Security systems for mitigating attacks from a headless browser executing on a client computer
First Claim
1. A method for improving security of a server computer interacting with a client computer, the method comprising:
- sending a set of one or more instructions to a browser at a client computer, wherein the set of one or more instructions define one or more checkpoints, wherein each checkpoint, when reached by the browser, generates telemetry data indicating the checkpoint was reached by the browser;
receiving a set of telemetry data from the browser at the client computer, the telemetry data indicating one or more particular checkpoints of the one or more checkpoints were reached by the browser;
determining, based on the telemetry data, which checkpoints of the one or more checkpoints were reached by the browser;
determining whether the browser is legitimate or illegitimate based on the one or more particular checkpoints reached by the browser.
1 Assignment
0 Petitions
Accused Products
Abstract
Computer systems and methods in various embodiments are configured for improving the security and efficiency of server computers interacting through an intermediary computer with client computers that may be executing malicious and/or autonomous headless browsers or “bots”. In an embodiment, a computer system comprises a memory; one or more processors coupled to the memory; a processor logic coupled to the memory and the one or more processors, and configured to: intercept, from a server computer, one or more original instructions to be sent to a browser of a client computer; send the one or more original instructions to the browser and one or more telemetry instructions, wherein the telemetry instructions are configured, when executed, to generate a set of telemetry data indicating one or more objects that were referenced by the browser and to send the set of telemetry data to the intermediary computer; receive the set of telemetry data and determine whether the browser is legitimate or illegitimate based on the set of telemetry data.
159 Citations
20 Claims
-
1. A method for improving security of a server computer interacting with a client computer, the method comprising:
-
sending a set of one or more instructions to a browser at a client computer, wherein the set of one or more instructions define one or more checkpoints, wherein each checkpoint, when reached by the browser, generates telemetry data indicating the checkpoint was reached by the browser; receiving a set of telemetry data from the browser at the client computer, the telemetry data indicating one or more particular checkpoints of the one or more checkpoints were reached by the browser; determining, based on the telemetry data, which checkpoints of the one or more checkpoints were reached by the browser; determining whether the browser is legitimate or illegitimate based on the one or more particular checkpoints reached by the browser. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system configured to improve security of server computers interacting with client computers, the computer system comprising:
-
a memory; one or more processors coupled to the memory; a processor logic coupled to the memory and the one or more processors, and programmed to; send a set of one or more instructions to a browser at a client computer, wherein the set of one or more instructions define one or more checkpoints, wherein each checkpoint, when reached by the browser, generates telemetry data indicating the checkpoint was reached by the browser; receive a set of telemetry data from the browser at the client computer, the telemetry data indicating one or more particular checkpoints of the one or more checkpoints were reached by the browser; determine, based on the telemetry data, which checkpoints of the one or more checkpoints were reached by the browser; determine whether the browser is legitimate or illegitimate based on which checkpoints were reached by the browser. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification