Asymmetrical challenges for web security
First Claim
1. A computer-implemented method, comprising:
- receiving, at a computing system, first code corresponding to a web page requested by a client computing device, the first code comprising code that, when executed, allows a user to submit a request to initiate a web transaction presented by the web page;
generating second code that defines a challenge to be solved by the client computing device, the second code comprising code that, when executed, determines a valid solution to the challenge;
generating modified first code corresponding to the web page by embedding the second code into the first code so that the challenge is solved when the modified first code executes, and generating a modified request by modifying the request to require values for one or more parameters that are a solution to the challenge so that submission of any request initiating the web transaction is delayed until the challenge is solved;
providing, to the client computing device, the modified first code;
receiving a modified request from the client computing device to initiate the web transaction, the modified request including a possible solution to the challenge comprising values for the one or more parameters;
determining whether the possible solution is a valid solution to the challenge; and
taking action to initiate the particular web transaction or to not initiate the particular web transaction based on whether the possible solution is a valid solution to the challenge;
wherein the method is performed by one or more computing devices.
3 Assignments
0 Petitions
Accused Products
Abstract
This document describes, among other things, a computer-implemented method for improving the security of one or more computing systems. The method can include receiving, at a computing system, first code that defines at least a portion of an electronic resource that is to be served to a client computing device. The method can include generating code that defines a challenge to be solved by the client computing device, in which the code is arranged to cause the client computing device to determine values for one or more parameters that comprise a solution to the challenge, and the values for the one or more parameters that comprise the solution to the challenge may be required for the client computing device to make valid requests to initiate one or more web-based transactions. The computing system can determine whether particular values for the parameters comprise a valid solution to the challenge.
243 Citations
38 Claims
-
1. A computer-implemented method, comprising:
-
receiving, at a computing system, first code corresponding to a web page requested by a client computing device, the first code comprising code that, when executed, allows a user to submit a request to initiate a web transaction presented by the web page; generating second code that defines a challenge to be solved by the client computing device, the second code comprising code that, when executed, determines a valid solution to the challenge; generating modified first code corresponding to the web page by embedding the second code into the first code so that the challenge is solved when the modified first code executes, and generating a modified request by modifying the request to require values for one or more parameters that are a solution to the challenge so that submission of any request initiating the web transaction is delayed until the challenge is solved; providing, to the client computing device, the modified first code; receiving a modified request from the client computing device to initiate the web transaction, the modified request including a possible solution to the challenge comprising values for the one or more parameters; determining whether the possible solution is a valid solution to the challenge; and taking action to initiate the particular web transaction or to not initiate the particular web transaction based on whether the possible solution is a valid solution to the challenge; wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer system comprising:
-
one or more hardware processors; at least one memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to; receive, at a computing system, first code corresponding to a web page requested by a client computing device, the first code comprising code that, when executed, allows a user to submit a request to initiate a web transaction presented by the web page; generate second code that defines a challenge to be solved by the client computing device, the second code comprising code that, when executed, determines a valid solution to the challenge; generate modified first code corresponding to the web page by embedding the second code into the first code so that the challenge is solved when the modified first code executes, and generating a modified request by modifying the request to require values for one or more parameters that are a solution to the challenge so that submission of any request initiating the web transaction is delayed until the challenge is solved; provide, to the client computing device, the modified first code; receive a modified request from the client computing device to initiate the web transaction, the modified request including a possible solution to the challenge comprising values for the one or more parameters; determine whether the possible solution is a valid solution to the challenge; and take action to initiate the particular web transaction or to not initiate the particular web transaction based on whether the possible solution is a valid solution to the challenge. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification