The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 01, 2014
Filed:
Oct. 20, 2011
Eric J. Martin, Bainbridge Island, WA (US);
Jesper M. Johansson, Woodinville, WA (US);
Eric J. Martin, Bainbridge Island, WA (US);
Jesper M. Johansson, Woodinville, WA (US);
Amazon Technologies, Inc., Reno, NV (US);
Abstract
Cross Site Request Forgery (CSRF) and other types of fraudulent submission in an electronic environment can be mitigated using state information that typically is already maintained for various users. Each submission requiring authentication includes a state identifier (ID). The state ID is compared to corresponding a state ID submitted in a relatively secure format, such as in a secure token or cookie. If the state ID matches a state ID in the secure token received from the user, and the state ID is valid, the submission is processed. Otherwise an interstitial page, including the state ID and a secure token, is generated to prompt the user to confirm the submission. A subsequent confirmation submission will contain the proper state ID and the new cookie, and can be processed. If no confirmation is received from the user with a valid state ID, the submission is not processed.