SECURITY CODE FOR INTEGRATION WITH AN APPLICATION

US 20200136820A1
Filed: 12/31/2019
Published: 04/30/2020
Est. Priority Date: 06/30/2016
Status: Active Grant

First Claim

Patent Images

1. A computer system comprising:

one or more hardware processors;

at least one memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to;

receive a first request associated with a request to an application server by an application executing on a client device that includes security code that, when executed, performs a set of one or more operations on one or more input parameters to generate a secret output;

provide the application one or more parameter values, wherein the security code generates a secret cryptographic key by performing the set of one or more operations on the one or more parameter values;

receive a security key in association with a second request by the application to the application server, the security key comprising encrypted client data collected at the client device that is encrypted using the secret cryptographic key;

generate the secret cryptographic key based on the one or more parameter values and knowledge of the set of one or more operations;

generate decrypted client data by decrypting the security key with the secret cryptographic key;

determine that the decrypted client data matches a pattern of data associated with malware;

in response to determining that the decrypted client data matches the pattern of data, prevent the application server from processing the second request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for security code for integration with an application. A first request associated with a request by an application to an application server is received. The application includes security code that performs a set of one or more operations on one or more input parameters. The application is provided one or more parameter values, wherein the security code generates a secret cryptographic key based on the one or more parameter values. A security key is received that includes encrypted client data collected at the client device that is encrypted using the secret cryptographic key. The secret cryptographic key is generated based on the one or more parameter values and knowledge of the set of one or more operations. It is determined that the decrypted client data matches a pattern of data associated with malware. The application server is prevented from processing a second request.

0 Citations

20 Claims

1. A computer system comprising:
- one or more hardware processors;
  
  at least one memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to;
  
  receive a first request associated with a request to an application server by an application executing on a client device that includes security code that, when executed, performs a set of one or more operations on one or more input parameters to generate a secret output;
  
  provide the application one or more parameter values, wherein the security code generates a secret cryptographic key by performing the set of one or more operations on the one or more parameter values;
  
  receive a security key in association with a second request by the application to the application server, the security key comprising encrypted client data collected at the client device that is encrypted using the secret cryptographic key;
  
  generate the secret cryptographic key based on the one or more parameter values and knowledge of the set of one or more operations;
  
  generate decrypted client data by decrypting the security key with the secret cryptographic key;
  
  determine that the decrypted client data matches a pattern of data associated with malware;
  
  in response to determining that the decrypted client data matches the pattern of data, prevent the application server from processing the second request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer system of claim 1, wherein the one or more instructions, when executed by the one or more hardware processors, cause the one or more hardware processors to:
    - provide, for integration with the application, the security code to a developer of the application.
  - 3. The computer system of claim 1, wherein the application is generated based on a software development kit (SDK) provided to the developer of the application, wherein the SDK includes features for incorporating the security component in the application.
  - 4. The computer system of claim 1, wherein the one or more instructions, when executed by the one or more hardware processors, cause the one or more hardware processors to:
    - provide, for integration with the application, the security code to the client device through an application store.
  - 5. The computer system of claim 1, wherein the one or more instructions, when executed by the one or more hardware processors, cause the one or more hardware processors to:
    - provide a second application comprising the security code one or more second parameter values;
      
      receive a second security key in association with a third request by the second application to the application server, the second security key comprising second encrypted client data that is encrypted using a second secret cryptographic key;
      
      generate the second secret cryptographic key based on the one or more second parameter values and knowledge of the set of one or more operations;
      
      generate second decrypted client data by decrypting the second security key with the second secret cryptographic key;
      
      determine that the second decrypted client data does not match one or more patterns of data collected when malware executes on a device;
      
      in response to determining that the second decrypted client data does not match the one or more patterns of data, cause the application server to process the third request.
  - 6. The computer system of claim 1, wherein determining that the decrypted client data matches the pattern of data associated with malware comprises determining that the decrypted client data satisfies one or more rules that indicate that the second request was automatically triggered by malware.
  - 7. The computer system of claim 1, wherein the decrypted client data includes one or more of time information and duration information.
  - 8. The computer system of claim 1, wherein the decrypted client data includes one or more of device motion information and cursor movement information.
  - 9. The computer system of claim 1:
    - wherein the one or more parameter values includes a second parameter;
      
      wherein providing the one or more parameter values to the device comprises providing the first parameter in a first message and providing the second parameter in a second message.
  - 10. The computer system of claim 1, wherein the security key is received from the application server after the application server receives the second request comprising the security key from the client device.

11. A method comprising:
- receiving a first request associated with a request to an application server by an application executing on a client device that includes security code that, when executed, performs a set of one or more operations on one or more input parameters to generate a secret output;
  
  providing the application one or more parameter values, wherein the security code generates a secret cryptographic key by performing the set of one or more operations on the one or more parameter values;
  
  receiving a security key in association with a second request by the application to the application server, the security key comprising encrypted client data collected at the client device that is encrypted using the secret cryptographic key;
  
  generating the secret cryptographic key based on the one or more parameter values and knowledge of the set of one or more operations;
  
  generating decrypted client data by decrypting the security key with the secret cryptographic key;
  
  determining that the decrypted client data matches a pattern of data associated with malware;
  
  in response to determining that the decrypted client data matches the pattern of data, preventing the application server from processing the second request;
  
  wherein the method is performed by one or more processors.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising providing, for integration with the application, the security code to a developer of the application.
  - 13. The method of claim 11, wherein the application is generated based on a software development kit (SDK) provided to the developer of the application, wherein the SDK includes features for incorporating the security component in the application.
  - 14. The method of claim 11, further comprising providing, for integration with the application, the security code to the client device through an application store.
  - 15. The method of claim 11, further comprising:
    - providing a second application comprising the security code one or more second parameter values;
      
      receiving a second security key in association with a third request by the second application to the application server, the second security key comprising second encrypted client data that is encrypted using a second secret cryptographic key;
      
      generating the second secret cryptographic key based on the one or more second parameter values and knowledge of the set of one or more operations;
      
      generating second decrypted client data by decrypting the second security key with the second secret cryptographic key;
      
      determining that the second decrypted client data does not match one or more patterns of data collected when malware executes on a device;
      
      in response to determining that the second decrypted client data does not match the one or more patterns of data, causing the application server to process the third request.
  - 16. The method of claim 11, wherein determining that the decrypted client data matches the pattern of data associated with malware comprises determining that the decrypted client data satisfies one or more rules that indicate that the second request was automatically triggered by malware.
  - 17. The method of claim 11, wherein the decrypted client data includes one or more of time information and duration information.
  - 18. The method of claim 11, wherein the decrypted client data includes one or more of device motion information and cursor movement information.
  - 19. The method of claim 11:
    - wherein the one or more parameter values includes a second parameter;
      
      wherein providing the one or more parameter values to the device comprises providing the first parameter in a first message and providing the second parameter in a second message.
  - 20. The method of claim 11, wherein the security key is received from the application server after the application server receives the second request comprising the security key from the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shape Security Inc. (F5 Incorporated)
Original Assignee
Shape Security Inc. (F5 Incorporated)
Inventors
Schroeder, Carl, Hidayat, Ariya, Rentachintala, Chandrasekhar, Chiu, Ricky Y.

Granted Patent

US 11,139,966 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 9/06   the encryption apparatus us...

H04L 9/0819   Key transport or distributi...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0877   using additional device, e....

H04L 9/321   involving a third party or ...

H04L 9/3234   involving additional secure...

SECURITY CODE FOR INTEGRATION WITH AN APPLICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

0 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY CODE FOR INTEGRATION WITH AN APPLICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links