公开(公告)号：US09576301B1

公开(公告)日：2017-02-21

申请号：US14042566

申请日：2013-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Ram Sripracha ,  Dominique Imjya Brezinski

IPC: G06Q99/00 ,  G06Q30/02 ,  G06F21/10 ,  G06F21/00 ,  G06F21/50

CPC classification number: G06Q30/0273 ,  G06F21/00 ,  G06F21/10 ,  G06F21/44 ,  G06F21/50 ,  G06F2221/2119 ,  G06Q30/0241

Abstract: Methods and systems for framing detection are disclosed. A web page comprising a child frame is generated. The child frame comprises an instruction to load a component from a merchant. The child frame comprises a header option restricting a loading of the component from within a parent frame associated with a domain external to the merchant. The web page is sent from the merchant to a client browser. It is determined that the web page is loaded within the parent frame in the client browser if a request for the component is not received by the merchant. It is determined that the web page is not loaded within the parent frame in the client browser if a request for the component is received by the merchant.

Abstract translation: 公开了用于框架检测的方法和系统。 生成包括子帧的网页。 子帧包括从商家加载组件的指令。 子帧包括报头选项，该报头选项限制从与商户外部的域相关联的父帧内的组件的加载。 该网页从商家发送到客户端浏览器。 如果商家没有接收到该组件的请求，则确定该网页被加载到客户端浏览器中的父帧内。 如果商家接收到组件的请求，则确定该网页未被加载到客户端浏览器中的父帧内。

公开(公告)号：US09332027B1

公开(公告)日：2016-05-03

申请号：US14680432

申请日：2015-04-07

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Ram Sripracha

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  G06F17/30899 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/10 ,  H04L63/168 ,  H04L63/20

Abstract: A web browser may implement a single origin policy that makes an exception for media files such as markup language image files. In cases where the delivery of data to a browser may be blocked by a single origin policy, such as where the data originates from a domain other than the domain that originates the initially presented content, the data may be encoded in one or more media files, such as images, to circumvent the single origin policy. The data may be encoded using height and width dimensions, pixel colors, transparencies, or other characteristics of the media file(s). The media file(s) may be sent to the browser and decoded to access the data.

Abstract translation: Web浏览器可以实现一个单一的源策略，这些媒体文件例如标记语言图像文件。 在传送到浏览器的数据可能被单个来源策略阻止的情况下，例如数据源自不同于始发地呈现的内容的域的域，数据可以被编码在一个或多个媒体文件中 ，如图像，以规避单一来源政策。 可以使用高度和宽度尺寸，像素颜色，透明度或媒体文件的其他特征来对数据进行编码。 可以将媒体文件发送到浏览器并进行解码以访问数据。

公开(公告)号：US09009826B1

公开(公告)日：2015-04-14

申请号：US13973813

申请日：2013-08-22

Applicant: Amazon Technologies, Inc.

Inventor： Ram Sripracha

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  G06F17/30899 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/10 ,  H04L63/168 ,  H04L63/20

Abstract: A single origin policy of a web browser includes an exception for images, such as markup language image files. Data may be encoded using the height and width dimensions, pixel colors or transparencies, or other parameters defining one or more images. Such images may be sent to device and accepted by the web browser, and decoded to construct the underlying data. A single origin policy may be circumvented during authenticated access sessions so that information from various sources may be received by a requesting device.

Abstract translation: Web浏览器的单一起源策略包括图像的异常，例如标记语言图像文件。 可以使用高度和宽度尺寸，像素颜色或透明度或定义一个或多个图像的其他参数对数据进行编码。 这样的图像可以被发送到设备并被web浏览器接受，并被解码以构建底层数据。 在验证的访问会话期间可以绕过单个源策略，以便来自各种来源的信息可以被请求设备接收。