Patents by Inventor Uri Kahana
Uri Kahana has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11856032Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: GrantFiled: September 21, 2021Date of Patent: December 26, 2023Assignee: Intel CorporationInventors: Tarun Viswanathan, Uri Kahana, Alan Ross, Eran Birk
-
Patent number: 11722526Abstract: A model checking system detects violations and conflicts in security and verification policies by running model checking processes. The system detects privilege escalation attacks in misconfigured identification and access management (“IAM”) policies by modeling security policy documents and IAM actions as logical formulas and then running model checking on the model. The system translates non-Boolean variables, such as string variables, into Boolean variables in order to apply an SAT model checker. The model checker also determines whether a policy violation can be achieved in a finite number of steps by elevating privileges of some compromised principal over multiple iterations of the model checking process, or proves absence thereof.Type: GrantFiled: April 16, 2021Date of Patent: August 8, 2023Assignee: CITIBANK, N.A.Inventors: Ilia Shevrin, Mickey Hovel, Max Leibovich, Oded Margalit, Uri Kahana
-
Publication number: 20220217181Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: ApplicationFiled: September 21, 2021Publication date: July 7, 2022Inventors: Tarun Viswanathan, Uri Kahana, Alan Ross, Eran Birk
-
Patent number: 11252198Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: GrantFiled: September 11, 2019Date of Patent: February 15, 2022Assignee: INTEL CORPORATIONInventors: Tarun Viswanathan, Uri Kahana, Alan Ross, Eran Birk
-
Publication number: 20200112591Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: ApplicationFiled: September 11, 2019Publication date: April 9, 2020Inventors: Tarun Viswanathan, Uri Kahana, Alan Ross, Eran Birk
-
Patent number: 10511638Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: GrantFiled: October 23, 2018Date of Patent: December 17, 2019Assignee: Intel CorporationInventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
-
Publication number: 20190058737Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: ApplicationFiled: October 23, 2018Publication date: February 21, 2019Inventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
-
Patent number: 10122766Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: GrantFiled: February 23, 2016Date of Patent: November 6, 2018Assignee: Intel CorporationInventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
-
Publication number: 20180159863Abstract: Techniques for dynamic endpoint secure location awareness may include determining that a mobile device changed locations. A platform security engine in the mobile device may dynamically send a location query. A location response may be received. The platform security engine may determine whether the mobile device is located in a secure location based on the location response. Other embodiments are described and claimed.Type: ApplicationFiled: November 20, 2017Publication date: June 7, 2018Applicant: INTEL CORPORATIONInventor: URI KAHANA
-
Patent number: 9973527Abstract: This disclosure is directed to a context-aware proactive threat management system. In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation. A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. The HED module may accumulate internal activity data (e.g., from security services in the device), and external activity data regarding a system environment and/or a physical environment from the remote resources. The HED module may then assess threats based on the activity data and determine automated and/or manual mitigation operations to respond to the threats. In one embodiment, visualization features may also be used to, for example, visualize threats to a user, visualize automatic/manual mitigation operations, request user confirmation regarding the performance of manual mitigation operations, etc.Type: GrantFiled: November 19, 2013Date of Patent: May 15, 2018Assignee: INTEL CORPORATIONInventors: Abhilasha Bhargav-Spantzel, John B. Vicente, Mohammad R. Haghighat, Oliver W. Chen, Hormuzd M. Khosravi, Uri Kahana
-
Patent number: 9825968Abstract: Techniques for dynamic endpoint secure location awareness may include dynamically sending a location query in response to a change in location for a mobile device. A location response may be received. The platform security engine may determine whether the mobile device is located in a secure location based on the location response. Other embodiments are described and claimed.Type: GrantFiled: September 28, 2011Date of Patent: November 21, 2017Assignee: INTEL CORPORATIONInventor: Uri Kahana
-
Publication number: 20160315974Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: ApplicationFiled: February 23, 2016Publication date: October 27, 2016Inventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
-
Patent number: 9338135Abstract: Some demonstrative embodiments include devices, systems and/or methods of maintaining connectivity over a Virtual-Private-Network (VPN). For example, a system may include a server to communicate with at least one computing device via a VPN tunnel, to receive from the computing device a mode indication indicating that the computing device is in a standby mode, to receive from at least one application server one or more packets intended for the computing device when the computing device is in the standby mode, based on at least one filtering criterion, to detect at least one targeted packet to be provided to the computing device, and to transfer the targeted packet to the computing device via the VPN tunnel.Type: GrantFiled: September 30, 2011Date of Patent: May 10, 2016Assignee: INTEL CORPORATIONInventors: Gideon Prat, Uri Kahana
-
Patent number: 9276963Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: GrantFiled: December 28, 2012Date of Patent: March 1, 2016Assignee: Intel CorporationInventors: Tarun Viswanathan, Uri Kahana, Alan Ross, Eran Birk
-
Publication number: 20150195301Abstract: This disclosure is directed to a context-aware proactive threat management system. In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation. A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. The HED module may accumulate internal activity data (e.g., from security services in the device), and external activity data regarding a system environment and/or a physical environment from the remote resources. The HED module may then assess threats based on the activity data and determine automated and/or manual mitigation operations to respond to the threats. In one embodiment, visualization features may also be used to, for example, visualize threats to a user, visualize automatic/manual mitigation operations, request user confirmation regarding the performance of manual mitigation operations, etc.Type: ApplicationFiled: November 19, 2013Publication date: July 9, 2015Inventors: Abhilasha Bhargav-Spantzel, John B. Vicente, Mohammad R. Haghighat, Oliver W. Chen, Hormuzd M. Khosravi, Uri Kahana
-
Publication number: 20140189777Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: ApplicationFiled: December 28, 2012Publication date: July 3, 2014Inventors: Tarun Viswanathan, Uri Kahana, Alan Ross, Eran Birk
-
Publication number: 20130283345Abstract: Techniques for dynamic endpoint secure location awareness may include dynamically sending a location query in response to a change in location for a mobile device. A location response may be received. The platform security engine may determine whether the mobile device is located in a secure location based on the location response. Other embodiments are described and claimed.Type: ApplicationFiled: September 28, 2011Publication date: October 24, 2013Inventor: Uri Kahana
-
Publication number: 20130276094Abstract: Some demonstrative embodiments include devices, systems and/or methods of maintaining connectivity over a Virtual-Private-Network (VPN). For example, a system may include a server to communicate with at least one computing device via a VPN tunnel, to receive from the computing device a mode indication indicating that the computing device is in a standby mode, to receive from at least one application server one or more packets intended for the computing device when the computing device is in the standby mode, based on at least one filtering criterion, to detect at least one targeted packet to be provided to the computing device, and to transfer the targeted packet to the computing device via the VPN tunnel.Type: ApplicationFiled: September 30, 2011Publication date: October 17, 2013Inventors: Gideon Prat, Uri Kahana