公开(公告)号：US09154570B2

公开(公告)日：2015-10-06

申请号：US13306394

申请日：2011-11-29

申请人： Dikran S. Meliksetian ,  Gang Niu ,  Qiang G. Tong

发明人： Dikran S. Meliksetian ,  Gang Niu ,  Qiang G. Tong

IPC分类号： G06F21/00 ,  G06F12/14 ,  G08B23/00 ,  H04L29/06 ,  H04L29/08

CPC分类号： H04L67/2804 ,  G06F21/00 ,  H04L63/0807 ,  H04L63/1441 ,  H04L67/02

摘要： The disclosure provides a device for preventing CSRF attacks, in which the device provides functions comprising: intercepting request sent from a client browser to a server; generating a token; generating a response to the request; inserting the token into the response to the request; and sending the response to the request to the client browser with the token inserted into the response. With the device of the disclosure, it is assured that a token is inserted into all the requests made by a user through a client browser for accessing a resource. And it can be assured that the request is issued by the user himself by verifying whether the token in the request is valid, thereby preventing a CSRF attack.

摘要翻译： 本公开提供了一种用于防止CSRF攻击的设备，其中该设备提供功能，包括：拦截从客户端浏览器发送到服务器的请求; 产生令牌; 产生对请求的响应; 将令牌插入到请求的响应中; 并将令牌的响应发送到客户端浏览器，并将令牌插入到响应中。 利用本公开的设备，确保令牌被插入到用户通过客户端浏览器进行的用于访问资源的所有请求中。 并且可以确保请求由用户自己通过验证请求中的令牌是否有效，从而防止CSRF攻击。