Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction

US 10,050,935 B2
Filed: 04/20/2015
Issued: 08/14/2018
Est. Priority Date: 07/09/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing data regarding a plurality of unique end-point identifiers (UEINs) associated with a plurality of computing devices, wherein the plurality of UEINs includes a UEIN associated with a particular computing device;

receiving, from a computing device, a request comprising the UEIN and a challenge response;

based on the challenge response and the UEIN, verifying that the computing device is the particular computing device associated with the UEIN;

determining whether the UEIN is associated with a high volume of requests;

based on determining that the UEIN is associated with a high volume of requests, determining that the request is from an unauthorized user;

in response to determining that the request is from an unauthorized user, adding the UEIN to a plurality of unauthorized UEINs and blocking the request;

wherein requests received with a UEIN in the plurality of unauthorized UEINs are blocked;

wherein the method is performed by one or more computing devices.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An API call filtering system filters responses to API call requests received, via a network, from UEs. The API call filtering system is configured to require personalized API call requests wherein each API call (except for some minor exceptions) includes a unique UE identifier (“UEIN”) of the UE making the request. Using the UEIN, the web service or other service protected by the API call filtering system can be secured against excessive request iterations from a set of rogue UEs while allowing for ordinary volumes of requests of requests the UEs, wherein one or more boundaries between what is deemed to be an ordinary volume of requests and what is deemed to be excessive request iterations are determined by predetermined criteria.

Citations

17 Claims

1. A method comprising:
- storing data regarding a plurality of unique end-point identifiers (UEINs) associated with a plurality of computing devices, wherein the plurality of UEINs includes a UEIN associated with a particular computing device;
  
  receiving, from a computing device, a request comprising the UEIN and a challenge response;
  
  based on the challenge response and the UEIN, verifying that the computing device is the particular computing device associated with the UEIN;
  
  determining whether the UEIN is associated with a high volume of requests;
  
  based on determining that the UEIN is associated with a high volume of requests, determining that the request is from an unauthorized user;
  
  in response to determining that the request is from an unauthorized user, adding the UEIN to a plurality of unauthorized UEINs and blocking the request;
  
  wherein requests received with a UEIN in the plurality of unauthorized UEINs are blocked;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1,wherein the request is an application programming interface (API) call corresponding to an API service;
    - wherein one or more requests that are not blocked are forwarded to the API service.
  - 3. The method of claim 1, further comprising:
    - prior to receiving the request, receiving a set of data from the particular computing device indicating successful performance of a non-automatable step;
      
      in response to the set of data indicating the successful performance of the non-automatable step, associating the UEIN with the particular computing device.
  - 4. The method of claim 1, wherein the UEIN is generated by the particular computing device.
  - 5. The method of claim 1, wherein determining whether the UEIN is associated with a high volume of requests includes applying a rule for distinguishing excessive request volumes from ordinary request volumes.
  - 6. The method of claim 1, wherein determining whether the UEIN is associated with a high volume of requests includes determining whether requests associated with the UEIN exceed a threshold.
  - 7. The method of claim 1, wherein the UEIN uniquely identifies a particular instance of an application running on the particular computing device.
  - 8. The method of claim 7, wherein the request comprises a modified API call, generated by the particular instance of the application, that uniquely identifies the particular instance of the application running on the particular computing device.
  - 9. The method of claim 1, further comprising:
    - receiving, from a second computing device, a second request, a second UEIN, and a second challenge response, wherein the second UEIN is associated with a second specific computing device prior to receiving the second request;
      
      based on second challenge response, verifying that the second computing device is not the second specific computing device associated with the second UEIN;
      
      blocking the second API call associated with the second UEIN.

10. A system for identifying and blocking unauthorized requests based on request volume comprising:
- one or more hardware processors;
  
  memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to;
  
  store data regarding a plurality of unique end-point identifiers (UEINs) associated with a plurality of computing devices, wherein the plurality of UEINs includes a UEIN associated with a particular computing device;
  
  receive, from a computing device, a request comprising the UEIN and a challenge response;
  
  based on the challenge response, verify that the computing device is the particular computing device associated with the UEIN;
  
  determine whether the UEIN is associated with a high volume of requests;
  
  based on determining that the UEIN is associated with a high volume of requests, determine that the request is from an unauthorized user;
  
  in response to determining that the request is from an unauthorized user, add the UEIN to a plurality of unauthorized UEINs and block the request;
  
  wherein requests received with a UEIN in the plurality of unauthorized UEINs are blocked.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10,wherein the request is an application programming interface (API) call corresponding to an API service;
    - wherein one or more requests that are not blocked are forwarded to the API service.
  - 12. The system of claim 10, wherein the one or more instructions, when executed by the one or more hardware processors, cause the one or more processors to:
    - prior to receiving the request, receive a set of data from the particular computing device indicating successful performance of a non-automatable step;
      
      in response to the set of data indicating the successful performance of the non-automatable step, associating the UEIN with the particular computing device.
  - 13. The system of claim 10, wherein the UEIN is generated by the particular computing device.
  - 14. The system of claim 10, wherein determining whether the UEIN is associated with a high volume of requests includes applying a rule for distinguishing excessive request volumes from ordinary request volumes.
  - 15. The system of claim 10, wherein determining whether the UEIN is associated with a high volume of requests includes determining whether requests associated with the UEIN exceed a threshold.
  - 16. The system of claim 10, wherein the UEIN uniquely identifies a particular instance of an application running on the particular computing device.
  - 17. The system of claim 16, wherein the request comprises a modified API call, generated by the particular instance of the application, that uniquely identifies the particular instance of the application running on the particular computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shape Security Inc. (F5 Incorporated)
Original Assignee
Shape Security Inc. (F5 Incorporated)
Inventors
Hansen, Marc
Primary Examiner(s)
Lewis, Lisa
Assistant Examiner(s)
Harris, Christopher C

Application Number

US14/691,540
Publication Number

US 20160014084A1
Time in Patent Office

1,212 Days
Field of Search

726 27
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0245   Filtering by information in...

H04L 63/0442   wherein the sending and rec...

H04L 63/10   for controlling access to d...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04W 12/084   using delegated authorisati...

H04W 12/086   using security domains

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links