Systems and methods for managing firewall rules and connections between different services
US-12081523-B1 · Sep 3, 2024 · US
Systems and methods for managing firewall rules and connections between different services
US2025023846A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2025023846-A1 |
| Application number | US-202418787943-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jul 29, 2024 |
| Priority date | Feb 8, 2021 |
| Publication date | Jan 16, 2025 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system for managing firewall rules between different services. In certain instances, the method includes receiving a discovery graph comprising a plurality of services and at least one application programming interface (API) dependency, wherein the plurality of services comprises a first service and a second service. In some instances, the method further includes determining whether the second service is permitted to receive an initial communication from the first service based upon the at least one API dependency included in the discovery graph. And, in response to determining the second service is permitted to receive the initial communication from the first service, the method can include establishing a first rule for a firewall between the first service and the second service, the first rule allowing the second service to receive the initial communication from the first service.
First claim
Opening claim text (preview).
1 - 20 . (canceled) 21 . A computer-implemented method for managing firewall rules between different services, the method comprising: determining whether a first service running on a first virtual private cloud (VPC) environment depends on at least one application programming interface (API) of a second service running on a second VPC environment; in response to determining that the first service depends on the at least one application programming interface (API) of the second service, configuring one or more rules for a firewall between the first VPC environment and the second VPC environment to allow an initial communication from the first service to the second service; and establishing a virtual private connection between the first VPC environment and second VPC environment based on the one or more rules of the firewall. 22 . The computer-implemented method of claim 1 , wherein the first VPC environment is distinct from the second VPC environment. 23 . The computer-implemented method of claim 21 , wherein the initial communication is a one-way communication from the first service to the second service. 24 . The computer-implemented method of claim 21 , further comprising: receiving a discovery graph comprising a plurality of services and one or more application programming interface (API) dependencies, wherein the plurality of services comprises the first service and the second service. 25 . The computer-implemented method of claim 24 , wherein the determining whether a first service running on a first virtual private cloud (VPC) environment depends on at least one application programming interface (API) of a second service running on a second VPC environment comprises determining whether the first service running on the first virtual private cloud (VPC) environment depends on at least one application programming interface (API) of the second service running on the second VPC environment based on the discovery graph. 26 . The computer-implemented method of claim 21 , further comprising: in response to determining that the first service does not depend on any application programming interface (API) of the second service, configuring the one or more rules for the firewall to restrict the second service from receiving the initial communication from the first service. 27 . The computer-implemented method of claim 24 , further comprising dynamically updating the discovery graph in response to a change in the one or more API dependencies. 28 . The computer-implemented method of claim 27 , further comprising: in response to determining that the second service is no longer permitted to receive the initial communication from the first service based upon the change in the one or more API dependencies, configuring the one or more rules for the firewall to restrict the second service from receiving the initial communication from the first service; and in response to determining that the second service is permitted to receive the initial communication from the first service based upon the change in the one or more API dependencies, configuring the one or more rules for the firewall to allow the second service to receive the initial communication from the first service. 29 . A computing system for managing firewall rules between different services, the computing system comprising: one or more processors; and one or more memories storing instructions that, when executed by the one or more processors, causes the system to perform a set of operations, the set of operations comprising: determining whether a first service running on a first virtual private cloud (VPC) environment depends on at least one application programming interface (API) of a second service running on a second VPC environment; in response to determining that the first service depends on the at least one application programming interface (API) of the second service, configuring one or more rules for a firewall between the first VPC environment and the second VPC environment to allow an initial communication from the first service to the second service; and establishing a virtual private connection between the first VPC environment and second VPC environment based on the one or more rules of the firewall. 30 . The computing system of claim 29 , wherein the first VPC environment is distinct from the second VPC environment. 31 . The computing system of claim 29 , wherein the initial communication is a one-way communication from the first service to the second service. 32 . The computing system of claim 29 , wherein the set of operations further comprising: receiving a discovery graph comprising a plurality of services and one or more application programming interface (API) dependencies, wherein the plurality of services comprises the first service and the second service. 33 . The computing system of claim 32 , wherein the determining whether a first service running on a first virtual private cloud (VPC) environment depends on at least one application programming interface (API) of a second service running on a second VPC environment comprises determining whether the first service running on the first virtual private cloud (VPC) environment depends on at least one application programming interface (API) of the second service running on the second VPC environment based on the discovery graph. 34 . The computing system of claim 29 , wherein the set of operations further comprising: in response to determining that the first service does not depend on any application programming interface (API) of the second service, configuring the one or more rules for the firewall to restrict the second service from receiving the initial communication from the first service. 35 . The computing system of claim 32 , wherein the set of operations further comprising dynamically updating the discovery graph in response to a change in the one or more API dependencies. 36 . The computing system of claim 35 , wherein the set of operations further comprising: in response to determining that the second service is no longer permitted to receive the initial communication from the first service based upon the change in the one or more API dependencies, configuring the one or more rules for the firewall to restrict the second service from receiving the initial communication from the first service; and in response to determining that the second service is permitted to receive the initial communication from the first service based upon the change in the one or more API dependencies, configuring the one or more rules for the firewall to allow the second service to receive the initial communication from the first service. 37 . A non-transitory computer-readable medium storing instructions for managing firewall rules between different services, the instructions when executed by one or more processors of a computing device, cause the computing device to perform operations comprising: determining whether a first service running on a first virtual private cloud (VPC) environment depends on at least one application programming interface (API) of a second service running on a second VPC environment; in response to determining that the first service depends on the at least one application programming interface (API) of the second service, configuring one or more rules for a firewall between the first VPC environment and the second VPC environment to allow an initial communication from the first service to the second service; and establishing a virtual private connection between the first VPC environment and second
Assignees
Inventors
Classifications
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Virtual private networks · CPC title
- H04L63/0263Primary
Rule management · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2025023846A1 cover?
- A system for managing firewall rules between different services. In certain instances, the method includes receiving a discovery graph comprising a plurality of services and at least one application programming interface (API) dependency, wherein the plurality of services comprises a first service and a second service. In some instances, the method further includes determining whether the secon…
- Who is the assignee on this patent?
- Palantir Technologies Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jan 16 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).