H - Electricity – 04 – L
Patent
H - Electricity
04
L
H04L 9/32 (2006.01) G06F 21/00 (2006.01) G06Q 20/40 (2012.01)
Patent
CA 2694326
A method and system for preventing Cross-Site Request Forgery (CSRF) security attacks on a server in a client-server environment. The method includes embedding a nonce and a script to all responses from the server to the client wherein when executed the script will add the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each said request from the client includes the nonce sent by the server from the server to the client. The script modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and confirms the request with the client if the value is not the same as the value previously sent by the server. Server-side aspects of the invention might be embodied in the server or a proxy between the server and the client.
Amit Yair
Podjarny Guy
Sharabani Adi
Ibm Canada Limited - Ibm Canada Limitee
Wang Peter
LandOfFree
A method and system for preventing cross-site request... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with A method and system for preventing cross-site request..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and A method and system for preventing cross-site request... will most certainly appreciate the feedback.
Profile ID: LFCA-PAI-O-1499087