BROKERING DATA ACCESS REQUESTS AND RESPONSES

US 20160164751A1
Filed: 02/10/2016
Published: 06/09/2016
Est. Priority Date: 07/15/2014
Status: Active Grant

First Claim

Patent Images

1. A computer system, the computer system comprising:

one or more processors;

system memory;

a brokering service, using the one or more processors, configured to;

receive a data access request from an entity outside a security boundary, the data access request requesting data maintained inside the security boundary;

access a response for the data access request from an exposed endpoint, the exposed endpoint for an internal identity used inside the security boundary, the entity having been mapped to the internal identity;

decouple the exposed endpoint from the entity by rewriting the response to make it appear that a component of a brokering pipeline generated the response; and

send the re-written response to the entity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention extends to methods, systems, and computer program products for brokering data access requests and responses. Aspects of the invention include a brokering pipeline that sequentially processes data access requests and data access responses. The brokering pipeline manages access authentications, request brokering, response rewrite, cache, and hosting multiple (e.g., business) entities.

Citations

20 Claims

1. A computer system, the computer system comprising:
- one or more processors;
  
  system memory;
  
  a brokering service, using the one or more processors, configured to;
  
  receive a data access request from an entity outside a security boundary, the data access request requesting data maintained inside the security boundary;
  
  access a response for the data access request from an exposed endpoint, the exposed endpoint for an internal identity used inside the security boundary, the entity having been mapped to the internal identity;
  
  decouple the exposed endpoint from the entity by rewriting the response to make it appear that a component of a brokering pipeline generated the response; and
  
  send the re-written response to the entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 18, 19)
- - 2. The system of claim 1, further comprising the brokering service, using the one or more processors, configured to map the entity to the internal identity
  - 3. The system of claim 2, wherein the brokering service, using the one or more processors, configured to map the entity to the internal identity comprises the brokering service, using the one or more processors, configured to refer to an access directory to determine that the entity maps to the internal identity.
  - 4. The system of claim 1, further comprising the brokering service, using the one or more processors, configured to validate the entity for public access to the brokering pipeline.
  - 5. The system of claim 1, further comprising the brokering service, using the one or more processors, configured to send the data access request to the exposed endpoint.
  - 6. The system of claim 1, further comprising the brokering service, using the one or more processors, configured to:
    - register logic associated with the entity at a query engine; and
      
      sending the data access request to the registered logic.
  - 7. The system of claim 1, wherein the brokering service, using the one or more processors, configured to receive a data access request from an entity outside a security boundary comprises the brokering service, using the one or more processors, configured to receive a data access request from a computing domain;
    - andfurther comprising the brokering service, using the one or more processors, configured to validate the computing domain for private access to one or more data repositories.
  - 8. The method of claim 1, wherein the brokering service, using the one or more processors, configured to access a response for the data access request comprises the brokering service, using the one or more processors, configured to access the response from a caching layer of the brokering pipeline.
  - 9. The method of claim 1, wherein the brokering service, using the one or more processors, configured to access a response for the data access request comprises the brokering service, using the one or more processors, configured to access a response that includes the requested data returned from one or more data repositories.
  - 18. The method of claim 1, wherein accessing a response for the data access request comprises accessing a response that includes the requested data returned from a caching layer of the brokering pipeline.
  - 19. The method of claim 1, wherein accessing a response to for data access request comprises accessing a response that includes the requested data returned from one or more data repositories.

10. A method for use at a computer system, the computer system including a processor, a method for brokering a data access request, the method comprising the processor:
- receiving a data access request from an entity outside a security boundary, the data access request requesting data maintained inside the security boundary;
  
  accessing a response for the data access request from an exposed endpoint, the exposed endpoint for an internal identity used inside the security boundary, the entity having been mapped to the internal identity;
  
  decoupling the exposed endpoint from the entity by rewriting the response to make it appear that a component of a brokering pipeline inside the security boundary generated the response; and
  
  sending the re-written response to the entity.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, further comprising mapping the entity to the internal identity.
  - 12. The method of claim 11, wherein mapping the entity to the internal identity comprises referring to an access directory to determine that the entity maps to the internal identity.
  - 13. The method of claim 10, further comprising validating the entity for public access to the brokering pipeline.
  - 14. The method of claim 10, further comprising registering logic associated with the entity at a query engine.
  - 15. The method of claim 10, wherein receiving a data access request from an entity outside a security boundary comprises receiving a data access request from a computing domain;
    - andfurther comprising validating the computing domain for private access to the one or more data repositories.
  - 16. The method of claim 10, further comprising sending the data access request to the exposed endpoint.
  - 17. The method of claim 16, wherein sending the data access request to the exposed endpoint comprises sending the data access request to registered logic at a query engine.

20. A computer program product for use at a computer system, the computer program product for implementing a method for brokering a data access request, the computer program product comprising one or more computer storage devices having stored thereon computer-executable instructions that, when executed at a processor, cause the computer system to perform the method, including the following:
- receive a data access request from an entity outside a security boundary, the data access request requesting data maintained inside the security boundary;
  
  access a response for the data access request from an exposed endpoint, the exposed endpoint for an internal identity used inside the security boundary, the entity having been mapped to the internal identity;
  
  decouple the exposed endpoint from the entity by rewriting the response to make it appear that a component of a brokering pipeline inside the security boundary generated the response; and
  
  send the re-written response to the entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Liu, Zhen, Mak, Bobby Chiu Chun, Huang, Jerry, He, Jun, DENG, Xiaomin, Li, QingHu, Zhang, Wei Pu

Granted Patent

US 9,654,352 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6227   where protection concerns t...

G06F 21/6236   between heterogeneous systems

H04L 41/28   Restricting access to netwo...

H04L 47/783   Distributed allocation of r...

H04L 63/0281   Proxies

H04L 63/20   for managing network securi...

H04L 67/568   Storing data temporarily at...

BROKERING DATA ACCESS REQUESTS AND RESPONSES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

BROKERING DATA ACCESS REQUESTS AND RESPONSES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links