DE112018004411B4 - Zugriffssteuerung in mikrodienst-architekturen - Google Patents
Zugriffssteuerung in mikrodienst-architekturenInfo
- Publication number
- DE112018004411B4 DE112018004411B4 DE112018004411.4T DE112018004411T DE112018004411B4 DE 112018004411 B4 DE112018004411 B4 DE 112018004411B4 DE 112018004411 T DE112018004411 T DE 112018004411T DE 112018004411 B4 DE112018004411 B4 DE 112018004411B4
- Authority
- DE
- Germany
- Prior art keywords
- permissions
- client
- resource
- contributor
- app
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US15/795,048 | 2017-10-26 | ||
| US15/795,048 US11457014B2 (en) | 2017-10-26 | 2017-10-26 | Access control in microservice architectures |
| PCT/IB2018/058090 WO2019082030A1 (en) | 2017-10-26 | 2018-10-18 | ACCESS CONTROL IN MICROSERVICE ARCHITECTURES |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| DE112018004411T5 DE112018004411T5 (de) | 2020-07-16 |
| DE112018004411B4 true DE112018004411B4 (de) | 2025-12-18 |
Family
ID=66243373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| DE112018004411.4T Active DE112018004411B4 (de) | 2017-10-26 | 2018-10-18 | Zugriffssteuerung in mikrodienst-architekturen |
Country Status (5)
| Country | Link |
|---|---|
| US (4) | US11457014B2 (enExample) |
| JP (1) | JP7015916B2 (enExample) |
| DE (1) | DE112018004411B4 (enExample) |
| GB (1) | GB2581913B (enExample) |
| WO (1) | WO2019082030A1 (enExample) |
Families Citing this family (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10841313B2 (en) * | 2018-02-21 | 2020-11-17 | Nutanix, Inc. | Substituting callback URLs when using OAuth protocol exchanges |
| US11847241B1 (en) * | 2018-04-20 | 2023-12-19 | Amazon Technologies, Inc. | Management of service permissions |
| US11134085B2 (en) * | 2018-10-08 | 2021-09-28 | Sonrai Security Inc. | Cloud least identity privilege and data access framework |
| CN110381112A (zh) * | 2019-06-05 | 2019-10-25 | 黄疆 | 一种基于微服务架构的存储装置集群 |
| US10803453B1 (en) * | 2019-11-19 | 2020-10-13 | Capital One Services, Llc | System, method and computer-accessible medium for resource centric authorization in multi partner ecosystem |
| US10902011B1 (en) | 2020-01-31 | 2021-01-26 | Capital One Services, Llc | Systems and methods for context development |
| US10848451B1 (en) * | 2020-01-31 | 2020-11-24 | Capital One Services, Llc | Systems and methods for context development |
| US20210240459A1 (en) * | 2020-01-31 | 2021-08-05 | Hewlett Packard Enterprise Development Lp | Selection of deployment environments for applications |
| US11443037B2 (en) * | 2020-07-09 | 2022-09-13 | International Business Machines Corporation | Identification of invalid requests |
| US11153227B1 (en) | 2020-08-05 | 2021-10-19 | International Business Machines Corporation | Managing communication between microservices |
| CN112487379A (zh) * | 2020-12-11 | 2021-03-12 | 光大兴陇信托有限责任公司 | 一种基于微服务架构的授权矩阵实现方法及工作方法 |
| CN112632511B (zh) * | 2020-12-31 | 2024-11-22 | 中国平安人寿保险股份有限公司 | 权限管理方法、装置及存储介质 |
| CN115083512B (zh) * | 2021-03-11 | 2024-09-27 | 西安交通大学 | 一种基于吸引子模型的终端微服务发现方法 |
| EP4348475A4 (en) * | 2021-05-28 | 2025-04-09 | Capital One Services, LLC | ACCESS PERMISSION COMPLIANCE IN IDENTITY AND ACCESS MANAGEMENT (IAM) SYSTEMS |
| EP4402569A4 (en) * | 2021-09-15 | 2025-07-09 | Hsbc Tech And Services Usa Inc | APPLICATION PROGRAMMING INTERFACE (API) AUTOMATION FRAMEWORK |
| US12164676B2 (en) | 2021-09-22 | 2024-12-10 | Ridgeline, Inc. | Enabling an action based on a permission identifier for real-time identity resolution in a distributed system |
| US12111940B1 (en) * | 2021-12-03 | 2024-10-08 | Amazon Technologies, Inc. | Authorizing access to operating system resources using security policies managed by service external to the operating system |
| CN114491482B (zh) * | 2022-01-07 | 2024-12-24 | 苏州众言网络科技股份有限公司 | 一种接口权限的控制方法、装置及电子设备 |
| DE102022200162B3 (de) | 2022-01-10 | 2023-05-04 | Kuka Deutschland Gmbh | Verfahren und System zum Betreiben eines Robotersystems |
| CN114666094B (zh) * | 2022-02-17 | 2023-10-20 | 岚图汽车科技有限公司 | 一种车辆服务平台的用户权限管理方法及相关设备 |
| US11971806B2 (en) | 2022-02-23 | 2024-04-30 | Bank Of America Corporation | System and method for dynamic monitoring of changes in coding data |
| DE112023004715T5 (de) * | 2022-11-07 | 2025-08-28 | Google Llc | Verwalten von informationen unter verwendung von undurchsichtigen token |
| US20240236101A1 (en) * | 2023-01-06 | 2024-07-11 | Stripe, Inc. | Controlling access to data in a cloud-based software platform based on application authorization |
| CN119180021B (zh) * | 2023-10-25 | 2025-09-02 | 北京小米移动软件有限公司 | 互联设备的行为管理方法及装置 |
| US20250371182A1 (en) * | 2024-05-28 | 2025-12-04 | Palantir Technologies Inc. | Systems and methods for access checking |
| US12438740B1 (en) * | 2024-08-26 | 2025-10-07 | Sandeep Navinchandra Shah | System and method of managing an online communication group |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9781122B1 (en) * | 2016-05-11 | 2017-10-03 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
Family Cites Families (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020010768A1 (en) * | 1998-12-17 | 2002-01-24 | Joshua K. Marks | An entity model that enables privilege tracking across multiple treminals |
| US7069335B1 (en) | 1999-08-10 | 2006-06-27 | Microsoft Corporation | Method and system for exchanging messages between entities on a network comprising an actor attribute and a mandatory attribute in the header data structure |
| US6397264B1 (en) * | 1999-11-01 | 2002-05-28 | Rstar Corporation | Multi-browser client architecture for managing multiple applications having a history list |
| KR101099310B1 (ko) | 2004-10-01 | 2011-12-26 | 마이크로소프트 코포레이션 | 통합된 액세스 인가 |
| US9594887B2 (en) | 2010-12-30 | 2017-03-14 | Thomson Reuters Global Resources | Monetized online content systems and methods and computer-readable media for processing requests for the same |
| GB2487049A (en) * | 2011-01-04 | 2012-07-11 | Vestas Wind Sys As | Remote and local authentication of user for local access to computer system |
| US8893268B2 (en) * | 2011-11-15 | 2014-11-18 | Microsoft Corporation | Permission re-delegation prevention |
| US9886267B2 (en) | 2014-10-30 | 2018-02-06 | Equinix, Inc. | Interconnection platform for real-time configuration and management of a cloud-based services exchange |
| CN105991613A (zh) | 2015-03-03 | 2016-10-05 | 北京神州泰岳信息安全技术有限公司 | 一种资源远程登录方法及系统 |
| JP2017004301A (ja) | 2015-06-11 | 2017-01-05 | キヤノン株式会社 | 認証サーバーシステム、方法、プログラムおよび記憶媒体 |
| US10075442B2 (en) | 2015-06-30 | 2018-09-11 | Vmware, Inc. | Methods and apparatus to grant access to cloud computing resources |
| US10277582B2 (en) | 2015-08-27 | 2019-04-30 | Microsoft Technology Licensing, Llc | Application service architecture |
| US10038722B2 (en) | 2015-09-03 | 2018-07-31 | Vmware, Inc. | Access control policy management in a cloud services environment |
| JP2017068596A (ja) | 2015-09-30 | 2017-04-06 | 株式会社リコー | 管理システム、通信システム、送信制御方法、及びプログラム |
| US20170223057A1 (en) | 2016-02-01 | 2017-08-03 | General Electric Company | System and method for access control services |
| US10255413B2 (en) | 2016-02-04 | 2019-04-09 | International Business Machines Corporation | Microservices inter-operational trust management |
| WO2017193140A1 (en) * | 2016-05-06 | 2017-11-09 | Enterpriseweb Llc | Systems and methods for domain-driven design and execution of modular and dynamic services, applications and processes |
| US10341410B2 (en) * | 2016-05-11 | 2019-07-02 | Oracle International Corporation | Security tokens for a multi-tenant identity and data security management cloud service |
| CN106100840A (zh) | 2016-08-25 | 2016-11-09 | 广州唯品会信息科技有限公司 | 微服务的权限变更方法及装置 |
| US10616211B2 (en) * | 2017-04-12 | 2020-04-07 | Cisco Technology, Inc. | System and method for authenticating clients |
| US20190080062A1 (en) * | 2017-09-13 | 2019-03-14 | Coursera Inc. | Client call validity enforcement for microservices |
| US10853124B2 (en) * | 2017-09-25 | 2020-12-01 | Splunk Inc. | Managing user data in a multitenant deployment |
-
2017
- 2017-10-26 US US15/795,048 patent/US11457014B2/en active Active
-
2018
- 2018-10-18 WO PCT/IB2018/058090 patent/WO2019082030A1/en not_active Ceased
- 2018-10-18 JP JP2020520757A patent/JP7015916B2/ja active Active
- 2018-10-18 GB GB2007338.3A patent/GB2581913B/en active Active
- 2018-10-18 DE DE112018004411.4T patent/DE112018004411B4/de active Active
-
2019
- 2019-04-24 US US16/392,901 patent/US11477199B2/en active Active
-
2022
- 2022-06-30 US US17/854,222 patent/US12149531B2/en active Active
- 2022-07-29 US US17/877,749 patent/US12155664B2/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9781122B1 (en) * | 2016-05-11 | 2017-10-03 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
Also Published As
| Publication number | Publication date |
|---|---|
| US11477199B2 (en) | 2022-10-18 |
| GB2581913B (en) | 2022-08-17 |
| US20220337593A1 (en) | 2022-10-20 |
| JP2021500651A (ja) | 2021-01-07 |
| WO2019082030A1 (en) | 2019-05-02 |
| US20190132320A1 (en) | 2019-05-02 |
| US12149531B2 (en) | 2024-11-19 |
| US11457014B2 (en) | 2022-09-27 |
| GB202007338D0 (en) | 2020-07-01 |
| US20220368694A1 (en) | 2022-11-17 |
| JP7015916B2 (ja) | 2022-02-03 |
| GB2581913A (en) | 2020-09-02 |
| DE112018004411T5 (de) | 2020-07-16 |
| US20190253424A1 (en) | 2019-08-15 |
| US12155664B2 (en) | 2024-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| DE112018004411B4 (de) | Zugriffssteuerung in mikrodienst-architekturen | |
| DE102012203561B4 (de) | Die Personifikation/Bevollmächtigung eines Benutzers in einem Token-basierenden Authentifizierungssystem | |
| DE112020000538B4 (de) | Feinkörnige zugriffskontrolle auf token-grundlage | |
| DE112021001766B4 (de) | Inhaltskontrolle durch datenaggregationsdienste dritter | |
| DE112017007963B4 (de) | Identitätsüberprüfung unter verwendung von biometrischen daten und nicht umkehrbaren funktionen über eine blockchain | |
| DE112011101729B4 (de) | Verwaltung von Ressourcenzugriff | |
| DE102014222852B4 (de) | Autorisierungsserversystem, Steuerverfahren dafür und Programm | |
| DE102016222034B4 (de) | Dynamische Kennworterzeugung | |
| DE112021002245T5 (de) | Verhindern einer unberechtigten bereitstellung von paketen in clustern | |
| DE112018004390B4 (de) | Sichere zugriffsverwaltung für werkzeuge innerhalb einer sicheren umgebung | |
| DE112022004486T5 (de) | Schrittweises überprüfen von zugriffs-token | |
| DE112022004230B4 (de) | Verwenden von einheitengebundenen berechtigungsnachweisen für eine verbesserte sicherheit der authentifizierung in nativen anwendungen | |
| DE112021004945T5 (de) | Techniken der kompositionellen verifikation für rollenerreichbarkeitsanalysen in identitätssystemen | |
| DE112012002741T5 (de) | Identitäts- und Berechtigungsprüfungsverfahren für die Sicherheit einer Cloud-Datenverarbeitungsplattform | |
| DE112022000340T5 (de) | Attributgestützte verschlüsselungsschlüssel als schlüsselmaterial zum authentifizieren und berechtigen von benutzern mit schlüssel-hash-nachrichtenauthentifizierungscode | |
| DE112017005040T5 (de) | Betriebssystem und Verfahren auf Container-Grundlage | |
| DE112012003977T5 (de) | Eingriffsfreies Verfahren und Vorrichtung zum automatischen Zuteilen von Sicherheitsregelnin einer Cloud-Umgebung | |
| DE102021130396A1 (de) | Datenzugriffsüberwachung und -steuerung | |
| DE112021002201T5 (de) | Datenschutzorientierte Datensicherheit in einer Cloud-Umgebung | |
| DE112019001433T5 (de) | Datenanonymisierung | |
| DE112022004921T5 (de) | Sichere verteilung von richtlinien in einer cloud-umgebung | |
| DE112022000963T5 (de) | Verbindungsbeständige mehrfaktorauthentifizierung | |
| DE102016105062A1 (de) | Nähengestützte Berechtigungsprüfung für einheitenübergreifend verteilte Daten | |
| DE112020002343T5 (de) | Verteilung von Sicherheitsberechtigungsnachweisen | |
| DE112020005373T5 (de) | Mechanismus zur authentifizierung durch nutzung von positionsbestätigung |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| R012 | Request for examination validly filed | ||
| R079 | Amendment of ipc main class |
Free format text: PREVIOUS MAIN CLASS: H04L0029060000 Ipc: G06F0021450000 |
|
| R084 | Declaration of willingness to licence | ||
| R016 | Response to examination communication | ||
| R018 | Grant decision by examination section/examining division |