Screening for illegitimate requests to a computer application

US 20050246545A1
Filed: 09/12/2003
Published: 11/03/2005
Est. Priority Date: 09/13/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of screening for illegitimate requests to a computer application, comprising:

screening a request with a rule having at least one of an existential condition;

a statistical condition; and

a complex universal condition.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Illegitimate request to a computer application may be screened with a rule having at least one of an existential condition; a statistical condition; and a complex universal condition. Illegitimate Hypertext Transfer Protocol (HTTP) requests to a computer application may be screened with a rule applied to an element of the request, such as the Headers.

34 Citations

View as Search Results

30 Claims

1. A method of screening for illegitimate requests to a computer application, comprising:
- screening a request with a rule having at least one of an existential condition;
  
  a statistical condition; and
  
  a complex universal condition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein screening with said rule is triggered by said request being of a certain type.
  - 3. The method of claim 2 wherein said rule has a plurality of conditions and wherein said plurality of conditions are triggered by said request being of said certain type.
  - 4. The method of claim 3 wherein said certain type is a certain type of universal resource identifier (URI).
  - 5. The method of claim 1 wherein said existential condition requires that a specified number of elements of a given type exists in said request.
  - 6. The method of claim 5 wherein said elements of a given type are one of Headers;
    - Cookies;
      
      Universal Resource Identifier (URI) parameters;
      
      URI-encoded fields;
      
      multi-part encoded fields;
      
      Simple Object Access Protocol (SOAP) encoded elements.
  - 7. The method of claim-1 wherein said existential condition requires that a specified number of elements of a given type with a given property exists in said request.
  - 8. The method of claim 1 wherein said complex universal condition requires that a specified proportion of elements of a given type exist in said request.
  - 9. The method of claim 1 wherein said statistical condition is based on a statistical measure of a property of elements of a certain type in a request.
  - 10. The method of claim 9 wherein said property of elements of a certain type is one of a name or value of said elements of a certain type.
  - 11. The method of claim 1 wherein said request is an hypertext transfer protocol (HTTP) request.
  - 12. The method of claim 11 wherein said rule comprises conditions for one or more of the following parts of a request:
    - Headers;
      
      Cookies;
      
      Methods;
      
      HTTP versions;
      
      Universal Resource Identifier (URI) parameters;
      
      URI-encoded fields;
      
      multi-part encoded fields;
      
      Simple Object Access Protocol (SOAP) elements.
  - 13. The method of claim 3 wherein said body of said request follows Simple Object Access Protocol (SOAP).

14. A method of screening for illegitimate requests to a computer application, comprising:
- screening a request with a rule having an existential condition.

15. A method of screening for illegitimate Hypertext Transfer Protocol (TP) requests to a computer application, comprising:
- screening an HTTP request with a rule, said rule comprising a condition for at least one of the following parts of a request;
  
  Headers;
  
  Cookies;
  
  HTTP version indicators;
  
  Universal Resource Identifier (URI) parameters;
  
  URI-encoded fields;
  
  multi-part encoded fields;
  
  Simple Object Access Protocol (SOAP) elements;
  
  URI format.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15 wherein screening with said rule is triggered by a URI of said request being of a certain type.
  - 17. The method of claim 15 further comprising, upon finding a request not meeting a condition, blocking said request.
  - 18. The method of claim 15 further comprising, upon finding a request not meeting a condition, adding an entry to an event log.
  - 19. The method of claim 15 further comprising, upon finding a request not meeting a condition, alerting.

20. A method of screening for illegitimate Hypertext Transfer Protocol (HTTP) requests to a computer application, comprising:
- screening an HTTP request with a rule, said rule comprising a condition for fields or elements in a body of said request and a separate condition for Cookies of said request.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The method of claim 20 wherein said rule also comprises a condition for Universal Resource Identifier (URI) parameters of said request.
  - 22. The method of claim 21 wherein said rule also comprises a condition for Methods of said request.
  - 23. The method of claim 22 wherein said rule set also comprises a condition for an hyper-text transfer protocol (HTTP) version indicator of said request.
  - 24. The method of claim 23 wherein said rule also comprises a condition for a URI format of said request.
  - 25. The method of claim 24 wherein said rule also comprises a condition for a Header of said request.

26. A computer readable medium containing computer executable instructions which when loaded into a processor cause said processor to:
- screen a request with a rule having one of an existential condition;
  
  a statistical condition; and
  
  a complex universal condition.

27. A computer readable medium containing computer executable instructions which when loaded into a processor cause said processor to:
- screen an HTTP request with a rule, said rule comprising a condition for at least one of the following parts of a request;
  
  Headers;
  
  Cookies;
  
  HTTP version indicators;
  
  Universal Resource Identifier (URI) parameters;
  
  URI-encoded fields;
  
  multi-part encoded fields;
  
  Simple Object Access Protocol (SOAP) elements;
  
  URI format.

28. A screener comprising:
- an input for receiving requests; and
  
  means for screening a received request with a rule having one of an existential condition;
  
  a statistical condition; and
  
  a complex universal condition.

29. A screener comprising:
- an input for receiving HTTP requests; and
  
  means for screening an HTTP request with a rule, said rule comprising a condition for at least one of the following parts of a request;
  
  Headers;
  
  Cookies;
  
  HTTP version indicators;
  
  Universal Resource Identifier (URI) parameters;
  
  URI-encoded fields;
  
  multi-part encoded fields;
  
  Simple Object Access Protocol (SOAP) elements;
  
  URI format.

30. A method of screening for illegitimate Hypertext Transfer Protocol (HTTP) requests to a computer application, comprising:
- screening an HTTP request with a rule, said rule comprising a condition for at least two of the following parts of a request;
  
  Headers;
  
  Cookies;
  
  Methods;
  
  HTTP versions;
  
  Universal Resource Identifier (URI) parameters;
  
  URI-encoded fields;
  
  multi-part encoded fields;
  
  Simple Object Access Protocol (SOAP) elements;
  
  URI format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telus Communications Incorporated (Telus Corporation)
Original Assignee
Telus Communications Incorporated (Telus Corporation)
Inventors
Reiner, Richard

Application Number

US10/527,758
Publication Number

US 20050246545A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0254   Stateful filtering

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

Screening for illegitimate requests to a computer application

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Screening for illegitimate requests to a computer application

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links