The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Feb. 27, 2024
Filed:
Jun. 03, 2021
Arecabay, Inc., San Mateo, CA (US);
Lebin Cheng, Saratoga, CA (US);
Ravindra Balupari, Dublin, CA (US);
Sekhar Babu Chintaginjala, Karnataka, IN;
Ankit Kumar, Karnataka, IN;
Sandeep Yadav, South San Francisco, CA (US);
ArecaBay, Inc., San Mateo, CA (US);
Abstract
A multi-API security policy that covers multiple API calls of a transaction is dynamically enforced at runtime, without access to the specification or code of the APIs. Calls made to APIs of the transaction are logged, and the logs are read. Data objects used by the APIs are identified. Specific data labels are assigned to specific fields of the data objects, consistently identifying data fields of specific types. Linkages are identified between specific ones of the multiple APIs, based on the consistent identification of specific types of data fields. An API call graph is constructed, identifying a sequence of API calls made during the transaction. The call graph is used to enforce the security policy, by tracking the flow of execution of the multi-API transaction at runtime, and detecting actions that violate the security policy. Security actions are taken responsive to the detected actions that violate the policy.