Count-based challenge-response credential pairs for client/server request validation

摘要

Computer systems and methods in various embodiments are configured for improving the security and efficiency of server computers interacting through an intermediary computer with client computers that may be executing malicious and/or autonomous headless browsers or “bots”. In an embodiment, a server computer system that is programmed to validate requests from a client computer to a server computer, the server computer system comprising: a memory persistently storing a set of server instructions; one or more processors coupled to the memory, wherein the one or more processors execute the set of server instructions, which causes the one or more processors to: generate a first challenge credential to be sent to the client computer, wherein the first challenge credential corresponds to a first response credential in a first challenge-response credential pair; render one or more first dynamic-credential instructions, which when executed by the client computer, cause the client computer to generate the first response credential in the first challenge-response credential pair; send, to the client computer, the first challenge credential and the one or more first dynamic-credential instructions, but not the first response credential; receive a first request that includes a first test-challenge credential and a first test-response credential; determine whether the first test-challenge credential and the first test-response credential are the first challenge-response credential pair; in response to determining that the first test-response credential is the first response credential, determine that a first count is associated with the first challenge-response credential pair, and determine whether the first count satisfies a first threshold; in response to determining that the first count does not satisfy the first threshold, determine that the first request is not a replay request and assign a second count to the first challenge-response credential pair.