Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Controlling access to microservices within a multi-tenancy framework
US2023079770A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2023079770-A1 |
| Application number | US-202218057057-A |
| Country | US |
| Kind code | A1 |
| Filing date | Nov 18, 2022 |
| Priority date | Jun 20, 2019 |
| Publication date | Mar 16, 2023 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of parameters, where the data indicative of the set of parameters is associated with an owner entity of the set of entities, generate a rule which incorporates the set of parameters, where the rule enables the controller to control access to an object of the one or more objects, and add the rule to a rules database, wherein the rules database is accessible to the controller.
First claim
Opening claim text (preview).
What is claimed is: 1 . A controller having access to a network, wherein the controller comprises: a storage device; and processing circuitry in communication with the storage device, wherein the processing circuitry is configured to: receive data including an indication to share an object created by an owner entity of a set of entities with a subset of entities of the set of entities, wherein each entity of the set of entities has access to the network, wherein the set of entities form a hierarchy, and wherein the data indicates how the entities of the subset of entities are connected to each other within the hierarchy; generate a rule that permits each entity of the subset of entities to access the object via the network; and save the rule to a rules database. 2 . The controller of claim 1 , wherein each entity of the set of entities that form the hierarchy is associated with at least one of a parent entity of the set of entities and one or more child entities of the set of entities. 3 . The controller of claim 1 , wherein the processing circuitry is further configured to: receive, from a requesting entity of the set of entities, a token requesting access to the object, wherein the token includes data indicative of an identity of the requesting entity; identify, based on information stored in the rules database, the rule corresponding to the object; and determine, based on the rule and based on the identity of the requesting entity, whether the requesting entity is granted access to the object. 4 . The controller of claim 3 , wherein to determine whether the requesting entity is granted access to the object, the processing circuitry is further configured to: determine that the requesting entity is granted access to the object if the requesting entity is included by the subset of entities; or determine that the requesting entity is not granted access to the object if the requesting entity is not included by the subset of entities. 5 . The controller of claim 3 , wherein the data includes a set of parameters comprising: an indication of the owner entity associated with the rule; an indication of a level of access to the object available to the owner entity; the indication to share the object corresponding to the rule with the subset of entities of the set of entities; and an indication of whether to share the object with all entities of the set of entities. 6 . The controller of claim 5 , wherein to determine whether the requesting entity is granted access to the object, the processing circuitry is further configured to: determine, if the requesting entity is not the owner entity, that the requesting entity is granted access to the object if the requesting entity is included by the subset of entities or if the set of parameters comprises an indication to share the object with all entities of the set of entities; or determine, if the requesting entity is not the owner entity, that the requesting entity is not granted access to the object if the requesting entity is not included by the subset of entities and if the set of parameters comprises an indication not to share the object with all entities of the set of entities. 7 . The controller of claim 5 , wherein to determine whether the requesting entity is granted access to the object, the processing circuitry is further configured to: determine, if the requesting entity is the owner entity, whether the requesting entity is granted access to the object based on the indication of the level of access to the object available to the owner entity. 8 . The controller of claim 5 , wherein the indication of the level of access to the object available to the owner entity comprises: an indication that the owner entity is permitted to read the object, wherein the indication that the owner entity is permitted to read the object enables the owner entity to view data associated with the object; an indication that the owner entity is permitted to write the object, wherein the indication that the owner entity is permitted to write the object enables the owner entity to edit the data associated with the object; an indication that the owner entity is permitted to execute the object, wherein the indication that the owner entity is permitted to execute the object enables the owner entity to receive a service associated with the object; an indication that the owner entity is permitted to read the object and write the object; an indication that the owner entity is permitted to read the object and execute the object; an indication that the owner entity is permitted to write the object and execute the object; an indication that the owner entity is permitted to read the object, write the object, and execute the object; or an indication that the owner entity is not permitted to read the object, write the object, and execute the object. 9 . The controller of claim 5 , wherein each entity of the set of entities that form the hierarchy is associated with at least one of a parent entity of the set of entities and one or more child entities of the set of entities, and wherein the indication to share the object with the subset of entities comprises at least one of: an indication to share the object with the subset of entities including a direct parent entity associated with the owner entity; an indication to share the object with the subset of entities including one or more direct child entities associated with the owner entity; an indication to share the object with the subset of entities including all entities of the set of entities that descend from the owner entity in the hierarchy; and an indication to share the object with the subset of entities including all ancestor entities of the set of entities that precede the owner entity in the hierarchy. 10 . The controller of claim 5 , wherein each entity of the set of entities is associated with a respective scope of a set of scopes, and wherein the indication to share the object with the subset of entities of the set of entities comprises: an indication to share the object with the subset of entities including all entities to the set of entities that are associated with a scope of the set of scopes. 11 . A method comprising: receiving, by processing circuitry in communication with a storage device, data including an indication to share an object created by an owner entity of a set of entities with a subset of entities of the set of entities, wherein each entity of the set of entities has access to a network, wherein the set of entities form a hierarchy, and wherein the data indicates how the entities of the subset of entities are connected to each other within the hierarchy, wherein the controller has access to the network, and wherein the controller comprises the storage device and the processing circuitry; generating, by the processing circuitry, a rule that permits each entity of the subset of entities to access the object via the network; and saving, by the processing circuitry, the rule to a rules database. 12 . The method of claim 11 , wherein each entity of the set of entities that form the hierarchy is associated with at least one of a parent entity of the set of entities and one or more child entities of the set of entities. 13 . The method of claim 11 , further comprising: receiving, by the processing circuitry from a requesting entity of the set of entities, a token requesting access to the object, wherein the token includes data indicative of an identity of the requesting entity; identifying, by the processing circuitry based on information stored in the rules database, the rule corresponding to the obje
Assignees
Inventors
Classifications
specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks · CPC title
Entity profiles · CPC title
for controlling access to devices or network resources · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Grouping of entities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2023079770A1 cover?
- In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of p…
- Who is the assignee on this patent?
- Juniper Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Mar 16 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).