Patent · US Active

Cross-site request forgery protection

US10924509B2 · kind B2 · utility

0Cited by

0References

21Claims

0Family size

Assignee

Salesforce.com, Inc. · US

Inventors

Robert J. Spremulli · Nashua, US
Chris J. Smith · Sunderland, GB
Radha Shelat · Pune, IN
Myles Taggart Frothingham · Acton, US

Key dates

Filing date	Sep 29, 2017
Grant date	Feb 16, 2021
Priority date	—
Expiry date	Apr 11, 2038

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Digital data processing systems of the type in which a server digital data device (“server”) is coupled to a client digital data device (“client”) over a network, e.g., the Internet, include web server software executing within an application layer on the server that responds to a request from the client by (i) validating a key received from the client with that request, (ii) generating a result code indicative of a success of that validation, (iii) initiating processing of the request, including invoking server resource software executing outside the application layer. The server resource software, which checks the result code upon invocation and before performing a protected operation required for processing the request, responds to a result code indicating that the result did not validate by exiting before executing the protected operation.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.