Flagging security threats in web service requests

US 9,537,886 B1
Filed: 10/23/2014
Issued: 01/03/2017
Est. Priority Date: 10/23/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for flagging security threats in web service requests, the method comprising:

receiving, by at least one processor, a request addressed to an addressee;

analyzing, by the at least one processor, the request based on at least one security signature;

based on the analysis, determining, by the at least one processor, a threat level associated with the request;

determining, by the at least one processor, a flag and a location associated with the threat level;

inserting, by the at least one processor, the flag into a network packet associated with the request to create a modified request, the inserting into the network packet being at a position in the network packet indicated by the location; and

sending, by the at least one processor, the modified request to the addressee, wherein an application associated with the addressee is operable to process the request based on the threat level.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are methods and systems for flagging security threats in web service requests. Specifically, a method for flagging security threats in web service requests can include receiving a request addressed to an addressee. The method can further include analyzing the request based on at least one security signature. The method can continue with determining a threat level associated with the request. The determination can be carried out based on the analysis. The method can further include creating a flag corresponding to the threat level. The method can further include inserting the flag into a network packet associated with the request, thereby creating a modified request. The method may further include sending the modified packet to the addressee. An application associated with the addressee can be operable to selectively process the request based on the threat level.

Citations

20 Claims

1. A computer-implemented method for flagging security threats in web service requests, the method comprising:
- receiving, by at least one processor, a request addressed to an addressee;
  
  analyzing, by the at least one processor, the request based on at least one security signature;
  
  based on the analysis, determining, by the at least one processor, a threat level associated with the request;
  
  determining, by the at least one processor, a flag and a location associated with the threat level;
  
  inserting, by the at least one processor, the flag into a network packet associated with the request to create a modified request, the inserting into the network packet being at a position in the network packet indicated by the location; and
  
  sending, by the at least one processor, the modified request to the addressee, wherein an application associated with the addressee is operable to process the request based on the threat level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein processing of the request by the application based on the security signature includes at least one of the following:
    - dropping the request, requesting further information, relaying the request to the addressee, and rerouting the request to an alternative destination.
  - 3. The method of claim 2, wherein the requesting further information includes a second factor identification.
  - 4. The method of claim 1, wherein the flag is inserted into a header of the network packet.
  - 5. The method of claim 1, wherein the flag indicates at least one of the following:
    - a safe level, a suspicious level, and a critical level.
  - 6. The method of claim 5, wherein the application relays the request to the addressee only if the flag indicates the safe level.
  - 7. The method of claim 5, wherein the application is operable to request further verification information for the request having the flag indicating the suspicious level, the request being selectively passed to the addressee based on the verification information.
  - 8. The method of claim 5, wherein the request having the flag indicating the critical level is dropped.
  - 9. The method of claim 1, wherein the determining of the threat level is based on at least one of the following:
    - a blacklist, a whitelist, a reputational database, a key-value storage, and a threat database.

10. A system for flagging security threats in web service requests, the system comprising:
- at least one hardware processor operable to;
  
  receive a request addressed to an addressee;
  
  analyze the request based on at least one security signature;
  
  based on the analysis, determine a threat level associated with the request;
  
  determine a flag and a location associated with the threat level;
  
  insert the flag into a network packet associated with the request to create a modified request, the inserting into the network packet being at a position in the network packet indicated by the location; and
  
  send the modified request to the addressee, wherein an application associated with the addressee is operable to process the request based on the threat level; and
  
  a database in communication with the at least one hardware processor, the database comprising computer-readable instructions for execution by the at least one hardware processor.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The system of claim 10, wherein the flag is inserted into a header of the network packet.
  - 12. The system of claim 10, wherein the threat level is determined using at least one the following:
    - a blacklist, a whitelist, a reputational database, a key-value storage, and a threat database.
  - 13. The system of claim 10, wherein the flag indicates at least one of the following:
    - a safe level, a suspicious level, and a critical level.
  - 14. The system of claim 13, wherein the application is operable to:
    - determine that the flag indicates the safe level; and
      
      based on the determination, selectively relay the request to the addressee.
  - 15. The system of claim 13, wherein the application is operable to:
    - determine that the flag indicates the critical level; and
      
      based on the determination, selectively drop the request.
  - 16. The system of claim 13, wherein the application is operable to:
    - detect that the flag indicates the suspicious level; and
      
      based on the detection, selectively request further verification information.
  - 17. The system of claim 16, wherein the application is further operable to:
    - determine that the further verification information is not received during a predetermined period of time; and
      
      based on the determination, selectively drop the request.
  - 18. The system of claim 16, wherein the application is further operable to:
    - detect that the further verification information is received during a predefined period of time;
      
      verify the further verification information; and
      
      based on the verification of the further verification information, selectively relay the request to the addressee.
  - 19. The system of claim 16, wherein the further verification information includes at least one of the following:
    - payment data, credit card information, a billing zip code, and a secret question.

20. A non-transitory computer-readable medium comprising instructions, which when executed by one or more processors, perform the following operations:
- receive a request addressed to an addressee;
  
  analyze the request based on at least one security signature;
  
  based on the analysis, determine a threat level associated with the request;
  
  determine a flag and a location associated with the threat level;
  
  insert the flag into a network packet associated with the request to create a modified request, the inserting into the network packet being at a position in the network packet indicated by the location; and
  
  send the modified request to the addressee, wherein an application associated with the addressee is operable to process the request based on the threat level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Gareau, Terrence
Primary Examiner(s)
Chang, Kenneth

Application Number

US14/522,289
Time in Patent Office

803 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Flagging security threats in web service requests

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Flagging security threats in web service requests

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links