Patents by Inventor Yair Tor

Yair Tor has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240250929
    Abstract: A computing system is configured to perform zero-trust domain name resolution. The computing system includes applications coupled to a zero-trust client. The zero-trust client is configured to receive requests for IP addresses corresponding to endpoint identifiers for internet connected endpoints. The zero-trust client includes a synthetic DNS service configured to identify synthetic IP addresses for the endpoint identifiers. The zero-trust client provides the synthetic IP addresses for the endpoint identifiers to the applications. The zero-trust client sends data traffic from the applications to a zero-trust service with the synthetic IP addresses where corresponding synthetic IP addresses are correlated to the endpoint identifiers at the zero-trust service.
    Type: Application
    Filed: January 18, 2024
    Publication date: July 25, 2024
    Inventors: Ashish JAIN, Mordhai GENDELMAN, Or MORAN, Omer KATTAN, Yair TOR, Ronen Shmuel GOLDSMITH, Liraz BARAK
  • Patent number: 11943195
    Abstract: A computing system is configured to perform zero-trust domain name resolution. The computing system includes applications coupled to a zero-trust client. The zero-trust client is configured to receive requests for IP addresses corresponding to endpoint identifiers for internet connected endpoints. The zero-trust client includes a synthetic DNS service configured to identify synthetic IP addresses for the endpoint identifiers. The zero-trust client provides the synthetic IP addresses for the endpoint identifiers to the applications. The zero-trust client sends data traffic from the applications to a zero-trust service with the synthetic IP addresses and sends corresponding endpoint identifiers to the zero-trust service in a fashion that allows the synthetic IP addresses to be correlated to the endpoint identifiers at the zero-trust service.
    Type: Grant
    Filed: January 20, 2023
    Date of Patent: March 26, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ashish Jain, Mordhai Gendelman, Or Moran, Omer Kattan, Yair Tor, Ronen Shmuel Goldsmith, Liraz Barak
  • Publication number: 20240064147
    Abstract: Methods, systems and computer program products are provided for granular secure user access to private resources. Increased granularity of security policies for user access may reduce security threats to resources. Security policies indicating user access to secure resources may be based on various combinations of user identities, client-side process (e.g., sub-process) identities, device identities, device types, device locations, resource access types, intelligent access (e.g., selective traffic routing), etc. For example, a security policy may indicate user A, using computing device B executing process C with process signature S (e.g., a signing signature thumbprint, etc.) may access private resource D. A process identity may be indicated by at least one of a process name, a code signing signature, a thumbprint, a process version, or a process publisher. Resource access security policy determinations and/or enforcement may be performed by security clients and/or security engines (e.g.
    Type: Application
    Filed: August 16, 2022
    Publication date: February 22, 2024
    Inventors: Ashish JAIN, Ronnie GREENSTEIN, Mordhai GENDELMAN, Avraham CARMON, Sinead C. O'DONOVAN, Yair TOR
  • Publication number: 20240064138
    Abstract: Methods, systems and computer program products are provided for intelligent secure access to private resources. A security service (e.g., SASE ZTNA) may maintain the same or similar security posture for users who work remotely and/or locally by providing authentication, authorization, and/or ongoing conditional access via a security service (e.g., private or public SASE) while intelligently routing remote client traffic to private resources through the security service and routing local client traffic to private resources locally. A traffic routing determination may be made by a security client and/or security server. A traffic routing determination may be based on the location of a client computing device, such as a trusted network detection for a private/trusted network. Traffic routing determinations may be based on conditions alternative or in addition to location, such as the type of private resource or information being accessed by a client computing device.
    Type: Application
    Filed: August 16, 2022
    Publication date: February 22, 2024
    Inventors: Ashish JAIN, Mordhai GENDELMAN, Jeevan Singh BISHT, Avraham CARMON, Sinead C. O'DONOVAN, Yair TOR
  • Publication number: 20230071347
    Abstract: A recommendation system for recommending a target feature value for a target feature for a target deployment is provided. The recommendation system, for each of a plurality of deployments, collects feature values for the features of that deployment. The recommendation system then generates a model for recommending a target feature value for the target feature based on the collected feature values of the features for the deployments. The recommendation system applies the model to the features of the target deployment to identify a target feature value for the target feature. The recommendation system then provides the identified target feature value as a recommendation for the target feature for the target deployment.
    Type: Application
    Filed: November 14, 2022
    Publication date: March 9, 2023
    Inventors: Efim HUDIS, Hani-Hana NEUVIRTH, Daniel ALON, Royi RONEN, Yair TOR, Gilad Michael ELYASHAR
  • Patent number: 11595352
    Abstract: The devices and methods relate to web categorization of web requests. The devices and methods may perform a two-step classification of the web requests. The first classification may provide potential web categories for web request based on a fully qualified domain name (FQDN) of the web request. The first classification may be used to determine whether transport layer security (TLS) termination may be performed on the web request. The second classification may provide a web category for a uniform resource locator (URL) of the web request after performing the TLS termination. The web category may be used by a firewall in filtering web traffic for the web request.
    Type: Grant
    Filed: December 21, 2020
    Date of Patent: February 28, 2023
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Suren Jamiyanaa, Yair Tor, Sudharsan Balakrishnan Sripadham, Daniel Manesku, Andrey Terentyev, Murali Krishna Sangubhatla
  • Patent number: 11533240
    Abstract: A recommendation system for recommending a target feature value for a target feature for a target deployment is provided. The recommendation system, for each of a plurality of deployments, collects feature values for the features of that deployment. The recommendation system then generates a model for recommending a target feature value for the target feature based on the collected feature values of the features for the deployments. The recommendation system applies the model to the features of the target deployment to identify a target feature value for the target feature. The recommendation system then provides the identified target feature value as a recommendation for the target feature for the target deployment.
    Type: Grant
    Filed: May 16, 2016
    Date of Patent: December 20, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Efim Hudis, Hani-Hana Neuvirth, Daniel Alon, Royi Ronen, Yair Tor, Gilad Michael Elyashar
  • Publication number: 20220200955
    Abstract: The devices and methods relate to web categorization of web requests. The devices and methods may perform a two-step classification of the web requests. The first classification may provide potential web categories for web request based on a fully qualified domain name (FQDN) of the web request. The first classification may be used to determine whether transport layer security (TLS) termination may be performed on the web request. The second classification may provide a web category for a uniform resource locator (URL) of the web request after performing the TLS termination. The web category may be used by a firewall in filtering web traffic for the web request.
    Type: Application
    Filed: December 21, 2020
    Publication date: June 23, 2022
    Inventors: Suren JAMIYANAA, Yair TOR, Sudharsan Balakrishnan SRIPADHAM, Daniel MANESKU, Andrey TERENTYEV, Murali Krishna SANGUBHATLA
  • Patent number: 10943181
    Abstract: Disclosed herein is a system and method that can be used with any underlying classification technique. The method receives a test dataset and determines the features in that test dataset that are present. From these features the training dataset is modified to only have those features that are present in the test dataset. This modified test dataset is then used to calibrate the classifier for the particular incoming data set. The process repeats itself for each different incoming dataset providing a just in time calibration of the classifier.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: March 9, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Hanan Shteingart, Yair Tor, Eli Koreh, Amit Hilbuch, Yifat Schacter
  • Publication number: 20200396207
    Abstract: A solution for firewall auto-learning in in zero trust environments, such as cloud environments, includes: based at least on a first trigger event, determining a first set of restricted dependencies for a cloud service firewall to learn for a first application; during a first learning phase, learning a first set of candidate rules corresponding to at least a portion of the first set of restricted dependencies; receiving an indication of verifying, blocking, or tailoring one or more candidate rules within the first set of candidate rules, to generate a first set of verified rules; and operating the firewall with the first set of verified rules for the first application. Some examples include receiving a set of constraints, such as a selection from a set of preset constraints and/or a custom constraint. Some examples include retraining based at least on a second trigger event and/or learning rules for a second application.
    Type: Application
    Filed: June 17, 2019
    Publication date: December 17, 2020
    Inventors: Girish M. MOTWANI, Yair TOR, Sinead C. O'DONOVAN, Murali K. SANGUBHATLA, Andrey TERENTYEV, Madhusudhan RAVI
  • Patent number: 10504035
    Abstract: Disclosed herein is a system and method that can be used with any underlying classification technique. The method takes into account both the value of the current feature vector. It is based on evaluating the effect of perturbing each feature by bootstrapping it with the negative samples and measuring the change in the classifier output. To assess the importance of a given feature value in the classified feature vector, a random negatively labeled instance is taken out of the training set and replaces the feature at question with a corresponding feature from this set. Then, by classifying the modified feature vector and comparing its predicted label and classifier output a user is able measure and observe the effect of changing each feature.
    Type: Grant
    Filed: June 23, 2015
    Date of Patent: December 10, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Hanan Shteingart, Yair Tor, Eli Koreh, Amit Hilbuch, Yifat Schacter
  • Publication number: 20170207980
    Abstract: A recommendation system for recommending a target feature value for a target feature for a target deployment is provided. The recommendation system, for each of a plurality of deployments, collects feature values for the features of that deployment. The recommendation system then generates a model for recommending a target feature value for the target feature based on the collected feature values of the features for the deployments. The recommendation system applies the model to the features of the target deployment to identify a target feature value for the target feature. The recommendation system then provides the identified target feature value as a recommendation for the target feature for the target deployment.
    Type: Application
    Filed: May 16, 2016
    Publication date: July 20, 2017
    Inventors: Efim Hudis, Hani-Hana Neuvirth, Daniel Alon, Royi Ronen, Yair Tor, Gilad Michael Elyashar
  • Publication number: 20160379133
    Abstract: Disclosed herein is a system and method that can be used with any underlying classification technique. The method takes into account both the value of the current feature vector. It is based on evaluating the effect of perturbing each feature by bootstrapping it with the negative samples and measuring the change in the classifier output. To assess the importance of a given feature value in the classified feature vector, a random negatively labeled instance is taken out of the training set and replaces the feature at question with a corresponding feature from this set. Then, by classifying the modified feature vector and comparing its predicted label and classifier output a user is able measure and observe the effect of changing each feature.
    Type: Application
    Filed: June 23, 2015
    Publication date: December 29, 2016
    Inventors: Hanan Shteingart, Yair Tor, Eli Koreh, Amit Hilbuch, Yifat Schacter
  • Publication number: 20160379135
    Abstract: Disclosed herein is a system and method that can be used with any underlying classification technique. The method receives a test dataset and determines the features in that test dataset that are present. From these features the training dataset is modified to only have those features that are present in the test dataset. This modified test dataset is then used to calibrate the classifier for the particular incoming data set. The process repeats itself for each different incoming dataset providing a just in time calibration of the classifier.
    Type: Application
    Filed: June 26, 2015
    Publication date: December 29, 2016
    Inventors: Hanan Shteingart, Yair Tor, Eli Koreh, Amit Hilbuch, Yifat Schacter
  • Patent number: 9344432
    Abstract: Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).
    Type: Grant
    Filed: June 24, 2010
    Date of Patent: May 17, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yair Tor, Daniel Rose, Eugene (John) Neystadt, Patrik Schnell, Moshe Sapir, Oleg Ananiev, Arthur Zavalkovsky, Anat Eyal
  • Patent number: 9111079
    Abstract: Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issued may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet.
    Type: Grant
    Filed: January 27, 2011
    Date of Patent: August 18, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Eugene (John) Neystadt, Daniel Alon, Yair Tor, Mark Novak, Khaja E. Ahmed, Yoav Yassour
  • Patent number: 8918856
    Abstract: Embodiments of the invention provide a trusted intermediary for use in a system in which access control decisions may be based at least in part on information provided in claims. The intermediary may request claims on behalf of a network resource to which access is requested, and submit the claims for a decision whether to grant or deny access. The decision may be based at least in part on one or more access control policies, which may be pre-set or dynamically generated. Because the intermediary requests the claims and submits the claims for an access control decision, the network resource (e.g., a server application) need not be configured to process claims information.
    Type: Grant
    Filed: June 24, 2010
    Date of Patent: December 23, 2014
    Assignee: Microsoft Corporation
    Inventors: Yair Tor, Eugene (John) Neystadt, Patrik Schnell, Oleg Ananiev, Arthur Zavalkovsky, Daniel Rose
  • Patent number: 8880667
    Abstract: Attestation by a self-regulating attestation client. The attestation client requests a credential of health from an attestation service, which includes an ordered attestation log and proof of integrity and freshness of the log. The attestation client receives the requested credential of health, which certifies the attestation client was healthy when it requested the credential of health and that the attestation service trusts the attestation client to be healthy each time the attestation client authenticates using the credential of health. The attestation client receives a request to authenticate that it is healthy using the credential of health, verifies that it is currently healthy, and performs the requested authentication.
    Type: Grant
    Filed: February 9, 2011
    Date of Patent: November 4, 2014
    Assignee: Microsoft Corporation
    Inventors: Mark F. Novak, Stefan Thom, Yair Tor, Alexey Efron, Amos Ortal
  • Patent number: 8799985
    Abstract: Architecture that provides additional data that can be obtained and employed in security models in order to provide security to services over the service lifecycle. The architecture automatically propagates security classifications throughout the lifecycle of the service, which can include initial deployment, expansion, moving servers, monitoring, and reporting, for example, and further include classification propagation from the workload (computer), classification propagation in the model, classification propagation according to the lineage of the storage location (e.g., virtual hard drive), status propagation in the model and classification based on data stored in the machine.
    Type: Grant
    Filed: March 19, 2010
    Date of Patent: August 5, 2014
    Assignee: Microsoft Corporation
    Inventors: Anders B. Vinberg, John Neystadt, Yair Tor, Oleg Ananiev
  • Patent number: 8528069
    Abstract: Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality.
    Type: Grant
    Filed: January 27, 2011
    Date of Patent: September 3, 2013
    Assignee: Microsoft Corporation
    Inventors: Mark Novak, Yair Tor, Eugene Neystadt, Yoav Yassour, Alexey Efron, Amos Ortal, Daniel Alon, Ran Didi