Adaptive step-up authentication for privileged interface invocations
US-11716323-B1 · Aug 1, 2023 · US
Distributed hybrid model for security as a service
US12483593B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12483593-B2 |
| Application number | US-202217721038-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 14, 2022 |
| Priority date | Apr 15, 2021 |
| Publication date | Nov 25, 2025 |
| Grant date | Nov 25, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An apparatus includes a network interface and a processor. The network interface receives an application programming interface (API) request, transmits a customer management request including an identifier of the customer apparatus, and receives a customer management response including a policy. The processor performs a security service on the API request, at least in part based on the policy.
First claim
Opening claim text (preview).
We claim: 1 . An apparatus to distribute security services between a vendor infrastructure and a customer infrastructure, the apparatus comprising: a network interface to receive, from the vendor infrastructure associated with a security service in a hybrid cloud, a policy for performing the security service across the hybrid cloud; executable instructions; and one or more processor circuits to be programmed by the executable instructions to: cause the network interface to transmit a service request to the vendor infrastructure to process non-sensitive data at the vendor infrastructure, the non-sensitive data included in an application programming interface (API) request for the security service; maintain sensitive data included in the API request within the customer infrastructure without transferring the sensitive data outside the customer infrastructure; and process, at the customer infrastructure, the sensitive data with the security service based on (1) the policy and (2) a service result generated at the vendor infrastructure based on the service request, the sensitive data included in the API request. 2 . The apparatus of claim 1 , wherein the service result is a first service result, and the network interface is to: transmit the service request to the vendor infrastructure, the service request including the non-sensitive data; receive a service response from the vendor infrastructure, the service response including the first service result; and transmit an API response, the API response based on a second service result generated by the security service. 3 . The apparatus of claim 2 , wherein at least one of the one or more processor circuits is to separate the API request into the non-sensitive data and the sensitive data based on the policy. 4 . The apparatus of claim 1 , wherein the network interface is to transmit a policy request based on a receipt of the API request. 5 . The apparatus of claim 1 , wherein: at least one of the one or more processor circuits is to produce a client artifact based on processing the sensitive data with the security service; and the network interface is to transmit the client artifact. 6 . The apparatus of claim 1 , wherein the non-sensitive data at least one of a workload configuration or a checksum of a file, the workload configuration including at least one of an allowed length of a password, whether special characters are allowed for the password, or which of the special characters are allowed for the password. 7 . The apparatus of claim 1 , wherein the sensitive data includes at least one of an internet protocol address, a tag, a user identifier, or personally identifiable information. 8 . A method to distribute security services between a vendor infrastructure and a customer infrastructure, the method comprising: receiving, from the vendor infrastructure associated with a security service in a hybrid cloud, a policy for performing the security service across the hybrid cloud; transmitting a service request to the vendor infrastructure to process non-sensitive data at the vendor infrastructure, the non-sensitive data included in an application programming interface (API) request for the security service; maintaining sensitive data included in the API request within the customer infrastructure without transferring the sensitive data outside the customer infrastructure; and processing, at the customer infrastructure, the sensitive data with the security service based on (1) the policy and (2) a service result generated at the vendor infrastructure based on the service request. 9 . The method of claim 8 , wherein the service result is a first service result, and the method further includes: transmitting the service request to the vendor infrastructure, the service request including the non-sensitive data; receiving a service response from the vendor infrastructure, the service response including the first service result; and transmitting an API response, the API response based on a second service result generated by the security service. 10 . The method of claim 9 , further including separating the API request into the non-sensitive data and the sensitive data based on the policy. 11 . The method of claim 8 , further including transmitting a policy request based on a receipt of the API request. 12 . The method of claim 8 , further including: producing a client artifact based on processing the sensitive data with the security service; and transmitting the client artifact. 13 . The method of claim 8 , wherein the non-sensitive data at least one of a workload configuration or a checksum of a file, the workload configuration including at least one of an allowed length of a password, whether special characters are allowed for the password, or which of the special characters are allowed for the password. 14 . The method of claim 8 , wherein the sensitive data includes at least one of an internet protocol address, a tag, a user identifier, or personally identifiable information. 15 . A non-transitory computer-readable medium comprising executable instructions that cause one or more processor circuits to: receive, from a vendor infrastructure associated with a security service in a hybrid cloud, a policy for performing the security service across the hybrid cloud; cause transmission of a service request to the vendor infrastructure to process non-sensitive data at the vendor infrastructure, the non-sensitive data included in an application programming interface (API) request for the security service; maintain sensitive data included in the API request within a customer infrastructure without transferring the sensitive data outside the customer infrastructure; and process, at the customer infrastructure, the sensitive data with the security service based on (1) the policy and (2) a service result generated at the vendor infrastructure based on the service request. 16 . The non-transitory computer-readable medium of claim 15 , wherein the service result is a first service result, and the executable instructions cause at least one of the one or more processor circuits to: cause transmission of the service request to the vendor infrastructure, the service request including the non-sensitive data; access a service response from the vendor infrastructure, the service response including the first service result; and cause transmission of an API response, the API response based on a second service result generated by the security service. 17 . The non-transitory computer-readable medium of claim 16 , wherein the executable instructions cause at least one of the one or more processor circuits to separate the API request into the non-sensitive data and the sensitive data based on the policy. 18 . The non-transitory computer-readable medium of claim 15 , wherein the executable instructions cause at least one of the one or more processor circuits to transmit a policy request based on a receipt of the API request. 19 . The non-transitory computer-readable medium of claim 15 , wherein the non-sensitive data at least one of a workload configuration or a checksum of a file, the workload configuration including at least one of an allowed length of a password, whether special characters are allowed for the password, or which of the special characters are allowed for the password. 20 . The non-transitory computer-readable medium of claim 15 , wherein the sensitive data includes at least one of an internet protocol address, a tag
Assignees
Inventors
Classifications
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
received data contents, e.g. message integrity · CPC title
when the policy decisions are valid for a limited amount of time · CPC title
during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication · CPC title
Grouping of entities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12483593B2 cover?
- An apparatus includes a network interface and a processor. The network interface receives an application programming interface (API) request, transmits a customer management request including an identifier of the customer apparatus, and receives a customer management response including a policy. The processor performs a security service on the API request, at least in part based on the policy.
- Who is the assignee on this patent?
- Musarubra Us Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 25 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).