Patent · US Active

Cross-site request forgery protection

US11949714B2 · kind B2 · utility

0Cited by

2References

17Claims

0Family size

Assignee

Salesforce, Inc. · US

Inventors

Robert J. Spremulli · Nashua, US
Chris J. Smith · Sunderland, GB
Radha Shelat · Pune, IN
Myles Taggart Frothingham · Acton, US

Key dates

Filing date	Jan 28, 2021
Grant date	Apr 2, 2024
Priority date	—
Expiry date	Jun 1, 2041

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Digital data processing systems of the type in which a server digital data device (“server”) is coupled to a client digital data device (“client”) over a network, e.g., the Internet, include web server software executing within an application layer on the server that responds to a request from the client by (i) validating a key received from the client with that request, (ii) generating a result code indicative of a success of that validation, (iii) initiating processing of the request, including invoking server resource software executing outside the application layer. The server resource software, which checks the result code upon invocation and before performing a protected operation required for processing the request, responds to a result code indicating that the result did not validate by exiting before executing the protected operation.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.