System and method for transforming inter-component communications through semantic interpretation

US 9,716,729 B2
Filed: 03/10/2014
Issued: 07/25/2017
Est. Priority Date: 03/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method for transforming inter-communications in a computing platform comprising:

instantiating a set of isolated components, wherein each isolated component of the set of isolated components is individually isolated within a dedicated operating system level virtualization container;

to each of the isolated components of the set of isolated components, binding a respective semantic pipeline, wherein each respective semantic pipeline is bound as a dedicated semantic pipeline to a respective one of the isolated components;

establishing platform policies, the establishing comprising, for each of the semantic pipelines of the set of isolated components, defining a set of stages for the semantic pipeline, the set of stages being defined by the platform policies, each respective semantic pipeline for evaluating communications involving the isolated component to which it is bound, and each respective semantic pipeline for applying the platform policies to the communications, wherein the platform policies include, for each of one or more of the semantic pipelines, at least one rule policy for evaluating requested communications from a requesting one of the isolated components to a destination one of the isolated components, the rule policy determining whether requested communications are allowed or denied based on one or both of the requesting component and the destination component;

channeling communications of each of the isolated components through the respective semantic pipeline bound to the isolated component;

progressively processing a communication of one of the isolated components through the stages of the respective semantic pipeline; and

delivering the processed communication to a destination component in accordance with the platform policies, such that all communications from the one of the isolated components to the destination component are delivered through the respective semantic pipeline.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for transforming inter-communications in a computing platform that includes establishing platform policies; isolating components of a platform; channeling communications of a component through a semantic pipeline; progressively processing a communication through stages of the semantic pipeline; and delivering the processed communication to the destination component in accordance with the semantic pipeline.

37 Citations

23 Claims

1. A method for transforming inter-communications in a computing platform comprising:
- instantiating a set of isolated components, wherein each isolated component of the set of isolated components is individually isolated within a dedicated operating system level virtualization container;
  
  to each of the isolated components of the set of isolated components, binding a respective semantic pipeline, wherein each respective semantic pipeline is bound as a dedicated semantic pipeline to a respective one of the isolated components;
  
  establishing platform policies, the establishing comprising, for each of the semantic pipelines of the set of isolated components, defining a set of stages for the semantic pipeline, the set of stages being defined by the platform policies, each respective semantic pipeline for evaluating communications involving the isolated component to which it is bound, and each respective semantic pipeline for applying the platform policies to the communications, wherein the platform policies include, for each of one or more of the semantic pipelines, at least one rule policy for evaluating requested communications from a requesting one of the isolated components to a destination one of the isolated components, the rule policy determining whether requested communications are allowed or denied based on one or both of the requesting component and the destination component;
  
  channeling communications of each of the isolated components through the respective semantic pipeline bound to the isolated component;
  
  progressively processing a communication of one of the isolated components through the stages of the respective semantic pipeline; and
  
  delivering the processed communication to a destination component in accordance with the platform policies, such that all communications from the one of the isolated components to the destination component are delivered through the respective semantic pipeline.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1, wherein binding a semantic pipeline comprises binding the semantic pipeline to outbound communications of at least one of the isolated components.
  - 3. The method of claim 1, wherein binding a semantic pipeline comprises binding the semantic pipeline to inbound communications of at least one of the isolated components.
  - 4. The method of claim 1, wherein progressively processing a communication through stages of the semantic pipeline comprises executing at least one processing stage defined by a first component policy rule, wherein the communication is an inter-component operational request.
  - 5. The method of claim 4, wherein progressively processing a communication through stages of the semantic pipeline further comprises executing at least a second processing stage defined by a second component policy rule.
  - 6. The method of claim 5, wherein executing the first and second stages of the semantic pipeline are commutative.
  - 7. The method of claim 4, wherein executing the at least one processing stage comprises synchronously processing the communication and outputting a synchronously processed communication.
  - 8. The method of claim 7, wherein the at least one processing stage is an authoritative stage;
    - and wherein synchronously processing the communication comprises verifying authorization to complete the communication.
  - 9. The method of claim 7, wherein the at least one processing stage is a latency tracking stage;
    - and wherein synchronously processing the communication comprises logging latency measurements evident with the communication.
  - 10. The method of claim 7, wherein the at least one processing stage is a latency altering stage;
    - and wherein synchronously processing the communication comprises perturbing latency of the communication.
  - 11. The method of claim 4, wherein executing the at least one processing stage comprises triggering communication to an outside component.
  - 12. The method of claim 4, wherein executing the at least one processing stage comprises asynchronously processing the communication and outputting a processed communication.
  - 13. The method of claim 12, wherein asynchronously processing the communication comprises logging the communication.
  - 14. The method of claim 4, wherein executing the at least one processing stage comprises semantically interpreting the communication.
  - 15. The method of claim 14, wherein semantically interpreting the communication comprises detecting string property values of communication parameters.
  - 16. The method of claim 14, wherein executing the at least one processing stage comprises executing a semantically aware authentication rewrite of authentication in the communication.
  - 17. The method of claim 14, wherein semantically interpreting the communication comprises detecting a flagged property value;
    - and wherein executing the at least one processing stage further comprises sanitizing the flagged property value.
  - 18. The method of claim 4, wherein executing the at least one processing stage comprises analyzing involved components in the communication.
  - 19. The method of claim 1, wherein delivering the processed communication to the destination component comprises upgrading to a cryptographic protocol in the communication between the semantic pipeline and the destination component.
  - 20. The method of claim 19, wherein the upgrade requires semantically aware upgrade instructions.
  - 21. The method of claim 1, wherein binding a semantic pipeline comprises opening a firewall of the operating system level virtualization container to the dedicated semantic pipeline.
  - 22. The method of claim 1, wherein channeling communication comprises filtering packet communication through the dedicated semantic pipeline.
  - 23. The method of claim 1, wherein delivering the processed communication to the destination component in accordance with the semantic pipeline comprises:
    - channeling communication to the destination component through a second semantic pipeline of the destination component, wherein the second semantic pipeline is a dedicated pipeline bound to the destination component;
      
      progressively processing the communication through a set of stages of the second dedicated semantic pipeline; and
      
      delivering communication processed by the second semantic pipeline to the destination component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apcera, Inc. (Telefonaktiebolaget LM Ericsson)
Original Assignee
Apcera, Inc. (Telefonaktiebolaget LM Ericsson)
Inventors
Collison, Derek, Pennock, Philip D.
Primary Examiner(s)
BIAGINI, CHRISTOPHER D

Application Number

US14/203,336
Publication Number

US 20140280999A1
Time in Patent Office

1,233 Days
Field of Search

709206
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04W 12/68   Gesture-dependent or behavi...

System and method for transforming inter-component communications through semantic interpretation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for transforming inter-component communications through semantic interpretation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links