Cross-site request forgery protection
US8839424B2 · kind B2 · utility
Inventor
Key dates
| Filing date | Nov 15, 2012 |
| Grant date | Sep 16, 2014 |
| Priority date | — |
| Expiry date | Jan 15, 2033 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2115
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A cross-site request forgeries (CSRF) protection system helps protect against cross-site request forgeries attacks. A CSRF protector is arranged to receive a signal from a service provider that notifies a browser running on a potential victim consumer machine to selectively permit and/or deny cross-site requests in accordance with a set of one or more security policies. The policies can be selected and applied on a domain name basis, IP address basis, trusted zone basis, and combinations thereof. The CSRF protector can also provide a context of the event that triggers a request that contains a cross-site request, where the context provides indicia of circumstances that indicate a likelihood of a cross-site request forgery is being attempted.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.