-
公开(公告)号:US20180091492A1
公开(公告)日:2018-03-29
申请号:US15563509
申请日:2016-02-16
申请人: Shape Security, Inc.
发明人: ARIYA HIDAYAT , JUSTIN CALL
摘要: In an embodiment, a computer system configured to: generate a first challenge credential to be sent to a client computer; render one or more first dynamic-credential instructions, which when executed by the client computer, cause the client computer to generate a first dynamic credential that corresponds to the first challenge credential; modify a first set of instructions, which define one or more original operations, to produce a second set of instructions, wherein the second set of instructions include the first challenge credential and the one or more first dynamic-credential instructions, and which when executed by the client computer, cause the first challenge credential to be included in the one or more requests sent from the client computer; send the second set of instructions to a second computer.
-
公开(公告)号:US20170257385A1
公开(公告)日:2017-09-07
申请号:US15059080
申请日:2016-03-02
申请人: Shape Security, Inc.
发明人: JARROD S. OVERSON , ARIYA HIDAYAT , MICHAEL FICARRA , BEI ZHANG , JUSTIN CALL
CPC分类号: H04L63/1416 , H04L63/1433 , H04L63/1441 , H04L63/1466 , H04L63/168 , H04L67/02 , H04L67/2823 , H04L67/42
摘要: In an approach, an apparatus comprises: one or more processors; a processor logic coupled to the one or more processors and configured to: intercept, from a client computer, a request directed to a server computer that identifies a purported user agent executing on the client computer; send, to the server computer, the request from the client computer; intercept, from the server computer, one or more original instructions to be executed by the purported user agent of the client computer; determine one or more features supported by the purported user agent that are not utilized by the one or more original instructions; transform the one or more original instructions into one or more revised instructions which, when executed by the purported user agent, cause the purported user agent to utilize the one or more features; send, to the client computer, the one or more revised instructions.
-
公开(公告)号:US20160261629A1
公开(公告)日:2016-09-08
申请号:US15157704
申请日:2016-05-18
申请人: Shape Security, Inc.
发明人: XIAOMING ZHOU , ROGER HOOVER , SERGEY SHEKYAN , JUSTIN CALL
IPC分类号: H04L29/06
CPC分类号: H04L63/1466 , G06F9/30181 , G06F9/548 , G06F21/125 , G06F21/128 , G06F21/51 , G06F2209/542 , H04L41/0253 , H04L63/0281 , H04L63/1416 , H04L63/1458 , H04L67/2823 , H04L67/42
摘要: In an embodiment, a method comprises intercepting a first set of instructions from a server computer that define one or more objects and one or more original operations that are based, at least in part, on the one or more objects; modifying the first set of instructions by adding one or more supervisor operations that are based, at least in part, on the one or more objects; transforming the one or more original operations to produce one or more transformed operations that are based, at least in part, on the one or more supervisor operations; rendering a second set of instructions which define the one or more supervisor operations and the one or more transformed operations; sending the second set of instructions to a remote client computer.
-
公开(公告)号:US20150350213A1
公开(公告)日:2015-12-03
申请号:US14290805
申请日:2014-05-29
申请人: Shape Security, Inc.
CPC分类号: H04L63/1491 , G06F21/50 , G06F21/6218 , G06F2221/2119 , G06F2221/2123 , H04L63/06 , H04L63/10 , H04L63/1416 , H04L63/168 , H04L67/02
摘要: In an embodiment, a method comprises intercepting, using a server computer, a first set of instructions that define a user interface and a plurality of links, wherein each link in the plurality of links is associated with a target page, and the plurality of links includes a first link; determining that the first link, which references a first target page, is protected; in response to determining the first link is protected: generating a first protected link that is different than the first link and includes first data that authenticates a first request that has been generated based on the first protected link and that references the first target page; and generating a first decoy link that includes second data that references a first decoy page and not the first target page; rendering a second set of instructions comprising the first protected link and the first decoy link, but not the first link, and which is configured to cause a first client computer to present the first protected link in the user interface and hide the first decoy link from the user interface; sending the second set of instructions to the first client computer.
摘要翻译: 在一个实施例中,一种方法包括使用服务器计算机拦截定义用户界面和多个链接的第一组指令,其中所述多个链接中的每个链接与目标页面相关联,并且所述多个链接 包括第一个链接; 确定引用第一目标页面的第一链接被保护; 响应于确定所述第一链路被保护:生成与所述第一链路不同的第一受保护链路,并且包括基于所述第一受保护链路认证已经生成的并且引用所述第一目标页面的第一请求的第一数据; 以及生成包括引用第一诱饵页而不是所述第一目标页的第二数据的第一诱饵链接; 呈现包括所述第一受保护链路和所述第一诱饵链路而不是所述第一链路的第二组指令,并且被配置为使得第一客户端计算机在所述用户界面中呈现所述第一受保护链路并隐藏所述第一诱饵链接 用户界面; 将第二组指令发送到第一客户端计算机。
-
公开(公告)号:US20150350181A1
公开(公告)日:2015-12-03
申请号:US14738913
申请日:2015-06-14
申请人: Shape Security, Inc.
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/44 , H04L9/008 , H04L9/0891 , H04L63/0846 , H04L63/1441 , H04L63/1466 , H04L63/162 , H04L2463/144
摘要: In an embodiment, a method comprises intercepting, from a first computer, a first set of instructions that define one or more original operations, which are configured to cause one or more requests to be sent if executed by a client computer; modifying the first set of instructions to produce a modified set of instructions, which are configured to cause a credential to be included in the one or more requests sent if executed by the client computer; rendering a second set of instructions comprising the modified set of instructions and one or more credential-morphing-instructions, wherein the one or more credential-morphing-instructions define one or more credential-morphing operations, which are configured to cause the client computer to update the credential over time if executed; sending the second set of instructions to a second computer.
摘要翻译: 在一个实施例中,一种方法包括:从第一计算机截取定义一个或多个原始操作的第一组指令,其被配置为如果由客户端计算机执行则导致发送一个或多个请求; 修改第一组指令以产生经修改的指令集,其被配置为使得凭证被包括在由客户端计算机执行时发送的一个或多个请求中; 呈现包括经修改的指令集和一个或多个凭证变形指令的第二组指令,其中所述一个或多个凭证变形指令定义一个或多个凭证变形操作,其被配置为使得客户端计算机 如果执行则随时更新凭证; 将第二组指令发送到第二计算机。
-
6.发明申请公开(公告)号:US20150207816A1
公开(公告)日:2015-07-23
申请号:US14618389
申请日:2015-02-10
申请人: Shape Security, Inc.
发明人: XIAOMING ZHOU , ROGER HOOVER , SERGEY SHEKYAN , JUSTIN CALL
IPC分类号: H04L29/06
CPC分类号: H04L63/1466 , G06F9/30181 , G06F9/548 , G06F21/125 , G06F21/128 , G06F21/51 , G06F2209/542 , H04L41/0253 , H04L63/0281 , H04L63/1416 , H04L63/1458 , H04L67/2823 , H04L67/42
摘要: In an embodiment, a method comprises intercepting a first set of instructions from a server computer that define one or more objects and one or more original operations that are based, at least in part, on the one or more objects; modifying the first set of instructions by adding one or more supervisor operations that are based, at least in part, on the one or more objects; transforming the one or more original operations to produce one or more transformed operations that are based, at least in part, on the one or more supervisor operations; rendering a second set of instructions which define the one or more supervisor operations and the one or more transformed operations; sending the second set of instructions to a remote client computer.
摘要翻译: 在一个实施例中,一种方法包括从服务器计算机截取定义一个或多个对象的第一组指令和至少部分地基于所述一个或多个对象的一个或多个原始操作; 通过添加至少部分地基于所述一个或多个对象的一个或多个主管操作来修改所述第一组指令; 将所述一个或多个原始操作转换成至少部分地基于所述一个或多个主管操作来生成一个或多个转换操作; 呈现定义一个或多个监督器操作和一个或多个变换操作的第二组指令; 将第二组指令发送到远程客户端计算机。
-
7.发明申请公开(公告)号:US20160294796A1
公开(公告)日:2016-10-06
申请号:US14673669
申请日:2015-03-30
申请人: SHAPE SECURITY, INC.
发明人: ARIYA HIDAYAT , JUSTIN CALL
CPC分类号: H04L63/08 , G06F21/00 , G06F21/445 , H04L63/0807 , H04L67/02 , H04L67/42
摘要: Computer systems and methods in various embodiments are configured for improving the security and efficiency of server computers interacting through an intermediary computer with client computers that may be executing malicious and/or autonomous headless browsers or “bots”. In an embodiment, a computer system comprises: a memory; a processor coupled to the memory; a protocol client module that is coupled to the processor and the memory and configured to intercept a first set of instructions that define one or more original operations, which are configured to cause one or more requests to be sent to the server computer when executed by the client computer; a forward transformer module that is coupled to the processor and the memory and configured to: generate, at the intermediary computer system, a first challenge credential to be sent to the client computer; render one or more first dynamic-credential instructions, which when executed by the client computer, cause the client computer to generate a first dynamic credential that corresponds to the first challenge credential and to include the first dynamic credential in the one or more requests from the client computer; modify the first set of instructions to produce a second set of instructions, wherein the second set of instructions include the first challenge credential and the one or more first dynamic-credential instructions, and which when executed by the client computer, cause the first challenge credential to be included in the one or more requests sent from the client computer; send the second set of instructions to a second computer.
摘要翻译: 各种实施例中的计算机系统和方法被配置用于改善通过中间计算机与可能执行恶意和/或自主无头浏览器或“机器人”的客户端计算机交互的服务器计算机的安全性和效率。 在一个实施例中,计算机系统包括:存储器; 耦合到存储器的处理器; 协议客户机模块,其耦合到所述处理器和所述存储器并且被配置为拦截定义一个或多个原始操作的第一组指令,所述第一组指令被配置为当由所述原始操作执行时将一个或多个请求发送到所述服务器计算机 客户端计算机 正向变压器模块,其耦合到处理器和存储器并且被配置为:在中间计算机系统处生成要发送到客户端计算机的第一挑战凭证; 渲染一个或多个第一动态凭证指令,当客户端计算机执行时,该动态凭证指令使得客户端计算机生成对应于第一挑战证书的第一动态凭证,并且将第一动态凭证包括在来自 客户端计算机 修改第一组指令以产生第二组指令,其中第二组指令包括第一挑战凭证和一个或多个第一动态凭证指令,以及当由客户端计算机执行时,引起第一挑战凭证 被包括在从客户端计算机发送的一个或多个请求中; 将第二组指令发送到第二台计算机。
-
公开(公告)号:US20160050231A1
公开(公告)日:2016-02-18
申请号:US14923603
申请日:2015-10-27
申请人: Shape Security, Inc.
CPC分类号: H04L63/1491 , G06F21/50 , G06F21/6218 , G06F2221/2119 , G06F2221/2123 , H04L63/06 , H04L63/10 , H04L63/1416 , H04L63/168 , H04L67/02
摘要: In an embodiment, a method comprises intercepting, using a server computer, a first set of instructions that define a user interface and a plurality of links, wherein each link in the plurality of links is associated with a target page, and the plurality of links includes a first link; determining that the first link, which references a first target page, is protected; in response to determining the first link is protected: generating a first protected link that is different than the first link and includes first data that authenticates a first request that has been generated based on the first protected link and that references the first target page; and generating a first decoy link that includes second data that references a first decoy page and not the first target page; rendering a second set of instructions comprising the first protected link and the first decoy link, but not the first link, and which is configured to cause a first client computer to present the first protected link in the user interface and hide the first decoy link from the user interface; sending the second set of instructions to the first client computer.
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.016 秒)