< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

Methods And Systems For Api Level Intrusion Detection

Abstract: This disclosure generally relates to computer security, and more particularly to methods and systems for application programming interface (API)-level intrusion detection. In some embodiments, a computer-readable medium is disclosed, storing instructions for: receiving an API call for a service at an API sandbox module; parsing the API call to extract at least one of: an API call name; and or one or more API call parameters; generating a copy of the at least one of: the API call name and or the one or more API call parameters; determining, via an intrusion detection rules execution engine, whether the API call violates one or more security rules obtained from a security rules object, using the copy of the at least one of: the API call name and or the one or more API call parameters; and providing an indication of whether the API call violates the one or more security rules.

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
18 February 2013
Publication Number
14/2013
Publication Type
INA
Invention Field
COMPUTER SCIENCE
Status
Email
ipo@knspartners.com
Parent Application
Patent Number
Legal Status
Grant Date
2021-01-27
Renewal Date

Applicants

WIPRO LIMITED
Doddakannelli, Sarjapur Road, Bangalore 560035, Karnataka, India.

Inventors

1. Anand Thakadu
SJP-2, Bangalore - 560 035, Karnataka, India
2. Anirban Bhattacharya
Apt A-603 Shriram Samruddhi, Varthur Main Road, Bengaluru – 560066, Karnataka, India
3. Kuldip Shetty
SJP-2, Bangalore - 560 035, Karnataka, India
4. Krishna Prasad M.
SJP-2, Bangalore - 560 035, Karnataka, India
5. Ravi Uday Kumble
#5, SBI Officers Colony, 3rd Stage, 4th Block, Basaveshwara Nagara, Bengaluru – 560079, Karnataka, India
6. Sam Bhattacharya
13418 N Clifftop Drive, Fountain Hills, AZ 85268, United States of America
7. Venu Aluri
8/137, Ambedkar Nagar, Gudlavalleru, Krishna District, Andhra Pradesh – 521356, India
8. Vitesh Patel
L-402, Lavanya Apt., Site No. 12, Maruthi Nagar, Kaikondrahalli, Sarjapur Road, Bangalore – 560035, Karnataka, India.

Specification

CLIAMS:We claim:
1. A non-transitory computer-readable medium storing computer-executable application programming interface (API)-level intrusion detection instructions for:
receiving an API call for a service at an API sandbox module;
parsing the API call to extract at least one of: an API call name; or one or more API call parameters;
generating a copy of the at least one of: the API call name or the one or more API call parameters;
providing, to an intrusion detection rules execution engine, the copy of the at least one of: the API call name or the one or more API call parameters;
determining, via the intrusion detection rules execution engine, whether the API call is in violation of one or more security rules obtained from a security rules object; and
providing an indication of whether the API call is in violation of the one or more security rules.

2. The medium of claim 1, further storing instructions for:
determining that the API call is not in violation of the one or more security rules;
generating, after determining that the API call is not in violation of the one or more security rules, at least one of: a new API call name; or a new API call address;
wherein the generated at least one of: the new API call name; or the new API call address is the indication of whether the API call is in violation of the one or more security rules;
generating a new API call for the service using the generated at least one of: the new API call name; or the new API call address; and
providing the generated new API call for the service.

3. The medium of claim 1, further storing instructions for:
generating at least one of: a new API call name; or a new API call address, regardless of whether the API call is in violation of the one or more security rules;
generating a new API call for the service using the generated at least one of: the new API call name; or the new API call address; and
providing the generated new API call for the service.

4. The medium of claim 3, further storing instructions for:
determining that the API call is in violation of the one or more security rules; and
providing the indication of whether the API call is in violation of the one or more security rules via a user interface dashboard.

5. The medium of claim 1, further storing instructions for:
determining that the API call is in violation of the one or more security rules;
providing the indication of whether the API call is in violation of the one or more security rules via a user interface dashboard;
obtaining user authorization input via the user interface dashboard;
if the user authorization input authorizes API call re-routing,
generating at least one of: a new API call name; or a new API call address,
generating a new API call for the service using the generated at least one of: the new API call name; or the new API call address, and
providing the generated new API call for the service; and
if the user authorization input does not authorize API call re-routing,
rejecting the API call for the service.

6. The medium of claim 1, wherein the service is a web application service.

7. The medium of claim 1, wherein determining whether the API call is in violation of the one or more security rules includes determining whether the copy of the at least one of: the API call name or the one or more API call parameters matches a parameter in the one or more security rules.

8. The medium of claim 2, wherein the new API call name is generated, by extracting a string subset of the copy of the API call name.

9. The medium of claim 8, wherein an API call address for the generated new API call is the same as an API call address for the API call for the service received at the API sandbox module.

10. The medium of claim 2, wherein the new API call address is generated, by providing the copy of the API call name as input to a lookup table.

11. The medium of claim 10, wherein an API call name for the generated new API call is the same as an API call name for the API call for the service received at the API sandbox module.

12. The medium of claim 1, wherein the intrusion detection rules execution engine is of one of the following types: forward-chained; backward-chained; and rule priority based execution ordering.

13. The medium of claim 1, wherein the security rules object includes one or more security rules configured to detect malware.

14. The medium of claim 1, wherein the security rules object includes one or more security rules configured to detect application-level misuse.

15. The medium of claim 1, wherein the security rules object includes one or more security rules specifically applicable to the copy of the API call name.

16. The medium of claim 1, wherein the security rules object is configurable via a user interface dashboard.

17. The medium of claim 16, wherein configuration of the security rules object via the user interface dashboard may be performed substantially in real-time with determining whether the API call is in violation of the one or more security rules.

18. The medium of claim 1, wherein the security rules object is configured to be inaccessible to application developers, end-users, and a provider of the service.

19. The medium of claim 1, wherein the security rules object is used for all API calls for the service received at the API sandbox module.

20. The medium of claim 1, further storing instructions for:
determining whether to provide, to the intrusion detection rules execution engine, the copy of the at least one of: the API call name or the one or more API call parameters, based on one or more user selections of application developers whose applications’ API calls are to be analyzed for intrusion detection.

21. The medium of claim 1, further storing instructions for:
determining whether to provide, to the intrusion detection rules execution engine, the copy of the at least one of: the API call name or the one or more API call parameters, based on one or more user selections of API call names of API calls to be analyzed for intrusion detection.

22. The medium of claim 1, wherein the API sandbox module is co-located at an enterprise software gateway, and is configured for:
receiving API calls for all the user selected developers and user selected API name references; and
processing the API calls for application specific intrusion detection.

23. An application programming interface (API)-level intrusion detection method, comprising:
receiving an API call for a service at an API sandbox module;
parsing the API call to extract at least one of: an API call name; or one or more API call parameters;
generating a copy of the at least one of: the API call name or the one or more API call parameters;
providing, to an intrusion detection rules execution engine including one or more hardware processors, the copy of the at least one of: the API call name or the one or more API call parameters;
determining, via the intrusion detection rules execution engine, whether the API call is in violation of one or more security rules obtained from a security rules object; and
providing an indication of whether the API call is in violation of the one or more security rules.

24. The method of claim 23, further comprising:
determining that the API call is not in violation of the one or more security rules;
generating, after determining that the API call is not in violation of the one or more security rules, at least one of: a new API call name; or a new API call address;
wherein the generated at least one of: the new API call name; or the new API call address is the indication of whether the API call is in violation of the one or more security rules;
generating a new API call for the service using the generated at least one of: the new API call name; or the new API call address; and
providing the generated new API call for the service.

25. The method of claim 23, further comprising:
generating at least one of: a new API call name; or a new API call address, regardless of whether the API call is in violation of the one or more security rules;
generating a new API call for the service using the generated at least one of: the new API call name; or the new API call address; and
providing the generated new API call for the service.

26. The method of claim 23, further comprising:
determining that the API call is in violation of the one or more security rules; and
providing the indication of whether the API call is in violation of the one or more security rules via a user interface dashboard.

27. The method of claim 23, further comprising:
determining that the API call is in violation of the one or more security rules;
providing the indication of whether the API call is in violation of the one or more security rules via a user interface dashboard;
obtaining user authorization input via the user interface dashboard;
if the user authorization input authorizes API call re-routing,
generating at least one of: a new API call name; or a new API call address,
generating a new API call for the service using the generated at least one of: the new API call name; or the new API call address, and
providing the generated new API call for the service; and
if the user authorization input does not authorize API call re-routing,
rejecting the API call for the service.

28. The method of claim 23, wherein determining whether the API call is in violation of the one or more security rules includes determining whether the copy of the at least one of: the API call name or the one or more API call parameters matches a parameter in the one or more security rules.

29. The method of claim 24, wherein the new API call name is generated, by extracting a string subset of the copy of the API call name.

30. The method of claim 24, wherein the new API call address is generated, by providing the copy of the API call name as input to a lookup table.

Dated this 18th day of February, 2013
Sravan Kumar Gampa
K&S Partners
Agent for the Applicant
,TagSPECI:TECHNICAL FIELD
This disclosure generally relates to computer security, and more particularly to methods and systems for API-level intrusion detection.

Documents

Application Documents

# Name Date
1 712-CHE-2013 FORM-9 18-02-2013.pdf 2013-02-18
1 712-CHE-2013-ASSIGNMENT WITH VERIFIED COPY [31-12-2024(online)].pdf 2024-12-31
2 IP22911-Spec.pdf 2013-03-28
2 712-CHE-2013-FORM-16 [31-12-2024(online)].pdf 2024-12-31
3 IP22911-Fig.pdf 2013-03-28
3 712-CHE-2013-POWER OF AUTHORITY [31-12-2024(online)].pdf 2024-12-31
4 FORM 5.pdf 2013-03-28
4 712-CHE-2013-RELEVANT DOCUMENTS [20-09-2023(online)].pdf 2023-09-20
5 FORM 3.pdf 2013-03-28
5 712-CHE-2013-RELEVANT DOCUMENTS [27-09-2022(online)].pdf 2022-09-27
6 712-CHE-2013-PROOF OF ALTERATION [24-02-2022(online)].pdf 2022-02-24
6 712-CHE-2013 FORM-18 17-04-2013.pdf 2013-04-17
7 712-CHE-2013-IntimationOfGrant27-01-2021.pdf 2021-01-27
7 712-CHE-2013 CORRESPONDENCE OTHERS 19-04-2013.pdf 2013-04-19
8 712-CHE-2013-PatentCertificate27-01-2021.pdf 2021-01-27
8 712-CHE-2013 FORM-1 17-05-2013.pdf 2013-05-17
9 712-CHE-2013-FER_SER_REPLY [26-09-2019(online)].pdf 2019-09-26
9 712-CHE-2013 CORRESPONDENCE OTHERS 17-05-2013.pdf 2013-05-17
10 712-CHE-2013 FORM-3 15-07-2013.pdf 2013-07-15
10 712-CHE-2013-FORM 3 [26-09-2019(online)].pdf 2019-09-26
11 712-CHE-2013 CORRESPONDENCE OTHERS 15-07-2013.pdf 2013-07-15
11 712-CHE-2013-FER.pdf 2019-03-27
12 712-CHE-2013 CORRESPONDENCE OTHERS 15-07-2013.pdf 2013-07-15
12 712-CHE-2013-FER.pdf 2019-03-27
13 712-CHE-2013 FORM-3 15-07-2013.pdf 2013-07-15
13 712-CHE-2013-FORM 3 [26-09-2019(online)].pdf 2019-09-26
14 712-CHE-2013 CORRESPONDENCE OTHERS 17-05-2013.pdf 2013-05-17
14 712-CHE-2013-FER_SER_REPLY [26-09-2019(online)].pdf 2019-09-26
15 712-CHE-2013 FORM-1 17-05-2013.pdf 2013-05-17
15 712-CHE-2013-PatentCertificate27-01-2021.pdf 2021-01-27
16 712-CHE-2013 CORRESPONDENCE OTHERS 19-04-2013.pdf 2013-04-19
16 712-CHE-2013-IntimationOfGrant27-01-2021.pdf 2021-01-27
17 712-CHE-2013 FORM-18 17-04-2013.pdf 2013-04-17
17 712-CHE-2013-PROOF OF ALTERATION [24-02-2022(online)].pdf 2022-02-24
18 712-CHE-2013-RELEVANT DOCUMENTS [27-09-2022(online)].pdf 2022-09-27
18 FORM 3.pdf 2013-03-28
19 FORM 5.pdf 2013-03-28
19 712-CHE-2013-RELEVANT DOCUMENTS [20-09-2023(online)].pdf 2023-09-20
20 IP22911-Fig.pdf 2013-03-28
20 712-CHE-2013-POWER OF AUTHORITY [31-12-2024(online)].pdf 2024-12-31
21 IP22911-Spec.pdf 2013-03-28
21 712-CHE-2013-FORM-16 [31-12-2024(online)].pdf 2024-12-31
22 712-CHE-2013-ASSIGNMENT WITH VERIFIED COPY [31-12-2024(online)].pdf 2024-12-31
22 712-CHE-2013 FORM-9 18-02-2013.pdf 2013-02-18
23 712-CHE-2013-FORM 4 [14-07-2025(online)].pdf 2025-07-14
24 712-CHE-2013-FORM-27 [15-07-2025(online)].pdf 2025-07-15
25 712-CHE-2013-FORM-27 [15-07-2025(online)]-1.pdf 2025-07-15

Search Strategy

1 2019-03-2613-36-31_26-03-2019.pdf

ERegister / Renewals

3rd: 22 Mar 2021

From 18/02/2015 - To 18/02/2016

4th: 22 Mar 2021

From 18/02/2016 - To 18/02/2017

5th: 22 Mar 2021

From 18/02/2017 - To 18/02/2018

6th: 22 Mar 2021

From 18/02/2018 - To 18/02/2019

7th: 22 Mar 2021

From 18/02/2019 - To 18/02/2020

8th: 22 Mar 2021

From 18/02/2020 - To 18/02/2021

9th: 22 Mar 2021

From 18/02/2021 - To 18/02/2022

10th: 16 Feb 2022

From 18/02/2022 - To 18/02/2023

11th: 10 Feb 2023

From 18/02/2023 - To 18/02/2024

12th: 18 Feb 2024

From 18/02/2024 - To 18/02/2025

13th: 14 Jul 2025

From 18/02/2025 - To 18/02/2026