公开(公告)号：WO2021086585A1

公开(公告)日：2021-05-06

申请号：PCT/US2020/055182

申请日：2020-10-12

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： AZULAY, Itamar ,  LEVY, Itay ,  HABER, Yossi

IPC: H04N1/00 ,  H04N1/387 ,  H04N1/44 ,  G06F16/93

Abstract: Restricting the printing of sensitive electronic documents, After the client downloads a document (e.g., by viewing the document in a web browser), the client intercepts a print command, pauses the print, and issues a print request to a server. From a server perspective, upon receiving the request, the server determines whether the document is print restricted. If not, the print operation is permitted to proceed. If so, the server responds negatively to the print request and alters the document so that, even if printed, sensitive information is not printed. In another embodiment, the server may restrict printing prior to downloading a document. For example, the server may make the document read-only, or replace the document with another printable document that does not contain sensitive content.

公开(公告)号：WO2021002940A1

公开(公告)日：2021-01-07

申请号：PCT/US2020/032413

申请日：2020-05-12

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： AZULAY, Itamar ,  GADOT, Idan ,  GERI, Amir

IPC: H04L29/08 ,  H04L29/06

Abstract: A domain is automatically attributed to a cloud application hosted on a cloud service. The attribution of a domain with a cloud application is used to initiate session policies that protect the cloud applications. A security session monitors the operations performed by a user with a cloud application and applies session policies that are pre-configured automated actions used to protect a particular cloud application, such as blocking downloads, blocking modifications, etc.

公开(公告)号：WO2022271340A1

公开(公告)日：2022-12-29

申请号：PCT/US2022/029679

申请日：2022-05-17

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： AZULAY, Itamar ,  HILZENRAT, Ishay ,  LIFSHITS, Sharon Itshak ,  BLACHMAN, Meir

IPC: G06F21/53 ,  G06F16/957 ,  G06F21/62 ,  H04L67/146 ,  G06F16/9574 ,  G06F21/6245 ,  G06F21/6263 ,  G06F2221/2149 ,  H04L63/0281 ,  H04L63/0414 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1475 ,  H04L63/205 ,  H04L67/02 ,  H04L67/10 ,  H04L67/568

Abstract: The disclosure is directed towards controlling the persistency of information provided to a service worker. A method includes receiving a response that includes response data. The response is received at a security service and was transmitted by a second computing device in response to receiving an information request from a first computing device. The first computing device implements a service worker. Sensitive data included in the response data is identified. The response includes caching instructions that instruct the service worker to cache the sensitive data at the first computing device. In response to identifying the sensitive data, the caching instructions are updated such that any portion of the response data that the updated caching instructions instruct the service worker to cache at the first computing device excludes the sensitive data. The updated response is transmitted to the first computing device and includes the response data and the updated caching instructions.

公开(公告)号：WO2021002954A1

公开(公告)日：2021-01-07

申请号：PCT/US2020/033008

申请日：2020-05-15

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： LEWIN, Guy ,  AZULAY, Itamar ,  GOLDBERG, Lucy

IPC: G06F21/85 ,  H04L29/06

Abstract: Sharing context between web frames increases consistent application of security policies, without requiring changes to a document object model. A proxy receives a first request implicating a first web frame and its URL, potentially issues a sub-request and gets a sub-response, and creates a first response to the first request, including a context in frame creation or frame navigation code. Thus, context such as a domain identification is made available for sharing between the first web frame and a second web frame without altering a document object model of a web page of the first web frame, and without imposing a same-origin policy workaround. Sharing the context allows the proxy to ascertain a policy based on the context, so it can apply the policy in reactions to subsequent requests. Context sharing allows window frames to be associated together in the proxy, and informs browser rendering.

公开(公告)号：WO2023278063A1

公开(公告)日：2023-01-05

申请号：PCT/US2022/030456

申请日：2022-05-23

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： AZULAY, Itamar ,  LEWIN, Guy ,  LIFSHITS, Sharon

IPC: G06F21/50 ,  H04L9/40 ,  G06F16/00 ,  H04L63/0281 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/20 ,  H04L67/02 ,  H04L67/06 ,  H04L67/1097 ,  H04L67/561

Abstract: The disclosure is directed towards proxy services for the secure uploading of file-system tree structures. A method includes receiving, at a web security service, an indication that client device to upload content to a storage cloud provider. The proxy service performs a security scan of the content while the content is stored on the client device. A security and/or a privacy concern is identified in the content stored on the client device. A security and/or privacy mitigation action is performed in response to identifying the security and/or privacy concern.

公开(公告)号：WO2021076286A1

公开(公告)日：2021-04-22

申请号：PCT/US2020/052345

申请日：2020-09-24

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： RAPPAPORT, Nir Mardiks ,  MALIK, Vikas ,  AZULAY, Itamar

IPC: G06F16/958

Abstract: Securing inter-frame communication within a web page. First, receipt of a request from a client for accessing a web page document is detected. The request includes a URL that identifies the web page document. The web page document has a tree structure that includes a top parent object and multiple child objects. The multiple child objects include at least a first child object associated with a first domain and a second child object associated with a second domain. The web page document is retrieved from a location corresponding to the URL. The code of the retrieved web page document is then modified to enable secure communication between modified code of the first child object and modified code of the second object. Finally, the modified web page document is sent to the client.

公开(公告)号：WO2021067014A1

公开(公告)日：2021-04-08

申请号：PCT/US2020/050029

申请日：2020-09-10

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： ESIBOV, Alexander ,  AZULAY, Itamar

IPC: H04L29/08 ,  G06F21/31 ,  H04L29/06

Abstract: Systems and methods are provided for managing dynamic controls over access to computer resources and, even more particularly, for evaluating and re-evaluating dynamic conditions and changes associated with user sessions. The systems and methods are configured to automatically make a determination as to whether new or additional authentication credentials are required for a user that is already authorized for accessing resources in a user session, in response to triggering events such as the identification of a new or changed condition associated with the user session.

公开(公告)号：WO2020256841A1

公开(公告)日：2020-12-24

申请号：PCT/US2020/031396

申请日：2020-05-05

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： LEWIN, Guy ,  AZULAY, Itamar ,  HABER, Yossi

IPC: H04L29/08 ,  H04L29/06

Abstract: A proxy server to receive a request from a client to a webserver and a response corresponding with the request from the webserver to the client is disclosed. The request is wrapped, and a wrapped request is received at the proxy server. The wrapped request is read at the proxy server. Metadata is added to a response corresponding with the wrapped request at the proxy server. The metadata can be based on the read wrapped request or the corresponding response.