Preventing cross-site request forgery using environment fingerprints of a client device

US 10,419,431 B2
Filed: 09/21/2016
Issued: 09/17/2019
Est. Priority Date: 09/23/2015
Status: Active Grant

First Claim

Patent Images

1. A method for preventing cross-site request forgery, the method comprising:

receiving, by a server, local terminal information from a client device, the local terminal information received as part of a request by the client device for a web page hosted by the server;

generating, by the server, a first environment fingerprint of the client device based on the local terminal information, the first environment fingerprint comprising encrypted local terminal information associated with the client device;

receiving, at the server, an access request message, the access request message including an identity of at least one operation to be performed by the server and a second environment fingerprint, the second environment fingerprint generated by the client device;

comparing, by the server, whether the second environment fingerprint matches the first environment fingerprint;

rejecting, by the server, the access request message if the comparison indicates that the second environment fingerprint does not match the first environment fingerprint; and

executing, by the server, the operation included with the access request message if the comparison indicates that the second environment fingerprint matches the first environment fingerprint.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method and apparatus for preventing cross-site request forgery. The recommendation method comprises storing a first environment fingerprint associated with a client, wherein the first environment fingerprint uniquely identifies the client based on local terminal information associated with the client; receiving an access request message from the client, the access request message including at least one operation and a second environment fingerprint generated by the client; determining whether the second environment fingerprint matches the first environmental fingerprint; rejecting the access request message if it is determined that the second environment fingerprint does not match the first environment fingerprint; and executing the operation included with the access request message if it is determined that the second environment fingerprint matches the first environment fingerprint.

Citations

17 Claims

1. A method for preventing cross-site request forgery, the method comprising:
- receiving, by a server, local terminal information from a client device, the local terminal information received as part of a request by the client device for a web page hosted by the server;
  
  generating, by the server, a first environment fingerprint of the client device based on the local terminal information, the first environment fingerprint comprising encrypted local terminal information associated with the client device;
  
  receiving, at the server, an access request message, the access request message including an identity of at least one operation to be performed by the server and a second environment fingerprint, the second environment fingerprint generated by the client device;
  
  comparing, by the server, whether the second environment fingerprint matches the first environment fingerprint;
  
  rejecting, by the server, the access request message if the comparison indicates that the second environment fingerprint does not match the first environment fingerprint; and
  
  executing, by the server, the operation included with the access request message if the comparison indicates that the second environment fingerprint matches the first environment fingerprint.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the local terminal information includes at least one of a unique hardware identifier, a unique network identifier, and a unique application identifier.
  - 3. The method of claim 1, wherein the local terminal information includes at least one of a unique hardware identifier, a unique network identifier, and a unique application identifier, and wherein generating the first environment fingerprint further comprises encrypting, by the server, the local terminal information.
  - 4. The method of claim 1 further comprising sending, by the server, the first environment fingerprint to the client device prior to receiving the access request message from the client device.
  - 5. The method of claim 1, wherein before storing a first environment fingerprint associated with a client device the method further comprises receiving, at the server, the first environment fingerprint from the client device.
  - 6. The method of claim 1, wherein storing a first environment fingerprint comprises storing the first environment fingerprint when the client device initially accesses the server.

7. An apparatus for preventing cross-site request forgery, the apparatus comprising:
- a processor; and
  
  a non-transitory memory storing computer-executable instructions therein that, when executed by the processor, cause the apparatus to;
  
  host a web page;
  
  receive local terminal information from a client device, the local terminal information received as part of a request by the client device for the web page;
  
  generating, by the server, a first environment fingerprint of the client device based on the local terminal information, the first environment fingerprint comprising encrypted local terminal information associated with the client device;
  
  receiving, at the server, an access request message, the access request message including an identity of at least one operation to be performed by the server and a second environment fingerprint, the second environment fingerprint generated by the client device;
  
  compare whether the second environment fingerprint matches the first environment fingerprint;
  
  reject the access request message if the comparison indicates that the second environment fingerprint does not match the first environment fingerprint; and
  
  execute the operation included with the access request message if the comparison indicates that the second environment fingerprint matches the first environment fingerprint.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7 wherein the local terminal information includes at least one of a unique hardware identifier, a unique network identifier, and a unique application identifier.
  - 9. The apparatus of claim 7, wherein the local terminal information includes at least one of a unique hardware identifier, a unique network identifier, and a unique application identifier, and wherein the instructions causing the apparatus to generate the first environment fingerprint further comprise instructions causing the apparatus to encrypt the local terminal information.
  - 10. The apparatus of claim 7 wherein the computer-executable instructions further cause the apparatus to send the first environment fingerprint to the client device prior to receiving an access request message from the client device.
  - 11. The apparatus of claim 7, wherein before executing the instructions to store a first environment fingerprint associated with a client device, the computer-executable instructions further cause the apparatus to receive, at the server, the first environment fingerprint from the client device.
  - 12. The apparatus of claim 7, wherein storing an environment fingerprint comprises storing the first environment fingerprint when a client device initially accesses the server.

13. A non-transitory computer readable storage medium tangibly storing computer program instructions that are executed by a computer processor, the computer program instructions defining the steps of:
- hosting, by a processor, a web page;
  
  receiving, by the processor, local terminal information from a client device, the local terminal information received as part of a request by the client device for the web page;
  
  generating, by the processor, a first environment fingerprint of the client device based on the local terminal information, the first environment fingerprint comprising encrypted local terminal information associated with the client device;
  
  receiving, by the processor, an access request message, the access request message including an identity of at least one operation to be performed by the server and a second environment fingerprint, the second environment fingerprint generated by the client device;
  
  comparing, by the processor, whether the second environment fingerprint matches the first environment fingerprint;
  
  rejecting, by the processor, the access request message if the comparison indicates that the second environment fingerprint does not match the first environment fingerprint; and
  
  executing, by the processor, the operation included with the access request message if the comparison indicates that the second environment fingerprint matches the first environment fingerprint.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The medium of claim 13 wherein the local terminal information includes at least one of a unique hardware identifier, a unique network identifier, and a unique application identifier.
  - 15. The medium of claim 13, wherein the local terminal information includes at least one of a unique hardware identifier, a unique network identifier, and a unique application identifier, and wherein generating the first environment fingerprint further comprises encrypting, by the processor, the local terminal information.
  - 16. The medium of claim 13, the medium further comprises computer program instructions defining steps to be executed before executing the instructions to store a first environment fingerprint associated with a client device, the further steps including the step of receiving, by the processor, the first environment fingerprint from the client device.
  - 17. The medium of claim 13, wherein the instructions defining the steps of storing a first environment fingerprint associated with a client device further comprises instructions to store the first environment fingerprint when a client device initially accesses the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced Nova Technologies Holding Pte Limited
Original Assignee
Alibaba Group Holding Ltd.
Inventors
Long, Bin
Primary Examiner(s)
Patel, Haresh N

Application Number

US15/271,951
Publication Number

US 20170085567A1
Time in Patent Office

1,091 Days
Field of Search

726 6
US Class Current
CPC Class Codes

H04L 63/0876   based on the identity of th...

H04L 63/1483   service impersonation, e.g....

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/562   Brokering proxy services

Preventing cross-site request forgery using environment fingerprints of a client device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing cross-site request forgery using environment fingerprints of a client device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links