Methods for managing security tokens based on security violations and devices thereof

US 10,812,266 B1
Filed: 09/29/2017
Issued: 10/20/2020
Est. Priority Date: 03/17/2017
Status: Active Grant

First Claim

Patent Images

1. A method for managing security tokens based on security violations, the method implemented by a network traffic management system comprising one or more network traffic manager apparatuses, client devices, or server devices, the method comprising:

monitoring network traffic data between a client and a web application, the client granted access to the web application by an access token associated with the client and the web application;

detecting a security violation in the monitored network traffic data between the client and the web application;

revoking the access token associated with the client and the web application in response to detecting the security violation in the monitored network traffic data between the client and the web application;

preventing the client associated with the revoked access token from accessing the web application; and

modifying an access right for another access token in response to detecting the security violation in the monitored network traffic data between the client and the web application, the other access token associated with the client and another web application that is different from the web application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, non-transitory computer readable media, and network traffic manager apparatus that assists managing security tokens based on security violations includes monitoring network traffic data between a client and a web application server. Next, the monitored network traffic data is determined for at least one security violation. One or more access tokens associated with the client is modified when the at least one security violation is detected in the monitored network traffic data. The client is restricted from accessing one or more web applications based on the modified one or more access tokens.

824 Citations

20 Claims

1. A method for managing security tokens based on security violations, the method implemented by a network traffic management system comprising one or more network traffic manager apparatuses, client devices, or server devices, the method comprising:
- monitoring network traffic data between a client and a web application, the client granted access to the web application by an access token associated with the client and the web application;
  
  detecting a security violation in the monitored network traffic data between the client and the web application;
  
  revoking the access token associated with the client and the web application in response to detecting the security violation in the monitored network traffic data between the client and the web application;
  
  preventing the client associated with the revoked access token from accessing the web application; and
  
  modifying an access right for another access token in response to detecting the security violation in the monitored network traffic data between the client and the web application, the other access token associated with the client and another web application that is different from the web application.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - receiving a request from the client to access the web application;
      
      obtaining the access token from an identity provider server, the access token associated with the client and the web application;
      
      determining the access token is valid; and
      
      providing the client access to the web application when the access token is determined to be valid.
  - 3. The method of claim 1, wherein the security violation comprises a denial of service attack.
  - 4. The method of claim 1, wherein the security violation is detected before the network traffic associated with the security violation is received at the web application.
  - 5. The method of claim 1, wherein the security violation comprises a SQL injection, an access control list denial, or data leakage.

6. A non-transitory computer readable medium having stored thereon instructions for managing security tokens based on security violations comprising executable code which when executed by one or more processors, causes the processors to:
- monitor network traffic data between a client and a web application, the client granted access to the web application by an access token associated with the client and the web application;
  
  detect a security violation in the monitored network traffic data between the client and the web application;
  
  revoke the access token associated with the client and the web application in response to detecting the security violation in the monitored network traffic data between the client and the web application;
  
  prevent the client associated with the revoked access token from accessing the web application; and
  
  modify an access right for another access token in response to detecting the security violation in the monitored network traffic data between the client and the web application, the other access token associated with the client and another web application that is different from the web application.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer readable medium of claim 6, further comprising executable code which when executed by one or more processors, further causes the processors to:
    - receive a request from the client to access the web application;
      
      obtain the access token from an identity provider server, the access token associated with the client and the web application;
      
      determine the access token is valid; and
      
      provide the client access to the web application when the first access token is determined to be valid.
  - 8. The computer readable medium of claim 6, wherein the security violation comprises a SQL injection.
  - 9. The computer readable medium of claim 6, wherein the security violation is detected before the network traffic associated with the security violation is received at the web application.
  - 10. The computer readable medium of claim 6, wherein the security violation comprises a denial of service attack, an access control list denial, or data leakage.

11. A network traffic manager apparatus, comprising memory comprising programmed instructions stored in the memory and one or more processors configured to be capable of executing the programmed instructions stored in the memory to:
- monitor network traffic data between a client and a web application, the client granted access to the web application by an access token associated with the client and the web application;
  
  detect a security violation in the monitored network traffic data between the client and the web application;
  
  revoke the access token associated with the client and the web application in response to detecting the security violation in the monitored network traffic data between the client and the web application;
  
  prevent the client associated with the revoked access token from accessing the web application; and
  
  modify an access right for another access token in response to detecting the security violation in the monitored network traffic data between the client and the web application, the other access token associated with the client and another web application that is different from the web application.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The network traffic manager apparatus of claim 11, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to:
    - receive a request from the client to access the web application;
      
      obtain the access token from an identity provider server, the access token associated with the client and the web application;
      
      determine the access token is valid; and
      
      provide the client access to the web application when the access token is determined to be valid.
  - 13. The network traffic manager apparatus of claim 11, wherein the security violation comprises a SQL injection or a distributed denial of service attack.
  - 14. The network traffic manager apparatus of claim 11, wherein the security violation is detected before the network traffic associated with the security violation is received at the web application.
  - 15. The network traffic manager apparatus of claim 11, wherein the security violation comprises an access control list denial or data leakage.

16. A network traffic management system, comprising one or more traffic management apparatuses, client devices, or server devices, the network traffic management system comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to:
- monitor network traffic data between a client and a web application, the client granted access to the web application by an access token associated with the client and the web application;
  
  detect a security violation in the monitored network traffic data between the client and the web application;
  
  revoke the access token associated with the client and the web application in response to detecting the security violation in the monitored network traffic data between the client and the web application;
  
  prevent the client associated with the revoked access token from accessing the web application; and
  
  modify an access right for another access token in response to detecting the security violation in the monitored network traffic data between the client and the web application, the other access token associated with the client and another web application that is different from the web application.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The network traffic management system of claim 16, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to:
    - receive a request from the client to access the web application;
      
      obtain the access token from an identity provider server, the access token associated with the client and the web applications;
      
      determine access token is valid; and
      
      provide the client access to the web application when the access token is determined to be valid.
  - 18. The network traffic management system of claim 16, wherein the security violation comprises a SQL injection, a distributed denial of service attack, an access control list denial, or data leakage.
  - 19. The network traffic manager system of claim 16, wherein the security violation is detected before the network traffic associated with the security violation is received at the web application.
  - 20. The network traffic management system of claim 16, wherein the security violation comprises a denial of service attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Natarajan, Ravi, Khatri, Gauravsingh, Mhatre, Swapnil
Primary Examiner(s)
McNally, Michael S

Application Number

US15/720,737
Time in Patent Office

1,117 Days
Field of Search

726 14
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/57   Certifying or maintaining t...

G06F 21/62   Protecting access to data v...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04L 63/20   for managing network securi...

H04L 9/3213   using tickets or tokens, e....

Methods for managing security tokens based on security violations and devices thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

824 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for managing security tokens based on security violations and devices thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

824 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links