Securing application programming interfaces (APIS) through infrastructure virtualization
First Claim
Patent Images
1. A method of managing one or more computing devices, comprising:
- registering, by a computer system, one or more stubs installed on at least one computing device, each stub being comprised of a software library with security protections abstracted from hardware;
constructing a virtual routing table using endpoint address information of the one or more stubs;
determining a key corresponding to the endpoint address information;
transmitting a portion of the virtual routing table to the one or more stubs such that the one or more stubs are configured to create a virtual pipe for exchanging data between a first application running on the at least one computing device and a second application running on at least one other computing device using the portion of the virtual routing table and the key, the portion of the virtual routing table being stored in the one or more stubs and including at least endpoint address information of the at least one other computing device, wherein the creating the virtual pipe includes creating an authenticated and secured connection between the first application running on the at least one computing device and the second application running on the at least one other computing device;
virtualizing intermediary devices between the at least one computing device and the at least one other computing device; and
managing the exchanging of the data over the virtual pipe directly between the first application running on the at least one computing device and the second application running on the at least one other computing device without any intermediary devices, using the one or more stubs,wherein;
the one or more stubs are virtualized application programming interfaces,the virtualized intermediary devices are included in the one or more stubs, andthe creating the virtual pipe for exchanging the data between the first application running on the at least one computing device and the second application running on the at least one other computing device is performed by the one or more stubs in response to receiving a web service call from the first application running on the at least one computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for the secure exchange of data within a network are provided. A method includes, registering, by a computer system, one or more stubs installed on at least one computing device. The method further includes constructing a virtual routing table using endpoint address information of the one or more stubs. The method further transmitting a portion of the virtual routing table to the one or more stubs such that the one or more stubs are configured to create a virtual pipe for exchanging data between the at least one computing device and at least one other computing device using the portion of the virtual routing table.
26 Citations
17 Claims
-
1. A method of managing one or more computing devices, comprising:
-
registering, by a computer system, one or more stubs installed on at least one computing device, each stub being comprised of a software library with security protections abstracted from hardware; constructing a virtual routing table using endpoint address information of the one or more stubs; determining a key corresponding to the endpoint address information; transmitting a portion of the virtual routing table to the one or more stubs such that the one or more stubs are configured to create a virtual pipe for exchanging data between a first application running on the at least one computing device and a second application running on at least one other computing device using the portion of the virtual routing table and the key, the portion of the virtual routing table being stored in the one or more stubs and including at least endpoint address information of the at least one other computing device, wherein the creating the virtual pipe includes creating an authenticated and secured connection between the first application running on the at least one computing device and the second application running on the at least one other computing device; virtualizing intermediary devices between the at least one computing device and the at least one other computing device; and managing the exchanging of the data over the virtual pipe directly between the first application running on the at least one computing device and the second application running on the at least one other computing device without any intermediary devices, using the one or more stubs, wherein; the one or more stubs are virtualized application programming interfaces, the virtualized intermediary devices are included in the one or more stubs, and the creating the virtual pipe for exchanging the data between the first application running on the at least one computing device and the second application running on the at least one other computing device is performed by the one or more stubs in response to receiving a web service call from the first application running on the at least one computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 17)
-
-
10. A computer program product for creating a virtual pipe for exchanging data comprising computer readable program instructions stored on non-transitory computer readable storage medium, the computer readable program instructions causing a computing device to:
-
initialize and register a stub at a first computing device, the stub being comprised of a software library with security protections embedded in a virtual layer; receive, at the stub, a web service call from a first application running on the first computing device; receive at least one endpoint address at the stub from a management console; determine a key corresponding to the at least one endpoint address; in response to receiving the web service call from the first application running on the first computing device, establish a virtual pipe with a second computing device using the at least one endpoint address and the key, the establishing the virtual pipe includes creating an authenticated and secured connection between a first application running on the first computing device and a second application running on the second computing device; virtualize intermediary devices between the first computing device and the second computing device; manage the exchanging of the data over the virtual pipe directly between the first application running on the first computing device and the second application running on the second computing device without any intermediary devices; exchange data over the virtual pipe; and monitor and report network health information to the management console, wherein; the stub is a virtualized application programming interface, the virtualized intermediary devices are included in the stub, and the monitoring and reporting comprise the computer readable program instructions further causing the computing device to; establish a secure connection between the stub and the management console; receive one or more rules at the stub from the management console, wherein the one or more rules define the network health information to be monitored by the stub; record the network health information at the stub; and send the network health information from the stub to the management console. - View Dependent Claims (11, 12)
-
-
13. A computer system for generating a virtual pipe for exchanging data, comprising:
-
a hardware memory device that stores program instructions; a processor that executes the program instructions and causes the computer system to; register a plurality of software stubs, each associated with a computer device, with a management console; receive rules from the management console for each of the software stubs; intercept, using a first software stub of the plurality of software stubs, a web service call from a first application; determine an endpoint address for the intercepted web service call based on the received rules, wherein routing information to the endpoint address in the received rules shared by the management console with each software stub is limited to endpoint information that each of the software stubs will exchange data with; determine a key corresponding to the endpoint address based on the received rules; create a virtual pipe using the endpoint address and the key to exchange data directly with a second application running on a computing device using the virtual pipe, wherein the creating the virtual pipe includes creating an authenticated and secured connection with the second application running on the computing device using the virtual pipe; virtualize intermediary devices between the computer system and the computing device; and manage the exchanging of the data over the virtual pipe directly between the first application running on the computer system and the second application running on the computing device without any intermediary devices by using the first software stub to encrypt and route the data over the virtual pipe directly to a second software stub of the plurality of software stubs, wherein the virtualized intermediary devices are included in the plurality of software stubs. - View Dependent Claims (14, 15, 16)
-
Specification