Invention Grant
- Patent Title: Method and device for preventing CSRF attack
- Patent Title (中): 防止CSRF攻击的方法和设备
-
Application No.: US13621238Application Date: 2012-09-15
-
Publication No.: US08997222B2Publication Date: 2015-03-31
- Inventor: Dikran S. Meliksetian , Gang Niu , Qiang Guo Tong
- Applicant: Dikran S. Meliksetian , Gang Niu , Qiang Guo Tong
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Yudell Isidore PLLC
- Agent Parashos Kalaitzis
- Priority: CN201010580357 20101130
- Main IPC: G06F17/30
- IPC: G06F17/30 ; G06F12/14 ; G08B23/00 ; H04L29/08 ; H04L29/06 ; H04N7/167
Abstract:
The disclosure provides method for preventing CSRF attacks, in which the method provides: intercepting request sent from a client browser to a server; generating a token; generating a response to the request; inserting the token into the response to the request; and sending the response to the request to the client browser with the token inserted into the response. With the method of the disclosure, it is assured that a token is inserted into all the requests made by a user through a client browser for accessing a resource. And it can be assured that the request is issued by the user himself by verifying whether the token in the request is valid, thereby preventing a CSRF attack.
Public/Granted literature
- US20130019308A1 Method and Device for Preventing CSRF Attack Public/Granted day:2013-01-17
Information query
