Mitigating attacks on server computers by enforcing platform policies on client computers

US 10,447,726 B2
Filed: 11/13/2018
Issued: 10/15/2019
Est. Priority Date: 03/11/2016
Status: Active Grant

First Claim

Patent Images

1. A computer system for improving security of a computing device comprising:

one or more processors;

one or more memory devices coupled to the one or more processors and storing a set of security instructions which, when executed by the one or more processors, cause the one or more processors to perform;

receiving a request from a platform-specific application compiled for a first computer platform;

determining, based on the request, whether the platform-specific application is being executed natively on the first computer platform or being executed within an emulator on a second computer platform that is different from the first computer platform;

determining one or more actions to perform based on whether the platform-specific application is being executed natively on the first computer platform or being executed within the emulator on the second computer platform;

performing the one or more actions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a computer system is configured to receive, from a client computer, a request with one or more values; determine, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform; determine, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform.

136 Citations

20 Claims

1. A computer system for improving security of a computing device comprising:
- one or more processors;
  
  one or more memory devices coupled to the one or more processors and storing a set of security instructions which, when executed by the one or more processors, cause the one or more processors to perform;
  
  receiving a request from a platform-specific application compiled for a first computer platform;
  
  determining, based on the request, whether the platform-specific application is being executed natively on the first computer platform or being executed within an emulator on a second computer platform that is different from the first computer platform;
  
  determining one or more actions to perform based on whether the platform-specific application is being executed natively on the first computer platform or being executed within the emulator on the second computer platform;
  
  performing the one or more actions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer system of claim 1 wherein the platform-specific application includes one or more fingerprinting instructions which, when executed, generates fingerprinting data indicating whether the platform-specific application is being executed natively or being executed within the emulator on the second computer platform, and includes the fingerprinting data in the request.
  - 3. The computer system of claim 2 wherein generating the fingerprinting data comprises calling one or more application programming interfaces (APIs) provided by one or more respective computer platforms and/or emulators.
  - 4. The computer system of claim 2 wherein generating the fingerprinting data comprises determining that the platform-specific application is not being executed in a known emulator, and in response, generating fingerprint data indicating that the platform-specific application is being executed in an unknown emulator.
  - 5. The computer system of claim 2 wherein generating the fingerprinting data comprises determining that the platform-specific application is not being executed in a known emulator, and in response, generating fingerprint data indicating that the platform-specific application is being executed natively.
  - 6. The computer system of claim 2 wherein generating the fingerprinting data comprises querying for at least one of:
    - one or more particular hardware components or one or more particular software components.
  - 7. The computer system of claim 6 wherein generating the fingerprinting data comprises querying for one or more particular hardware components, wherein the first computer platform includes the one or more particular hardware components, and wherein the second computer platform does not include the one or more particular hardware components.
  - 8. The computer system of claim 6 wherein generating the fingerprinting data comprises querying for one or more particular software components, wherein the first computer platform includes the one or more particular software components, and wherein the second computer platform does not include the one or more particular software components.
  - 9. The computer system of claim 1 wherein the request includes a digital signature, and wherein the set of security instructions, when executed by the one or more processors, further cause validating the digital signature.
  - 10. The computer system of claim 1 wherein the set of security instructions, when executed by the one or more processors, further cause:
    - storing a plurality of rules, wherein each rule in the plurality of rules specifies one or more match criteria and one or more actions;
      
      determining that the request satisfies match criteria for a particular rule of the plurality of rules, wherein the match criteria for the particular rule includes whether the platform-specific application is being executed natively on the first computer platform or being executed within the emulator on the second computer platform, and wherein the particular rule specifies the one or more actions.

11. A computer-implemented method for providing improvements in security for computer devices, the method comprising:
- receiving a request from a platform-specific application compiled for a first computer platform;
  
  determining, based on the request, whether the platform-specific application is being executed natively on the first computer platform or being executed within an emulator on a second computer platform that is different from the first computer platform;
  
  determining one or more actions to perform, based on whether the platform-specific application is being executed natively on the first computer platform or being executed within the emulator on the second computer platform;
  
  performing the one or more actions.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11 wherein the platform-specific application includes one or more fingerprinting instructions which, when executed, generates fingerprinting data indicating whether the platform-specific application is being executed natively or being executed within the emulator on the second computer platform, and includes the fingerprinting data in the request.
  - 13. The method of claim 12 wherein generating the fingerprinting data comprises calling one or more application programming interfaces (APIs) provided by one or more respective computer platforms and/or emulators.
  - 14. The method of claim 12 wherein generating the fingerprinting data comprises determining that the platform-specific application is not being executed in a known emulator, and in response, generating fingerprint data indicating that the platform-specific application is being executed in an unknown emulator.
  - 15. The method of claim 12 wherein generating the fingerprinting data comprises determining that the platform-specific application is not being executed in a known emulator, and in response, generating fingerprint data indicating that the platform-specific application is being executed natively.
  - 16. The method of claim 12 wherein generating the fingerprinting data comprises querying for at least one of:
    - one or more particular hardware components or one or more particular software components.
  - 17. The method of claim 16 wherein generating the fingerprinting data comprises querying for one or more particular hardware components, wherein the first computer platform includes the one or more particular hardware components, and wherein the second computer platform does not include the one or more particular hardware components.
  - 18. The method claim 16 wherein generating the fingerprinting data comprises querying for one or more particular software components, wherein the first computer platform includes the one or more particular software components, and wherein the second computer platform does not include the one or more particular software components.
  - 19. The method of claim 11 wherein the request includes a digital signature, the method further comprising validating the digital signature.
  - 20. The method of claim 11 further comprising:
    - storing a plurality of rules, wherein each rule in the plurality of rules specifies one or more match criteria and one or more actions;
      
      determining that the request satisfies match criteria for a particular rule of the plurality of rules, wherein the match criteria for the particular rule includes whether the platform-specific application is being executed natively on the first computer platform or being executed within the emulator on the second computer platform, and wherein the particular rule specifies the one or more actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shape Security Inc. (F5 Incorporated)
Original Assignee
Shape Security Inc. (F5 Incorporated)
Inventors
Yang, Siying, Ghosemajumder, Shuman
Primary Examiner(s)
Avery, Jeremiah L

Application Number

US16/190,015
Publication Number

US 20190081977A1
Time in Patent Office

336 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/556   involving covert channels, ...

G06F 21/562   Static detection

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/57   Certifying or maintaining t...

G06F 2221/033   Test or assess software

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Mitigating attacks on server computers by enforcing platform policies on client computers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

136 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mitigating attacks on server computers by enforcing platform policies on client computers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links