What technology area does this patent fall under?

Primary CPC classification H04L63/1491. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Sep 16 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Approaches for securing middleware data access

US2021288999A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2021288999-A1
Application number	US-202117334436-A
Country	US
Kind code	A1
Filing date	May 28, 2021
Priority date	Oct 25, 2018
Publication date	Sep 16, 2021
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Systems and methods are provided for determining an access request provided by an entity that seeks to interact with one or more backend systems through a middleware system, the access request including a genuine access token. The entity can be authenticated based on the genuine access token. When a client request is made to the middleware system with a genuine access token, the request can be made through a smart ingress and egress proxy which intercepts the request and replaces the genuine access token with an invalid access token. The middleware system can subsequently make authorized requests to downstream systems on behalf of the middleware system's client by treating the smart proxy as an egress proxy for those subsequent requests, and the smart proxy replaces the invalid access token with a genuine one.

First claim

Opening claim text (preview).

1 . A computer-implemented method, comprising: determining, by a computing system, that an access request provided by an entity seeks to request data from one or more backend systems through a middleware system, the access request including a genuine access token; providing, by the computing system, the access request to the middleware system; detecting, by the computing system, that the middleware system is attempting to retrieve requested data corresponding to the access request at the one or more backend systems by presenting an invalid token; and in response to the detection, replacing, by the computing system, the invalid access token with the genuine access token in order to retrieve the requested data. 2 . The computer-implemented method of claim 1 , further comprising: authenticating the entity based on the genuine access token; and indicating, to the middleware system, that the entity has been authenticated. 3 . The computer-implemented method of claim 1 , wherein the invalid access token, without being replaced, fails to provide access rights to the one or more backend systems. 4 . The computer-implemented method of claim 1 , wherein the entity is a user, a software application, or an other computing device. 5 . The computer-implemented method of claim 1 , wherein the entity has been authorized to receive the genuine access token. 6 . The computer-implemented method of claim 1 , wherein the replacing of the invalid access token is in response to a request from the one or more backend systems to replace the invalid access token with the genuine access token, and provides the genuine access token to the one or more backend systems. 7 . The computer-implemented method of claim 6 , wherein the one or more backend systems from which the request was received are included in a permitted list. 8 . A system comprising: one or more processors; and a memory storing instructions that, when executed by the one or more processors, cause the system to perform: determining that an access request provided by an entity requests to retrieve data from one or more backend systems through a middleware system, the access request including a genuine access token; providing the access request to the middleware system; detecting that the middleware system is attempting to retrieve requested data corresponding to the access request at the one or more backend systems by presenting an invalid token; and in response to the detection, replacing the invalid access token with the genuine access token in order to retrieve the requested data. 9 . The system of claim 8 , wherein the instructions further cause the system to perform: authenticating the entity based on the genuine access token; and indicating, to the middleware system, that the entity has been authenticated. 10 . The system of claim 8 , wherein the invalid access token, without being replaced, fails to provide access rights to the one or more backend systems. 11 . The system of claim 8 , wherein the entity is a user, a software application, or an other computing device. 12 . The system of claim 8 , wherein the entity has been authorized to receive the genuine access token. 13 . The system of claim 8 , wherein the replacing of the invalid access token is in response to a request from the one or more backend systems to replace the invalid access token with the genuine access token, and provides the genuine access token to the one or more backend systems. 14 . The system of claim 13 , wherein the one or more backend systems from which the request was received are included in a permitted list. 15 . A non-transitory computer readable medium comprising instructions that, when executed, cause one or more processors to perform: determining that an access request provided by an entity requests to retrieve data from one or more backend systems through a middleware system, the access request including a genuine access token; providing the access request to the middleware system; detecting that the middleware system is attempting to retrieve requested data corresponding to the access request at the one or more backend systems by presenting an invalid token; and in response to the detection, replacing the invalid access token with the genuine access token in order to retrieve the requested data. 16 . The non-transitory computer readable medium of claim 15 , wherein the instructions further cause the one or more processors to perform: authenticating the entity based on the genuine access token; and indicating, to the middleware system, that the entity has been authenticated. 17 . The non-transitory computer readable medium of claim 15 , wherein the invalid access token, without being replaced, fails to provide access rights to the one or more backend systems. 18 . The non-transitory computer readable medium of claim 15 , wherein the entity is a user, a software application, or an other computing device. 19 . The non-transitory computer readable medium of claim 15 , wherein the entity has been authorized to receive the genuine access token. 20 . The non-transitory computer readable medium of claim 15 , wherein the replacing of the invalid access token is in response to a request from the one or more backend systems to replace the invalid access token with the genuine access token, and provides the genuine access token to the one or more backend systems.

Assignees

Palantir Technologies Inc

Inventors

Ding James

Classifications

H04L63/062
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
H04L63/1466
Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks · CPC title
H04L63/1491Primary
using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment · CPC title
H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
H04L63/0281
Proxies · CPC title

Patent family

Related publications grouped by family.

View patent family 68290181

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2021288999A1 cover?: Systems and methods are provided for determining an access request provided by an entity that seeks to interact with one or more backend systems through a middleware system, the access request including a genuine access token. The entity can be authenticated based on the genuine access token. When a client request is made to the middleware system with a genuine access token, the request can be …
Who is the assignee on this patent?: Palantir Technologies Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/1491. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Sep 16 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Proxy manager using replica authentication information

Anonymous Containers

Integration system for communications networks

Identification of and countermeasures against forged websites

Attribute-based access control

Method, device, and system of differentiating among users based on responses to injected interferences

Frequently asked questions