Unauthorized URL requests detection
First Claim
1. A method of detecting unauthorized URL (Uniform Resource Locator) requests on a client computer, comprising:
- constructing, at said client computer, an access map indicating allowed paths between URLs, said constructing based in part on an online browsing history of said client computer, wherein said access map further includes an indication of a starting URL and an indication of a critical URL;
receiving a requested URL at said client computer, wherein the requested URL is a part of a request from said client computer to a server computer;
determining a referral URL associated with said requested URL;
comparing said requested URL and said referral URL associated with the requested URL against said access map;
determining, before forwarding said request to said server computer from said client computer, whether the request is authorized depending upon whether a path from said referral URL to said requested URL exists based on the access map;
forwarding said request to said server computer from said client computer when said path from said referral URL to said requested URL exists; and
raising an alert at said client computer when said path from said referral URL to said requested URL does not exist based on said access map, when said requested URL is said critical URL and when said requested URL and said referral URL belong to different domains, wherein the request is not authorized and is not sent by said client computer.
1 Assignment
0 Petitions
Accused Products
Abstract
Unauthorized URL requests are detected based on individual user'"'"'s access map(s). An access map describes legitimate paths that a user may be led from one URL to another URL. Additional information on individual URLs forming the paths, such as whether a particular URL is a start URL or a critical URL, is also included in the access map. The access map may be updated based on the most currently available information. When a URL request is made from a client device associated with a user, and it if is determined that the requested URL may potentially suffer from CSRF attacks, then the requested URL and its referral URL are compared against the URL paths in the user'"'"'s access map to determine whether the URL request is unauthorized. If so, then an alert may be raised.
66 Citations
15 Claims
-
1. A method of detecting unauthorized URL (Uniform Resource Locator) requests on a client computer, comprising:
-
constructing, at said client computer, an access map indicating allowed paths between URLs, said constructing based in part on an online browsing history of said client computer, wherein said access map further includes an indication of a starting URL and an indication of a critical URL; receiving a requested URL at said client computer, wherein the requested URL is a part of a request from said client computer to a server computer; determining a referral URL associated with said requested URL; comparing said requested URL and said referral URL associated with the requested URL against said access map; determining, before forwarding said request to said server computer from said client computer, whether the request is authorized depending upon whether a path from said referral URL to said requested URL exists based on the access map; forwarding said request to said server computer from said client computer when said path from said referral URL to said requested URL exists; and raising an alert at said client computer when said path from said referral URL to said requested URL does not exist based on said access map, when said requested URL is said critical URL and when said requested URL and said referral URL belong to different domains, wherein the request is not authorized and is not sent by said client computer. - View Dependent Claims (2, 3, 4, 8, 10, 12, 13)
-
-
5. A computer program product for detecting unauthorized URL requests, the computer program product comprising a computer-readable storage device having a plurality of computer program instructions stored therein, which are operable to cause a client computer to:
-
construct an access map indicating allowed paths between URLs at said client computer, said access map based in part on an online browsing history of said client computer, wherein said access map further includes an indication of a starting URL and an indication of a critical URL; receive a requested URL at said client computer, wherein the requested URL is a part of a request from a client computer to a server computer; determine a referral URL associated with said requested URL; compare said requested URL and said referral URL associated with the requested URL against said access map; determine, before forwarding said request to said server computer from said client computer, whether the request is authorized depending upon whether a path from said referral URL to said requested URL exists based on the access map; forward said request to said server computer from said client computer when said path from said referral URL to said requested URL exists; and raise an alert at said client computer when said path from said referral URL to said requested URL does not exist based on said access map, when said requested URL is said critical URL and when said requested URL and said referral URL belong to different domains, wherein the request is not authorized and is not sent by said client computer. - View Dependent Claims (6, 7, 9, 11, 14, 15)
-
Specification