Preventing cross-site request forgery using environment fingerprints of a client device
US10419431B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Sep 21, 2016 |
| Grant date | Sep 17, 2019 |
| Priority date | — |
| Expiry date | Apr 29, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/562
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Disclosed is a method and apparatus for preventing cross-site request forgery. The recommendation method comprises storing a first environment fingerprint associated with a client, wherein the first environment fingerprint uniquely identifies the client based on local terminal information associated with the client; receiving an access request message from the client, the access request message including at least one operation and a second environment fingerprint generated by the client; determining whether the second environment fingerprint matches the first environmental fingerprint; rejecting the access request message if it is determined that the second environment fingerprint does not match the first environment fingerprint; and executing the operation included with the access request message if it is determined that the second environment fingerprint matches the first environment fingerprint.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.