AUTOMATED SDK INGESTION

US 20150135287A1
Filed: 11/13/2014
Published: 05/14/2015
Est. Priority Date: 11/13/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for parsing software development kit interfaces to obtain customer usage, comprising:

under the control of one or more computer systems configured with executable instructions, loading a library to a security platform, wherein the library is an interface to a remote application programming interface;

generating a top-level object, the top-level object including access credentials configured to connect with a remote endpoint;

executing function calls to retrieve reference names of methods for the top-level object;

recursively retrieving data from each method of the executed function calls; and

storing retrieved data in a data store.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an assessment or audit of a computer system, an auditing subsystem will parse software development kit (“SDK”) interfaces and obtain customer usage, configuration and security information by applying requests for information to the application programming interfaces provided by the SDK interfaces.

109 Citations

19 Claims

1. A computer-implemented method for parsing software development kit interfaces to obtain customer usage, comprising:
- under the control of one or more computer systems configured with executable instructions, loading a library to a security platform, wherein the library is an interface to a remote application programming interface;
  
  generating a top-level object, the top-level object including access credentials configured to connect with a remote endpoint;
  
  executing function calls to retrieve reference names of methods for the top-level object;
  
  recursively retrieving data from each method of the executed function calls; and
  
  storing retrieved data in a data store.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented method of claim 1, wherein the retrieving is executed until a predetermined object is retrieved.
  - 3. The computer-implemented method of claim 1, further comprising:
    - detecting a last object based on the top-level object; and
      
      completing the recursive retrieving based at least in part on the detected last object.
  - 4. The computer-implemented method of claim 1, wherein the remote application programming interface is an application programming interface for an Amazon®
    - Web Service.

5. A system, comprising at least one computing device configured to implement one or more services, wherein the one or more services are configured to:
- load a library, wherein the library is an interface to a remote application programming interface;
  
  generate a top-level object, the top-level object including access keys associated with a customer of the remote application programming interface, wherein the access keys are configured to authenticate a communication channel with a remote endpoint;
  
  execute at least one call to retrieve names of methods for the top-level object;
  
  filter the retrieved names of the methods, wherein the filtering includes removing the retrieved names of the methods when the call may be unsafe;
  
  execute each method of the retrieved methods, wherein executing each method returns a set of data related to each method; and
  
  store the set of data in a data store.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The system of claim 5, wherein an unsafe call may include a call that, if executed, would change, alter, modify, or delete data related to an object associated with the call.
  - 7. The system of claim 5, wherein each method is executed in an order, the order including executing a first method, retrieving data associated with the executed first method, and executing a second method.
  - 8. The system of claim 5, wherein the set of data comprises a representation of data stored on a remote endpoint of the application programming interface.
  - 9. The system of claim 5, wherein the one or more services are further configured to retrieve metadata related to the top-level object and at least one additional object.
  - 10. The system of claim 5, wherein the access keys associated with the customer of the remote application programming interface include a temporary security credential, the temporary security credential including an access key identifier, a secret access key, and a session token.
  - 11. The system of claim 5, wherein the remote application programming interface is an application programming interface for an Amazon®
    - Web Services service.
  - 12. The system of claim 5, wherein the one or more services are further configured to perform a security risk assessment based at least in part on the set of data.

13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
- load a library, wherein the library is an interface to a remote application programming interface;
  
  create a first object, the first object including authentication credentials associated with a customer of the remote application programming interface, wherein the authentication credentials are configured to authenticate a communication channel with the remote application programming interface;
  
  execute a call to retrieve names of methods for the first object;
  
  execute each method of the retrieved methods, wherein executing each method returns a set of data related to each method;
  
  receive multiple objects in response to executing each method;
  
  retrieve data associated with each of the multiple objects, wherein retrieving the data associated with each of the multiple objects includes recursively executing a call for each method in the multiple objects; and
  
  store the retrieved data.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to continuously monitor the remote application programming interface in real-time or near real-time.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to scan security and/or configuration setting permutations for each object.
  - 16. The non-transitory computer-readable storage medium of claim 13, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to provide a graphical user interface output to display the retrieved data associated with the first object and the multiple objects.
  - 17. The non-transitory computer-readable storage medium of claim 13, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to apply a signature to the retrieved data.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein the instructions that cause the computer system to apply the signature to the retrieved data further include instructions that cause the computer system to provide an alert based at least in part on an outcome of the signature.
  - 19. The non-transitory computer-readable storage medium of claim 13, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to interpret the retrieved data according to a security rules analysis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Evident.io, Inc. (Palo Alto Networks Incorporated)
Inventors
Medeiros, Claire, Lundy, Justin

Granted Patent

US 9,805,202 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/50 Monitoring users, programs ...

G06F 21/577 Assessing vulnerabilities a...

AUTOMATED SDK INGESTION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATED SDK INGESTION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links