Preventing cross-site request forgery using environment fingerprints of a client device
First Claim
1. A method for preventing cross-site request forgery, the method comprising:
- receiving, by a server, local terminal information from a client device, the local terminal information received as part of a request by the client device for a web page hosted by the server;
generating, by the server, a first environment fingerprint of the client device based on the local terminal information, the first environment fingerprint comprising encrypted local terminal information associated with the client device;
receiving, at the server, an access request message, the access request message including an identity of at least one operation to be performed by the server and a second environment fingerprint, the second environment fingerprint generated by the client device;
comparing, by the server, whether the second environment fingerprint matches the first environment fingerprint;
rejecting, by the server, the access request message if the comparison indicates that the second environment fingerprint does not match the first environment fingerprint; and
executing, by the server, the operation included with the access request message if the comparison indicates that the second environment fingerprint matches the first environment fingerprint.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method and apparatus for preventing cross-site request forgery. The recommendation method comprises storing a first environment fingerprint associated with a client, wherein the first environment fingerprint uniquely identifies the client based on local terminal information associated with the client; receiving an access request message from the client, the access request message including at least one operation and a second environment fingerprint generated by the client; determining whether the second environment fingerprint matches the first environmental fingerprint; rejecting the access request message if it is determined that the second environment fingerprint does not match the first environment fingerprint; and executing the operation included with the access request message if it is determined that the second environment fingerprint matches the first environment fingerprint.
-
Citations
17 Claims
-
1. A method for preventing cross-site request forgery, the method comprising:
-
receiving, by a server, local terminal information from a client device, the local terminal information received as part of a request by the client device for a web page hosted by the server; generating, by the server, a first environment fingerprint of the client device based on the local terminal information, the first environment fingerprint comprising encrypted local terminal information associated with the client device; receiving, at the server, an access request message, the access request message including an identity of at least one operation to be performed by the server and a second environment fingerprint, the second environment fingerprint generated by the client device; comparing, by the server, whether the second environment fingerprint matches the first environment fingerprint; rejecting, by the server, the access request message if the comparison indicates that the second environment fingerprint does not match the first environment fingerprint; and executing, by the server, the operation included with the access request message if the comparison indicates that the second environment fingerprint matches the first environment fingerprint. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for preventing cross-site request forgery, the apparatus comprising:
-
a processor; and a non-transitory memory storing computer-executable instructions therein that, when executed by the processor, cause the apparatus to; host a web page; receive local terminal information from a client device, the local terminal information received as part of a request by the client device for the web page; generating, by the server, a first environment fingerprint of the client device based on the local terminal information, the first environment fingerprint comprising encrypted local terminal information associated with the client device; receiving, at the server, an access request message, the access request message including an identity of at least one operation to be performed by the server and a second environment fingerprint, the second environment fingerprint generated by the client device; compare whether the second environment fingerprint matches the first environment fingerprint; reject the access request message if the comparison indicates that the second environment fingerprint does not match the first environment fingerprint; and execute the operation included with the access request message if the comparison indicates that the second environment fingerprint matches the first environment fingerprint. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium tangibly storing computer program instructions that are executed by a computer processor, the computer program instructions defining the steps of:
-
hosting, by a processor, a web page; receiving, by the processor, local terminal information from a client device, the local terminal information received as part of a request by the client device for the web page; generating, by the processor, a first environment fingerprint of the client device based on the local terminal information, the first environment fingerprint comprising encrypted local terminal information associated with the client device; receiving, by the processor, an access request message, the access request message including an identity of at least one operation to be performed by the server and a second environment fingerprint, the second environment fingerprint generated by the client device; comparing, by the processor, whether the second environment fingerprint matches the first environment fingerprint; rejecting, by the processor, the access request message if the comparison indicates that the second environment fingerprint does not match the first environment fingerprint; and executing, by the processor, the operation included with the access request message if the comparison indicates that the second environment fingerprint matches the first environment fingerprint. - View Dependent Claims (14, 15, 16, 17)
-
Specification