The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Aug. 27, 2024
Filed:
Jun. 03, 2021
Arecabay, Inc., San Mateo, CA (US);
Lebin Cheng, Saratoga, CA (US);
Ravindra Balupari, Dublin, CA (US);
Sekhar Babu Chintaginjala, Karnataka, IN;
Ankit Kumar, Karnataka, IN;
Sandeep Yadav, South San Francisco, CA (US);
ArecaBay, Inc., San Mateo, CA (US);
Abstract
A dynamic API security policy is enforced at runtime. This can be done without having access to the API specification or code. A flow of execution initiated by the API is tracked at runtime, and a data object used by the API is identified. Specific data labels are assigned to specific fields of the data object used by the API. The specific data labels consistently identify data fields of specific types. The API security policy that is enforced prohibits specific actions concerning data fields of specific types, which are also consistently identified in the security policy. Actions in the tracked flow of execution that violate the API security policy are detected at runtime, and security actions are taken in response. In some implementations, these dynamic API security techniques are supplemented with static API security analysis of an API specification and a set of rules concerning API risk assessment.