US2024039914A1PendingUtilityA1
Non-in line data monitoring and security services
Est. expiryJun 29, 2040(~14 yrs left)· nominal 20-yr term from priority
H04L 63/0884H04L 63/10
66
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A method for accessing a data source is described. A communication for the data source is received from a proxy at a sidecar. The proxy mirrors the communication so that the communication is provided to the data source and the sidecar. The sidecar includes a dispatcher and service(s). The dispatcher receives the communication, is data agnostic, and provides the communication to the data source and service(s). The service(s) inspect the communication. In some embodiments, the dispatcher is an open systems interconnection (OSI) Layer 4 dispatcher and the service(s) include OSI Layer 7 service(s). The service(s) perform function(s) based on the communication.
Claims
exact text as granted — not AI-modified1 . (canceled)
2 . A method, comprising:
receiving a communication for a data source at a sidecar, the sidecar including a dispatcher and at least one service, the dispatcher receiving the communication and being data agnostic, the communication being received from a proxy, the proxy mirroring the communication such that the communication is provided to the data source and the sidecar; and providing the communication from the dispatcher to the data source and to the at least one service, the at least one service inspecting the communication; and performing a function by the at least one service based on the communication, wherein:
the function includes authentication of a requester of the data source,
the requester is a client,
the at least one service includes an authentication service, and
the performing of the function includes:
determining, using the service, whether the client is authorized to access the data source utilizing multi-factor authentication (MFA).
3 . The method of claim 2 , wherein the dispatcher is an open systems interconnection (OSI) Layer 4 dispatcher and wherein the at least one service includes at least one OSI Layer 7 service.
4 . The method of claim 2 , wherein the function further includes at least one of authentication of a requester of the data source, query analysis, multifactor authentication, tokenization of data, query rewriting, transaction monitoring, transaction logging, caching and behavioral baselining, and federated identity management.
5 . The method of claim 2 , wherein the performing of the function includes:
determining whether the client is authorized to access the data source using the authentication service; and notifying the proxy if the client is not authorized to access the data source.
6 . The method of claim 2 , wherein the communication corresponds to end user credentials for an end user, the method further comprising:
authenticating, using the service, the end user based on the end user credentials and utilizing federated identity management.
7 . The method of claim 2 , wherein the receiving further includes:
receiving the communication and a context from the proxy, the context being associated with the communication from a client; providing the context to the at least one service; comparing, by the at least one service, the context to a behavioral baseline for the client, the behavioral baseline incorporating a plurality of contexts previously received from the client; and notifying the proxy that the client is not authorized to access the data source if the context is not consistent with the behavioral baseline.
8 . A system, comprising:
a processor configured to:
receive a communication for a data source at a sidecar, the sidecar including a dispatcher and at least one service, the dispatcher receiving the communication and being data agnostic, the communication being received from a proxy, the proxy mirroring the communication such that the communication is provided to the data source and the sidecar;
provide the communication from the dispatcher to the data source and to the at least one service, the at least one service inspecting the communication; and
perform a function by the at least one service based on the communication, wherein:
the function includes authentication of a requester of the data source,
the requester is a client,
the at least one service includes an authentication service, and
the performing of the function includes to:
determine, using the service, whether the client is authorized to access the data source utilizing multi-factor authentication (WA); and
a memory coupled to the processor and configured to provide the processor with instructions.
9 . The system of claim 8 , wherein the dispatcher is an open systems interconnection (OSI) Layer 4 dispatcher and wherein the at least one service includes at least one OSI Layer 7 service.
10 . The system of claim 8 , wherein the function further includes at least one of authentication of a requester of the data source, query analysis, multifactor authentication, tokenization of data, query rewriting, transaction monitoring, transaction logging, caching and behavioral baselining, and federated identity management.
11 . The system of claim 8 , wherein to perform the function, the processor is further configured to:
determine whether the client is authorized to access the data source using the authentication service; and notify the proxy if the client is not authorized to access the data source.
12 . The system of claim 8 , wherein the communication corresponds to end user credentials for an end user, and wherein the processor is further configured to:
authenticate, using the service, the end user based on the end user credentials and utilizing federated identity management.
13 . The system of claim 8 , wherein to receive, the processor is further configured to:
receive the communication and a context from the proxy, the context being associated with the communication from a client; provide the context to the at least one service; compare, by the at least one service, the context to a behavioral baseline for the client, the behavioral baseline incorporating a plurality of contexts previously received from the client; and notify the proxy that the client is not authorized to access the data source if the context is not consistent with the behavioral baseline.
14 . A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
receiving a communication for a data source at a sidecar, the sidecar including a dispatcher and at least one service, the dispatcher receiving the communication and being data agnostic, the communication being received from a proxy, the proxy mirroring the communication such that the communication is provided to the data source and the sidecar; providing the communication from the dispatcher to the data source and to the at least one service, the at least one service inspecting the communication; and performing a function by the at least one service based on the communication, wherein:
the function includes authentication of a requester of the data source,
the requester is a client,
the at least one service includes an authentication service, and
the performing the function includes:
determining, using the service, whether the client is authorized to access the data source utilizing multi-factor authentication (MFA).
15 . The computer program product of claim 14 , wherein the dispatcher is an open systems interconnection (OSI) Layer 4 dispatcher and wherein the at least one service includes at least one OSI Layer 7 service.
16 . The computer program product of claim 14 , wherein the function further includes at least one of authentication of a requester of the data source, query analysis, multifactor authentication, tokenization of data, query rewriting, transaction monitoring, transaction logging, caching and behavioral baselining, and federated identity management.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.