Scrambling HTML to prevent CSRF attacks and transactional crimeware attacks
First Claim
1. A method for preventing an unauthorized activity including a transaction in a web site comprising the steps of:
- a. detecting a submission of a first request from the client'"'"'s browser to said site;
b. redirecting, by the redirector, said first request to the traffic processor for monitoring said first request;
c. forwarding said first request from said traffic processor to said site;
d. receiving a response containing at least one HTML page, from said site, by said traffic processor;
e. modifying said response by obfuscating said at least one HTML page of said response;
f. storing de-obfuscation information in a transaction table;
g. forwarding the modified response from said traffic processor to said browser;
h. redirecting a second request from said browser to said traffic processor by said redirector;
i. checking said second request for an unauthorized command;
j. de-obfuscating said second request using the stored information in said transaction table; and
k. forwarding the modified second request to said site.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a method for preventing an unauthorized activity including a transaction in a web site comprising the steps of: (a) receiving a response containing at least one HTML page, from said site, by the traffic processor; (b) modifying said response by obfuscating said at least one HTML page of said response; (c) storing de-obfuscation information in a transaction table; (d) forwarding the modified response from said traffic processor to the client'"'"'s browser; (e) redirecting a request from said browser to the traffic processor, by the redirector; (f) checking said request for an unauthorized command; (g) de-obfuscating said request using the stored information in said transaction table; and (h) forwarding the modified request to said site.
-
Citations
14 Claims
-
1. A method for preventing an unauthorized activity including a transaction in a web site comprising the steps of:
-
a. detecting a submission of a first request from the client'"'"'s browser to said site; b. redirecting, by the redirector, said first request to the traffic processor for monitoring said first request; c. forwarding said first request from said traffic processor to said site; d. receiving a response containing at least one HTML page, from said site, by said traffic processor; e. modifying said response by obfuscating said at least one HTML page of said response; f. storing de-obfuscation information in a transaction table; g. forwarding the modified response from said traffic processor to said browser; h. redirecting a second request from said browser to said traffic processor by said redirector; i. checking said second request for an unauthorized command; j. de-obfuscating said second request using the stored information in said transaction table; and k. forwarding the modified second request to said site. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for preventing an unauthorized activity including a transaction in a web site comprising the steps of:
-
a. receiving a response containing at least one HTML page, from said site, by the traffic processor; b. modifying said response by obfuscating said at least one HTML page of said response; c. storing de-obfuscation information in a transaction table; d. forwarding the modified response from said traffic processor to the client'"'"'s browser; e. redirecting a request from said browser to said traffic processor by the redirector; f checking said request for an unauthorized command; g. de-obfuscating said request using the stored information in said transaction table; and h. forwarding the modified request to said site.
-
-
9. A method for preventing an unauthorized activity including a transaction in a web site comprising the steps of:
-
a. redirecting, by the redirector, a first request from the client'"'"'s browser to the traffic processor for monitoring said first request; b. forwarding said first request from said traffic processor to said site; c. receiving a response containing at least one HTML page, from said site, by the traffic processor; d. modifying said response by obfuscating said at least one HTML page of said response; e. storing de-obfuscation information in a transaction table; f forwarding the modified response from said traffic processor to said browser; g. redirecting a second request from said browser to said traffic processor by the redirector; h. checking said second request for an unauthorized command; i. de-obfuscating said second request using the stored information in said transaction table; and j. forwarding the modified second request to said site.
-
-
10. A method for preventing an unauthorized activity including a transaction in a web site comprising the steps of:
-
a. receiving a response containing at least one HTML page, from said site, by the traffic processor; b. modifying said response by obfuscating said at least one HTML page of said response; c. storing de-obfuscation information in a transaction table; d. forwarding the modified response from said traffic processor to the client'"'"'s browser; e. receiving a request from said browser by said traffic processor; f checking said request for an unauthorized command; g. de-obfuscating said request using the stored information in said transaction table; and h. forwarding the modified request to said site. - View Dependent Claims (11, 12, 13, 14)
-
Specification