CHALLENGE INTERCEPTOR

US 20190332747A1
Filed: 04/30/2018
Published: 10/31/2019
Est. Priority Date: 04/30/2018
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a non-transitory memory storing instructions; and

one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising;

issuing, using an application, a request to a server, wherein the request comprises a download request for a webpage to a computing device;

receiving, in response to the request, the webpage and an interceptor code;

generating an interceptor from the interceptor code;

issuing, using a dynamic engine, a dynamic web content request to the server, wherein a response to the dynamic web content request will update a portion of the webpage;

in response to issuing the dynamic web content request, receiving a challenge;

intercepting, using the interceptor, the challenge, wherein the intercepted challenge is passed to the application;

rendering, using the application, the challenge;

receiving an answer to the challenge; and

receiving a dynamic web content response that updates the portion of the webpage after validating the answer to the challenge.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for detecting and mitigating attacks that exploit vulnerabilities of a website are provided, according to various embodiments described below and herein. A computing device issues a request for a web page that is stored on a server. The server receives a request and issues a response that includes the requested web page and interceptor code injected into the response. The computing device receives the response, renders the web content and generates an interceptor from the interceptor code. The interceptor intercepts requests, responses to dynamically update the webpage and responses containing a challenge. When a computing device issues a request to the server to dynamically update the webpage, the server issues a response to the computing device that includes a challenge. Once computing device issues a request that includes an answer to the challenge, the server validates the answer and issues a response that dynamically updates the webpage.

5 Citations

20 Claims

1. A system, comprising:
- a non-transitory memory storing instructions; and
  
  one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising;
  
  issuing, using an application, a request to a server, wherein the request comprises a download request for a webpage to a computing device;
  
  receiving, in response to the request, the webpage and an interceptor code;
  
  generating an interceptor from the interceptor code;
  
  issuing, using a dynamic engine, a dynamic web content request to the server, wherein a response to the dynamic web content request will update a portion of the webpage;
  
  in response to issuing the dynamic web content request, receiving a challenge;
  
  intercepting, using the interceptor, the challenge, wherein the intercepted challenge is passed to the application;
  
  rendering, using the application, the challenge;
  
  receiving an answer to the challenge; and
  
  receiving a dynamic web content response that updates the portion of the webpage after validating the answer to the challenge.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the dynamic web content request is an asynchronous JavaScript and extensible (AJAX) request.
  - 3. The system of claim 1, wherein the operations further comprise:
    - intercepting, using the interceptor, the dynamic web content response;
      
      passing the dynamic web content response to the dynamic engine; and
      
      updating, using the dynamic engine, the portion of the webpage with content in the dynamic web content response.
  - 4. The system of claim 1, wherein an application is a browser.
  - 5. The system of claim 1, wherein the interceptor code is in a JavaScript language.
  - 6. The system of claim 1, wherein the interceptor executes within the application.

7. A method, comprising:
- generating, using a dynamic engine executing on a computing device, a dynamic web content request to a server, wherein the dynamic web content request requests an update to a webpage previously downloaded to the computing device;
  
  receiving, in response to the dynamic web content request, a challenge;
  
  using an interceptor, intercepting the challenge and passing the challenge to a browser;
  
  receiving a challenge answer;
  
  transmitting the challenge answer for validation to the server;
  
  receiving a dynamic web content response that includes an update for the webpage when the server validates the challenge answer; and
  
  updating the webpage using the dynamic web content response.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising:
    - downloading the webpage to the computing device, wherein the webpage includes an interceptor code for an interceptor; and
      
      generating the interceptor from the interceptor code included in the downloaded webpage.
  - 9. The method of claim 8, wherein the dynamic engine is included in the downloaded webpage.
  - 10. The method of claim 8, wherein the interceptor code is in a JavaScript language.
  - 11. The method of claim 7, further comprising:
    - using the interceptor, intercepting the dynamic web content response; and
      
      passing the dynamic web content response to the dynamic engine, wherein the dynamic engine updates the webpage using the dynamic web content response.
  - 12. The method of claim 7, wherein the dynamic web content request is an asynchronous JavaScript and extensible (AJAX) request.

13. A system, comprising:
- a non-transitory memory storing instructions; and
  
  one or more hardware processors coupled to the non-transitory memory and configured to read the instructions from the non-transitory memory to cause the system to perform operations comprising;
  
  receiving a request to render a webpage from an application;
  
  generating a response to the request;
  
  injecting an interceptor code into the response, wherein the interceptor code generates an interceptor that intercepts a dynamic web content response and a response containing a challenge; and
  
  transmitting the response with the injected interceptor code to the application, whereby the application renders the webpage and generates the interceptor from the interceptor code, and whereby the interceptor intercepts the dynamic web content response and the response containing a challenge received by the application.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, wherein the interceptor code is in a JavaScript language.
  - 15. The system of claim 13, wherein a router injects the interceptor code into the response.
  - 16. The system of claim 13, wherein a second application that generates the response injects the interceptor code into the response.
  - 17. The system of claim 13, wherein the operations further comprise:
    - receiving a dynamic web content request from a dynamic engine wherein the dynamic web content request is a request to update a portion of the webpage;
      
      in response to the receiving, issuing a challenge;
      
      validating an answer to the challenge; and
      
      generating a dynamic web content response that includes an update that dynamically updates the webpage.
  - 18. The system of claim 17, wherein the operations further comprise:
    - transmitting the dynamic web content response to a computing device, whereby the interceptor intercepts the dynamic web content response and passes the dynamic web content response to the dynamic engine.
  - 19. The system of claim 17, wherein the dynamic web content request is an asynchronous JavaScript and extensible (AJAX) request.
  - 20. The system of claim 17, wherein the operations further comprise:
    - identifying that the dynamic web content request is issued by a bot.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Raman, Srinivasan, Karri, Venkateswara Rao, Koranga, Sanjeev

Granted Patent

US 11,036,835 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/55   Detecting local intrusion o...

G06F 2221/2103   Challenge-response

G06F 2221/2133   Verifying human interaction...

H04L 2463/144   Detection or countermeasure...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

CHALLENGE INTERCEPTOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

5 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CHALLENGE INTERCEPTOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links