Network attack detection on a mobile API of a web service
First Claim
1. A method of operating a communication system to validate web service requests from applications executing on wireless communication devices, the method comprising:
- in a wireless communication device;
executing an application that generates an original web service request;
executing a client security component of the application to;
collect security information, andtransparently inject the security information in the original web service request to create a modified web service request,wherein the security information comprises a plurality of user behavior attributes representing how the wireless communication device is being utilized; and
utilizing a mobile application programming interface to transfer the modified web service request that includes the security information to a web server; and
in the web server, executing a server security component of a web service to;
extract the security information from the modified web service request,validate the security information to verify that the user behavior attributes are indicative of human operation of the wireless communication device,strip, upon successful validation of the security information, the security information from the modified web service request, andprovide the original web service request to the web service upon successful validation.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques to validate web service requests from applications executing on wireless communication devices are disclosed herein. In at least one implementation, an application that generates a web service request is executed on a wireless communication device. The wireless communication device executes a client security component of the application to collect security information and include the security information in the web service request, and utilizes a mobile application programming interface to transfer the web service request including the security information for delivery to a web server. The web server executes a server security component of a web service to extract the security information from the web service request, validate the web service request based on the security information, and provide the web service request to the web service upon successful validation.
18 Citations
20 Claims
-
1. A method of operating a communication system to validate web service requests from applications executing on wireless communication devices, the method comprising:
-
in a wireless communication device; executing an application that generates an original web service request; executing a client security component of the application to; collect security information, and transparently inject the security information in the original web service request to create a modified web service request, wherein the security information comprises a plurality of user behavior attributes representing how the wireless communication device is being utilized; and utilizing a mobile application programming interface to transfer the modified web service request that includes the security information to a web server; and in the web server, executing a server security component of a web service to; extract the security information from the modified web service request, validate the security information to verify that the user behavior attributes are indicative of human operation of the wireless communication device, strip, upon successful validation of the security information, the security information from the modified web service request, and provide the original web service request to the web service upon successful validation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A communication system to validate web service requests from applications executing on wireless communication devices, the communication system comprising:
-
a wireless communication device configured to execute an application that generates an original web service request and to execute a client security component of the application to collect security information, transparently inject the security information in the original web service request to create a modified web service request, and utilize a mobile application programming interface to transfer the modified web service request that includes the security information to a web server, wherein the security information comprises a plurality of user behavior attributes that indicate whether an operator operating the wireless communication device is a human user or a machine; and the web server configured to execute a server security component of a web service to extract the security information from the modified web service request, validate the security information by, at least in part, analyzing the user behavior attributes to determine whether the operator of the wireless communication device is the automated computer or the human user, strip the security information from the modified web service request, and provide the original web service request to the web service upon successful validation that the operator is the human user. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
one or more computer-readable storage media; and first program instructions comprising a client security component of an application, the first program instructions stored on the one or more computer-readable storage media that, when executed by a wireless communication device, direct the wireless communication device to at least; collect security information, and create, in response to an original web service request generated by the application, a modified web service request by injecting the security information into an original web service request, wherein the security information comprises a plurality of user behavior attributes and device attributes; and utilize a mobile application programming interface to transfer the modified web service request including the security information to a web server; and second program instructions comprising a server security component of a web service, the second program instructions stored on the one or more computer-readable storage media that, when executed by the web server, direct the web server to at least; extract the security information from the modified web service request; validate the original web service request by analyzing the security information to determine whether the original web service request is a legitimate request that originates from a genuine application and is associated with usage indicative of a human user or whether the original web service request is a malicious request that did not originate from the genuine application or is associated with usage indicative of an automated machine; and provide the original web service request to the web service upon determining that the original web service request is legitimate. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification