	US 12,052,218 B2
	Systems and methods to secure API platforms
Ajit Gaddam, Foster City, CA (US); Pushkar Joglekar, Emeryville, CA (US); and Ara Jermakyan, Northridge, CA (US)
Assigned to Visa International Service Association, San Francisco, CA (US)
Appl. No. 17/255,966
Filed by Visa International Service Association, San Francisco, CA (US)
PCT Filed Jun. 28, 2018, PCT No. PCT/US2018/040124 § 371(c)(1), (2) Date Dec. 23, 2020, PCT Pub. No. WO2020/005263, PCT Pub. Date Jan. 2, 2020.
Prior Publication US 2021/0328969 A1, Oct. 21, 2021
Int. Cl. H04L 9/40 (2022.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01)

CPC H04L 63/02 (2013.01) [G06N 5/04 (2013.01); G06N 20/00 (2019.01); H04L 63/102 (2013.01); H04L 63/1425 (2013.01)]

16 Claims

1. A method comprising:

receiving, by a server, a plurality of access requests from a requesting entity, wherein the plurality of access requests are received via one or more APIs and are a plurality of requests to access one or more resources in an obfuscated database;

determining, by the server, a requesting entity profile associated with the plurality of access requests;

determining, by the server, a machine learning model corresponding to the requesting entity profile;

generating, by the server, an access sequence, wherein the access sequence comprises an ordered sequence of the plurality of access requests;

determining, by the server, an anomaly score by applying the access sequence as an input to the machine learning model;

comparing, by the server, the anomaly score to a predetermined threshold;

if the anomaly score is greater than the predetermined threshold, preventing, by the server, the requesting entity from accessing the obfuscated database; and

if the anomaly score is less than the predetermined threshold, allowing, by the server, the requesting entity to access the obfuscated database, wherein the obfuscated database comprises a plurality of layers and wherein the one or more resources are stored in a deep layer of the obfuscated database.