Patent · US Active

Systems and methods for protecting web based applications from cross site request forgery attacks

US8020193B2 · kind B2 · utility

73Cited by

0References

20Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Sumeer Kumar Bhola · White Plains, US
Todd E. Kaplinger · Raleigh, US
Michael Steiner · Windom, US

Key dates

Filing date	Oct 20, 2008
Grant date	Sep 13, 2011
Priority date	—
Expiry date	Jan 26, 2030

Classification

Technology area (CPC H)Electricity
CPC primaryH04L67/02
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Computer implemented methods (200) for protecting web based applications (110, 114) from Cross Site Request Forgery (CSRF) attacks. The methods involve (204) classifying each resource offered by a web server application as a CSRF-protected resource or a not-CSRF-protected resource. The methods also involve (214, . . . , 222) performing a user authentication, (224) initializing an authentication-token, and (226) initializing a CSRF protection secret that is used to validate CSRF protection parameters contained in resource identifiers for the resources. The methods further involve (228) performing a server-side rewriting process (300) to add the CSRF protection parameter to the resource identifiers for the resources and/or (230) performing a client-side rewriting process to add the CSRF protection parameter to a resource identifier for a second resource (e.g., a resource created at a client computer (102)).

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.