METHOD AND APPARATUS FOR SECURITY VALIDATION

US 20120304249A1
Filed: 11/05/2010
Published: 11/29/2012
Est. Priority Date: 11/30/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for security validation of a user input in a computer network application, the method comprising the steps of:

providing a subset of security rules of a server-side protection means to a pre-validation component deployed at a client side, so as to enable security validation of a user input on the client side by the pre-validation component based on the provided security rule subset;

validating the user input based on at least one of the security rules of the server-side protection means;

determining, in response to detecting a user input violation and that a violated security rule has not been provided to the pre-validation component, the user as one of a first class of users;

determining, in response to detecting a the user input violation and that the violated security rule has been provided to the pre-validation component, the user as one of a second class of users; and

performing different security protection actions to the determined first class of users and the determined second class of users, wherein the step of performing different security protection actions to the determined first class of users and the determined second class of users comprises;

performing, to the second class of users, a security protection action as compulsorily blocking all subsequent requests, andperforming, to the first class of users, a security protection action which maintains access to the computer network application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method, apparatus, and article of manufacture for security validation of a user input in a computer network application. The method includes: providing a subset of security rules of a server-side protection means to a pre-validation component deployed at a client side, so as to enable security validation of a user input on the client side by the pre-validation component; validating the user input based on at least one of the security rules; determining, in response to detecting a user input violation and that a violated security rule has not been provided to the pre-validation component, the user as a first class of users; determining, in response to detecting the user input violation and that the violated security rule has been provided to the pre-validation component, the user as a second class of users; and performing different security protection actions to the first and second class of users.

39 Citations

View as Search Results

12 Claims

1. A computer-implemented method for security validation of a user input in a computer network application, the method comprising the steps of:
- providing a subset of security rules of a server-side protection means to a pre-validation component deployed at a client side, so as to enable security validation of a user input on the client side by the pre-validation component based on the provided security rule subset;
  
  validating the user input based on at least one of the security rules of the server-side protection means;
  
  determining, in response to detecting a user input violation and that a violated security rule has not been provided to the pre-validation component, the user as one of a first class of users;
  
  determining, in response to detecting a the user input violation and that the violated security rule has been provided to the pre-validation component, the user as one of a second class of users; and
  
  performing different security protection actions to the determined first class of users and the determined second class of users, wherein the step of performing different security protection actions to the determined first class of users and the determined second class of users comprises;
  
  performing, to the second class of users, a security protection action as compulsorily blocking all subsequent requests, andperforming, to the first class of users, a security protection action which maintains access to the computer network application.
- View Dependent Claims (2, 3, 4)
- - 2. A method as claimed in claim 1, further comprising:
    - asynchronously performing a dynamic update to a the security rule subset provided to the pre-validation component; and
      
      wherein the security rule subset is screened from the security rules of the server-side protection means in the step of providing the subset of the security rules of the server-side protection means to the pre-validation component and in the step of asynchronously performing the dynamic update to the security rule subset provided to the pre-validation component.
  - 3. A method as claimed in claim 2, wherein a policy for screening the security rule subset is selected from the group consisting of:
    - selecting a security rule having a high violation ratio;
      
      excluding all negative rules in the security rules; and
      
      excluding high-risk security rules in the security rule.
  - 4. A method as claimed in claim 3, further comprising detecting an onPropertyChange event in an input field, and the pre-validation component validating the user input on the client side based on the provided security rule subset.

5. An apparatus for security validation of a user input in a computer network application, the apparatus comprising:
- means for providing a subset of security rules of a server-side protection means to a pre-validation component deployed at a client side, so as to enable security validation of a user input on the client side by the pre-validation component based on the provided security rule subset;
  
  means for validating the user input based on at least one of the security rules of the server-side protection means;
  
  means for determining, in response to detecting a violation user input violation and that a violated security rule has not been provided to the pre-validation component, the user as one of a first class of users;
  
  means for determining, in response to detecting the user input violation and that a the violated security rule has been provided to the pre-validation component, the user as one of a second class of users; and
  
  means for performing different security protection actions to the determined first class of users and the determined second class of users,wherein the means for performing different security protection actions to the determined first class of users and the determined second class of users comprises;
  
  means for performing, to the second class of users, a security protection action as compulsorily blocking all subsequent requests, andmeans for performing, to the first class of users, a security protection action, which maintains access to the computer network application.
- View Dependent Claims (6, 7, 8)
- - 6. An apparatus as claimed in claim 5, further comprising:
    - means for asynchronously performing a dynamic update to the security rule subset provided to the pre-validation component; and
      
      wherein (i) the means for providing the subset of the security rules of the server-side protection means to the pre-validation component degloved at the client side, so as to enable security validation of a user input on the client side by the pre-validation component based on the provided security rule subset and (ii) the means for asynchronously performing the dynamic update to the security rule subset provided to the pre-validation component, further include means for screening the security rule subset from the security rules of the server-side protection means according to a policy.
  - 7. An apparatus as claimed in claim 5, wherein the policy is selected from the group consisting of:
    - selecting a security rule having a high violation ratio;
      
      excluding all negative rules in the security rules; and
      
      excluding high-risk security rules in the security rule.
  - 8. An apparatus as claimed in claim 7, further comprising means for detecting an onPropertyChange event in an input field, and the pre-validation component validating the user input on the client side based on the provided security rule subset.

9. An article of manufacture tangibly embodying computer readable non-transitory instructions which, when implemented, cause a computer to carry out the steps of the method of security validation of a user input in a network application, the method comprising:
- providing a subset of security rules of a server-side protection means to pre-validation component deployed at a client side, so as to enable security validation of a user input on the client side by the pre-validation component based on the provided security rule subset;
  
  validating the user input based on at least one of the security rules of the server-side protection means;
  
  determining, in response to detecting a user input violation and that a violated security rule has not been provided to the pre-validation component, the user as one of a first class of users;
  
  determining, in response to detecting the user input violation and that the violated security rule has been provided to the pre-validation component, the user as one of a second class of users; and
  
  performing different security protection actions to the determined first class of users and the determined second class of users,wherein the step of performing different security protection actions to the determined first class of users and the determined second class of users comprises;
  
  performing, to the second class of users, a security protection action as compulsorily blocking all subsequent requests, andperforming, to the first class of users, a security protection action which maintains access to the computer network application.
- View Dependent Claims (10, 11, 12)
- - 10. The article of manufacture according to claim 9, wherein the method further comprises:
    - asynchronously performing a dynamic update to the security rule subset provided to the pre-validation component,wherein the security rule subset is screened from the security rules of the server-side protection means in the step of providing the subset of the security rules of the server-side protection means to the pre-validation component and in the step of asynchronously performing the dynamic update to the security rule subset provided to the pre-validation component.
  - 11. The article of manufacture according to claim 10, wherein a policy for screening the security rule subset is selected from the group consisting of:
    - selecting a security rule having a high violation ratio;
      
      excluding all negative rules in the security rules; and
      
      excluding high-risk security rules in the security rule.
  - 12. The article of manufacture according to claim 11, wherein the method further comprises detecting an onPropertyChange event in an input field, and the pre-validation component validating the user input on the client side based on the provided security rule subset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Luo, Lin, Yang, Shun Xiang, Zhang, Yu, Meng, Fan Jing

Granted Patent

US 8,826,421 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/554   involving event detection a...

H04L 63/0263   Rule management

H04L 63/1408   by monitoring network traff...

METHOD AND APPARATUS FOR SECURITY VALIDATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND APPARATUS FOR SECURITY VALIDATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others