logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8505106 B1

PDFFull Text
Date of Patent:
Aug. 06, 2013

Filed:

Jun. 30, 2010

Cross site request forgery mitigation in multi-domain integrations

Applicants:

Amit Bhosle, Bellevue, WA (US);

Scott G. Carmack, Bainbridge Island, WA (US);

Dhanvi Harsha Kapila, Seattle, WA (US);

Shilpi Gupta, Bangalore, IN;

Mehul Jain, Bengaluru, IN;

Sachin P. Joglekar, Bothell, WA (US);

Ashish Agrawal, Seattle, WA (US);

Inventors:

Amit Bhosle, Bellevue, WA (US);

Scott G. Carmack, Bainbridge Island, WA (US);

Dhanvi Harsha Kapila, Seattle, WA (US);

Shilpi Gupta, Bangalore, IN;

Mehul Jain, Bengaluru, IN;

Sachin P. Joglekar, Bothell, WA (US);

Ashish Agrawal, Seattle, WA (US);

Assignee:

Amazon Technologies, Inc., Reno, NV (US);

Attorney:

Kilpatrick, Townsend & Stockton, LLP

Primary Examiner:

Evans Desrosiers

Int. Cl.
CPC ...
G06F 17/30 (2006.01); G06F 15/16 (2006.01); H04L 9/32 (2006.01);
U.S. Cl.
CPC ...
Abstract

Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.

Find Patent Forward Citations

Loading…