公开(公告)号：US20180367306A1

公开(公告)日：2018-12-20

申请号：US15622834

申请日：2017-06-14

Applicant: eBay Inc.

Inventor： Anand Baldeodas Bahety ,  Nebojsa Pesic ,  Mallikarjuna Potta

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06 ,  G06Q30/06

Abstract: A system, method, and computer program product are provided for securing authorization tokens using client instance specific secrets. Tokens are valid for service requests only if time constraints and additional security constraints are met by additional information stored in the token in hashed form. A required comparison of a timestamp in a client service request header to the current server time limits the useful token life, e.g., to a few minutes. The service request header also includes data generated based on a secret previously assigned to a specific client instance. The secret may be generated by the server according to a public/private key scheme and sent to a particular client instance only once, e.g., during initial device registration. The secret may be omitted from service requests for public information. Service request headers may include device identifiers, so that service requests from known rogue clients may be ignored.

公开(公告)号：US11615201B2

公开(公告)日：2023-03-28

申请号：US16716639

申请日：2019-12-17

Applicant: eBay Inc.

Inventor： Snezana Sahter ,  Arumugam Alwarappan ,  Mahendar Madhavan ,  Mallikarjuna Potta

IPC: G06F16/22 ,  G06F21/62 ,  H04L9/40 ,  G06F16/28

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

公开(公告)号：US10972273B2

公开(公告)日：2021-04-06

申请号：US15622834

申请日：2017-06-14

Applicant: eBay Inc.

Inventor： Anand Baldeodas Bahety ,  Nebojsa Pesic ,  Mallikarjuna Potta

IPC: H04L9/32 ,  G06Q20/40 ,  H04L29/06 ,  G06Q20/38 ,  G06Q30/06 ,  H04L9/08

Abstract: A system, method, and computer program product are provided for securing authorization tokens using client instance specific secrets. Tokens are valid for service requests only if time constraints and additional security constraints are met by additional information stored in the token in hashed form. A required comparison of a timestamp in a client service request header to the current server time limits the useful token life, e.g., to a few minutes. The service request header also includes data generated based on a secret previously assigned to a specific client instance. The secret may be generated by the server according to a public/private key scheme and sent to a particular client instance only once, e.g., during initial device registration. The secret may be omitted from service requests for public information. Service request headers may include device identifiers, so that service requests from known rogue clients may be ignored.

公开(公告)号：US20180314848A1

公开(公告)日：2018-11-01

申请号：US16027600

申请日：2018-07-05

Applicant: eBay Inc.

Inventor： Snezana Sahter ,  Arumugam Alwarappan ,  Mahendar Madhavan ,  Mallikarjuna Potta

IPC: G06F21/62 ,  H04L29/06 ,  G06F17/30

CPC classification number: G06F21/6227 ,  G06F16/22 ,  G06F16/284 ,  G06F21/6245 ,  G06F21/6254 ,  H04L63/0209 ,  H04L63/102

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

公开(公告)号：US20180129820A1

公开(公告)日：2018-05-10

申请号：US15345808

申请日：2016-11-08

Applicant: eBay Inc.

Inventor： Snezana Sahter ,  Arumugam Alwarappan ,  Mahendar Madhavan ,  Mallikarjuna Potta

IPC: G06F21/62 ,  H04L29/06

CPC classification number: G06F21/6227 ,  G06F17/30312 ,  G06F17/30595 ,  G06F21/6245 ,  G06F21/6254 ,  H04L63/0209 ,  H04L63/102

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

公开(公告)号：US10528755B2

公开(公告)日：2020-01-07

申请号：US16027600

申请日：2018-07-05

Applicant: eBay Inc.

Inventor： Snezana Sahter ,  Arumugam Alwarappan ,  Mahendar Madhavan ,  Mallikarjuna Potta

IPC: G06F21/00 ,  G06F15/16 ,  G06F21/62 ,  G06F16/22 ,  H04L29/06 ,  G06F16/28

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

公开(公告)号：US10043031B2

公开(公告)日：2018-08-07

申请号：US15345808

申请日：2016-11-08

Applicant: eBay Inc.

Inventor： Snezana Sahter ,  Arumugam Alwarappan ,  Mahendar Madhavan ,  Mallikarjuna Potta

IPC: H04L29/06 ,  G06F21/62

Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

公开(公告)号：US20170230184A1

公开(公告)日：2017-08-10

申请号：US15348301

申请日：2016-11-10

Applicant: eBay Inc.

Inventor： Arumugam Alwarappan ,  Mallikarjuna Potta ,  Snezana Sahter ,  Madhu Chetuparambil

IPC: H04L9/32 ,  H04L9/06 ,  H04L29/06

CPC classification number: H04L9/3247 ,  G06F21/34 ,  G06F21/73 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L63/0876 ,  H04L2209/72 ,  H04W12/00512

Abstract: In one example embodiment, a system for registering an application installable on a client device is provided. The system comprises processors and a memory storing instructions that, when executed by at least one processor among the processors, cause the system to perform operations comprising, at least, registering the application at a consumer registry service; receiving, in association with a client device ID, a public key of a public-private key pair generated by the consumer registry service, the private key of the public-private key pair stored at a device management service; publishing the application, having the public key and associated client device ID, to an application store; and based on a user installation of the published application onto the client device, communicating with the installed application.