-
公开(公告)号:US20230353357A1
公开(公告)日:2023-11-02
申请号:US18219144
申请日:2023-07-07
Applicant: eBay Inc.
Inventor: Michael J.T. CHAN , Sean R. EMBRY , Derek A. CHAMORRO , Anuj KAUL , Sahil CHADHA , Nikhil FIRKE
CPC classification number: H04L9/0894 , G06F21/64 , H04L9/08 , H04L9/002 , H04L9/0637 , H04L9/0819 , H04L9/0861 , H04L9/0891 , H04L9/14 , H04L9/30 , H04L9/3247 , H04L9/50
Abstract: Techniques are shown for key management using a traceable key blockchain. A first block corresponding to a cryptographic key is generated on the blockchain, and the first block is securely modified to include metadata describing a key source for the cryptographic key. A second block corresponding to a first key transaction with the cryptographic key is generated on the blockchain, the second block is linked to the first block, and the second block is securely modified to include metadata describing the first key transaction with the cryptographic key.
-
公开(公告)号:US20220014370A1
公开(公告)日:2022-01-13
申请号:US17388873
申请日:2021-07-29
Applicant: eBay Inc.
Inventor: Michael J.T. CHAN , Sean R. EMBRY , Derek A. CHAMORRO , Anuj KAUL , Sahil CHADHA , Nikhil FIRKE
Abstract: Techniques are shown for key management using a traceable key block-chain ledger involving creating a cryptographic key at a key source, generating a key block on a block-chain ledger corresponding to the cryptographic key, and securely modifying the key block to include metadata describing the key source. The techniques also involve performing a first key transaction with the cryptographic key, generating a first transaction block on the block-chain ledger corresponding to the first key transaction with the cryptographic key, linking the first transaction block to the key block and securely modifying the first transaction block to include metadata describing the first key transaction with the cryptographic key.
-
公开(公告)号:US20250030738A1
公开(公告)日:2025-01-23
申请号:US18227089
申请日:2023-07-27
Applicant: eBay Inc.
Inventor: Jonathan KULISZ , SHUTANSHU , Sudip CHAKRABARTY , Srinivas HARIHARAN , Piyush PATTANAYAK , Nishant Kumar DAS PATTANAIK , Anuj KAUL
IPC: H04L9/40
Abstract: Systems and methods dynamically generate content security policy (CSP) headers using CSP definitions having dynamic source values. When a request for a web application is received, a CSP definition corresponding to the web application and having a dynamic source value is retrieved from a repository of CSP definitions. A CSP header is generated based on the CSP definition. The CSP header includes a source value dynamically generated based on the dynamic source value and a domain associated with the requested web application. The CSP header is provided as a response header for the requested web application.
-
公开(公告)号:US20200235926A1
公开(公告)日:2020-07-23
申请号:US16842690
申请日:2020-04-07
Applicant: eBay Inc.
Inventor: Michael J.T. CHAN , Sean R. EMBRY , Derek A. CHAMORRO , Anuj KAUL , Sahil CHADHA , Nikhil FIRKE
Abstract: Techniques are shown for key tracing using a traceable key block-chain ledger involving, in response to detection of an attack on a resource protected by a cryptographic key, retrieving a key block-chain ledger corresponding to the cryptographic key having one or more transaction blocks. Each transaction block corresponds to a key transaction with the cryptographic key and includes metadata describing the key transaction with the cryptographic key. Metadata from the transaction blocks in the key block-chain ledger is used to trace the key transactions of the cryptographic key to a point of attack. A transaction block corresponding to the point of attack is determined and an alert is generated indicating the point of attack with metadata from the transaction block corresponding to the point of attack.
-
公开(公告)号:US20250030747A1
公开(公告)日:2025-01-23
申请号:US18227099
申请日:2023-07-27
Applicant: eBay Inc.
Inventor: Jonathan KULISZ , SHUTANSHU , Sudip CHAKRABARTY , Srinivas HARIHARAN , Piyush PATTANAYAK , Nishant Kumar DAS PATTANAIK , Anuj KAUL
IPC: H04L9/40
Abstract: Systems and methods provide for self-healing content security policies (CSPs). In accordance with some aspects, CSP violation information is received identifying a CSP violation for a CSP header and a violating source for the CSP violation. The violating source for the CSP violation is compared against a list of trusted sources. Based on the comparison, a first trusted source in the list of trusted sources is identified as matching the violating source for the CSP violation. Responsive to identifying the first trusted source as matching the violating source, a CSP definition associated with the CSP header is caused to be updated to include a source value based on the violating source or the first trusted source to provide an updated CSP definition.
-
公开(公告)号:US20190207759A1
公开(公告)日:2019-07-04
申请号:US15858949
申请日:2017-12-29
Applicant: eBay, Inc.
Inventor: Michael J.T. CHAN , Sean R. EMBRY , Derek A. CHAMORRO , Anuj KAUL , Sahil CHADHA , Nikhil FIRKE
CPC classification number: H04L9/0894 , G06F21/64 , H04L9/002 , H04L9/0637 , H04L9/08 , H04L9/0819 , H04L9/0861 , H04L9/0891 , H04L9/14 , H04L9/30 , H04L9/3247 , H04L2209/38
Abstract: Techniques are shown for key management using a traceable key block-chain ledger involving creating a cryptographic key at a key source, generating a genesis block for a key block-chain ledger corresponding to the cryptographic key, and securely modifying the genesis block to include metadata describing the key source. The techniques also involve performing a first key transaction with the cryptographic key, generating a first transaction block corresponding to the first key transaction with the cryptographic key and adding the first transaction block to the key block-chain ledger, and securely modifying the first transaction block to include metadata describing the first key transaction with the cryptographic key.
-
-
-
-
-