专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US11762712B2 Validating policies and data in API authorization system 有权
公开(公告)号：US11762712B2
公开(公告)日：2023-09-19
申请号：US17740255
申请日：2022-05-09
申请人： Styra, Inc.
发明人： Teemu Koponen , Timothy L. Hinrichs
IPC分类号： G06F9/54 , G06F21/44 , H04L9/32
CPC分类号： G06F9/54 , G06F21/44 , H04L9/3236 , H04L9/3247
摘要： Some embodiments provide a method for distributing a set of parameters associated with policies for authorizing Application Programming Interface (API) calls to an application. For a previously stored hierarchical first document that comprises a first set of elements in a first hierarchical structure, the method receives a hierarchical update second document that comprises a second set of elements in a second hierarchical structure corresponding to the first hierarchical structure, wherein at least a subset of elements in the first and the second documents correspond to the set of parameters for evaluating API calls. The method receives a first set of hash values for elements of the first document that are not specified in the second document, and generates a second set of hash values for a set of elements specified in the second document. The method generates an overall hash for the second document by using the received first set of hash values and the generated second set of hash values. The method uses the overall hash to validate a signature from an entity that is authorized to specify the set of parameters.

2. 发明授权

US11327815B1 Validating policies and data in API authorization system 有权
公开(公告)号：US11327815B1
公开(公告)日：2022-05-10
申请号：US16930301
申请日：2020-07-15
申请人： Styra, Inc.
发明人： Teemu Koponen , Timothy L. Hinrichs
IPC分类号： G06F9/54 , H04L9/32 , G06F21/44
摘要： Some embodiments provide a method for distributing a set of parameters associated with policies for authorizing Application Programming Interface (API) calls to an application. For a previously stored hierarchical first document that comprises a first set of elements in a first hierarchical structure, the method receives a hierarchical update second document that comprises a second set of elements in a second hierarchical structure corresponding to the first hierarchical structure, wherein at least a subset of elements in the first and the second documents correspond to the set of parameters for evaluating API calls. The method receives a first set of hash values for elements of the first document that are not specified in the second document, and generates a second set of hash values for a set of elements specified in the second document. The method generates an overall hash for the second document by using the received first set of hash values and the generated second set of hash values. The method uses the overall hash to validate a signature from an entity that is authorized to specify the set of parameters.

3. 发明申请

US20210365571A1 PARTIAL POLICY EVALUATION 有权
公开(公告)号：US20210365571A1
公开(公告)日：2021-11-25
申请号：US17392072
申请日：2021-08-02
申请人： Styra, Inc.
发明人： Torin Sandall , Timothy L. Hinrichs , Teemu Koponen
IPC分类号： G06F21/60
摘要： Some embodiments provide a method for evaluating a policy for authorizing an API (Application Programming Interface) call to an application. Based on a first set of parameters available before receiving the API call, the method evaluates only a portion of the policy to produce a partially evaluated policy. The method stores the partially evaluated policy in a cache. The method then receives an API call to authorize, and determines whether the API call should be authorized by fully evaluating the policy, using the partially evaluated policy retrieved from the cache first storage, and a second set of parameters associated with the API call. The method responds to the API call with a policy decision based on the fully evaluated authorization policy.

4. 发明授权

US10984133B1 Defining and distributing API authorization policies and parameters 有权
公开(公告)号：US10984133B1
公开(公告)日：2021-04-20
申请号：US16050136
申请日：2018-07-31
申请人： Styra, Inc.
发明人： Timothy L. Hinrichs , Teemu Koponen , Andrew Curtis , Torin Sandall , Octavian Florescu
IPC分类号： G06F9/54 , G06F21/62 , G06F21/60
摘要： Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has a set of one or more servers that acts as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The server set in some embodiments also enforces these API-authorizing policies. Conjunctively, or alternatively, the server set in some embodiments distributes the defined policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls.

5. 发明授权

US10592302B1 Method and apparatus for specifying API authorization policies and parameters 有权
公开(公告)号：US10592302B1
公开(公告)日：2020-03-17
申请号：US16050130
申请日：2018-07-31
申请人： Styra, Inc.
发明人： Timothy L. Hinrichs , Teemu Koponen , Andrew Curtis , Torin Sandall , Octavian Florescu
IPC分类号： G06F9/54 , H04L29/06 , G06F16/11 , G06F16/185
摘要： Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has a set of one or more servers that acts as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The server set in some embodiments also enforces these API-authorizing policies. Conjunctively, or alternatively, the server set in some embodiments distributes the defined policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls. From an associated application, a local agent receives API-authorization requests to determine whether API calls received by the application are authorized. In response to such a request, the local agent uses one or more parameters associated with the API call to identify a policy stored in its local policy storage to evaluate whether the API call should be authorized. To evaluate this policy, the agent might also retrieve one or more parameters from the local policy storage.

6. 发明授权

US12032567B1 Comprehension indexing feature 有权
公开(公告)号：US12032567B1
公开(公告)日：2024-07-09
申请号：US18114191
申请日：2023-02-24
申请人： Styra, Inc.
发明人： Torin Sandall , Timothy L. Hinrichs
IPC分类号： G06F16/22 , G06F9/54 , G06F16/242 , G06F16/28
CPC分类号： G06F16/2445 , G06F9/547 , G06F16/2246 , G06F16/2272 , G06F16/288
摘要： Some embodiments of the invention provide a method for defining code-based policies. The method generates a policy-builder first view of a policy for display in a graphical user interface (GUI) by processing a syntax tree that is generated from a code second view of the policy. The method receives, through the policy-builder first view, a modification to a portion of the policy. To reflect the modification, the method updates a portion of the syntax tree that corresponds to the portion of the policy that is affected by the modification. Based on the updating of the syntax tree, the method updates the code second view by modifying a portion of the code second view that corresponds to the updated portion of the syntax tree.

7. 发明授权

US11853463B1 Leveraging standard protocols to interface unmodified applications and services 有权
公开(公告)号：US11853463B1
公开(公告)日：2023-12-26
申请号：US16293513
申请日：2019-03-05
申请人： Styra, Inc.
发明人： Timothy L. Hinrichs , Teemu Koponen
IPC分类号： G06F21/62 , H04L9/40 , H04L67/561
CPC分类号： G06F21/629 , H04L63/0807 , H04L63/10 , H04L67/561 , H04L2463/082
摘要： Some embodiments provide a method for enforcing policies for authorizing API (Application Programming Interface) calls to an application operating on a host machine. The method receives a request to authenticate a client attempting to gain access to the application, and authenticates the client based on a first set of parameters associated with the request. Using a second set of parameters associated with the request, the method evaluates a set of one or more policies associated with a set of one or more API calls to the application. Based on the evaluated policies, the method defines a third set of one or more authentication field parameters that control the API calls that the client is authorized to make to the application. The method sends an authentication reply message with the defined third set of authentication field parameters in order to control the API calls that the client is authorized to make.

8. 发明授权

US11582235B1 Local controller for local API authorization method and apparatus 有权
公开(公告)号：US11582235B1
公开(公告)日：2023-02-14
申请号：US16889761
申请日：2020-06-01
申请人： Styra, Inc.
发明人： Teemu Koponen , Timothy L. Hinrichs , Torin Sandall , Stan Lagun
IPC分类号： H04L9/40 , G06F9/54
摘要： Some embodiments provide a local controller on a set of host computers that reduce the volume of data that is communicated between the server set and the set of host computers. The local controller executing on a particular host computer, in some embodiments, receives a portion of the namespace including only the policies (e.g., opcode) that are relevant to API-authorization processing for the applications executing on the particular host computer provided by a local agent executing on the computer to authorize the API requests based on policies and parameters. The local controller analyzes the received policies (e.g., policy opcodes) and identifies the parameters (e.g. operands), or parameter types, needed for API-authorization processing (e.g., evaluating the policy opcode upon receiving a particular API request) by the local agent. In some embodiments, the local controller performs this analysis for each updated set of policies (e.g., policy opcodes).

9. 发明授权

US11496517B1 Local API authorization method and apparatus 有权
公开(公告)号：US11496517B1
公开(公告)日：2022-11-08
申请号：US16050123
申请日：2018-07-31
申请人： Styra, Inc.
发明人： Timothy L. Hinrichs , Teemu Koponen , Andrew Curtis , Torin Sandall , Octavian Florescu
IPC分类号： H04L9/40 , G06F21/62 , G06F9/455 , G06F9/54
摘要： Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has a set of one or more servers that acts as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The server set in some embodiments also enforces these API-authorizing policies. Conjunctively, or alternatively, the server set in some embodiments distributes the defined policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls. From an associated application, a local agent receives API-authorization requests to determine whether API calls received by the application are authorized. In response to such a request, the local agent uses one or more parameters associated with the API call to identify a policy stored in its local policy storage to evaluate whether the API call should be authorized. To evaluate this policy, the agent might also retrieve one or more parameters from the local policy storage.

10. 发明授权

US11170099B1 Filtering policies for evaluation by an embedded machine 有权
公开(公告)号：US11170099B1
公开(公告)日：2021-11-09
申请号：US16773924
申请日：2020-01-27
申请人： Styra, Inc.
发明人： Torin Sandall , Timothy L. Hinrichs , Teemu Koponen
IPC分类号： G06F21/00 , G06F21/54
摘要： Some embodiments provide a method for limiting data passed between an application and a process virtual machine (VM) embedded in the application that authorizes API (Application Programming Interface) calls to the application. The method receives a policy code comprising references to a group of parameters. The method modifies the policy code to remove references in the policy code to a set of the parameters that are not used during evaluation of the policy. The method generates a set of binary instructions from the modified policy code, where the process VM does not use the set of parameters while executing the binary instructions to make an authorization decision for a particular API call.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式