US 12,107,866 B2
Method and apparatus to reduce the window for policy violations with minimal consistency assumptions
Timothy L. Hinrichs, Los Altos, CA (US); Teemu Koponen, San Francisco, CA (US); and Torin Sandall, San Francisco, CA (US)
Assigned to STYRA, INC., Redwood City, CA (US)
Filed by Styra, Inc., Redwood City, CA (US)
Filed on Jun. 19, 2023, as Appl. No. 18/211,537.
Application 18/211,537 is a continuation of application No. 16/834,200, filed on Mar. 30, 2020, granted, now 11,681,568.
Application 16/834,200 is a continuation in part of application No. 16/050,123, filed on Jul. 31, 2018, granted, now 11,496,517, issued on Nov. 8, 2022.
Claims priority of provisional application 62/827,155, filed on Mar. 31, 2019.
Claims priority of provisional application 62/545,458, filed on Aug. 14, 2017.
Claims priority of provisional application 62/540,547, filed on Aug. 2, 2017.
Prior Publication US 2024/0004728 A1, Jan. 4, 2024
Int. Cl. G06F 8/65 (2018.01); G06F 9/54 (2006.01); G06F 21/54 (2013.01); H04L 9/40 (2022.01); H04L 67/10 (2022.01); G06F 21/62 (2013.01)
CPC H04L 63/108 (2013.01) [G06F 8/65 (2013.01); G06F 9/542 (2013.01); G06F 9/547 (2013.01); H04L 63/10 (2013.01); H04L 63/20 (2013.01); H04L 67/10 (2013.01); G06F 21/54 (2013.01); G06F 21/6281 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of authorizing application programming interface (API) calls on a host computer in a local cluster of computers, the method comprising:
at an API-authorizing agent executing on the host computer in the local computer cluster;
receiving, from a remote cluster of computers, a set of API-authorizing policy opcodes to evaluate in order to determine whether API calls to an application executing on the host computer are authorized;
receiving, from a set of one or more computers in the local computer cluster, a set of policy operands needed for evaluating the set of policy opcodes;
receiving the API calls that are sent to the application executing on the host computer and that need to be authorized before the application processes the API calls; and
using the set of policy operands to evaluate the set of API policy opcodes to determine whether the API calls are authorized and are to be processed by the application executing on the host computer.