US2024039914A1PendingUtilityA1

Non-in line data monitoring and security services

66
Assignee: CYRAL INCPriority: Jun 29, 2020Filed: Aug 14, 2023Published: Feb 1, 2024
Est. expiryJun 29, 2040(~14 yrs left)· nominal 20-yr term from priority
H04L 63/0884H04L 63/10
66
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method for accessing a data source is described. A communication for the data source is received from a proxy at a sidecar. The proxy mirrors the communication so that the communication is provided to the data source and the sidecar. The sidecar includes a dispatcher and service(s). The dispatcher receives the communication, is data agnostic, and provides the communication to the data source and service(s). The service(s) inspect the communication. In some embodiments, the dispatcher is an open systems interconnection (OSI) Layer 4 dispatcher and the service(s) include OSI Layer 7 service(s). The service(s) perform function(s) based on the communication.

Claims

exact text as granted — not AI-modified
1 . (canceled) 
     
     
         2 . A method, comprising:
 receiving a communication for a data source at a sidecar, the sidecar including a dispatcher and at least one service, the dispatcher receiving the communication and being data agnostic, the communication being received from a proxy, the proxy mirroring the communication such that the communication is provided to the data source and the sidecar; and   providing the communication from the dispatcher to the data source and to the at least one service, the at least one service inspecting the communication; and   performing a function by the at least one service based on the communication, wherein:
 the function includes authentication of a requester of the data source, 
 the requester is a client, 
 the at least one service includes an authentication service, and 
 the performing of the function includes:
 determining, using the service, whether the client is authorized to access the data source utilizing multi-factor authentication (MFA). 
 
   
     
     
         3 . The method of  claim 2 , wherein the dispatcher is an open systems interconnection (OSI) Layer 4 dispatcher and wherein the at least one service includes at least one OSI Layer 7 service. 
     
     
         4 . The method of  claim 2 , wherein the function further includes at least one of authentication of a requester of the data source, query analysis, multifactor authentication, tokenization of data, query rewriting, transaction monitoring, transaction logging, caching and behavioral baselining, and federated identity management. 
     
     
         5 . The method of  claim 2 , wherein the performing of the function includes:
 determining whether the client is authorized to access the data source using the authentication service; and   notifying the proxy if the client is not authorized to access the data source.   
     
     
         6 . The method of  claim 2 , wherein the communication corresponds to end user credentials for an end user, the method further comprising:
 authenticating, using the service, the end user based on the end user credentials and utilizing federated identity management.   
     
     
         7 . The method of  claim 2 , wherein the receiving further includes:
 receiving the communication and a context from the proxy, the context being associated with the communication from a client;   providing the context to the at least one service;   comparing, by the at least one service, the context to a behavioral baseline for the client, the behavioral baseline incorporating a plurality of contexts previously received from the client; and   notifying the proxy that the client is not authorized to access the data source if the context is not consistent with the behavioral baseline.   
     
     
         8 . A system, comprising:
 a processor configured to:
 receive a communication for a data source at a sidecar, the sidecar including a dispatcher and at least one service, the dispatcher receiving the communication and being data agnostic, the communication being received from a proxy, the proxy mirroring the communication such that the communication is provided to the data source and the sidecar; 
 provide the communication from the dispatcher to the data source and to the at least one service, the at least one service inspecting the communication; and 
   perform a function by the at least one service based on the communication, wherein:
 the function includes authentication of a requester of the data source, 
 the requester is a client, 
 the at least one service includes an authentication service, and 
 the performing of the function includes to:
 determine, using the service, whether the client is authorized to access the data source utilizing multi-factor authentication (WA); and 
 
   a memory coupled to the processor and configured to provide the processor with instructions.   
     
     
         9 . The system of  claim 8 , wherein the dispatcher is an open systems interconnection (OSI) Layer 4 dispatcher and wherein the at least one service includes at least one OSI Layer 7 service. 
     
     
         10 . The system of  claim 8 , wherein the function further includes at least one of authentication of a requester of the data source, query analysis, multifactor authentication, tokenization of data, query rewriting, transaction monitoring, transaction logging, caching and behavioral baselining, and federated identity management. 
     
     
         11 . The system of  claim 8 , wherein to perform the function, the processor is further configured to:
 determine whether the client is authorized to access the data source using the authentication service; and   notify the proxy if the client is not authorized to access the data source.   
     
     
         12 . The system of  claim 8 , wherein the communication corresponds to end user credentials for an end user, and wherein the processor is further configured to:
 authenticate, using the service, the end user based on the end user credentials and utilizing federated identity management.   
     
     
         13 . The system of  claim 8 , wherein to receive, the processor is further configured to:
 receive the communication and a context from the proxy, the context being associated with the communication from a client;   provide the context to the at least one service;   compare, by the at least one service, the context to a behavioral baseline for the client, the behavioral baseline incorporating a plurality of contexts previously received from the client; and   notify the proxy that the client is not authorized to access the data source if the context is not consistent with the behavioral baseline.   
     
     
         14 . A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
 receiving a communication for a data source at a sidecar, the sidecar including a dispatcher and at least one service, the dispatcher receiving the communication and being data agnostic, the communication being received from a proxy, the proxy mirroring the communication such that the communication is provided to the data source and the sidecar;   providing the communication from the dispatcher to the data source and to the at least one service, the at least one service inspecting the communication; and   performing a function by the at least one service based on the communication, wherein:
 the function includes authentication of a requester of the data source, 
 the requester is a client, 
 the at least one service includes an authentication service, and 
 the performing the function includes:
 determining, using the service, whether the client is authorized to access the data source utilizing multi-factor authentication (MFA). 
 
   
     
     
         15 . The computer program product of  claim 14 , wherein the dispatcher is an open systems interconnection (OSI) Layer 4 dispatcher and wherein the at least one service includes at least one OSI Layer 7 service. 
     
     
         16 . The computer program product of  claim 14 , wherein the function further includes at least one of authentication of a requester of the data source, query analysis, multifactor authentication, tokenization of data, query rewriting, transaction monitoring, transaction logging, caching and behavioral baselining, and federated identity management.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.