Invention Grant
US09118619B2 Prevention of cross site request forgery attacks by conditional use cookies
有权
通过有条件的使用cookies防止跨站点请求伪造攻击
- Patent Title: Prevention of cross site request forgery attacks by conditional use cookies
- Patent Title (中): 通过有条件的使用cookies防止跨站点请求伪造攻击
-
Application No.: US13451443Application Date: 2012-04-19
-
Publication No.: US09118619B2Publication Date: 2015-08-25
- Inventor: Alexander Gantman , Arun Balakrishnan , Gregory Gordon Rose
- Applicant: Alexander Gantman , Arun Balakrishnan , Gregory Gordon Rose
- Applicant Address: US CA San Diego
- Assignee: QUALCOMM Incorported
- Current Assignee: QUALCOMM Incorported
- Current Assignee Address: US CA San Diego
- Agent Linda G. Gunderson
- Main IPC: G06F15/16
- IPC: G06F15/16 ; H04L29/08 ; H04L29/06
Abstract:
To inhibit cross-site forgery attacks, different types/classes of cookies are used. A first cookie and a second cookie are generated by a web server and provided to a client browser during a web session. The first cookie defines a first set of use conditions for when the first cookie is to be used within the web session. The second cookie defines a second set of use conditions for when the second cookie is to be used within the web session. The client browser determines which (if any) of the first cookie or second cookie to send to the web server based on the use conditions defined within each cookie and the operation(s) sought by the client browser. The web server may grant different or the same privileges to operation(s) being sought by the client browser depending on whether the first or second cookie is sent by the client browser.
Public/Granted literature
- US20130117817A1 PREVENTION OF CROSS SITE REQUEST FORGERY ATTACKS BY CONDITIONAL USE COOKIES Public/Granted day:2013-05-09
Information query
