Count-based challenge-response credential pairs for client/server request validation
First Claim
1. A server computer system that is programmed to validate requests from a client computer to a server computer, the server computer system comprising:
- a memory persistently storing a set of server instructions;
one or more processors coupled to the memory, wherein the one or more processors execute the set of server instructions, which causes the one or more processors to;
generate a first challenge credential comprising a timestamp and a hash generated from the timestamp, to be sent to the client computer, wherein the first challenge credential corresponds to a first response credential in a first challenge-response credential pair;
render one or more first dynamic-credential instructions, which when executed by the client computer, cause the client computer to generate the first response credential in the first challenge-response credential pair, based on the timestamp and the hash generated from the timestamp;
send, to the client computer, the first challenge credential and the one or more first dynamic-credential instructions, but not the first response credential;
receive a first request that includes a first test-challenge credential and a first test-response credential;
determine whether the first test-challenge credential and the first test-response credential are the first challenge-response credential pair;
in response to determining that the first test-response credential is the first response credential, determine that a first count is associated with the first challenge-response credential pair, and determine whether the first count satisfies a first threshold;
in response to determining that the first count does not satisfy the first threshold, determine that the first request is not a replay request and assign a second count to the first challenge-response credential pair.
1 Assignment
0 Petitions
Accused Products
Abstract
Computer systems and methods in various embodiments are configured for improving the security and efficiency of server computers interacting through an intermediary computer with client computers that may be executing malicious and/or autonomous headless browsers or “bots”. In an embodiment, a server computer system that is programmed to validate requests from a client computer to a server computer, the server computer system comprising: a memory persistently storing a set of server instructions; one or more processors coupled to the memory, wherein the one or more processors execute the set of server instructions, which causes the one or more processors to: generate a first challenge credential to be sent to the client computer, wherein the first challenge credential corresponds to a first response credential in a first challenge-response credential pair; render one or more first dynamic-credential instructions, which when executed by the client computer, cause the client computer to generate the first response credential in the first challenge-response credential pair; send, to the client computer, the first challenge credential and the one or more first dynamic-credential instructions, but not the first response credential; receive a first request that includes a first test-challenge credential and a first test-response credential; determine whether the first test-challenge credential and the first test-response credential are the first challenge-response credential pair; in response to determining that the first test-response credential is the first response credential, determine that a first count is associated with the first challenge-response credential pair, and determine whether the first count satisfies a first threshold; in response to determining that the first count does not satisfy the first threshold, determine that the first request is not a replay request and assign a second count to the first challenge-response credential pair.
25 Citations
28 Claims
-
1. A server computer system that is programmed to validate requests from a client computer to a server computer, the server computer system comprising:
-
a memory persistently storing a set of server instructions; one or more processors coupled to the memory, wherein the one or more processors execute the set of server instructions, which causes the one or more processors to; generate a first challenge credential comprising a timestamp and a hash generated from the timestamp, to be sent to the client computer, wherein the first challenge credential corresponds to a first response credential in a first challenge-response credential pair; render one or more first dynamic-credential instructions, which when executed by the client computer, cause the client computer to generate the first response credential in the first challenge-response credential pair, based on the timestamp and the hash generated from the timestamp; send, to the client computer, the first challenge credential and the one or more first dynamic-credential instructions, but not the first response credential; receive a first request that includes a first test-challenge credential and a first test-response credential; determine whether the first test-challenge credential and the first test-response credential are the first challenge-response credential pair; in response to determining that the first test-response credential is the first response credential, determine that a first count is associated with the first challenge-response credential pair, and determine whether the first count satisfies a first threshold; in response to determining that the first count does not satisfy the first threshold, determine that the first request is not a replay request and assign a second count to the first challenge-response credential pair. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for validating, at one or more server computers, one or more requests from one or more client computers, comprising:
-
generating a first challenge credential comprising a timestamp and a hash generated from the timestamp, to be sent to the client computer, wherein the first challenge credential corresponds to a first response credential in a first challenge-response credential pair; rendering one or more first dynamic-credential instructions, which when executed by the one or more client computers, cause the one or more client computers to generate the first response credential in the first challenge-response credential pair, based on the timestamp and the hash generated from the timestamp; sending, to the one or more client computers, the first challenge credential and the one or more first dynamic-credential instructions, but not the first response credential; receiving a first request that includes a first test-challenge credential and a first test-response credential; determining whether the first test-challenge credential and the first test-response credential are the first challenge-response credential pair; in response to determining that the first test-response credential is the first response credential, determining that a first count is associated with the first challenge-response credential pair, and determining whether the first count satisfies a first threshold; in response to determining that the first count does not satisfy the first threshold, determining that the first request is not a replay request and assign a second count to the first challenge-response credential pair. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification