Transparently using origin isolation to protect access tokens
US11689528B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Sep 12, 2019 |
| Grant date | Jun 27, 2023 |
| Priority date | — |
| Expiry date | Sep 20, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/2876
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The disclosed technology teaches safely attaching an access token to a browser-based request from a first app loaded by a webpage, without exposing the token to malicious code loaded by the webpage, providing an identity proxy that transparently determines which network requests to relay and a secrets management proxy that provides access tokens transparently to the requests. The identity proxy intercepts an access request from the first app to the resource server and relays the request via the secrets management proxy, which forwards the request to the resource server with an access token, receives a response from the resource server and forwards the response to the identity proxy for return to the first app. The secrets management proxy is implemented in an iFrame that has isolated storage subject to a browser-enforced same origin policy that makes the isolated storage used by the iFrame inaccessible to malicious code on the webpage.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.