Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction
First Claim
1. A method comprising:
- storing data regarding a plurality of unique end-point identifiers (UEINs) associated with a plurality of computing devices, wherein the plurality of UEINs includes a UEIN associated with a particular computing device;
receiving, from a computing device, a request comprising the UEIN and a challenge response;
based on the challenge response and the UEIN, verifying that the computing device is the particular computing device associated with the UEIN;
determining whether the UEIN is associated with a high volume of requests;
based on determining that the UEIN is associated with a high volume of requests, determining that the request is from an unauthorized user;
in response to determining that the request is from an unauthorized user, adding the UEIN to a plurality of unauthorized UEINs and blocking the request;
wherein requests received with a UEIN in the plurality of unauthorized UEINs are blocked;
wherein the method is performed by one or more computing devices.
3 Assignments
0 Petitions
Accused Products
Abstract
An API call filtering system filters responses to API call requests received, via a network, from UEs. The API call filtering system is configured to require personalized API call requests wherein each API call (except for some minor exceptions) includes a unique UE identifier (“UEIN”) of the UE making the request. Using the UEIN, the web service or other service protected by the API call filtering system can be secured against excessive request iterations from a set of rogue UEs while allowing for ordinary volumes of requests of requests the UEs, wherein one or more boundaries between what is deemed to be an ordinary volume of requests and what is deemed to be excessive request iterations are determined by predetermined criteria.
-
Citations
17 Claims
-
1. A method comprising:
-
storing data regarding a plurality of unique end-point identifiers (UEINs) associated with a plurality of computing devices, wherein the plurality of UEINs includes a UEIN associated with a particular computing device; receiving, from a computing device, a request comprising the UEIN and a challenge response; based on the challenge response and the UEIN, verifying that the computing device is the particular computing device associated with the UEIN; determining whether the UEIN is associated with a high volume of requests; based on determining that the UEIN is associated with a high volume of requests, determining that the request is from an unauthorized user; in response to determining that the request is from an unauthorized user, adding the UEIN to a plurality of unauthorized UEINs and blocking the request; wherein requests received with a UEIN in the plurality of unauthorized UEINs are blocked; wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for identifying and blocking unauthorized requests based on request volume comprising:
-
one or more hardware processors; memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to; store data regarding a plurality of unique end-point identifiers (UEINs) associated with a plurality of computing devices, wherein the plurality of UEINs includes a UEIN associated with a particular computing device; receive, from a computing device, a request comprising the UEIN and a challenge response; based on the challenge response, verify that the computing device is the particular computing device associated with the UEIN; determine whether the UEIN is associated with a high volume of requests; based on determining that the UEIN is associated with a high volume of requests, determine that the request is from an unauthorized user; in response to determining that the request is from an unauthorized user, add the UEIN to a plurality of unauthorized UEINs and block the request; wherein requests received with a UEIN in the plurality of unauthorized UEINs are blocked. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification