Security systems for mitigating attacks from a headless browser executing on a client computer

US 10,367,903 B2
Filed: 05/01/2018
Issued: 07/30/2019
Est. Priority Date: 05/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method for improving security of a server computer interacting with a client computer, the method comprising:

sending a set of one or more instructions to a browser at a client computer, wherein the set of one or more instructions define one or more checkpoints, wherein each checkpoint, when reached by the browser, generates telemetry data indicating the checkpoint was reached by the browser;

receiving a set of telemetry data from the browser at the client computer, the telemetry data indicating one or more particular checkpoints of the one or more checkpoints were reached by the browser;

determining, based on the telemetry data, which checkpoints of the one or more checkpoints were reached by the browser;

determining whether the browser is legitimate or illegitimate based on the one or more particular checkpoints reached by the browser.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer systems and methods in various embodiments are configured for improving the security and efficiency of server computers interacting through an intermediary computer with client computers that may be executing malicious and/or autonomous headless browsers or “bots”. In an embodiment, a computer system comprises a memory; one or more processors coupled to the memory; a processor logic coupled to the memory and the one or more processors, and configured to: intercept, from a server computer, one or more original instructions to be sent to a browser of a client computer; send the one or more original instructions to the browser and one or more telemetry instructions, wherein the telemetry instructions are configured, when executed, to generate a set of telemetry data indicating one or more objects that were referenced by the browser and to send the set of telemetry data to the intermediary computer; receive the set of telemetry data and determine whether the browser is legitimate or illegitimate based on the set of telemetry data.

159 Citations

20 Claims

1. A method for improving security of a server computer interacting with a client computer, the method comprising:
- sending a set of one or more instructions to a browser at a client computer, wherein the set of one or more instructions define one or more checkpoints, wherein each checkpoint, when reached by the browser, generates telemetry data indicating the checkpoint was reached by the browser;
  
  receiving a set of telemetry data from the browser at the client computer, the telemetry data indicating one or more particular checkpoints of the one or more checkpoints were reached by the browser;
  
  determining, based on the telemetry data, which checkpoints of the one or more checkpoints were reached by the browser;
  
  determining whether the browser is legitimate or illegitimate based on the one or more particular checkpoints reached by the browser.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein each checkpoint corresponds to a particular method, and the telemetry data generated by the checkpoint indicates that the method was executed.
  - 3. The method of claim 1, wherein each checkpoint corresponds to a particular object, and the telemetry data generated by the checkpoint indicates whether the browser interacted with the particular object.
  - 4. The method of claim 1, wherein each checkpoint corresponds to a particular object, and the telemetry data generated by the checkpoint indicates a state of the particular object.
  - 5. The method of claim 1, wherein the set of telemetry data indicates an order in which the one or more particular checkpoints were reached by the browser;
    - wherein determining whether the browser is legitimate or illegitimate is performed based on the order in which the one or more checkpoints were reached.
  - 6. The method of claim 1, wherein the set of telemetry data indicates how the one or more particular checkpoints were reached by the browser;
    - wherein determining whether the browser is legitimate or illegitimate is performed based on how the one or more particular checkpoints were reached.
  - 7. The method of claim 1, wherein the telemetry data generated by each checkpoint indicates a scope in which the checkpoint was reached;
    - wherein determining whether the browser is legitimate or illegitimate is performed based on the scope in which the one or more particular checkpoints were reached.
  - 8. The method of claim 1, further comprising:
    - in response to determining the browser is legitimate;
      
      storing a set of identification data that identifies the browser and indicates that the browser is legitimate;
      
      receiving a request for additional data from the browser;
      
      determining from the set of identification data that the browser is legitimate, and in response, sending one or more new instructions without additional telemetry instructions.
  - 9. The method of claim 1, further comprising:
    - in response to determining the browser is illegitimate;
      
      storing a set of identification data that identifies the browser and indicates that the browser is illegitimate;
      
      receiving a request for additional data from the browser;
      
      determining from the set of identification data that the browser is illegitimate, and in response, sending one or more new instructions with one or more new browser-detection instructions.
  - 10. The method of claim 1, further comprising:
    - in response to determining the browser is illegitimate;
      
      storing a set of identification data that identifies the browser and indicates that the browser is illegitimate;
      
      receiving a request for additional data from the browser;
      
      determining from the set of identification data that the browser is illegitimate, and in response, terminating the request.

11. A computer system configured to improve security of server computers interacting with client computers, the computer system comprising:
- a memory;
  
  one or more processors coupled to the memory;
  
  a processor logic coupled to the memory and the one or more processors, and programmed to;
  
  send a set of one or more instructions to a browser at a client computer, wherein the set of one or more instructions define one or more checkpoints, wherein each checkpoint, when reached by the browser, generates telemetry data indicating the checkpoint was reached by the browser;
  
  receive a set of telemetry data from the browser at the client computer, the telemetry data indicating one or more particular checkpoints of the one or more checkpoints were reached by the browser;
  
  determine, based on the telemetry data, which checkpoints of the one or more checkpoints were reached by the browser;
  
  determine whether the browser is legitimate or illegitimate based on which checkpoints were reached by the browser.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer system of claim 11, wherein each checkpoint corresponds to a particular method, and the telemetry data generated by the checkpoint indicates that the method was executed.
  - 13. The computer system of claim 11, wherein each checkpoint corresponds to a particular object, and the telemetry data generated by the checkpoint indicates whether the browser interacted with the particular object.
  - 14. The computer system of claim 11, wherein each checkpoint corresponds to a particular object, and the telemetry data generated by the checkpoint indicates a state of the particular object.
  - 15. The computer system of claim 11, wherein the set of telemetry data indicates an order in which the one or more particular checkpoints were executed by the browser;
    - wherein determining whether the browser is legitimate or illegitimate is performed based on the order in which the one or more checkpoints were reached.
  - 16. The computer system of claim 11, wherein the set of telemetry data indicates how the one or more particular checkpoints were reached by the browser;
    - wherein determining whether the browser is legitimate or illegitimate is performed based on how the one or more particular checkpoints were reached.
  - 17. The computer system of claim 11, wherein the telemetry data generated by each checkpoint indicates a scope in which the checkpoint was reached;
    - wherein determining whether the browser is legitimate or illegitimate is performed based on the scope in which the one or more particular checkpoints were reached.
  - 18. The computer system of claim 11, wherein the processor logic is further programmed to:
    - in response to determining the browser is legitimate;
      
      store a set of identification data that identifies the browser and indicates that the browser is legitimate;
      
      receive a request for additional data from the browser;
      
      determine from the set of identification data that the browser is legitimate, and in response, send one or more new instructions without additional telemetry instructions.
  - 19. The computer system of claim 11, wherein the processor logic is further programmed to:
    - in response to determining the browser is illegitimate;
      
      store a set of identification data that identifies the browser and indicates that the browser is illegitimate;
      
      receive a request for additional data from the browser;
      
      determine from the set of identification data that the browser is illegitimate, and in response, send one or more new instructions with one or more new browser-detection instructions.
  - 20. The computer system of claim 11, wherein the processor logic is further programmed to:
    - in response to determining the browser is illegitimate;
      
      store a set of identification data that identifies the browser and indicates that the browser is illegitimate;
      
      receive a request for additional data from the browser;
      
      determine from the set of identification data that the browser is illegitimate, and in response, terminate the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shape Security Inc. (F5 Incorporated)
Original Assignee
Shape Security Inc. (F5 Incorporated)
Inventors
Li, Zhiwei
Primary Examiner(s)
Abedin, Shanto

Application Number

US15/968,573
Publication Number

US 20180255154A1
Time in Patent Office

455 Days
Field of Search

726 22- 23
US Class Current
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2133   Verifying human interaction...

H04L 63/0876   based on the identity of th...

H04L 63/1466   Active attacks involving in...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/564   Enhancement of application ...

Security systems for mitigating attacks from a headless browser executing on a client computer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

159 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security systems for mitigating attacks from a headless browser executing on a client computer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links