Challenge-dynamic credential pairs for client/server request validation
First Claim
1. An intermediary computer system that is programmed to validate requests from a client computer to a server computer, the system comprising:
- a memory;
a processor coupled to the memory;
a protocol client module that is coupled to the processor and the memory and configured to intercept a first set of instructions that define one or more original operations, which are configured to cause one or more requests to be sent to the server computer when executed by the client computer;
a forward transformer module that is coupled to the processor and the memory and configured to;
generate, at the intermediary computer system, a first challenge credential to be sent to the client computer;
render one or more first dynamic-credential instructions, which when executed by the client computer, cause the client computer to generate a first dynamic credential that corresponds to the first challenge credential and to include the first dynamic credential in the one or more requests from the client computer;
modify the first set of instructions to produce a modified second set of instructions, wherein the modified second set of instructions include the first challenge credential and the one or more first dynamic-credential instructions, and which when executed by the client computer, cause the first challenge credential to be included in the one or more requests sent from the client computer;
send the modified second set of instructions to the client computer.
3 Assignments
0 Petitions
Accused Products
Abstract
Computer systems and methods in various embodiments are configured for improving the security and efficiency of server computers interacting through an intermediary computer with client computers that may be executing malicious and/or autonomous headless browsers or “bots”. In an embodiment, a computer system comprises: a memory; a processor coupled to the memory; a protocol client module that is coupled to the processor and the memory and configured to intercept a first set of instructions that define one or more original operations, which are configured to cause one or more requests to be sent to the server computer when executed by the client computer; a forward transformer module that is coupled to the processor and the memory and configured to: generate, at the intermediary computer system, a first challenge credential to be sent to the client computer; render one or more first dynamic-credential instructions, which when executed by the client computer, cause the client computer to generate a first dynamic credential that corresponds to the first challenge credential and to include the first dynamic credential in the one or more requests from the client computer; modify the first set of instructions to produce a second set of instructions, wherein the second set of instructions include the first challenge credential and the one or more first dynamic-credential instructions, and which when executed by the client computer, cause the first challenge credential to be included in the one or more requests sent from the client computer; send the second set of instructions to a second computer.
-
Citations
19 Claims
-
1. An intermediary computer system that is programmed to validate requests from a client computer to a server computer, the system comprising:
-
a memory; a processor coupled to the memory; a protocol client module that is coupled to the processor and the memory and configured to intercept a first set of instructions that define one or more original operations, which are configured to cause one or more requests to be sent to the server computer when executed by the client computer; a forward transformer module that is coupled to the processor and the memory and configured to; generate, at the intermediary computer system, a first challenge credential to be sent to the client computer; render one or more first dynamic-credential instructions, which when executed by the client computer, cause the client computer to generate a first dynamic credential that corresponds to the first challenge credential and to include the first dynamic credential in the one or more requests from the client computer; modify the first set of instructions to produce a modified second set of instructions, wherein the modified second set of instructions include the first challenge credential and the one or more first dynamic-credential instructions, and which when executed by the client computer, cause the first challenge credential to be included in the one or more requests sent from the client computer; send the modified second set of instructions to the client computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for validating requests from a client computer, the method comprising:
-
receiving a one or more instructions that define a first challenge credential, one or more first dynamic-credential instructions, and a first object to be displayed to a user; storing the first challenge credential; executing the one or more first dynamic-credential instructions to produce a first dynamic credential that corresponds to the first challenge credential; causing displaying the object; receiving a first input from the user indicating that the user selected the first object, and in response, sending a first request to a server computer for a first set of data, wherein the first request is based on the object and includes the first challenge credential and the first dynamic credential; receiving, from the server computer, the first set of data and one or more second dynamic-credential instructions, and in response, executing the one or more second dynamic-credential instructions to produce a second dynamic credential that corresponds to the first challenge credential, wherein the one or more second dynamic-credential instructions are different than the one or more first dynamic-credential instructions and the second dynamic credential is different than the first dynamic credential; wherein the method is performed by one or more computing devices. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification