Enhanced cross-site attack prevention
US8584232B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 23, 2007 |
| Grant date | Nov 12, 2013 |
| Priority date | — |
| Expiry date | Nov 11, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2119
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Efficient cross-site attack prevention, in which web pages are stored on a site, the web pages being organized into entry pages that do not accept input, and protected pages that are not entry pages. A request is received from a user application to receive a requested web page, the request including a referrer string indicative of a referring web page, and identification data. It is determined whether the requested web page is an entry page or a protected page, and it is further determined, if the requested web page is determined to be a protected page, if the user application is authorized based upon the identification data, and if the referring web page is stored on the site based upon the referrer string. The requested web page is transmitted to the user application if the user application is determined to be authorized and if the referring web page is determined to be stored on the site, and the request is redirected to an entry page if the user application is determined to be not authorized or if the referring web page is determined to be not stored on the site.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.