-
公开(公告)号:US10333936B2
公开(公告)日:2019-06-25
申请号:US15413519
申请日:2017-01-24
Applicant: Box, Inc.
Inventor: Lev Kantorovskiy , Kechen Huang , Nakul Chander , Anil Chaurasia , Benjamin Kus
Abstract: Techniques are described for separating subdomains as part of a secure login process. For example the subdomains can correspond to an enterprise user or personal user accounts, or both. The login process involves responding to a login request with an assertion, such as for example a redirect based assertion, that includes an encrypted data structure with account and user information necessary for identification of the corresponding subdomain. The encrypted data structure includes browser-, IP address, and user-specific information to thwart a cross-site request forgery (CSRF) security vulnerability, among other things.
-
公开(公告)号:US20170093867A1
公开(公告)日:2017-03-30
申请号:US15277451
申请日:2016-09-27
Applicant: Box, Inc.
Inventor: Seena Burns , Nakul Chander , Adelbert Chang , Jonathan Shih-Shuo Fan , Divya Jain , Lev Kantorovskiy , Benjamin John Kus , Justin Peng
IPC: H04L29/06
CPC classification number: H04L63/108 , H04L63/101 , H04L63/102 , H04L63/107
Abstract: Systems and corresponding computer-implemented methods for context-based rule evaluation in an electronic data storage system are described. A request to perform an operation with respect to a resource is received from a client device, with the request including various attributes associated with the client device. At least one set of rules applicable to the operation is identified. The rules can be formed from a combination of primitives arranged to dynamically evaluate attributes associated with the resource and attributes associated with the client device. Based on the evaluation of the rule set(s), an action is identified to be performed with respect to the resource.
-
公开(公告)号:US10432644B2
公开(公告)日:2019-10-01
申请号:US15277451
申请日:2016-09-27
Applicant: Box, Inc.
Inventor: Seena Burns , Nakul Chander , Adelbert Chang , Jonathan Shih-Shuo Fan , Divya Jain , Lev Kantorovskiy , Benjamin John Kus , Justin Peng
IPC: H04L29/06
Abstract: Systems and corresponding computer-implemented methods for context-based rule evaluation in an electronic data storage system are described. A request to perform an operation with respect to a resource is received from a client device, with the request including various attributes associated with the client device. At least one set of rules applicable to the operation is identified. The rules can be formed from a combination of primitives arranged to dynamically evaluate attributes associated with the resource and attributes associated with the client device. Based on the evaluation of the rule set(s), an action is identified to be performed with respect to the resource.
-
公开(公告)号:US20180212965A1
公开(公告)日:2018-07-26
申请号:US15413519
申请日:2017-01-24
Applicant: Box, Inc.
Inventor: Lev Kantorovskiy , Kechen Huang , Nakul Chander , Anil Chaurasia , Benjamin Kus
IPC: H04L29/06
CPC classification number: H04L63/10 , H04L63/0807 , H04L63/0815 , H04L63/083 , H04L63/0861 , H04L67/02 , H04L67/10 , H04L67/141 , H04L67/146 , H04L67/2814 , H04L67/42
Abstract: Techniques are described for separating subdomains as part of a secure login process. For example the subdomains can correspond to an enterprise user or personal user accounts, or both. The login process involves responding to a login request with an assertion, such as for example a redirect based assertion, that includes an encrypted data structure with account and user information necessary for identification of the corresponding subdomain. The encrypted data structure includes browser-, IP address, and user-specific information to thwart a cross-site request forgery (CSRF) security vulnerability, among other things.
-
-
-
Search Results
4
records
(took 0.011 seconds)
