| 发明名称 | Multifactor validation of requests to thwart dynamic cross-site attacks | ||
| 摘要 | An apparatus and a method for validating requests to thwart cross-site attacks is described. A user identifier token, a request identifier token, and a timestamp, are generated at a web application of a server. A Message Authentication Code (MAC) value is formed based on the user identifier token, the request identifier token, and the timestamp using a secret key of the web application. Names of the form elements are enciphered. Fake form elements can also be added to the dynamic form. The entire page also can be enciphered. The dynamic form is sent with the MAC value and the time stamp to a client. A completed form comprising a returned MAC value and a returned timestamp is received from the client. The completed form is validated at the server based on the returned MAC value and the returned timestamp. | ||
| 申请公布号 | US8775818(B2) | 申请公布日期 | 2014.07.08 |
| 申请号 | US200912628121 | 申请日期 | 2009.11.30 |
| 申请人 | Red Hat, Inc. | 发明人 | Schneider James Paul |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Lowenstein Sandler LLP | 代理人 | Lowenstein Sandler LLP |
| 主权项 | 1. A method comprising: composing, by a processing device, a Message Authentication Code (MAC) value based on: a user identifier token that identifies a user of a web application hosted by a server, a request identifier token that identifies an action in the web application requested by the user, a timestamp, and a nonce corresponding to the action; enciphering a name of a form element of a form of the web application; and sending to a client the form having the enciphered name, the MAC value, and the timestamp. | ||
| 地址 | Raleigh NC US | ||