Patent Grant
11979405
The present invention relates to the technical field of network security, in particular to a method and system for processing network resource access requests, and a computer device.
At present, in existing network resource access system, a typical network resource access method is as follows: with a user terminal, a user accesses a network resource through an access gateway. In this solution, the user terminal connects to the network resource through the gateway; in other words, there is always an access channel between the two. Once the gateway fails, has vulnerabilities or is compromised due to hacker attack, the network resource will not be protected, and the overall security is relatively poor.
In view of the above existing problems, the objective of the present invention is to provide a method and system for processing network resource access requests, and a computer device to improve the network security.
To fulfill the above objective, the present invention is realized through the following technical solution:
In one aspect of the present invention, a method for processing network resource access requests comprises:
Preferably, the method for processing network resource access requests further comprises:
Preferably, establishing the access mediator instance specifically comprises:
Preferably, selecting the corresponding access mediator template specifically comprises:
In the other aspect of the present invention, a computer device comprises: a memory and a processor that are in a communication connection, and a computer program stored in the memory and to be run on the processor, wherein when the computer program is run by the processor, the method mentioned above is implemented.
In another aspect of the present invention, a method for processing network resource access requests comprises:
Preferably, the processing method further comprises:
Preferably, establishing the access mediator instance specifically comprises:
Preferably, selecting the corresponding access mediator template specifically comprises:
In the other aspect of the present invention, a computer device, comprising: a memory and a processor in a communication connection, and a computer program stored in the memory and to be run on the processor, wherein when the computer program is run by the processor, the method mentioned above is implemented.
In another aspect of the present invention, a system for processing network resource access requests comprises:
Preferably, the system further comprises:
Preferably, the access mediator manager is further used for deleting the access mediator instance after a resource access session is finished.
Preferably, establishing the access mediator instance specifically comprises:
Preferably, selecting the corresponding access mediator template specifically comprises:
In yet another aspect of the present invention, a system for processing network resource access requests comprises:
Preferably, the system further comprises:
Preferably, the access mediator manager is further used for deleting the access mediator instance after a resource access session is finished.
Preferably, establishing the access mediator instance specifically comprises:
Preferably, selecting the corresponding access mediator template specifically comprises:
The present invention has the beneficial effects:
1. By means of the solution of the present invention, a resource access channel exclusive to the resource access request is established according to the access mediator instance temporarily generated by the resource access request. Before the access mediator instance is started and configured, the access channel is not established between the user terminal and the target resource, and after the access mediator instance is started and configured, the resource access channel exclusive to the resource access is established, and the resource access request arrives at the target resource by the access mediator instance; that is, an exclusive access channel is dynamically established according to the resource access request; compared with a solution that a static access channel always exists between the user terminal and the target resource in the prior art, the network security may be improved greatly.
2. The corresponding access mediator template is selected according to the user information and the target resource information to generate the access mediator instance, so that the access mediator instance is matched with the user, the user terminal and the target resource, and user experience is guaranteed.
3. By accessing the target resource through the exclusive access mediator instance, the user terminal is not directly interacted with the target resource, so that the target source is protected against attack threats from the user terminal, data leakage is avoided, and the user terminal is protected against hazards caused by malicious contents from the target resource.
4. After the resource access request and the corresponding response are finished, the access mediator instance is deleted, so that on the one hand, when a next resource access request is initiated, the access channel will not be established between the user terminal and the target resource, and the resource access request may not be sent to the target resource, and thus, the user experience is guaranteed and the system security is improved; and on the other hand, it is guaranteed that the access mediator instance generated by each resource access request is only used once, so that the defect that a static access channel in the prior art is likely to be attacked can be effectively avoided.
To better clarify the purposes, technical solutions and advantages of the embodiments of the present invention, the technical solutions of the embodiments of the invention will be clearly and completely described. Obviously, the embodiments in the following description are merely illustrative ones, and are not all possible ones of the invention. All other embodiments obtained by those ordinarily skilled in the art without creative labor should also fall within the protection scope of the invention.
A resource access channel exclusive to the resource access request is established according to the exclusive access mediator instance temporarily generated by the resource access request, and after the resource access session is finished, the access mediator instance is deleted. That is to say, the system dynamically selects and configures or directly dynamically selects the access mediator substance for accessing the target resource according to the target resource information in the resource access request or the user information and the target resource information in the resource access request. Before the access mediator substance is started and configured (corresponding to the condition where the access mediator substance needs to be configured) or before the access mediator substance (corresponding to the condition where the access mediator substance does not need to be additionally configured, for example, an access mediator instance is merely used for accessing a certain specific website, and after the access mediator instance is started, it is not needed to configure the access mediator instance, and the aforementioned specific website may be directly accessed by the access mediator instance) is started, the access channel will not be established between the user terminal and the target resource. After the access mediator instance is started and configured (similarly, corresponding to a condition needed to configure the access mediator substance) or the access mediator instance is started (similarly, corresponding to a condition not needed to configure the access mediator substance additionally), the resource access channel exclusive to the resource access request is established, and the resource access request arrives at the target resource by means of the access mediator instance. After the resource access request session is finished, the access mediator instance is deleted. When a next resource access request is initiated, the access channel will not be established between the user terminal and the target resource, and the resource access request may not be sent to the target resource, so that the user experience is guaranteed and the system security is improved.
For the sake of a good understanding, the relationship between the access request and the access request information is defined here as follows: the access request is to add information for network transmission, such as a network communication transmission format and session information, based on the access request information.
As shown in
The request processor 103, on the one hand, is configured for extracting the user information and the target resource information from the received resource access request information and requiring the access mediator manager 105 to establish the corresponding access mediator instance 107-N according to the user information and the target resource information (it may comprise at least two different conditions: one condition is as follows: after the access mediator instance is generated, in a resource access process, a default configuration of the access mediator instance is used without configuring the access mediator instance additionally; for example, an access mediator instance is merely used for accessing a certain specific website, and after the access mediator instance is started, it is not needed to configure the access mediator instance, and the aforementioned specific website may be directly accessed by the access mediator instance. The other condition is as follows: after the access mediator instance is generated, it is needed to configure the access mediator instance correspondingly to realize resource access, specifically illustrated hereinafter). On the other hand, it is configured to initiate access correspondingly to the target resource via the access mediator instance 107-N according to the resource access request information after the access mediator instance 107-N is established. Functions of the access mediator instance 107-N are similar to those of an access gateway which may perform processing including address conversion, protocol conversion, identity authentication and the like. The user information comprises at least one of information such as a user name, a user terminal type, a user department and a user group. The target resource information comprises at least one of information such as a resource identifier, a resource type (a webpage, a network document, a network application and the like) and a network address.
The access mediator manager 105 is configured for selecting the corresponding access mediator template according to the received information (such as a request from the request processor 103), generating the corresponding access mediator instance 107-N according to the access mediator template (in this embodiment, the relationship between the access mediator template and the access mediator instance is similar to the relationship between a Docker mirror image in a Docker application container engine and a Docker container), and starting and configuring the access mediator instance or starting the access mediator instance without extra configuration.
In an optional scope of those skilled in the art, selecting the corresponding access mediator template according to the received information may further be finished by the request processor 103. In this case, the request processor 103 is configured for extracting the user information and the target resource information from the received resource access request information, selecting the corresponding access mediator template according to the user information and the target resource information and requiring the access mediator manager 105 to generate and configure the corresponding access mediator instance 107-N according to the access mediator template selected by the request processor 103. The access mediator manager 105 is configured to generate the corresponding access mediator instance 107-N according to the access mediator template, and start and configure the access mediator instance or start the access mediator instance without extra configuration.
For the sake of a good understanding, selecting the corresponding access mediator template is illustrated below:
For example, the user accesses the access mediator instance needed by a website via a mobile phone, which is different from accessing the access mediator instance needed by a document (the document may be a word document, a PDF document or the like) on a network via a PC (Personal Computer). When the access mediator template is selected, it is needed to select the corresponding access mediator template according to the terminal type (one of the user information) to guarantee terminal adaptation, and it is also needed to select the corresponding access mediator template according to the target resource type (one of the target resource information) to guarantee that the access mediator template is adaptive to the resource type, so as to realize normal presentation of the resource information. That is, the user accesses different resources (such as a website, a document on the network, an application on the network and the like) via different user terminals (such as a mobile phone, a tablet personal computer, a PC and the like) with different access mediator instances, so that it is needed to select the corresponding access mediator template according to the user information and the target resource information. In the optional scope of those skilled in the art, when the access mediator template is selected, the user information is not limited to the terminal type, and the target resource information is further not limited to the resource type.
For the sake of a good understanding, configuring the access mediator instance is illustrated below:
When the resource access request is a website on the access network, an implementation for configuring the access mediator instance is to configure a web address of the website to the access mediator instance by the access mediator manager 105.
When the resource access request is a website on the access network and needs to support the user to download a document from the website or upload the document to the website, an implementation for configuring the access mediator instance is to configure a web address of the website and a network disc menu of the user to the access mediator instance by the access mediator manager 105.
When the resource access request is an application on the access network and needs to support the user to process certain data by using the application, an implementation for configuring the access mediator instance is to configure a web address of the application and data needed to be processed to the access mediator instance by the access mediator manager 105. The data may be merely data from the user or may comprise the resource data from the network or the data associated with the target resource. For example, when the user needs to process a picture on the network disc by means of a photoshop server on the network, an implementation for configuring the access mediator instance is to configure an address and an access mode (such as a user name, a password or the like), an address of the picture on the network disc and an access mode (such as a user name, a password or the like) to the access mediator instance by the access mediator manager 105.
When the network resource is accessed by using the system for processing network resource access requests in this embodiment, before the access mediator substance is started and configured (corresponding to the condition where the access mediator substance needs to be configured) or before the access mediator substance (corresponding to the condition where the access mediator substance does not need to be additionally configured) is started, the access channel will not be established between the user terminal and the target resource. After the access mediator instance is started and configured (similarly, corresponding to the condition where the access mediator substance needs to be configured) or the access mediator instance is started (similarly, corresponding to the condition where the access mediator substance does not need to be additionally configured), the resource access channel exclusive to the resource access request is established, and the resource access request arrives at the target resource by means of the access mediator instance. Compared with the solution that an access channel always exists between the user terminal and the target resource in the prior art, the network security may be improved greatly. Meanwhile, by accessing the target resource by using the exclusive access mediator instance, the user terminal is not directly interacted with the target resource, so that the target source is protected against attack threats from the user terminal, data leakage is prevented, and the user terminal is protected against hazards caused by malicious contents from the target resource.
As a preferred implementation of this embodiment, in order to realize a closed loop of the network resource access, the system for processing network resource access requests further comprise:
More preferably, the response processor 109 may further be used for processing the received response to obtain information in an image coded format (see Chinese Invention Patent Application No. 202011413791.2 for a specific solution) and sending the information as the response information to the response sender 111.
Preferably, the access mediator manager 105 is further configured to delete the access mediator instance after a resource access session is finished. That is, the exclusive access mediator instance generated according to the resource access request is merely suitable for the resource access session, after the resource access request session is finished, the access mediator instance will be deleted immediately. When a next resource access request is initiated, the access channel will not be established between the user terminal and the target resource, and the resource access request will not be sent to the target resource, thus guaranteeing the system security.
As another preferred implementation of this embodiment,
The request processor 103 is further configured for judging the legality of the resource access request information. Under the circumstance that the resource access request information is legal, the extracted user information and target resource information are sent to the access mediator manager 105.
As shown in
202. A resource access request is received and resource access request information is acquired.
In this embodiment, this step is realized by the request receiver 101 in the system for processing network resource access requests. The resource access request is directly from the user terminal or is transferred from the network proxy service. For example, the user operates the user terminal by operation to require to access a certain website, and the user terminal responds to the operation to generate the corresponding resource access request.
204. User information and target resource information are extracted from the resource access request information, and it is required to establish a corresponding access mediator instance according to the user information and the target resource information.
In this embodiment, this step is realized by the request processor 103 in the system for processing network resource access requests (the request receiver will transfer the resource access request information to the request processor). The user information comprises at least one of information such as a user name, a user terminal type, a user department and a user group. The target resource information comprises at least one of information such as a resource identifier, a resource type (a webpage, a network document, a network application or the like) and a network address.
Specifically, establishing the access mediator instance may comprise at least two different conditions: one condition is as follows: after the access mediator instance is generated, in a resource access process, a default configuration of the access mediator instance is used without configuring the access mediator instance additionally; for example, an access mediator instance is merely used for accessing a certain specific website, and after the access mediator instance is started, it is not needed to configure the access mediator instance, and the aforementioned specific website may be directly accessed by the access mediator instance. The other condition is as follows: after the access mediator instance is generated, it is needed to configure the access mediator instance correspondingly to realize resource access, specifically illustrated hereinafter.
206. The access mediator instance is established.
In this embodiment, this step is realized by the access mediator manager 105 in the system for processing network resource access requests.
Specifically, the access mediator manager 105 selects the corresponding access mediator template according to the received information (such as a request from the request processor 103 to require to establish the access mediator instance), generates the corresponding access mediator instance 107-N according to the access mediator template (in this embodiment, the relationship between the access mediator template and the access mediator instance is similar to the relationship between a Docker mirror image in a Docker application container engine and a Docker container), and starts and configures the access mediator instance or starts the access mediator instance without extra configuration.
In the optional scope of those skilled in the art, establishing the access mediator instance may further comprises: the access mediator manager 105 generates the corresponding access mediator instance 107-N according to the access mediator template determined by the request processor 103, and starts and configures the access mediator instance or start the access mediator instance without extra configuration. In this case, the request processor 103 is configured to extract the user information and the target resource information from the received resource access request information, select the corresponding access mediator template according to the user information and the target resource information and require the access mediator manager 105 to generate and configure the corresponding access mediator instance 107-N according to the access mediator template selected thereby.
For the sake of a good understanding, selecting the corresponding access mediator template is illustrated below:
For example, the user accesses the access mediator instance needed by a website via a mobile phone, which is different from accessing the access mediator instance needed by a document (the document may be a word document, a PDF document or the like) on a network via a PC (Personal Computer). When the access mediator template is selected, it is needed to select the corresponding access mediator template according to the terminal type (one of the user information) to guarantee terminal adaptation, and it is needed to select the corresponding access mediator template according to the target resource type (one of the target resource information) to guarantee that the access mediator template is adaptive to the resource type, so as to realize normal presentation of the resource information. That is, the user accesses different resources (such as a website, a document on the network, an application on the network and the like) via different user terminals (such as a mobile phone, a tablet personal computer, a PC and the like) with different access mediator instances, so that it is needed to select the corresponding access mediator template according to the user information and the target resource information. In the optional scope of those skilled in the art, when the access mediator template is selected, the user information is not limited to the terminal type and the target resource information is further not limited to the resource type.
For the sake of a good understanding, configuring the access mediator instance is illustrated below:
When the resource access request is a website on the access network, an implementation for configuring the access mediator instance is to configure a web address of the website to the access mediator instance by the access mediator manager 105.
When the resource access request is a website on the access network and needs to support the user to download a document from the website or upload the document to the website, an implementation for configuring the access mediator instance is to configure a web address of the website and a network menu of the user to the access mediator instance by the access mediator manager 105.
When the resource access request is an application on the access network and needs to support the user to process certain data by using the application, an implementation for configuring the access mediator instance is to configure a web address of the application and data needed to be processed to the access mediator instance by the access mediator manager 105. The data may be merely data from the user or may comprise the resource data from the network or the data associated with the target resource. For example, when the user needs to process a picture on the network disc by means of a photoshop server on the network, an implementation for configuring the access mediator instance is to configure an address and an access mode (such as a user name, a password or the like), an address of the picture on the network disc and an access mode (such as a user name, a password or the like) to the access mediator instance by the access mediator manager 105.
208. An access is initiated to a target resource correspondingly by using the access mediator instance according to the resource access request information received by the access mediator instance.
Functions of the access mediator instance 107-N are similar to those of an access gateway which may perform processing including address conversion, protocol conversion and the like.
As a preferred implementation of the method for processing network resource access requests of this embodiment, the method further comprises:
In this embodiment, the response from the target resource received by the access mediator instance 107-N is transferred to the user terminal via the response processor 109 and the response sender 111 in sequence.
As a more preferred implementation, in this process, the received response may further be processed by the response processor 109 to obtain information in an image coded format (see Chinese Invention Patent Application No. 202011413791.2 for a specific solution), and the information is sent as the response information to the response sender 111.
212. The access mediator instance is deleted.
In this embodiment, this step is realized by the access mediator manager 105 in the system for processing network resource access requests. After the resource access request session is finished, the access mediator manager 105 deletes the access mediator instance immediately, so that when a next resource access request is initiated, the access channel will not be established between the user terminal and the target resource, the resource access request will not be sent to the target resource, thus guaranteeing the system security.
As a preferred implementation scheme of the processing method for the network resource access request of the embodiment, the processing method further comprises:
In this embodiment, this step is realized by the request processor 103 in the system for processing network resource access requests.
Based on this implementation, in the optional scope of those skilled in the art, in order to simplify the processing flow to use the specific user terminal (such as the PC or the mobile phone) to access resources by any user in any condition, the request processor 103 may merely extract the target resource information selectively rather than extracting the user information (the user information is extracted primarily for authority management and terminal adaptation).
| Number | Date | Country | Kind |
|---|---|---|---|
| 202110166359.6 | Feb 2021 | CN | national |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5486515 | Brown | Jan 1996 | A |
| 5678041 | Baker | Oct 1997 | A |
| 5696898 | Baker | Dec 1997 | A |
| 5764750 | Chau | Jun 1998 | A |
| 5764890 | Glasser | Jun 1998 | A |
| 6140467 | Ware | Oct 2000 | A |
| 6256739 | Skopp | Jul 2001 | B1 |
| 6351776 | O'Brien | Feb 2002 | B1 |
| 6377994 | Ault | Apr 2002 | B1 |
| 6529955 | Sitaraman | Mar 2003 | B1 |
| 6542908 | Ims | Apr 2003 | B1 |
| 6545005 | Baxter | Apr 2003 | B1 |
| 6552016 | Baxter | Apr 2003 | B1 |
| 6564325 | Travostino | May 2003 | B1 |
| 6591304 | Sitaraman | Jul 2003 | B1 |
| 6628671 | Dynarski | Sep 2003 | B1 |
| 6704864 | Philyaw | Mar 2004 | B1 |
| 6782508 | Bahrs | Aug 2004 | B1 |
| 7069330 | McArdle | Jun 2006 | B1 |
| 7174371 | Elo | Feb 2007 | B2 |
| 7263070 | Delker | Aug 2007 | B1 |
| 7737178 | Serhan | Jun 2010 | B2 |
| 7770174 | Martin | Aug 2010 | B1 |
| 7783735 | Sebes | Aug 2010 | B1 |
| 7810137 | Harvey | Oct 2010 | B1 |
| 7814531 | Khosravi | Oct 2010 | B2 |
| 7912035 | Leung | Mar 2011 | B1 |
| 8051491 | Cavage | Nov 2011 | B1 |
| 8166537 | Viswanath | Apr 2012 | B1 |
| 8201214 | Wallace | Jun 2012 | B1 |
| 8510420 | Brandwine | Aug 2013 | B1 |
| 8552171 | Tuschl | Oct 2013 | B2 |
| 8578456 | Lindholm | Nov 2013 | B2 |
| 8613070 | Borzycki | Dec 2013 | B1 |
| 8631244 | Potts | Jan 2014 | B1 |
| 8639827 | Dinn | Jan 2014 | B1 |
| 8645422 | Pool | Feb 2014 | B2 |
| 8799989 | Liu | Aug 2014 | B1 |
| 8832811 | Horman | Sep 2014 | B2 |
| 8893255 | Martini | Nov 2014 | B1 |
| 9037849 | Koster | May 2015 | B2 |
| 9042306 | Barkan | May 2015 | B2 |
| 9053146 | Kapoor | Jun 2015 | B1 |
| 9154479 | Sethi | Oct 2015 | B1 |
| 9200081 | Epshtein | Dec 2015 | B2 |
| 9240996 | Sinnema | Jan 2016 | B1 |
| 9461980 | Agrawal | Oct 2016 | B1 |
| 9491157 | Amdahl | Nov 2016 | B1 |
| 9509688 | Magi Shaashua | Nov 2016 | B1 |
| 9509692 | Innes | Nov 2016 | B2 |
| 9648044 | Islam | May 2017 | B2 |
| 9668130 | Bournelle | May 2017 | B2 |
| 9729557 | Sanyal | Aug 2017 | B1 |
| 9779257 | Wahl | Oct 2017 | B2 |
| 9853993 | Zhou | Dec 2017 | B1 |
| 10003576 | Hopen | Jun 2018 | B2 |
| 10028258 | Morper | Jul 2018 | B2 |
| 10116699 | Paterson | Oct 2018 | B1 |
| 10122757 | Kruse | Nov 2018 | B1 |
| 10298577 | Aithal | May 2019 | B1 |
| 10324746 | Kumar | Jun 2019 | B2 |
| 10362064 | Elliot | Jul 2019 | B1 |
| 10585570 | Larson | Mar 2020 | B2 |
| 10628560 | Siranni | Apr 2020 | B1 |
| 10757104 | Goel | Aug 2020 | B1 |
| 10999360 | Desbureaux | May 2021 | B2 |
| 11089081 | Karppanen | Aug 2021 | B1 |
| 11409622 | Kaushik | Aug 2022 | B1 |
| 11552948 | Peterson | Jan 2023 | B1 |
| 11558422 | Twitchell, Jr. | Jan 2023 | B2 |
| 20010037461 | Conrath | Nov 2001 | A1 |
| 20020165221 | Baxter | Nov 2002 | A1 |
| 20020184510 | Shieh | Dec 2002 | A1 |
| 20030026230 | Ibanez | Feb 2003 | A1 |
| 20030046420 | Breiter | Mar 2003 | A1 |
| 20030060605 | Ware | Mar 2003 | A1 |
| 20030079120 | Hearn | Apr 2003 | A1 |
| 20030118983 | Cassidy | Jun 2003 | A1 |
| 20030125274 | Gaarde | Jul 2003 | A1 |
| 20030204619 | Bays | Oct 2003 | A1 |
| 20030204769 | Coughlin | Oct 2003 | A1 |
| 20030229718 | Tock | Dec 2003 | A1 |
| 20040103310 | Sobel | May 2004 | A1 |
| 20040143733 | Ophir | Jul 2004 | A1 |
| 20040152446 | Saunders | Aug 2004 | A1 |
| 20040162905 | Griffin | Aug 2004 | A1 |
| 20040162906 | Griffin | Aug 2004 | A1 |
| 20040186410 | Davidner | Sep 2004 | A1 |
| 20040221172 | Stamos | Nov 2004 | A1 |
| 20050014796 | Baxter | Jan 2005 | A1 |
| 20050038874 | Ramaswamy | Feb 2005 | A1 |
| 20050055578 | Wright | Mar 2005 | A1 |
| 20050060537 | Stamos | Mar 2005 | A1 |
| 20050068983 | Carter | Mar 2005 | A1 |
| 20050080138 | Guicherit | Apr 2005 | A1 |
| 20050080746 | Zhu | Apr 2005 | A1 |
| 20050081063 | Patrick | Apr 2005 | A1 |
| 20050085519 | Rubin | Apr 2005 | A1 |
| 20050097353 | Patrick | May 2005 | A1 |
| 20050125528 | Burke, II | Jun 2005 | A1 |
| 20050223183 | Pherson | Oct 2005 | A1 |
| 20050229236 | Devgan | Oct 2005 | A1 |
| 20050240758 | Lord | Oct 2005 | A1 |
| 20050251851 | Patrick | Nov 2005 | A1 |
| 20050251852 | Patrick | Nov 2005 | A1 |
| 20050257245 | Patrick | Nov 2005 | A1 |
| 20050277863 | Davidner | Dec 2005 | A1 |
| 20060031942 | Jones | Feb 2006 | A1 |
| 20060045068 | Wu | Mar 2006 | A1 |
| 20060069914 | Rupp | Mar 2006 | A1 |
| 20060069916 | Jenisch | Mar 2006 | A1 |
| 20060075461 | Vayman | Apr 2006 | A1 |
| 20060106011 | Bock | May 2006 | A1 |
| 20060106936 | De Luca | May 2006 | A1 |
| 20060128765 | Wood | Jun 2006 | A1 |
| 20060143703 | Hopen | Jun 2006 | A1 |
| 20060212700 | Zhang | Sep 2006 | A1 |
| 20060286090 | Attardi | Dec 2006 | A1 |
| 20060294596 | Govindarajan | Dec 2006 | A1 |
| 20070002761 | Diamant | Jan 2007 | A1 |
| 20070008937 | Mody | Jan 2007 | A1 |
| 20070010444 | Trupp | Jan 2007 | A1 |
| 20070021493 | Guicherit | Jan 2007 | A1 |
| 20070027878 | Droshev | Feb 2007 | A1 |
| 20070094716 | Farino | Apr 2007 | A1 |
| 20070226145 | Ishigaki | Sep 2007 | A1 |
| 20070234312 | Shepard | Oct 2007 | A1 |
| 20070234329 | Shepard | Oct 2007 | A1 |
| 20070263632 | Sobue | Nov 2007 | A1 |
| 20070271598 | Chen | Nov 2007 | A1 |
| 20080014912 | Otaka | Jan 2008 | A1 |
| 20080083040 | Dani | Apr 2008 | A1 |
| 20080098463 | Wikman | Apr 2008 | A1 |
| 20080109884 | Kulkarni | May 2008 | A1 |
| 20080141177 | Koo | Jun 2008 | A1 |
| 20080222707 | Pathuri | Sep 2008 | A1 |
| 20080313716 | Park | Dec 2008 | A1 |
| 20090012082 | Guicherit | Jan 2009 | A1 |
| 20090055900 | Gopalasetty | Feb 2009 | A1 |
| 20090067440 | Chadda | Mar 2009 | A1 |
| 20090119762 | Thomson | May 2009 | A1 |
| 20090144807 | Zheng | Jun 2009 | A1 |
| 20090171081 | Marfurt | Jul 2009 | A1 |
| 20090248846 | Cohn | Oct 2009 | A1 |
| 20090300179 | Srinivasan | Dec 2009 | A1 |
| 20090313357 | Kim | Dec 2009 | A1 |
| 20090327908 | Hayton | Dec 2009 | A1 |
| 20090327909 | Hayton | Dec 2009 | A1 |
| 20100031369 | Grummt | Feb 2010 | A1 |
| 20100077454 | Xiao | Mar 2010 | A1 |
| 20100088507 | Cho | Apr 2010 | A1 |
| 20100185614 | O'Brien | Jul 2010 | A1 |
| 20100199086 | Kuang | Aug 2010 | A1 |
| 20100217173 | Hyde | Aug 2010 | A1 |
| 20100218265 | Bakhiet | Aug 2010 | A1 |
| 20100246443 | Cohn | Sep 2010 | A1 |
| 20100251329 | Wei | Sep 2010 | A1 |
| 20100303064 | Bari | Dec 2010 | A1 |
| 20100305195 | Umeda | Dec 2010 | A1 |
| 20110026531 | Deutsch | Feb 2011 | A1 |
| 20110093939 | Barbour | Apr 2011 | A1 |
| 20110099097 | Svedberg | Apr 2011 | A1 |
| 20110145926 | Dalcher | Jun 2011 | A1 |
| 20110190196 | Bielicki | Aug 2011 | A1 |
| 20110231897 | Tovar | Sep 2011 | A1 |
| 20110231898 | Tovar | Sep 2011 | A1 |
| 20110237495 | Serhan | Sep 2011 | A1 |
| 20120011358 | Masone | Jan 2012 | A1 |
| 20120015746 | Mooney | Jan 2012 | A1 |
| 20120017009 | Short | Jan 2012 | A1 |
| 20120023332 | Gorodyansky | Jan 2012 | A1 |
| 20120072728 | Teather | Mar 2012 | A1 |
| 20120079590 | Sastry | Mar 2012 | A1 |
| 20120110646 | Ajitomi | May 2012 | A1 |
| 20120131652 | Anand | May 2012 | A1 |
| 20120159579 | Pineau | Jun 2012 | A1 |
| 20120233314 | Jakobsson | Sep 2012 | A1 |
| 20120291106 | Sasaki | Nov 2012 | A1 |
| 20120297455 | Novak | Nov 2012 | A1 |
| 20120329703 | Bielicki | Dec 2012 | A1 |
| 20130067568 | Obasanjo | Mar 2013 | A1 |
| 20130086380 | Krishnaswamy | Apr 2013 | A1 |
| 20130109737 | Young | May 2013 | A1 |
| 20130111044 | Cherian | May 2013 | A1 |
| 20130122526 | Foster | May 2013 | A1 |
| 20130283340 | Biswas | Oct 2013 | A1 |
| 20130291059 | Giambiagi | Oct 2013 | A1 |
| 20130291077 | Sato | Oct 2013 | A1 |
| 20130302283 | Kihm | Nov 2013 | A1 |
| 20130332985 | Sastry | Dec 2013 | A1 |
| 20140032758 | Barton | Jan 2014 | A1 |
| 20140047048 | Ail | Feb 2014 | A1 |
| 20140059649 | Hu | Feb 2014 | A1 |
| 20140075519 | Porras | Mar 2014 | A1 |
| 20140096177 | Smith | Apr 2014 | A1 |
| 20140096203 | Takahashi | Apr 2014 | A1 |
| 20140096206 | Kaufmann | Apr 2014 | A1 |
| 20140130150 | Moshchuk | May 2014 | A1 |
| 20140164761 | Kufluk | Jun 2014 | A1 |
| 20140170461 | Hwang | Jun 2014 | A1 |
| 20140181889 | Black | Jun 2014 | A1 |
| 20140208393 | Yasukawa | Jul 2014 | A1 |
| 20140324946 | Zhang | Oct 2014 | A1 |
| 20140337961 | Chien | Nov 2014 | A1 |
| 20140343989 | Martini | Nov 2014 | A1 |
| 20140380428 | Kobayashi | Dec 2014 | A1 |
| 20150046973 | Gross | Feb 2015 | A1 |
| 20150074813 | Akula | Mar 2015 | A1 |
| 20150106888 | Cheng | Apr 2015 | A1 |
| 20150120577 | Lobo | Apr 2015 | A1 |
| 20150156205 | Yin | Jun 2015 | A1 |
| 20150180829 | Yu | Jun 2015 | A1 |
| 20150180872 | Christner | Jun 2015 | A1 |
| 20150199510 | Krstic | Jul 2015 | A1 |
| 20150215128 | Pal | Jul 2015 | A1 |
| 20150255803 | Delnick | Sep 2015 | A1 |
| 20150295757 | Debate | Oct 2015 | A1 |
| 20150319179 | Miasojed | Nov 2015 | A1 |
| 20150326578 | Hsu | Nov 2015 | A1 |
| 20150341367 | Kus | Nov 2015 | A1 |
| 20150365412 | Innes | Dec 2015 | A1 |
| 20150365417 | Bhooshan | Dec 2015 | A1 |
| 20150379284 | Stuntebeck | Dec 2015 | A1 |
| 20150381598 | Koved | Dec 2015 | A1 |
| 20150381631 | Salem | Dec 2015 | A1 |
| 20160014157 | Gomez | Jan 2016 | A1 |
| 20160021118 | Roth | Jan 2016 | A1 |
| 20160052896 | Lindsley | Feb 2016 | A1 |
| 20160057150 | Choi | Feb 2016 | A1 |
| 20160094531 | Unnikrishnan | Mar 2016 | A1 |
| 20160119348 | Kus | Apr 2016 | A1 |
| 20160149764 | Brandwine | May 2016 | A1 |
| 20160173448 | Olshansky | Jun 2016 | A1 |
| 20160179618 | Resch | Jun 2016 | A1 |
| 20160182565 | Salvador | Jun 2016 | A1 |
| 20160212110 | Barkie | Jul 2016 | A1 |
| 20160212113 | Banerjee | Jul 2016 | A1 |
| 20160212132 | Banerjee | Jul 2016 | A1 |
| 20160212141 | Banerjee | Jul 2016 | A1 |
| 20160219038 | Stephenson | Jul 2016 | A1 |
| 20160219056 | Wang | Jul 2016 | A1 |
| 20160239230 | Sato | Aug 2016 | A1 |
| 20160269445 | Dotterer, III | Sep 2016 | A1 |
| 20160277236 | Chen | Sep 2016 | A1 |
| 20160315943 | Manjunath | Oct 2016 | A1 |
| 20160364553 | Smith | Dec 2016 | A1 |
| 20160366183 | Smith | Dec 2016 | A1 |
| 20160366188 | Smith | Dec 2016 | A1 |
| 20160381144 | Malik | Dec 2016 | A1 |
| 20170034272 | Kazi | Feb 2017 | A1 |
| 20170041432 | Damick | Feb 2017 | A1 |
| 20170063813 | Cole | Mar 2017 | A1 |
| 20170063859 | Shue | Mar 2017 | A1 |
| 20170063931 | Seed | Mar 2017 | A1 |
| 20170105171 | Srivastava | Apr 2017 | A1 |
| 20170111338 | Malatesha | Apr 2017 | A1 |
| 20170111444 | Saheba | Apr 2017 | A1 |
| 20170126685 | Taylor | May 2017 | A1 |
| 20170126686 | Totov | May 2017 | A1 |
| 20170171183 | Lingappa | Jun 2017 | A1 |
| 20170181058 | Zeller | Jun 2017 | A1 |
| 20170187714 | Guo | Jun 2017 | A1 |
| 20170193448 | Piyush | Jul 2017 | A1 |
| 20170230307 | Li | Aug 2017 | A1 |
| 20170237724 | Kariyanahalli | Aug 2017 | A1 |
| 20170244706 | Ren | Aug 2017 | A1 |
| 20170257217 | Davis | Sep 2017 | A1 |
| 20170264634 | Carter | Sep 2017 | A1 |
| 20170266362 | von Harten | Sep 2017 | A1 |
| 20170272539 | Wozniak | Sep 2017 | A1 |
| 20170279795 | Redberg | Sep 2017 | A1 |
| 20170279813 | Vicente | Sep 2017 | A1 |
| 20170310675 | Kodama | Oct 2017 | A1 |
| 20170310754 | Baptist | Oct 2017 | A1 |
| 20170318009 | Pranam | Nov 2017 | A1 |
| 20170324825 | Long, III | Nov 2017 | A1 |
| 20170366532 | Garfinkle | Dec 2017 | A1 |
| 20180007059 | Innes | Jan 2018 | A1 |
| 20180070234 | Torvinen | Mar 2018 | A1 |
| 20180109540 | Amar | Apr 2018 | A1 |
| 20180113626 | Baptist | Apr 2018 | A1 |
| 20180152441 | Tamura | May 2018 | A1 |
| 20180152478 | Zhou | May 2018 | A1 |
| 20180167397 | Zhang | Jun 2018 | A1 |
| 20180176210 | Comay | Jun 2018 | A1 |
| 20180179163 | Kunos | Jun 2018 | A1 |
| 20180183802 | Choyi | Jun 2018 | A1 |
| 20180248888 | Takahashi | Aug 2018 | A1 |
| 20180262510 | Su | Sep 2018 | A1 |
| 20180262512 | Zhao | Sep 2018 | A1 |
| 20180295126 | Gilpin | Oct 2018 | A1 |
| 20180309759 | Leibmann | Oct 2018 | A1 |
| 20180314564 | Chilukuri | Nov 2018 | A1 |
| 20180332016 | Pandey | Nov 2018 | A1 |
| 20180351957 | Mott | Dec 2018 | A1 |
| 20180367526 | Huang | Dec 2018 | A1 |
| 20190004910 | Guim Bernat | Jan 2019 | A1 |
| 20190026807 | Terada | Jan 2019 | A1 |
| 20190028485 | Baird | Jan 2019 | A1 |
| 20190054125 | Kihm | Feb 2019 | A1 |
| 20190058713 | Pala | Feb 2019 | A1 |
| 20190074978 | Luff | Mar 2019 | A1 |
| 20190075115 | Anderson | Mar 2019 | A1 |
| 20190089710 | Weinert | Mar 2019 | A1 |
| 20190089810 | Wu | Mar 2019 | A1 |
| 20190097994 | Mathew | Mar 2019 | A1 |
| 20190108333 | Licata | Apr 2019 | A1 |
| 20190123924 | Embiricos | Apr 2019 | A1 |
| 20190132303 | Kurian | May 2019 | A1 |
| 20190132322 | Song | May 2019 | A1 |
| 20190156008 | Tamura | May 2019 | A1 |
| 20190173840 | Desai | Jun 2019 | A1 |
| 20190199808 | Gamache | Jun 2019 | A1 |
| 20190207945 | Yuan | Jul 2019 | A1 |
| 20190223157 | Hwang | Jul 2019 | A1 |
| 20190238619 | Mantrana-Exposito | Aug 2019 | A1 |
| 20190243969 | Birur | Aug 2019 | A1 |
| 20190281052 | Lekkas | Sep 2019 | A1 |
| 20190281064 | Patrich | Sep 2019 | A1 |
| 20190288985 | Chambers | Sep 2019 | A1 |
| 20190289002 | Vegh | Sep 2019 | A1 |
| 20190311140 | Braksator | Oct 2019 | A1 |
| 20190319916 | Venkataramanan | Oct 2019 | A1 |
| 20190325129 | Wang | Oct 2019 | A1 |
| 20190334886 | Lelcuk | Oct 2019 | A1 |
| 20190334893 | Chen | Oct 2019 | A1 |
| 20190334895 | J S A | Oct 2019 | A1 |
| 20190349360 | Yeddula | Nov 2019 | A1 |
| 20190356609 | Grunwald | Nov 2019 | A1 |
| 20190372960 | Huang | Dec 2019 | A1 |
| 20190379671 | Sundar | Dec 2019 | A1 |
| 20190384916 | Shah | Dec 2019 | A1 |
| 20200028838 | Yuan | Jan 2020 | A1 |
| 20200028853 | Ford | Jan 2020 | A1 |
| 20200045050 | Beveridge | Feb 2020 | A1 |
| 20200084217 | Judka | Mar 2020 | A1 |
| 20200092298 | Ojha | Mar 2020 | A1 |
| 20200100107 | Hsiao | Mar 2020 | A1 |
| 20200104521 | Malliah | Apr 2020 | A1 |
| 20200106780 | Malliah | Apr 2020 | A1 |
| 20200120100 | Hu | Apr 2020 | A1 |
| 20200120135 | Hu | Apr 2020 | A1 |
| 20200213107 | Choi | Jul 2020 | A1 |
| 20200220875 | Harguindeguy | Jul 2020 | A1 |
| 20200252400 | Pike | Aug 2020 | A1 |
| 20200258166 | Cross | Aug 2020 | A1 |
| 20200280588 | Greenebaum | Sep 2020 | A1 |
| 20200287915 | Neuvirth | Sep 2020 | A1 |
| 20200293684 | Harris | Sep 2020 | A1 |
| 20200314200 | Grandjean | Oct 2020 | A1 |
| 20200336309 | Wang | Oct 2020 | A1 |
| 20200336317 | Olivier | Oct 2020 | A1 |
| 20200336398 | Thomas | Oct 2020 | A1 |
| 20200356401 | Su | Nov 2020 | A1 |
| 20200358801 | Allouche | Nov 2020 | A1 |
| 20200369773 | Whitfield | Nov 2020 | A1 |
| 20200396223 | Dube | Dec 2020 | A1 |
| 20200410082 | Sharieh | Dec 2020 | A1 |
| 20200412735 | Suhail | Dec 2020 | A1 |
| 20210032762 | Cronin | Feb 2021 | A1 |
| 20210075794 | Gazit | Mar 2021 | A1 |
| 20210084048 | Kannan | Mar 2021 | A1 |
| 20210091976 | Kim | Mar 2021 | A1 |
| 20210135872 | Laffey | May 2021 | A1 |
| 20210136071 | Koeten | May 2021 | A1 |
| 20210144180 | Montazeri | May 2021 | A1 |
| 20210144517 | Guim Bernat | May 2021 | A1 |
| 20210144701 | Ly | May 2021 | A1 |
| 20210152542 | Gimenez Palop | May 2021 | A1 |
| 20210160246 | Dubreil | May 2021 | A1 |
| 20210160247 | Gaddam | May 2021 | A1 |
| 20210203667 | Bondugula | Jul 2021 | A1 |
| 20210211473 | Yancey | Jul 2021 | A1 |
| 20210218742 | Cook | Jul 2021 | A1 |
| 20210328969 | Gaddam | Oct 2021 | A1 |
| 20210352064 | Tsarfati | Nov 2021 | A1 |
| 20210352097 | Vlahovic | Nov 2021 | A1 |
| 20220038463 | Burlitskiy | Feb 2022 | A1 |
| 20220060470 | Thomas | Feb 2022 | A1 |
| 20220103579 | Shi | Mar 2022 | A1 |
| 20220103638 | Kandikonda | Mar 2022 | A1 |
| 20220159003 | Butcher | May 2022 | A1 |
| 20220171842 | Jain | Jun 2022 | A1 |
| 20220179869 | Gaur | Jun 2022 | A1 |
| 20220210168 | Yavo | Jun 2022 | A1 |
| 20220217779 | Taherzadeh Boroujeni | Jul 2022 | A1 |
| 20220225414 | Ma | Jul 2022 | A1 |
| 20220232003 | Smolny | Jul 2022 | A1 |
| 20220239673 | Kfir | Jul 2022 | A1 |
| 20220247720 | Kim | Aug 2022 | A1 |
| 20220247721 | Kim | Aug 2022 | A1 |
| 20220272103 | Duryea | Aug 2022 | A1 |
| 20220317882 | Vijayan | Oct 2022 | A1 |
| 20220317896 | Valan | Oct 2022 | A1 |
| 20220334869 | Kremer | Oct 2022 | A1 |
| 20220337604 | Kim | Oct 2022 | A1 |
| 20220344002 | James | Oct 2022 | A1 |
| Number | Date | Country |
|---|---|---|
| 107784221 | Mar 2018 | CN |
| 107784221 | Mar 2018 | CN |
| 111191279 | May 2020 | CN |
| 112202824 | Jan 2021 | CN |
| 112292669 | Jan 2021 | CN |
| 20070092196 | Sep 2007 | KR |
| WO-2017136192 | Aug 2017 | WO |
| Entry |
|---|
| Uriarte et al “Expressive Policy-Based Access Control for Resource Constrained Devices,” Jul. 24, 2017, pp. 15-46 (Year: 2017). |
| Fritsch et al “User Controlled Dynamic Access Credential Enrichment for Run-Time Service Selection,” 2012 Ninth IEEE International Conference on e-Business Engineering, IEEE Computer Society, pp. 193-200 (Year: 2012). |
| English Translation of CN107784221A (Year: 2018). |
| Uriarte et al “Expressive Policy-Based Access Control for Resource-Constrained Devices,” Special Section on Security and Privacy in Applications and Services for Future Internet of Things, Feb. 1, 2018, IEEE, pp. 15-46 (Year: 2018). |
| Fritsch et al “User-Controlled Dynamic Access Credential Enrichment for Run-time Service Selection,” 2012 Ninth IEEE International Conference on e-Business Engineering, pp. 193-200. |
| El Kaed et al “On the Fly Proxy Generation for Home Devices Interoperability,” pp. 1-5 (Year: 2011). |
| Google Patents Translation of KR20070092196A (Year: 2007). |
| Luo et al “Function Proxy: Template-Based Proxy Caching for Table-Value Functions,” IEEE Computer Society, Proceedings of 20th International Conference on Data Engineering, (ICDE'04), p. 1 (Year: 2004). |
| Wu et al “Towards the Scheduling of Access Requests in Cloud Storage,” The 8th International Conference on Computer Science & Education (ICCSE 2013), IEEE, pp. 37-41 (Year: 2013). |
| Yang et al “A Role-Based Access Control for Information Mediation,” IEEE, pp. 277-282 (Year: 2004). |
| Ezziyyani et al “Security Techniques and Specifications for the Resources Protection in Mediation Systems,” IEEE Melecon 2006, pp. 824-827 (Year: 2006). |
| Lin et al “Developing Reliable Mediators for Web Service Interactions,” Fourth International Conference on Semantics, Knowledge and Grid, IEEE Computer Society, pp. 449-452 (Year: 2008). |
| Zhang et al “A User-Centric WS-Mediator framework for on-the-fly Web Service Composition,” 19th Telecommunications forum TELFOR 2011, IEEE, pp. 1499-1502 (Year: 2011). |
| Number | Date | Country | |
|---|---|---|---|
| 20220255938 A1 | Aug 2022 | US |
