Securing application programming interfaces (APIS) through infrastructure virtualization

US 10,447,676 B2
Filed: 10/10/2014
Issued: 10/15/2019
Est. Priority Date: 10/10/2014
Status: Active Grant

First Claim

Patent Images

1. A method of managing one or more computing devices, comprising:

registering, by a computer system, one or more stubs installed on at least one computing device, each stub being comprised of a software library with security protections abstracted from hardware;

constructing a virtual routing table using endpoint address information of the one or more stubs;

determining a key corresponding to the endpoint address information;

transmitting a portion of the virtual routing table to the one or more stubs such that the one or more stubs are configured to create a virtual pipe for exchanging data between a first application running on the at least one computing device and a second application running on at least one other computing device using the portion of the virtual routing table and the key, the portion of the virtual routing table being stored in the one or more stubs and including at least endpoint address information of the at least one other computing device, wherein the creating the virtual pipe includes creating an authenticated and secured connection between the first application running on the at least one computing device and the second application running on the at least one other computing device;

virtualizing intermediary devices between the at least one computing device and the at least one other computing device; and

managing the exchanging of the data over the virtual pipe directly between the first application running on the at least one computing device and the second application running on the at least one other computing device without any intermediary devices, using the one or more stubs,wherein;

the one or more stubs are virtualized application programming interfaces,the virtualized intermediary devices are included in the one or more stubs, andthe creating the virtual pipe for exchanging the data between the first application running on the at least one computing device and the second application running on the at least one other computing device is performed by the one or more stubs in response to receiving a web service call from the first application running on the at least one computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for the secure exchange of data within a network are provided. A method includes, registering, by a computer system, one or more stubs installed on at least one computing device. The method further includes constructing a virtual routing table using endpoint address information of the one or more stubs. The method further transmitting a portion of the virtual routing table to the one or more stubs such that the one or more stubs are configured to create a virtual pipe for exchanging data between the at least one computing device and at least one other computing device using the portion of the virtual routing table.

26 Citations

View as Search Results

17 Claims

1. A method of managing one or more computing devices, comprising:
- registering, by a computer system, one or more stubs installed on at least one computing device, each stub being comprised of a software library with security protections abstracted from hardware;
  
  constructing a virtual routing table using endpoint address information of the one or more stubs;
  
  determining a key corresponding to the endpoint address information;
  
  transmitting a portion of the virtual routing table to the one or more stubs such that the one or more stubs are configured to create a virtual pipe for exchanging data between a first application running on the at least one computing device and a second application running on at least one other computing device using the portion of the virtual routing table and the key, the portion of the virtual routing table being stored in the one or more stubs and including at least endpoint address information of the at least one other computing device, wherein the creating the virtual pipe includes creating an authenticated and secured connection between the first application running on the at least one computing device and the second application running on the at least one other computing device;
  
  virtualizing intermediary devices between the at least one computing device and the at least one other computing device; and
  
  managing the exchanging of the data over the virtual pipe directly between the first application running on the at least one computing device and the second application running on the at least one other computing device without any intermediary devices, using the one or more stubs,wherein;
  
  the one or more stubs are virtualized application programming interfaces,the virtualized intermediary devices are included in the one or more stubs, andthe creating the virtual pipe for exchanging the data between the first application running on the at least one computing device and the second application running on the at least one other computing device is performed by the one or more stubs in response to receiving a web service call from the first application running on the at least one computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 17)
- - 2. The method of claim 1, wherein the endpoint address information comprises all endpoint addresses necessary to carry out functions of one or more applications installed on the at least one other computing device.
  - 3. The method of claim 1, further comprising determining one or more rules to be applied to the one or more stubs.
  - 4. The method of claim 3, further comprising transmitting the one or more rules to the one or more stubs.
  - 5. The method of claim 4, wherein the one or more rules instruct the one or more stubs to apply a level of encryption for the data.
  - 6. The method of claim 4, wherein the one or more rules instruct the one or more stubs to authenticate the at least one computing device and the at least one other computing device.
  - 7. The method of claim 1, further comprising at least one of:
    - pausing, resuming, or removing execution of the one or more stubs.
  - 8. The method of claim 1, wherein a service provider at least one of creates, maintains, and supports the computer system.
  - 9. The method of claim 1, further comprising deploying a system for creating the virtual pipe, comprising providing a computer infrastructure operable to perform the steps of claim 1.
  - 17. The method of claim 1, wherein the managing the exchanging of the data over the virtual pipe directly between the first application running on the at least one computing device and the second application running on the at least one other computing device without any intermediary devices includes a first stub of the one or more stubs exchanging data directly with a second stub of the one or more stubs.

10. A computer program product for creating a virtual pipe for exchanging data comprising computer readable program instructions stored on non-transitory computer readable storage medium, the computer readable program instructions causing a computing device to:
- initialize and register a stub at a first computing device, the stub being comprised of a software library with security protections embedded in a virtual layer;
  
  receive, at the stub, a web service call from a first application running on the first computing device;
  
  receive at least one endpoint address at the stub from a management console;
  
  determine a key corresponding to the at least one endpoint address;
  
  in response to receiving the web service call from the first application running on the first computing device, establish a virtual pipe with a second computing device using the at least one endpoint address and the key, the establishing the virtual pipe includes creating an authenticated and secured connection between a first application running on the first computing device and a second application running on the second computing device;
  
  virtualize intermediary devices between the first computing device and the second computing device;
  
  manage the exchanging of the data over the virtual pipe directly between the first application running on the first computing device and the second application running on the second computing device without any intermediary devices;
  
  exchange data over the virtual pipe; and
  
  monitor and report network health information to the management console,wherein;
  
  the stub is a virtualized application programming interface,the virtualized intermediary devices are included in the stub, andthe monitoring and reporting comprise the computer readable program instructions further causing the computing device to;
  
  establish a secure connection between the stub and the management console;
  
  receive one or more rules at the stub from the management console, wherein the one or more rules define the network health information to be monitored by the stub;
  
  record the network health information at the stub; and
  
  send the network health information from the stub to the management console.
- View Dependent Claims (11, 12)
- - 11. The computer program product of claim 10, wherein the exchanging of the data over the virtual pipe is one of a fully encrypted or selectively encrypted exchange.
  - 12. The computer program product of claim 10, further comprising handling authentication, encryption, and load balancing of the exchanging of the data for the first application.

13. A computer system for generating a virtual pipe for exchanging data, comprising:
- a hardware memory device that stores program instructions;
  
  a processor that executes the program instructions and causes the computer system to;
  
  register a plurality of software stubs, each associated with a computer device, with a management console;
  
  receive rules from the management console for each of the software stubs;
  
  intercept, using a first software stub of the plurality of software stubs, a web service call from a first application;
  
  determine an endpoint address for the intercepted web service call based on the received rules, wherein routing information to the endpoint address in the received rules shared by the management console with each software stub is limited to endpoint information that each of the software stubs will exchange data with;
  
  determine a key corresponding to the endpoint address based on the received rules;
  
  create a virtual pipe using the endpoint address and the key to exchange data directly with a second application running on a computing device using the virtual pipe, wherein the creating the virtual pipe includes creating an authenticated and secured connection with the second application running on the computing device using the virtual pipe;
  
  virtualize intermediary devices between the computer system and the computing device; and
  
  manage the exchanging of the data over the virtual pipe directly between the first application running on the computer system and the second application running on the computing device without any intermediary devices by using the first software stub to encrypt and route the data over the virtual pipe directly to a second software stub of the plurality of software stubs,wherein the virtualized intermediary devices are included in the plurality of software stubs.
- View Dependent Claims (14, 15, 16)
- - 14. The computer system of claim 13, wherein the web service call is handled by the first software stub.
  - 15. The computer system of claim 14, wherein the program instructions are further operable to cause the computer system to handle authentication and load balancing of the exchanging of the data for the first application making the web service call.
  - 16. The computer system of claim 15, wherein the program instructions are further operable to cause the computer system to monitor and report network health information to the management console, the monitoring and reporting comprising:
    - establishing a secure connection between the stub and the management console;
      
      receiving one or more rules at the software stubs from the management console, wherein the one or more rules define the network health information to be monitored by the software stubs;
      
      recording the network health information at the software stubs; and
      
      sending the network health information from the software stubs to the management console.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ADP, Inc.
Original Assignee
ADP LLC (ADP, Inc.)
Inventors
Cooper, Thomas A., LaRosa, Vincent J.
Primary Examiner(s)
Pham, Luu T
Assistant Examiner(s)
Cohen, Harvey I

Application Number

US14/512,041
Publication Number

US 20160105408A1
Time in Patent Office

1,831 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 43/0817   by checking functioning

H04L 43/20   the monitoring system or th...

H04L 45/42   Centralised routing

H04L 45/745   Address table lookup; Addre...

H04L 47/125   by balancing the load, e.g....

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

Securing application programming interfaces (APIS) through infrastructure virtualization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Securing application programming interfaces (APIS) through infrastructure virtualization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others