Unauthorized URL requests detection

US 8,850,567 B1
Filed: 02/04/2008
Issued: 09/30/2014
Est. Priority Date: 02/04/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method of detecting unauthorized URL (Uniform Resource Locator) requests on a client computer, comprising:

constructing, at said client computer, an access map indicating allowed paths between URLs, said constructing based in part on an online browsing history of said client computer, wherein said access map further includes an indication of a starting URL and an indication of a critical URL;

receiving a requested URL at said client computer, wherein the requested URL is a part of a request from said client computer to a server computer;

determining a referral URL associated with said requested URL;

comparing said requested URL and said referral URL associated with the requested URL against said access map;

determining, before forwarding said request to said server computer from said client computer, whether the request is authorized depending upon whether a path from said referral URL to said requested URL exists based on the access map;

forwarding said request to said server computer from said client computer when said path from said referral URL to said requested URL exists; and

raising an alert at said client computer when said path from said referral URL to said requested URL does not exist based on said access map, when said requested URL is said critical URL and when said requested URL and said referral URL belong to different domains, wherein the request is not authorized and is not sent by said client computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Unauthorized URL requests are detected based on individual user'"'"'s access map(s). An access map describes legitimate paths that a user may be led from one URL to another URL. Additional information on individual URLs forming the paths, such as whether a particular URL is a start URL or a critical URL, is also included in the access map. The access map may be updated based on the most currently available information. When a URL request is made from a client device associated with a user, and it if is determined that the requested URL may potentially suffer from CSRF attacks, then the requested URL and its referral URL are compared against the URL paths in the user'"'"'s access map to determine whether the URL request is unauthorized. If so, then an alert may be raised.

66 Citations

View as Search Results

15 Claims

1. A method of detecting unauthorized URL (Uniform Resource Locator) requests on a client computer, comprising:
- constructing, at said client computer, an access map indicating allowed paths between URLs, said constructing based in part on an online browsing history of said client computer, wherein said access map further includes an indication of a starting URL and an indication of a critical URL;
  
  receiving a requested URL at said client computer, wherein the requested URL is a part of a request from said client computer to a server computer;
  
  determining a referral URL associated with said requested URL;
  
  comparing said requested URL and said referral URL associated with the requested URL against said access map;
  
  determining, before forwarding said request to said server computer from said client computer, whether the request is authorized depending upon whether a path from said referral URL to said requested URL exists based on the access map;
  
  forwarding said request to said server computer from said client computer when said path from said referral URL to said requested URL exists; and
  
  raising an alert at said client computer when said path from said referral URL to said requested URL does not exist based on said access map, when said requested URL is said critical URL and when said requested URL and said referral URL belong to different domains, wherein the request is not authorized and is not sent by said client computer.
- View Dependent Claims (2, 3, 4, 8, 10, 12, 13)
- - 2. The method, as recited in claim 1, further comprising:
    - receiving the request; and
      
      filtering the requested URL based on a set of criteria, wherein the set of criteria is at least one selected from the group consisting of safe categories of URLs, unsafe categories of URLs, safe list of URLs, and unsafe list of URLs.
  - 3. The method, as recited in claim 1, further comprising:
    - adding the requested URL and the referral URL to the access map if the request is authorized and the requested URL and the referral URL are not a part of the at least one legitimate URL path.
  - 4. The method, as recited in claim 1, further comprising:
    - importing legitimate URL paths from other access maps to the access map.
  - 8. The method as recited in claim 1 further comprising:
    - examining a Web browser of the client computer in order to determine said referral URL.
  - 10. The method as recited in claim 1 wherein said request is a cross domain request, said method further comprising:
    - giving a user of the client computer an option of authorizing or denying said cross domain request.
  - 12. The method as recited in claim 1 wherein said URLs include a plurality of domains.
  - 13. The method as recited in claim 1 wherein said browsing history is taken from a Web browser of said client computer.

5. A computer program product for detecting unauthorized URL requests, the computer program product comprising a computer-readable storage device having a plurality of computer program instructions stored therein, which are operable to cause a client computer to:
- construct an access map indicating allowed paths between URLs at said client computer, said access map based in part on an online browsing history of said client computer, wherein said access map further includes an indication of a starting URL and an indication of a critical URL;
  
  receive a requested URL at said client computer, wherein the requested URL is a part of a request from a client computer to a server computer;
  
  determine a referral URL associated with said requested URL;
  
  compare said requested URL and said referral URL associated with the requested URL against said access map;
  
  determine, before forwarding said request to said server computer from said client computer, whether the request is authorized depending upon whether a path from said referral URL to said requested URL exists based on the access map;
  
  forward said request to said server computer from said client computer when said path from said referral URL to said requested URL exists; and
  
  raise an alert at said client computer when said path from said referral URL to said requested URL does not exist based on said access map, when said requested URL is said critical URL and when said requested URL and said referral URL belong to different domains, wherein the request is not authorized and is not sent by said client computer.
- View Dependent Claims (6, 7, 9, 11, 14, 15)
- - 6. The computer program product, as recited in claim 5, wherein the plurality of computer program instructions are further operable to cause at least one computing device to:
    - receive the request;
      
      filter the requested URL based on a set of criteria, wherein the set of criteria is at least one selected from the group consisting of safe categories of URLs, unsafe categories of URLs, safe list of URLs, and unsafe list of URLs; and
      
      determine the referral URL associated with the requested URL.
  - 7. The computer program product, as recited in claim 5, wherein the plurality of computer program instructions are further operable to cause at least one computing device to:
    - add the requested URL and the referral URL to the access map if the request is authorized and the requested URL and the referral URL are not a part of the existing URL path; and
      
      import legitimate URL paths from other access maps to the access map.
  - 9. The computer program product as recited in claim 5, said product further comprising program instructions operable to:
    - examine a Web browser of the client computer in order to determine said referral URL.
  - 11. The computer program product as recited in claim 5, said product further comprising program instructions operable to:
    - giving a user of the client computer an option of authorizing or denying said cross domain request.
  - 14. The computer program product as recited in claim 5, wherein said URLs include a plurality of domains.
  - 15. The computer program product as recited in claim 5, wherein said browsing history is taken from a Web browser of said client computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Hsieh, Sheng-Chi, Wang, Jui-Pang, Chen, Chao-Yu
Primary Examiner(s)
Lagor, Alexander

Application Number

US12/025,559
Time in Patent Office

2,430 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2151   Time stamp

H04L 63/10   for controlling access to d...

H04L 63/14   for detecting or protecting...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

Unauthorized URL requests detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Unauthorized URL requests detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links