 24, 2010Publication date: December 29, 2011Applicant: Microsoft CorporationInventors: Yair Tor, Daniel Rose, Eugene (John) Neystadt, Patrik Schnell, Moshe Sapir, Oleg Ananiev, Arthur Zavalkovsky, Anat Eyal
-
Publication number: 20110321152Abstract: Embodiments of the invention provide a trusted intermediary for use in a system in which access control decisions may be based at least in part on information provided in claims. The intermediary may request claims on behalf of a network resource to which access is requested, and submit the claims for a decision whether to grant or deny access. The decision may be based at least in part on one or more access control policies, which may be pre-set or dynamically generated. Because the intermediary requests the claims and submits the claims for an access control decision, the network resource (e.g., a server application) need not be configured to process claims information.Type: ApplicationFiled: June 24, 2010Publication date: December 29, 2011Applicant: Microsoft CorporationInventors: Yair Tor, Eugene (John) Neystadt, Patrik Schnell, Oleg Ananiev, Arthur Zavalkovsky, Daniel Rose
-
Publication number: 20110307947Abstract: Systems, methods and apparatus for accessing at least one resource hosted by at least one server of a cloud service provider. In some embodiments, a client computer sends authentication information associated with a user of the client computer and a statement of health regarding the client computer to an access control gateway deployed in an enterprise's managed network. The access control gateway authenticates the user and determines whether the user is authorized to access the at least one resource hosted in the cloud. If the user authentication and authorization succeeds, the access control gateway requests a security token from a security token service trusted by an access control component in the cloud and forwards the security token to the client computer. The client computer sends the security token to the access component in the cloud to access the at least one resource from the at least one server.Type: ApplicationFiled: June 14, 2010Publication date: December 15, 2011Applicant: Microsoft CorporationInventors: Asaf Kariv, Oleg Ananiev, Eli Tovbeyn, Daniel Kershaw, Eugene (John) Neystadt
-
Publication number: 20110138442Abstract: Architecture that provides additional data that can be obtained and employed in security models in order to provide security to services over the service lifecycle. The architecture automatically propagates security classifications throughout the lifecycle of the service, which can include initial deployment, expansion, moving servers, monitoring, and reporting, for example, and further include classification propagation from the workload (computer), classification propagation in the model, classification propagation according to the lineage of the storage location (e.g., virtual hard drive), status propagation in the model and classification based on data stored in the machine.Type: ApplicationFiled: March 19, 2010Publication date: June 9, 2011Applicant: Microsoft CorporationInventors: Anders B. Vinberg, John Neystadt, Yair Tor, Oleg Ananiev
-
Publication number: 20090300739Abstract: Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.Type: ApplicationFiled: May 27, 2008Publication date: December 3, 2009Applicant: MICROSOFT CORPORATIONInventors: Nir Nice, Oleg Ananiev, John F. Wohlfert, Amit Finkelstein, Alexander Teplitsky
-
Publication number: 20090178132Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: ApplicationFiled: August 14, 2008Publication date: July 9, 2009Applicant: Microsoft CorporationInventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
-
Publication number: 20090177514Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: ApplicationFiled: August 14, 2008Publication date: July 9, 2009Applicant: Microsoft CorporationInventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
-
Publication number: 20090178109Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: ApplicationFiled: August 18, 2008Publication date: July 9, 2009Applicant: Microsoft CorporationInventors: Nir Nice, Oleg Ananiev, John Wohlfert, Amit Finkelstein, Alik Teplitsky
-
Publication number: 20090178108Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and off-premise or roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: ApplicationFiled: August 14, 2008Publication date: July 9, 2009Applicant: Microsoft CorporationInventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
-
Publication number: 20090178131Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.Type: ApplicationFiled: June 29, 2008Publication date: July 9, 2009Applicant: MICROSOFT CORPORATIONInventors: Efim Hudis, Yigal Edery, Oleg Ananiev, Nir Nice, John F. Wohlfert