Method and apparatus to detect non-human users on computer systems
US-9906544-B1 · Feb 27, 2018 · US
Bot detection in an edge network using transport layer security (TLS) fingerprint
US12316672B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12316672-B2 |
| Application number | US-202318383351-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 24, 2023 |
| Priority date | Dec 18, 2017 |
| Publication date | May 27, 2025 |
| Grant date | May 27, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This disclosure describes a technique to fingerprint TLS connection information to facilitate bot detection. The notion is referred to herein as “TLS fingerprinting.” Preferably, TLS fingerprinting herein comprises combining different parameters from the initial “Hello” packet send by the client. In one embodiment, the different parameters from the Hello packet that are to create the fingerprint (the “TLS signature”) are: record layer version, client version, ordered TLS extensions, ordered cipher list, ordered elliptic curve list, and ordered signature algorithms list. Preferably, the edge server persists the TLS signature for the duration of a session.
First claim
Opening claim text (preview).
We claim: 1. A computer program product in a non-transitory computer readable medium, the computer program product comprising program code executable in and across a set of hardware processors, the program code comprising: first program code executable in a first hardware processor and configured to execute a script and, responsive to execution of the script, to output a set of transport layer security parameters; second program code executable in a second hardware processor and configured to receive and extract the set of transport layer security parameters, to process the extracted set of transport layer security parameters into a hash value, and to selectively output the hash value; and third program code executable in a third hardware processor and configured to receive the hash value, based on a machine learning model, carry out a determination whether an entity that generated the set of transport layer security parameters as reflected by the hash value has a characteristic associated with a bot, and to provide the second program code an indication based on the determination; wherein the second program code is further configured to receive and to take a given action based on the indication. 2. The computer program product as described in claim 1 wherein the set of transport layer security parameters are associated with a Transport Layer Security (TLS) connection initiated by a client entity associated with the first hardware processor. 3. The computer program product as described in claim 2 wherein the TLS connection is initiated by the client entity by a client hello message. 4. The computer program product as described in claim 3 wherein the set of transport layer security parameters comprise information derived from the client hello message, the information being at least one of: a record layer version, a client version, a set of ordered TLS extensions, an ordered cipher list, an ordered elliptic curve list, and an ordered signature algorithms list. 5. The computer program product as described in claim 1 wherein the third program code is further configured to persist the hash value for a duration of a session associated with a client request. 6. The computer program product as described in claim 1 wherein the given action is one of: denying a client request, tarpit the client request, serving alternative content in response to the client request, passing the client request forward to an origin, and serving a response to the client request. 7. The computer program product as described in claim 1 wherein the second program code is further configured to check the hash value against a data set of known bad hash values. 8. The computer program product as described in claim 7 wherein the third program code is further configured to generate the data set of known bad hash values, and to provide the data set of known bad hash values to a server entity associated with the second hardware processor. 9. The computer program product as described in claim 1 wherein the third program code is further configured to generate the machine learning model using supervised learning. 10. The computer program product as described in claim 1 wherein the first hardware processor is associated with a client entity, the second hardware processor is associated with a server entity, and the third hardware processor is associated with a bot detection service entity. 11. The computer program product as described in claim 10 wherein the server entity is one of a set of server entities of a content delivery network (CDN). 12. The computer program product as described in claim 10 wherein the second progam code of the server entity is further configured to deliver the script to the client entity. 13. The computer program product as described in claim 1 wherein the first hardware processor is located remote from the second hardware processor. 14. The computer program product as described in claim 1 wherein the second hardware processor is located remote from the third hardware processor. 15. The computer program product as described in claim 1 wherein the set of transport layer security parameters comprise a fingerprint.
Assignees
Inventors
Classifications
Supervised learning · CPC title
Machine learning · CPC title
at the transport layer · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Probabilistic graphical models, e.g. probabilistic networks · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12316672B2 cover?
- This disclosure describes a technique to fingerprint TLS connection information to facilitate bot detection. The notion is referred to herein as “TLS fingerprinting.” Preferably, TLS fingerprinting herein comprises combining different parameters from the initial “Hello” packet send by the client. In one embodiment, the different parameters from the Hello packet that are to create the fingerprin…
- Who is the assignee on this patent?
- Akamai Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1483. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 27 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).