Patents by Inventor Tal Zamir
Tal Zamir has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230195914Abstract: A method for use in granting access to a target to a user device, comprising: receiving at a proxy a request to access the target; forwarding by the proxy the access request to a security broker when the user device is verified by the proxy to know a prescribed secret, wherein the request is forwarded so as to appear to originate from a prescribed set of internet protocol (IP) addresses that the security broker recognizes as trusted; receiving by the proxy from the security broker (i) an access token, the access token being submittable to the target by the user device to gain access thereto and (ii) instructions for transmission to the user device for causing the user device to be redirected to an address indicating the requested target; and transmitting by the proxy toward the user device the access token and the instructions.Type: ApplicationFiled: December 13, 2022Publication date: June 22, 2023Applicant: Perception Point Ltd.Inventors: Tal ZAMIR, Boris FIGOVSKY, Oren ZOMER
-
Patent number: 11537710Abstract: A method for rendering virtual desktops on an air-gapped endpoint is provided. The method includes rendering a first window presenting a first virtual desktop of a first security zone; rendering a second window presenting a second virtual desktop display of a second security zone, wherein the first security zone and the second security zone are of a plurality of security zones instantiated on the air-gapped endpoint; and controlling, by a hypervisor, display of the first window and the second window on a desktop of the air-gapped endpoint, wherein any application in the first security zone cannot access any application in the second security zone when displayed on the same desktop.Type: GrantFiled: May 20, 2020Date of Patent: December 27, 2022Assignee: Perception Point Ltd.Inventors: Oleg Zlotnik, Nir Adler, Tal Zamir
-
Patent number: 11531749Abstract: A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).Type: GrantFiled: May 20, 2020Date of Patent: December 20, 2022Assignee: Perception Point Ltd.Inventors: Boris Figovsky, Tal Zamir, Oleg Zlotnik, Nir Adler
-
Publication number: 20220004623Abstract: A method and system for method for providing a managed and isolated workspace on a user device are provided. The method creating a secured workspace in the user device, wherein the secured workspace is separated from a host operating system and includes a guest operating system; monitoring activity performed in the secured workspace and host operating system; determining, based on a security policy, if the monitored activity is risky; and causing execution of any determined risky activity in the secured workspace, thereby defending the host operating system from the determined risky activity, wherein the host operating system executes sensitive applications to an organization.Type: ApplicationFiled: July 6, 2021Publication date: January 6, 2022Applicant: Hysolate Ltd.Inventors: Tomer TRABELSI, Nir ADLER, Boris FIGOVSKY, Oleg ZLOTNIK, Tal ZAMIR
-
Patent number: 11170736Abstract: Techniques are described for preserving desktop state between login sessions in desktop computing environments. During an active login session of a desktop by a user, the system intercepts all requests to open a file and records the requested file paths. The information can be recorded locally or at a remote location, such as a server accessed over a network connection. Before the login session is terminated, the system determines all open windows and captures a screenshot of each window that is open on the desktop at the time of terminating the login session. The location of each window is also determined and recorded along with the screenshots before the session is terminated. When the user starts a new active login session at a later time, the state of the desktop is restored using the recorded file paths, screenshots and window locations.Type: GrantFiled: March 1, 2019Date of Patent: November 9, 2021Assignee: VMware, Inc.Inventor: Tal Zamir
-
Patent number: 11153322Abstract: A method for performing user experience (UX) functions on an air-gapped endpoint is provided. The method includes monitoring a plurality of virtual machines to detect at least one user request to be executed within a security zone; intercepting the user request and analyzing a level of permission required to complete the user request; determining an appropriate security zone in which to execute the user request, wherein the appropriate security zone has the required level of permission; and executing the user request in the appropriate security zone.Type: GrantFiled: August 15, 2019Date of Patent: October 19, 2021Assignee: Hysolate Ltd.Inventors: Tomer Trabelsi, Oleg Zlotnik, Nir Adler, Tal Zamir
-
Patent number: 11010352Abstract: A system and method for providing a unified file system on an air-gapped endpoint are provided. The method included monitoring a plurality of security zones, instantiated on the air-gapped endpoint, to intercept at least one file system operation to access files on a first security zone; determining if the detected file system operation triggers a display of the file system dialog window effecting a second security zone; and when the file system dialog window effecting the second security zone, blocking the display of the file system dialog window in the first security zone; and displaying the file system dialog window in the second security zone.Type: GrantFiled: June 17, 2019Date of Patent: May 18, 2021Assignee: Hysolate Ltd.Inventors: Tal Zamir, Tomer Trabelsi, Oleg Zlotnik, Nir Adler
-
Publication number: 20210109903Abstract: A system and method for providing a unified file system on an air-gapped endpoint are provided. The method includes monitoring the first and second security zones instantiated on the virtually air-gapped endpoint to intercept at least one file system operation to access files on the first security zone; determining if the detected file system operation triggers a display of a file system dialog window of the second security zone; and when the file system dialog window of the second security zone is determined to be triggered, preventing the display of a file system dialog window in the first security zone; and displaying the file system dialog window of the second security zone in the second security zone.Type: ApplicationFiled: December 1, 2020Publication date: April 15, 2021Applicant: Hysolate Ltd.Inventors: Tal ZAMIR, Tomer TRABELSI, Oleg ZLOTNIK, Nir ADLER
-
Patent number: 10901780Abstract: An enterprise management system is described for efficient operating system migration, preserving applications, data, and settings. A staging area, such as an empty folder, is created on a client device. A base layer for the new operating system and application layers for applications that will be installed on the computing device are downloaded to the staging area. After the base layer and application layers are downloaded, the layers are merged onto the computing device to instantly install the operating system and the applications. User settings, data, and other applications can be migrated to corresponding locations in the new operating system from the old operating system.Type: GrantFiled: November 6, 2017Date of Patent: January 26, 2021Assignee: VMware, Inc.Inventor: Tal Zamir
-
Publication number: 20200285734Abstract: A method for operating an air-gapped endpoint is provided. The method includes initializing, on the endpoint, a hypervisor for execution over a primitive operating system (OS) of the endpoint; creating an isolated security zone by instantiating a virtual machine using the hypervisor, wherein the security zone includes a plurality of applications executed over a guest OS; and auditing, by the hypervisor, any action performed by any application executed in the security zone.Type: ApplicationFiled: May 20, 2020Publication date: September 10, 2020Applicant: Hysolate Ltd.Inventors: Tal ZAMIR, Oleg ZLOTNIK, Boris FIGOVSKY, Nir ADLER
-
Publication number: 20200285735Abstract: A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).Type: ApplicationFiled: May 20, 2020Publication date: September 10, 2020Applicant: Hysolate Ltd.Inventors: Boris FIGOVSKY, Tal ZAMIR, Oleg ZLOTNIK, Nir ADLER
-
Publication number: 20200279042Abstract: A method for rendering virtual desktops on an air-gapped endpoint is provided. The method includes rendering a first window presenting a first virtual desktop of a first security zone; rendering a second window presenting a second virtual desktop display of a second security zone, wherein the first security zone and the second security zone are of a plurality of security zones instantiated on the air-gapped endpoint; and controlling, by a hypervisor, display of the first window and the second window on a desktop of the air-gapped endpoint, wherein any application in the first security zone cannot access any application in the second security zone when displayed on the same desktop.Type: ApplicationFiled: May 20, 2020Publication date: September 3, 2020Applicant: Hysolate Ltd.Inventors: Oleg ZLOTNIK, Nir ADLER, Tal ZAMIR
-
Patent number: 10699004Abstract: A method for performing user experience (UX) functions on an air-gapped endpoint is provided. The method includes monitoring a plurality of security zones, instantiated on the air-gapped endpoint, to detect at least one UX command executed in a first security zone; determining if the detected UX command triggers a UX function effecting a second security zone; determining if the UX function to be triggered maintains compliance with a security policy of the first and second security zones; and executing the UX function across the first and second security zones.Type: GrantFiled: January 22, 2018Date of Patent: June 30, 2020Assignee: Hysolate Ltd.Inventors: Oleg Zlotnik, Nir Adler, Tal Zamir
-
Patent number: 10699003Abstract: An air-gapped computing system includes at least network card interface; a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: initialize a hypervisor for execution over a primitive OS; create a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using the hypervisor, wherein each of the plurality of security zones includes a plurality of applications executed over a guest OS; instantiate a networking virtual machine using the hypervisor; control, by the networking virtual machine, access of each application in each of the plurality of security zones to an external network resource; and monitor execution of the guest OS and each application in at least one activated security zone of the plurality of security zones, wherein the monitoring is performed to maintain compliance with a security policy corresponding to each activated security zone being monitored.Type: GrantFiled: November 9, 2017Date of Patent: June 30, 2020Assignee: HYSOLATE LTD.Inventors: Tal Zamir, Oleg Zlotnik, Boris Figovsky
-
Patent number: 10699005Abstract: A method and system for controlling access to external networks by an air-gapped endpoint are provided. The method includes identifying a type of an external network being connected, upon detection of a new network connection to the air-gapped endpoint; determining for each security zone of a plurality of isolated security zones at least one access rule to access the network, wherein the plurality of isolated security zones is operable in a virtual environment instantiated on the air-gapped endpoint; allowing a connection between a security zone and the external network based on the at least one access rule; and monitoring all traffic between the security zone and the external network to at least maintain compliance with a security policy set for the respective security zone.Type: GrantFiled: January 22, 2018Date of Patent: June 30, 2020Assignee: Hysolate Ltd.Inventors: Boris Figovsky, Tal Zamir
-
Patent number: 10579404Abstract: A system is described allowing a virtual desktop to be booted directly from a desktop image stored in a backup database without requiring content from the desktop image to be copied into the virtual disk of the virtual machine hosting the virtual desktop. The hosting virtual machine contains a synthetic virtual disk acting as a stub disk by redirecting read requests targeted for the synthetic disk from the guest operating system to corresponding locations of the storage where the desktop image is kept.Type: GrantFiled: January 4, 2017Date of Patent: March 3, 2020Assignee: VMware, Inc.Inventor: Tal Zamir
-
Publication number: 20200019430Abstract: A method for binding a user account operable on an air-gapped computer to an appropriate virtual machine (VM), comprising: monitoring a plurality of VMs to determine an associated user account for each of the plurality of VMs, wherein the plurality of VMs are executed over the air-gapped computer, and wherein each of the plurality of VMs is a distinct security zone in the air-gapped computer; determining a current VM from the plurality of VMs to bind an associated user account thereto; and displaying user specific indications on desktop items associated with each user account.Type: ApplicationFiled: September 24, 2019Publication date: January 16, 2020Applicant: Hysolate Ltd.Inventors: Tomer TRABELSI, Oleg ZLOTNIK, Nir ADLER, Tal ZAMIR
-
Patent number: 10511661Abstract: Methods and systems for n-way cloning and synchronization of a user desktop image are provided. Example embodiments provide a Cloning and Synchronization System (“CSS”) which binds a server stored CVD object representing the user's desktop image to one or more endpoint devices. Each endpoint device receives a clone of the CVD object that comprises one or more layers of the server CVD depending upon the suitability of the endpoint device hardware and operating system to the server stored desktop. The cloned CVDs in the endpoint devices are then kept synchronized by synchronization operations. In one embodiment, the CSS allows only one endpoint device to act as a master device and push up changes to the server CVD. These changes are then pushed down to the other devices using different synchronization methods dependent upon the layer.Type: GrantFiled: October 21, 2016Date of Patent: December 17, 2019Assignee: VMware, Inc.Inventors: Israel Zvi Ben-Shaul, Tal Zamir, Leonid Vasetsky, Guy Yogev, Kfir Lev-Ari
-
Patent number: 10503532Abstract: Techniques are described for creating a virtual machine clone of a physical host computing device. A hosted hypervisor running within a host operating system on the physical computing device receives a request to boot a virtual machine clone of the device. In response to the request, the hosted hypervisor synthesizes a virtual disk that is comprised of a master boot record of the host computing device, a read-only snapshot obtained from a volume snapshot service of the host operating system and a delta virtual disk for recording changes. The hosted hypervisor then launches the virtual machine clone by attaching the synthesized virtual disk to the virtual machine clone and booting the guest operating system from the master boot record and the snapshot. Any changes made during the use of the virtual machine clone can be automatically propagated back and applied to the physical host device.Type: GrantFiled: June 26, 2015Date of Patent: December 10, 2019Assignee: VMware, Inc.Inventor: Tal Zamir
-
Publication number: 20190372983Abstract: A method for performing user experience (UX) functions on an air-gapped endpoint is provided. The method includes monitoring a plurality of virtual machines to detect at least one user request to be executed within a security zone; intercepting the user request and analyzing a level of permission required to complete the user request; determining an appropriate security zone in which to execute the user request, wherein the appropriate security zone has the required level of permission; and executing the user request in the appropriate security zone.Type: ApplicationFiled: August 15, 2019Publication date: December 5, 2019Applicant: Hysolate Ltd.Inventors: Tomer TRABELSI, Oleg ZLOTNIK, Nir ADLER, Tal ZAMIR