Patents by Inventor Victor Ronin

Victor Ronin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20230091527
    Abstract: A system for providing policy-controlled communication over the Internet includes a client endpoint function that executes on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function includes a first VPN endpoint component, and the service endpoint function includes a second VPN endpoint component. A router component operates to route network packet traffic between the first and second VPN tunnels via a route specified by a plurality of policies, an inspection component that analyzes network packet traffic in accordance with the plurality of policies. The plurality of policies for the network packet traffic and the content mediation selected dynamically on the basis of one or more of a user, an application, an endpoint, and a session.
    Type: Application
    Filed: November 21, 2022
    Publication date: March 23, 2023
    Applicant: Netskope, Inc.
    Inventors: Kevin Eugene Sapp, Victor Ronin, David Goldschlag, Vadim Tarnavsky
  • Patent number: 11606338
    Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, a gateway server including a first VPN termination point that authenticates and terminates the first VPN tunnel, a stitcher server including a second VPN termination point that authenticates and terminates a second VPN tunnel, and a mid-link server coupled to the first VPN tunnel and the second VPN tunnel. The mid-link server may include a plurality of Access Resource Servers (ARSs), and the gateway server and the stitcher server may communicate via a network connecting the plurality of ARSs.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: March 14, 2023
    Assignee: Netskope, Inc.
    Inventors: Kevin Eugene Sapp, Victor Ronin, David Goldschlag, Vadim Tarnavsky
  • Patent number: 11539669
    Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The mid-link server may include an inspection component that analyzes network packet traffic in accordance with a plurality of policies. The inspection component may inspect the network packet traffic for specific content and provide instructions to a router component and/or a mediation component of the mid-link server. The instructions may be a function of at least one policy that applies to the specific content.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: December 27, 2022
    Assignee: Netskope, Inc.
    Inventors: Victor Ronin, David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp
  • Patent number: 11528255
    Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function may include a first VPN endpoint component, and the service endpoint function may include a second VPN endpoint component. The mid-link server may include a first VPN termination point that authenticates and terminates the first VPN tunnel and a second VPN termination point that authenticates and terminates the second VPN tunnel. The first VPN termination point may re-authenticate the client device based on a first characteristic of the first VPN endpoint component and/or a second characteristic of the second VPN endpoint component.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: December 13, 2022
    Assignee: Netskope, Inc.
    Inventors: David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp, Victor Ronin
  • Patent number: 11329958
    Abstract: Systems and methods for policy-controlled communication over the Internet between third party client applications and remote services. A client device enforces policies on the communication between the applications and services. The communication is redirected through a mid-link server using a digitally protected tunnel. Network addresses of the client device and remote service are masked.
    Type: Grant
    Filed: July 7, 2020
    Date of Patent: May 10, 2022
    Assignee: Netskope, Inc.
    Inventors: Vadim Tarnavsky, David Goldschlag, Kevin Eugene Sapp, Victor Ronin
  • Publication number: 20210185015
    Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, a gateway server including a first VPN termination point that authenticates and terminates the first VPN tunnel, a stitcher server including a second VPN termination point that authenticates and terminates a second VPN tunnel, and a mid-link server coupled to the first VPN tunnel and the second VPN tunnel. The mid-link server may include a plurality of Access Resource Servers (ARSs), and the gateway server and the stitcher server may communicate via a network connecting the plurality of ARSs.
    Type: Application
    Filed: January 29, 2021
    Publication date: June 17, 2021
    Applicant: Netskope, Inc.
    Inventors: Kevin Eugene Sapp, Victor Ronin, David Goldschlag, Vadim Tamavsky
  • Publication number: 20210185016
    Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The mid-link server may include an inspection component that analyzes network packet traffic in accordance with a plurality of policies. The inspection component may inspect the network packet traffic for specific content and provide instructions to a router component and/or a mediation component of the mid-link server. The instructions may be a function of at least one policy that applies to the specific content.
    Type: Application
    Filed: January 29, 2021
    Publication date: June 17, 2021
    Applicant: Netskope, Inc.
    Inventors: VICTOR RONIN, David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp
  • Publication number: 20210160219
    Abstract: Systems and methods for providing policy-controlled communication over the Internet are provided. A system may include a client endpoint function configured to execute on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function may include a first VPN endpoint component, and the service endpoint function may include a second VPN endpoint component. The mid-link server may include a first VPN termination point that authenticates and terminates the first VPN tunnel and a second VPN termination point that authenticates and terminates the second VPN tunnel. The first VPN termination point may re-authenticate the client device based on a first characteristic of the first VPN endpoint component and/or a second characteristic of the second VPN endpoint component.
    Type: Application
    Filed: January 29, 2021
    Publication date: May 27, 2021
    Applicant: Netskope, Inc.
    Inventors: David Goldschlag, Vadim Tamavsky, Kevin Eugene Sapp, Victor Ronin
  • Publication number: 20200336466
    Abstract: Systems, software, and methods are provided for providing simpler and more secure ARSs that operate to separate and isolate configuration details from connecting systems by: moving most of the connection information to the easily secured ARS; requiring endpoints to initiate outbound connections to that server instead of exposing the systems to inbound connections from the internet; consolidating policy enforcement and routing decisions from the individual endpoints to an ARS; and consolidating network packet traffic filtering and monitoring in an ARS. The present invention substantially reduces the complexity of endpoint configurations by offloading most of the connection and endpoint validation, policy enforcement, information leakage management, and routing decisions from the endpoints to an ARS.
    Type: Application
    Filed: July 7, 2020
    Publication date: October 22, 2020
    Inventors: David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp, Victor Ronin
  • Patent number: 10771435
    Abstract: Systems, software, and methods are provided for providing simpler and more secure ARSs that operate to separate and isolate configuration details from connecting systems by: moving most of the connection information to the easily secured ARS; requiring endpoints to initiate outbound connections to that server instead of exposing the systems to inbound connections from the internet; consolidating policy enforcement and routing decisions from the individual endpoints to an ARS; and consolidating network packet traffic filtering and monitoring in an ARS. The present invention substantially reduces the complexity of endpoint configurations by offloading most of the connection and endpoint validation, policy enforcement, information leakage management, and routing decisions from the endpoints to an ARS.
    Type: Grant
    Filed: November 20, 2019
    Date of Patent: September 8, 2020
    Assignee: Netskope, Inc.
    Inventors: David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp, Victor Ronin
  • Publication number: 20200162431
    Abstract: Systems, software, and methods are provided for providing simpler and more secure ARSs that operate to separate and isolate configuration details from connecting systems by: moving most of the connection information to the easily secured ARS; requiring endpoints to initiate outbound connections to that server instead of exposing the systems to inbound connections from the internet; consolidating policy enforcement and routing decisions from the individual endpoints to an ARS; and consolidating network packet traffic filtering and monitoring in an ARS. The present invention substantially reduces the complexity of endpoint configurations by offloading most of the connection and endpoint validation, policy enforcement, information leakage management, and routing decisions from the endpoints to an ARS.
    Type: Application
    Filed: November 20, 2019
    Publication date: May 21, 2020
    Inventors: David Goldschlag, Vadim Tarnavsky, Kevin Eugene Sapp, Victor Ronin
  • Patent number: 9009858
    Abstract: A method for operating a distributed data management and control enclave comprises providing a policy that identifies a set of data to be managed and controlled. The policy further identifies devices upon which the data may be transferred and the conditions under which that data may be transferred to the identified devices. A first data management and control system to be used on a first device is then defined in the policy. A second management and control system to be used on a second device is then defined in the policy. The second data management and control system can be distinct from the first data management and control system. The specified data management and control system is then instantiated on a device. The specified data management and control system is then used to manage and control data on the device in accordance with the policy.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: April 14, 2015
    Assignee: Okta, Inc.
    Inventors: Kevin Eugene Sapp, II, Victor Ronin
  • Publication number: 20130312117
    Abstract: A method for operating a distributed data management and control enclave comprises providing a policy that identifies a set of data to be managed and controlled. The policy further identifies devices upon which the data may be transferred and the conditions under which that data may be transferred to the identified devices. A first data management and control system to be used on a first device is then defined in the policy. A second management and control system to be used on a second device is then defined in the policy. The second data management and control system can be distinct from the first data management and control system. The specified data management and control system is then instantiated on a device. The specified data management and control system is then used to manage and control data on the device in accordance with the policy.
    Type: Application
    Filed: March 14, 2013
    Publication date: November 21, 2013
    Inventors: Kevin Eugene Sapp, II, Victor Ronin