Client/server security by an intermediary executing instructions received from a server and rendering client application instructions

US 9,544,329 B2
Filed: 03/18/2014
Issued: 01/10/2017
Est. Priority Date: 03/18/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

intercepting, from a server computer, a first set of instructions that define a user interface;

wherein the first set of instructions include one or more headers;

stripping out the one or more headers;

executing, using a headless browser, the first set of instructions without presenting the user interface to produce one or more data structures in memory;

updating the one or more data structures based, at least in part, on a configuration to produce one or more updated data structures;

wherein the updating comprises modifying one or more objects or operations in one or more document object model (DOM) maps in memory according to a polymorphic protocol;

rendering a second set of instructions, which when executed by a client application on a client computer, cause the client computer to present the user interface, and to generate the one or more updated data structures in memory on the client computer, wherein the second set of instructions are different than the first set of instructions;

wherein the second set of instructions do not include the one or more headers;

sending the second set of instructions to the client computer;

wherein the method is performed by one or more computing devices.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a method comprises intercepting, from a server computer, a first set of instructions that define a user interface; executing, using a headless browser, the first set of instructions without presenting the user interface; rendering a second set of instructions, which when executed by a client application on a client computer, cause the client computer to present the user interface, wherein the second set of instructions are different than the first set of instructions; sending the second set of instructions to the client computer.

Citations

19 Claims

1. A method comprising:
- intercepting, from a server computer, a first set of instructions that define a user interface;
  
  wherein the first set of instructions include one or more headers;
  
  stripping out the one or more headers;
  
  executing, using a headless browser, the first set of instructions without presenting the user interface to produce one or more data structures in memory;
  
  updating the one or more data structures based, at least in part, on a configuration to produce one or more updated data structures;
  
  wherein the updating comprises modifying one or more objects or operations in one or more document object model (DOM) maps in memory according to a polymorphic protocol;
  
  rendering a second set of instructions, which when executed by a client application on a client computer, cause the client computer to present the user interface, and to generate the one or more updated data structures in memory on the client computer, wherein the second set of instructions are different than the first set of instructions;
  
  wherein the second set of instructions do not include the one or more headers;
  
  sending the second set of instructions to the client computer;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - executing, using the headless browser, the first set of instructions to produce one or more data structures in memory;
      
      rendering the second set of instructions, which when executed by the client application cause the client computer to generate the one or more data structures in memory on the client computer.
  - 3. The method of claim 1 further comprising:
    - rendering the second set of instructions, which when executed by the client application causes the client application to validate the client application and send a dynamic client credential;
      
      receiving the dynamic client credential from the client application;
      
      verifying the dynamic client credential is correct.
  - 4. The method of claim 1 further comprising:
    - receiving, at an intermediary computer, a first request for a first intermediary credential to verify that the intermediary computer is a valid intermediary computer;
      
      sending the first intermediary credential to the client application;
      
      receiving, at the intermediary computer, a second request for a second intermediary credential, wherein the first request is different than the second request;
      
      sending the second intermediary credential to the client application, wherein the first intermediary credential is different than the second intermediary credential.
  - 5. The method of claim 1 further comprising:
    - rendering the second set of instructions, which when executed by the client application causes the client application to auto-generate data interspersed into keyboard data.
  - 6. The method of claim 1 further comprising:
    - receiving, from a second web server, a set of supplementary instructions, which the first set of instructions reference and which define a portion of the user interface;
      
      executing, by the headless browser, the set of supplementary instructions without presenting the portion of the user interface;
      
      rendering the second set of instructions, which when executed by the client application on the client computer, cause the client computer to present the portion of the user interface to a user, wherein the second set of instructions are different than the set of supplementary instructions.
  - 7. The method of claim 1 further comprising:
    - intercepting, from the client application, a set of user data;
      
      caching the set of user data;
      
      receiving, from the client application, a request to be sent to the server computer;
      
      generating a modified request based on the request and the set of user data;
      
      sending the modified request to the server computer.
  - 8. The method of claim 1 further comprising:
    - sending the second set of instructions to the client application through a persistent secure socket connection;
      
      receiving, from the client application, a request, which is not based on a URL, to perform a process and return a result, though the persistent secure socket connection;
      
      performing the process;
      
      sending the result to the client application, through the persistent secure socket connection.
  - 9. The method of claim 1, wherein executing the first set of instructions using the headless browser to produce one or more data structures in memory comprises generating one or more document object model (DOM) maps in memory in response to executing the first set of instructions.

10. A computer comprising:
- a processor;
  
  a memory;
  
  a browser backend module configured to;
  
  intercept, from a server computer, a first set of instructions that define a user interface;
  
  wherein the first set of instructions include one or more headers;
  
  strip out the one or more headers;
  
  execute the first set of instructions without presenting the user interface to produce one or more data structures in memory;
  
  a forward transformer module configured to;
  
  update the one or more data structures based, at least in part, on a configuration to produce one or more updated data structures;
  
  wherein to update comprises to modify one or more objects or operations in one or more document object model (DOM) maps in memory according to a polymorphic protocol;
  
  render a second set of instructions, which when executed by a client application on a client computer, cause the client computer to present the user interface, and to generate the one or more updated data structures in memory on the client computer, wherein the second set of instructions are different than the first set of instructions;
  
  wherein the second set of instructions do not include the one or more headers;
  
  send the second set of instructions to the client computer.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The computer of claim 10, wherein:
    - the browser backend module is further configured to execute the first set of instructions to produce one or more data structures in memory;
      
      the forward transformer module is further configured to render the second set of instructions, which when executed by the client application cause the client computer to generate the one or more data structures in memory on the client computer.
  - 12. The computer of claim 10, wherein:
    - the forward transformer module is further configured to render the second set of instructions, which when executed by the client application causes the client application to validate the client application and send a dynamic client credential;
      
      the computer further comprises a transaction module configured to;
      
      receive the dynamic client credential from the client application;
      
      verify the dynamic client credential is correct.
  - 13. The computer of claim 10, wherein:
    - the computer comprises a transaction module configured to;
      
      receive a first request for a first intermediary credential to verify that the computer is a valid intermediary computer;
      
      receive a second request for a second intermediary credential, wherein the first request is different than the second request;
      
      the forward transformer module is further configured to;
      
      send the first intermediary credential to the client application;
      
      send the second intermediary credential to the client application, wherein the first intermediary credential is different than the second intermediary credential.
  - 14. The computer of claim 10, wherein the forward transformer module is further configured to render the second set of instructions, which when executed by the client application causes the client application to auto-generate data interspersed into keyboard data.
  - 15. The computer of claim 10, wherein:
    - the browser backend module is further configured to;
      
      intercept, from the server computer, the first set of instructions that included one or more headers;
      
      strip out the one or more headers;
      
      the forward transformer module is further configured to render the second set of instructions, wherein the second set of instructions do not include the one or more headers.
  - 16. The computer of claim 10, wherein:
    - the browser backend module is further configured to;
      
      receive, from a second web server, a set of supplementary instructions, which the first set of instructions reference and which define a portion of the user interface;
      
      execute the set of supplementary instructions without presenting the portion of the user interface;
      
      the forward transformer module is further configured to render the second set of instructions, which when executed by the client application on the client computer, cause the client computer to present the portion of the user interface to a user, wherein the second set of instructions are different than the set of supplementary instructions.
  - 17. The computer of claim 10 comprising:
    - a transaction module configured to;
      
      intercept, from the client application, a set of user data;
      
      cache the set of user data;
      
      receive, from the client application, a request to be sent to the server computer;
      
      a reverse transformer module configured to;
      
      generate a modified request based on the request and the set of user data;
      
      send the modified request to the server computer.
  - 18. The computer of claim 10, wherein:
    - the forward transformer module is further configured to send the second set of instructions to the client application through a persistent secure socket connection;
      
      the computer comprises a transaction module configured to;
      
      receive, from the client application, a request, which is not based on a URL, to perform a process and return a result, though the persistent secure socket connection;
      
      perform the process;
      
      send the result to the client application, through the persistent secure socket connection.
  - 19. The computer of claim 10, wherein the browser backend module is further configured to generate one or more DOM maps in memory in response to executing the first set of instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shape Security Inc. (F5 Incorporated)
Original Assignee
Shape Security Inc. (F5 Incorporated)
Inventors
Call, Justin
Primary Examiner(s)
NGUYEN, THU HA T

Application Number

US14/218,598
Publication Number

US 20150271188A1
Time in Patent Office

1,029 Days
Field of Search

726/5, 726/4, 726/7, 726/26, 713/153
US Class Current

1/1
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/564   Enhancement of application ...

H04L 67/565   Conversion or adaptation of...

H04L 69/22   Parsing or analysis of headers

Client/server security by an intermediary executing instructions received from a server and rendering client application instructions

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Client/server security by an intermediary executing instructions received from a server and rendering client application instructions

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links