Information security – Access control or authentication – Network
Reexamination Certificate
2008-09-26
2011-11-01
Hoffman, Brandon (Department: 2433)
Information security
Access control or authentication
Network
Reexamination Certificate
active
08051465
ABSTRACT:
Cross Site Request Forgery (CSRF) and other types of fraudulent submission in an electronic environment can be mitigated using state information that typically is already maintained for various users. Each submission requiring authentication includes a state identifier (ID). The state ID is compared to corresponding a state ID submitted in a relatively secure format, such as in a secure token or cookie. If the state ID matches a state ID in the secure token received from the user, and the state ID is valid, the submission is processed. Otherwise an interstitial page, including the state ID and a secure token, is generated to prompt the user to confirm the submission. A subsequent confirmation submission will contain the proper state ID and the new cookie, and can be processed. If no confirmation is received from the user with a valid state ID, the submission is not processed.
REFERENCES:
patent: 2008/0115201 (2008-05-01), Sturms et al.
Johansson Jesper M.
Martin Eric J.
Amazon Technologies Inc.
Hoffman Brandon
Kilpatrick Townsend & Stockton LLP
LandOfFree
Mitigating forgery of electronic submissions does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Mitigating forgery of electronic submissions, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Mitigating forgery of electronic submissions will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4289500