Invention Grant
US08775818B2 Multifactor validation of requests to thwart dynamic cross-site attacks
有权
多因素验证请求以阻止动态跨站点攻击
- Patent Title: Multifactor validation of requests to thwart dynamic cross-site attacks
- Patent Title (中): 多因素验证请求以阻止动态跨站点攻击
-
Application No.: US12628121Application Date: 2009-11-30
-
Publication No.: US08775818B2Publication Date: 2014-07-08
- Inventor: James Paul Schneider
- Applicant: James Paul Schneider
- Applicant Address: US NC Raleigh
- Assignee: Red Hat, Inc.
- Current Assignee: Red Hat, Inc.
- Current Assignee Address: US NC Raleigh
- Agency: Lowenstein Sandler LLP
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
An apparatus and a method for validating requests to thwart cross-site attacks is described. A user identifier token, a request identifier token, and a timestamp, are generated at a web application of a server. A Message Authentication Code (MAC) value is formed based on the user identifier token, the request identifier token, and the timestamp using a secret key of the web application. Names of the form elements are enciphered. Fake form elements can also be added to the dynamic form. The entire page also can be enciphered. The dynamic form is sent with the MAC value and the time stamp to a client. A completed form comprising a returned MAC value and a returned timestamp is received from the client. The completed form is validated at the server based on the returned MAC value and the returned timestamp.
Public/Granted literature
- US20110131416A1 MULTIFACTOR VALIDATION OF REQUESTS TO THW ART DYNAMIC CROSS-SITE ATTACKS Public/Granted day:2011-06-02
Information query
