Enforcement of same origin policy for sensitive data
First Claim
1. A method to improve the security of online communications comprising:
- establishing a secure communication channel with a server, wherein the server is securely authenticated based on a digital certificate;
determining an origin identifier identifying the server of the established secure communication channel, wherein the origin identifier is based on the digital certificate used to securely authenticate the server;
receiving a web page via the secure communication channel;
detecting an element within the web page directed at release of a sensitive data;
determining an authorized origin identifier associated with the sensitive data; and
causing release of the sensitive data only if the origin identifier is the determined authorized origin identifier associated with the sensitive data.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus relating to enforcement of same origin policy of sensitive data are described. In an embodiment, a security agent may help ensure release of sensitive data is only triggered by authorized sources. The security agent may help ensure sensitive data is only released to authorized destinations. A security agent may translate or obfuscate sensitive data. Sensitive data may include HTTP cookies, session data, authentication information, authorization information, personal information, user credentials, and/or other data sensitive in nature. Sensitive data destinations and/or sensitive data origins may be identified. Identification may be performed using secure means (such as for example a SSL/TLS handshake). Other embodiments are also disclosed and claimed.
-
Citations
22 Claims
-
1. A method to improve the security of online communications comprising:
-
establishing a secure communication channel with a server, wherein the server is securely authenticated based on a digital certificate; determining an origin identifier identifying the server of the established secure communication channel, wherein the origin identifier is based on the digital certificate used to securely authenticate the server; receiving a web page via the secure communication channel; detecting an element within the web page directed at release of a sensitive data; determining an authorized origin identifier associated with the sensitive data; and causing release of the sensitive data only if the origin identifier is the determined authorized origin identifier associated with the sensitive data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus to improve the security of online communications comprising:
-
memory to store one or more instructions; and a processor, coupled to the memory, to execute the one or more instructions to; establish a secure communication channel with a server, wherein the server is securely authenticated based on a digital certificate; determine an origin identifier to identify the server of the established secure communication channel, wherein the origin identifier is based on the digital certificate used to securely authenticate the server; receive a web page via the secure communication channel; detect an element within the web page directed at release of a sensitive data; determine an authorized origin identifier associated with the sensitive data; and cause release of the sensitive data only if the origin identifier to identify the origin is the determined authorized origin identifier associated with the sensitive data. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium comprising one or more instructions that when executed on a processor configure the processor to perform one or more operations to:
-
establish a secure communication channel with a server, wherein the server is securely authenticated based on a digital certificate; determine an origin identifier to identify the server of the established secure communication channel, wherein the origin identifier is based on the digital certificate used to securely authenticate the server; receive a web page via the secure communication channel; detect an element within the web page directed at release of a sensitive data; determine an authorized origin identifier associated with the sensitive data; and cause release of the sensitive data only if the origin identifier to identify the origin is the determined authorized origin identifier associated with the sensitive data. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification