US 12,341,776 B2
Service to service communication and authentication via a central network mesh
Niaz Ahsan Jalal, South San Francisco, CA (US); and Abdesslem Dridi, South San Francisco, CA (US)
Assigned to GENENTECH, INC., South San Francisco, CA (US)
Filed by Genentech, Inc., South San Francisco, CA (US)
Filed on May 4, 2023, as Appl. No. 18/312,561.
Application 18/312,561 is a continuation of application No. PCT/US2021/058402, filed on Nov. 8, 2021.
Claims priority of provisional application 63/111,997, filed on Nov. 10, 2020.
Prior Publication US 2024/0129306 A1, Apr. 18, 2024
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0876 (2013.01) [H04L 63/10 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
receiving, at a network mesh, a service request for a first service;
obtaining, by the network mesh, information associated with the first service from a cache or service registry, wherein the information includes identification of a first pod comprising the first service and a location of the first pod within a first distributed computing environment;
retrieving, by the network mesh using the location of the first pod, security rules for the first pod, wherein the security rules define: (i) a unique address identifier for the first service, and (ii) services that the first service is authorized to communicate with and access;
forwarding, by the network mesh using the unique address identifier for the first service, the service request to the first service;
receiving, by the network mesh, an access request from the first service to communicate with and access a second service, wherein the access request includes a security key specific to the second service;
obtaining, by the network mesh, information associated with the second service from the cache or the service registry, wherein the information includes identification of a second pod comprising the second service and a location of the second pod within the first distributed computing environment or a second distributed computing environment; and
retrieving, by the network mesh using the location of the second pod, security rules for the second pod, wherein the security rules define (i) a unique address identifier for the second service, and (ii) services that the second service is authorized to communicate with and access;
forwarding, by the network mesh using the unique address identifier for the second service, the access request from the first service to the second service based on the security rules for the first pod and the security rules for the second pod;
receiving, by the network mesh, a final result of the service request from the first service, wherein the final result includes a sub result obtained from the second service; and
outputting, by the network mesh, the final result of the service request.