PROTECTING AGAINST API ATTACKS BY CONTINUOUS AUDITING OF SECURITY COMPLIANCE OF API USAGE RELATIONSHIP

Organization Name

International Business Machines Corporation

Inventor(s)

Lloyd Wellington Mascarenhas of White Plains NY (US)

Matthias Seul of Pleasant Hill CA (US)

Arielle Tovah Orazio of Wood-Ridge NJ (US)

PROTECTING AGAINST API ATTACKS BY CONTINUOUS AUDITING OF SECURITY COMPLIANCE OF API USAGE RELATIONSHIP - A simplified explanation of the abstract

This abstract first appeared for US patent application 17526087 titled 'PROTECTING AGAINST API ATTACKS BY CONTINUOUS AUDITING OF SECURITY COMPLIANCE OF API USAGE RELATIONSHIP

Simplified Explanation

The patent application describes a method, system, and computer program for protecting against API attacks. Here is a simplified explanation of the abstract:

• The technology establishes a connection between an API user and an API provider.
• The connection is continuously monitored to assess its security and the trustworthiness of the API user and provider.
• Based on the monitoring, scores are generated for each factor used in assessing the connection security and trustworthiness.
• These scores are then used to determine the level of risk for an API attack by the API user or provider.
• Actions, such as blocking traffic, can be taken based on the level of risk identified.

Potential Applications

This technology can be applied in various industries and scenarios where API security is crucial, such as:

• E-commerce platforms that rely on APIs for transactions and data exchange.
• Financial institutions that need to protect sensitive customer information accessed through APIs.
• Cloud service providers that offer APIs for accessing and managing resources.
• Social media platforms that use APIs for third-party integrations and data sharing.

Problems Solved

The technology addresses the following problems related to API attacks:

• API attacks can lead to unauthorized access, data breaches, and service disruptions.
• Traditional security measures may not be sufficient to detect and prevent API attacks.
• It can be challenging to assess the trustworthiness of API users and providers in real-time.
• Existing solutions may lack the ability to dynamically adapt and respond to evolving API attack techniques.

Benefits

The technology offers several benefits for protecting against API attacks:

• Continuous monitoring helps detect and mitigate API attacks in real-time.
• Assessing connection security and trustworthiness improves overall API security.
• Generating risk levels allows for targeted actions to be taken against potential attackers.
• The system can adapt and respond to new API attack techniques as they emerge.

Original Abstract Submitted

A computer-implemented method, system and computer program product for protecting against application programming interface (API) attacks. A connection is established between an API user and an API provider. The established connection is then monitored to assess connection security and trustworthiness of the connection as well as trustworthiness of the API user and/or API provider. A score is then generated for each factor used in assessing the connection security and trustworthiness of the connection as well as the trustworthiness of the API user and/or API provider based on the monitoring. A level of risk for an API attack with respect to the API user and/or API provider is then generated based on such scores. An action (e.g., blocking traffic) is then performed with respect to the API user and/or API provider based on the level of risk for an API attack with respect to the API user and/or API provider, respectively.