Dynamic proxy server

US 10,348,816 B2
Filed: 10/14/2015
Issued: 07/09/2019
Est. Priority Date: 10/14/2015
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating access to a plurality of resources, the method comprising:

receiving, at a proxy server, a modified message from a gateway in communication with both a client and the proxy server, wherein the modified message includes a context resource identifier inserted by the gateway into a message received from the client;

determining, by the proxy server, whether an application programming interface referenced by the context resource identifier requires an authorization for a user;

in response to a determination that the application programming interface requires the authorization for the user, determining, by the proxy server, whether a profile for the user is present within a cache that is in communication with the proxy server;

in response to a determination that the profile for the user is not present within the cache;

dynamically discovering, by the proxy server, a plurality of application programming interfaces that are in communication with the proxy server;

obtaining, by the proxy server, a plurality of resource profiles from the plurality of application programming interfaces, wherein each resource profile includes a set of endpoint references and authorization information; and

dynamically building, by the proxy server, the profile for the user that includes at least a portion of the authorization information in each of the plurality of resource profiles and a set of context resource identifiers for the plurality of application programming interfaces; and

controlling, by the proxy server, access to a resource associated with the application programming interface that is referenced by the context resource identifier using the profile for the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for facilitating access to a plurality of resources is provided. A message that includes a context resource identifier is received at a proxy server from a client through a gateway in communication with both the client and the proxy server. Access to a resource associated with an interface that is referenced by the context resource identifier is controlled by the proxy server using a profile that is dynamically built for a user of the client based on a plurality of resource profiles received from a plurality of interfaces in communication with the proxy server.

102 Citations

View as Search Results

18 Claims

1. A method for facilitating access to a plurality of resources, the method comprising:
- receiving, at a proxy server, a modified message from a gateway in communication with both a client and the proxy server, wherein the modified message includes a context resource identifier inserted by the gateway into a message received from the client;
  
  determining, by the proxy server, whether an application programming interface referenced by the context resource identifier requires an authorization for a user;
  
  in response to a determination that the application programming interface requires the authorization for the user, determining, by the proxy server, whether a profile for the user is present within a cache that is in communication with the proxy server;
  
  in response to a determination that the profile for the user is not present within the cache;
  
  dynamically discovering, by the proxy server, a plurality of application programming interfaces that are in communication with the proxy server;
  
  obtaining, by the proxy server, a plurality of resource profiles from the plurality of application programming interfaces, wherein each resource profile includes a set of endpoint references and authorization information; and
  
  dynamically building, by the proxy server, the profile for the user that includes at least a portion of the authorization information in each of the plurality of resource profiles and a set of context resource identifiers for the plurality of application programming interfaces; and
  
  controlling, by the proxy server, access to a resource associated with the application programming interface that is referenced by the context resource identifier using the profile for the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein controlling, by the proxy server, access to the resource further comprises:
    - in response to dynamically building the profile, storing, by the proxy server, the profile in the cache in association with a logical expiration time and a physical expiration time for the profile for the user.
  - 3. The method of claim 2, wherein controlling, by the proxy server, access to the resource further comprises:
    - in response to the gateway validating a subscription corresponding to an organization using the client with respect to the context resource identifier inserted by the gateway, determining, by the proxy server, whether the user is authorized to access the resource based on the profile for the user and a role of the user in the organization; and
      
      in response to a determination that the user is authorized to access the resource, routing the modified message to the resource based on the context resource identifier inserted by the gateway.
  - 4. The method of claim 3, wherein controlling, by the proxy server, access to the resource further comprises:
    - generating, by the proxy server, an error code in response to a determination that the user is not authorized to access the resource; and
      
      sending, by the proxy server, the error code to the client through the gateway.
  - 5. The method of claim 2, wherein dynamically building the profile for the user comprises:
    - obtaining the plurality of resource profiles from the plurality of application programming interfaces, wherein each resource profile in the plurality of resource profiles is generated by a corresponding application programming interface in the plurality of application programming interfaces and includes a corresponding set of endpoint references and corresponding authorization information; and
      
      building the profile for the user based on the corresponding authorization information in each of the plurality of resource profiles.
  - 6. The method of claim 5 further comprising:
    - storing the set of endpoint references received in the each of the plurality of resource profiles in an endpoint data structure.
  - 7. The method of claim 1, wherein controlling, by the proxy server, access to the resource further comprises:
    - determining whether the user is authorized to access the resource based on the profile for the user; and
      
      routing the message to the resource in response to a determination that the user is authorized to access the resource.
  - 8. The method of claim 1, wherein controlling, by the proxy server, access to the resource further comprises:
    - routing the message to the resource based on a set of endpoint references for the resource when the user of the client is authorized to access the resource;
      
      receiving, at the proxy server, information from the resource through the application programming interface; and
      
      sending, by the proxy server, the information to the client through the gateway.
  - 9. The method of claim 8 further comprising:
    - storing, by the proxy server, the information in a data cache.
  - 10. The method of claim 1, wherein controlling, by the proxy server, access to the resource comprises:
    - receiving information from the resource through the application programming interface after the user of the client has been authorized for access to the resource;
      
      filtering the information based on a data privacy filter to form modified information; and
      
      sending the modified information to the client through the gateway.

11. An apparatus comprising:
- a plurality of resources; and
  
  a proxy server in communication with the plurality of resources, wherein the proxy server is configured;
  
  to receive a modified message from a gateway in communication with both a client and the proxy server, wherein the modified message includes a context resource identifier inserted by the gateway into a message received from the client;
  
  to determine whether an application programming interface referenced by the context resource identifier requires an authorization for a user;
  
  in response to a determination that the application programming interface requires the authorization for the user, to determine whether a profile for the user is present within a cache that is in communication with the proxy server;
  
  in response to a determination that the profile for the user is not present within the cache;
  
  to dynamically discover a plurality of application programming interfaces that are in communication with the proxy server;
  
  to obtain a plurality of resource profiles from the plurality of application programming interfaces, wherein each resource profile includes a set of endpoint references and authorization information; and
  
  to dynamically build the profile for the user that includes at least a portion of the authorization information in each of the plurality of resource profiles and a set of context resource identifiers for the plurality of application programming interfaces; and
  
  to control access to a resource associated with the application programming interface that is referenced by the context resource identifier using the profile for the user.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The apparatus of claim 11, wherein the proxy server comprises:
    - an authorization manager that determines whether the user of the client is authorized to access the resource using the profile for the user.
  - 13. The apparatus of claim 12, wherein the proxy server comprises:
    - a router that routes the message to the resource based on a set of endpoint references for the resource after the user has been authorized to access the resource.
  - 14. The apparatus of claim 12 further comprising:
    - the cache in communication with the proxy server, wherein the authorization manager determines whether the user is authorized to access the resource based on the profile for the user stored in the cache.
  - 15. The apparatus of claim 11, wherein the profile is stored in the cache along with a logical expiration time and a physical expiration time for the profile.
  - 16. The apparatus of claim 11, wherein the profile comprises:
    - a set of permissions for the user corresponding to each context resource identifier in the set of context resource identifiers, wherein each permission in the set of permissions corresponds to a different role of the user.
  - 17. The apparatus of claim 11, wherein each resource profile in the plurality of resource profiles includes a corresponding set of endpoint references and corresponding authorization information.
  - 18. The apparatus of claim 11, wherein the proxy server and the gateway form a dynamic and distributed system for facilitating communications between various clients and various resources that allows clients and resources to join and leave the dynamic and distributed system over time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ADP, Inc.
Original Assignee
ADP LLC (ADP, Inc.)
Inventors
Saheba, Jigesh, Masiero, Roberto A., Espina Carvajal, Isabel
Primary Examiner(s)
Parry, Chris
Assistant Examiner(s)
Jahnige, Caroline H

Application Number

US14/882,775
Publication Number

US 20170111444A1
Time in Patent Office

1,364 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/102   Entity profiles

H04L 67/1012   based on compliance of requ...

H04L 67/306   User profiles

H04L 67/5682   Policies or rules for updat...

Dynamic proxy server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic proxy server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links