专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08914881B2 Flexible and secure clickjacking protection mechanism 有权
标题翻译：灵活安全的劫持机制
公开(公告)号：US08914881B2
公开(公告)日：2014-12-16
申请号：US13563568
申请日：2012-07-31
申请人： Sebastian Lekies , Martin Johns
发明人： Sebastian Lekies , Martin Johns
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/51 , H04L63/1466 , H04L67/02
摘要： Methods, systems, and computer-readable storage media for preventing a clickjacking attack on a web page. Implementations include inhibiting rendering of content of the web page, receiving a message from an embedding web page, the embedding web page having called the web page, the message including metadata, and determining whether the embedding web page is trusted based on the metadata, wherein rendering of content of the web page remains inhibited if the embedding web page is untrusted, and rendering of content of the web page is executed if the embedding web page is trusted.
摘要翻译：用于防止网页上的劫持攻击的方法，系统和计算机可读存储介质。实现包括禁止呈现网页的内容，从嵌入网页接收消息，已经调用网页的嵌入网页，包括元数据的消息，以及基于元数据确定嵌入网页是否被信任，其中如果嵌入的网页不受信任，则网页的内容的呈现保持不变，并且如果嵌入的网页被信任，则执行网页的内容的呈现。

2. 发明申请

US20140041023A1 FLEXIBLE AND SECURE CLICKJACKING PROTECTION MECHANISM 有权
标题翻译：灵活安全的点击保护机制
公开(公告)号：US20140041023A1
公开(公告)日：2014-02-06
申请号：US13563568
申请日：2012-07-31
申请人： Sebastian Lekies , Martin Johns
发明人： Sebastian Lekies , Martin Johns
IPC分类号： G06F21/00
CPC分类号： G06F21/51 , H04L63/1466 , H04L67/02
摘要： Methods, systems, and computer-readable storage media for preventing a clickjacking attack on a web page. Implementations include inhibiting rendering of content of the web page, receiving a message from an embedding web page, the embedding web page having called the web page, the message including metadata, and determining whether the embedding web page is trusted based on the metadata, wherein rendering of content of the web page remains inhibited if the embedding web page is untrusted, and rendering of content of the web page is executed if the embedding web page is trusted.
摘要翻译：用于防止网页上的劫持攻击的方法，系统和计算机可读存储介质。实现包括禁止呈现网页的内容，从嵌入网页接收消息，已经调用网页的嵌入网页，包括元数据的消息，以及基于元数据确定嵌入网页是否被信任，其中如果嵌入的网页不受信任，则网页的内容的呈现保持不变，并且如果嵌入的网页被信任，则执行网页的内容的呈现。

3. 发明授权

US09805203B2 Cooperative static and dynamic analysis of web application code for finding security vulnerabilities 有权
公开(公告)号：US09805203B2
公开(公告)日：2017-10-31
申请号：US14692003
申请日：2015-04-21
申请人： Martin Johns , Sebastian Lekies , Benjamin Raethlein
发明人： Martin Johns , Sebastian Lekies , Benjamin Raethlein
IPC分类号： G08B23/00 , G06F12/16 , G06F12/14 , G06F11/00 , G06F21/57 , G06F21/14
CPC分类号： G06F21/577 , G06F21/14 , G06F2221/033
摘要： Implementations of the present disclosure include methods, systems, and computer-readable storage media for receiving, by a SSCA module of a server, source code data based on one or more web pages of a website, analyzing, by the SSCA module, the source code data using static analysis to provide initial results, the initial results including identifiers respectively assigned to one or more variables provided in the source code data, transmitting, by the SSCA module, a request to the website through a proxy server, the request being based on the initial results, the proxy server receiving a response and transmitting a rewritten response to a DSCA module executed on a client, receiving, by the SSCA module, updated source code data from the DSCA module, the updated source code data being provided based on the rewritten response, and updating, by the SSCA module, the initial results based on the updated source code data.

4. 发明授权

US09300687B2 Managing access to secured content 有权
标题翻译：管理对安全内容的访问
公开(公告)号：US09300687B2
公开(公告)日：2016-03-29
申请号：US13959951
申请日：2013-08-06
申请人： Martin Johns , Sebastian Lekies
发明人： Martin Johns , Sebastian Lekies
IPC分类号： H04L29/06 , H04W12/08 , H04L29/12
CPC分类号： H04L63/1483 , H04L61/1511 , H04L63/10 , H04W12/08
摘要： Techniques for preventing unauthorized access to protected network resources include accessing, from a client appliance connected in a distributed network, a computing appliance through the world wide web, the computing appliance including a DNS server addressed by a particular domain name; receiving, from the computing appliance, a portion of code at the client appliance through a web browser of the client appliance, receiving, to a server appliance connected in the distributed network, a request to access secure content stored on the server appliance by the portion of code; comparing the domain name of the DNS server with a server-origin of the secure content; and based on the domain name of the DNS server being exclusive of a set of server-origin values that includes the server-origin, denying access to the request.
摘要翻译：防止未经授权访问受保护网络资源的技术包括通过万维网从连接在分布式网络中的客户端设备访问计算设备，所述计算设备包括由特定域名寻址的DNS服务器; 通过所述客户端设备的web浏览器从所述计算设备接收所述客户端设备上的一部分代码;将在所述分布式网络中连接的服务器设备接收到访问所述服务器设备上存储的安全内容的请求的代码; 将DNS服务器的域名与安全内容的服务器起始进行比较; 并且基于DNS服务器的域名不包括包含服务器源的一组服务器原始值，拒绝对该请求的访问。

5. 发明授权

US09231975B2 Safe script templating to provide reliable protection against attacks 有权
标题翻译：安全脚本模板，提供可靠的攻击防护
公开(公告)号：US09231975B2
公开(公告)日：2016-01-05
申请号：US13928872
申请日：2013-06-27
申请人： Martin Johns
发明人： Martin Johns
IPC分类号： H04L29/06 , G06F21/52
CPC分类号： H04L63/20 , G06F21/51 , G06F21/52 , G06F2221/2119 , H04L63/1466 , H04L63/168
摘要： Methods, systems, and computer-readable storage media for inhibiting cross-site scripting (XSS) attacks, where actions include receiving a computer-readable document that provides a content security policy (CSP) for a website and an extension to the CSP, the CSP specifying allowed script checksums, each allowed script checksum being associated with a script that is allowed to be executed, the extension requiring comparison of script checksums before respective scripts can be executed, receiving script templates and a value list, calculating an expected script checksum for each script template to provide respective expected script checksums, comparing the expected script checksums to the allowed script checksums, and determining that at least one expected script checksum matches an allowed script checksum, and in response, executing a respective script that corresponds to the at least one expected script checksum.
摘要翻译：用于抑制跨站点脚本（XSS）攻击的方法，系统和计算机可读存储介质，其中动作包括接收为网站提供内容安全策略（CSP）和对CSP的扩展的计算机可读文档， CSP指定允许的脚本校验和，每个允许的脚本校验和与允许执行的脚本相关联，扩展需要在执行相应脚本之前比较脚本校验和，接收脚本模板和值列表，计算预期的脚本校验和每个脚本模板提供相应的预期脚本校验和，将预期的脚本校验和与允许的脚本校验和进行比较，并且确定至少一个期望的脚本校验和与允许的脚本校验和匹配，并作为响应，执行至少对应于该至少一个预期的脚本校验和。

6. 发明申请

US20140101446A1 SECURE CLIENT-SIDE KEY STORAGE FOR WEB APPLICATIONS 有权
标题翻译： WEB应用程序的安全客户端密钥存储
公开(公告)号：US20140101446A1
公开(公告)日：2014-04-10
申请号：US13647593
申请日：2012-10-09
申请人： Sebastian Lekies , Martin Johns
发明人： Sebastian Lekies , Martin Johns
IPC分类号： H04L9/32
CPC分类号： H04L63/0869 , H04L9/3226 , H04L9/3236 , H04L9/3273
摘要： Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for secure client-side key storage for authentication tracking. Implementations include actions of determining, at a browser executed on a client-side computing device, that an application is authentic, the application being executed on a server-side computing device, in response to determining that the application is authentic, receiving a session signing key (SSK) at a sub-domain of an application domain, the sub-domain including a static script that handles the SSK and that selectively provides request signatures, receiving, at the sub-domain, a message requesting a request signature, determining that the message originated from an authentic origin, and in response to determining that the message originated from an authentic origin, providing a request signature to a source of the message, the request signature being based on the SSK.
摘要翻译：本公开的实现包括用于用于认证跟踪的用于安全的客户端密钥存储的方法，系统和计算机可读存储介质。实施包括响应于确定应用是真实的，确定在客户端计算设备上执行的浏览器应用是真实的，所述应用正在服务器侧计算设备上执行的操作，接收会话签名密钥（SSK），子域包括处理SSK的静态脚本，并且选择性地提供请求签名，在子域处接收请求签名的消息，确定该密钥所述消息源自真实来源，并且响应于确定所述消息来自真实来源，向所述消息的源提供请求签名，所述请求签名基于所述SSK。

7. 发明授权

US08694784B1 Secure client-side key storage for web applications 有权
标题翻译：为Web应用程序提供安全的客户端密钥存储
公开(公告)号：US08694784B1
公开(公告)日：2014-04-08
申请号：US13647593
申请日：2012-10-09
申请人： Sebastian Lekies , Martin Johns
发明人： Sebastian Lekies , Martin Johns
IPC分类号： H04L9/32
CPC分类号： H04L63/0869 , H04L9/3226 , H04L9/3236 , H04L9/3273
摘要： Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for secure client-side key storage for authentication tracking. Implementations include actions of determining, at a browser executed on a client-side computing device, that an application is authentic, the application being executed on a server-side computing device, in response to determining that the application is authentic, receiving a session signing key (SSK) at a sub-domain of an application domain, the sub-domain including a static script that handles the SSK and that selectively provides request signatures, receiving, at the sub-domain, a message requesting a request signature, determining that the message originated from an authentic origin, and in response to determining that the message originated from an authentic origin, providing a request signature to a source of the message, the request signature being based on the SSK.
摘要翻译：本公开的实现包括用于用于认证跟踪的用于安全的客户端密钥存储的方法，系统和计算机可读存储介质。实施包括响应于确定应用是真实的，确定在客户端计算设备上执行的浏览器应用是真实的，所述应用正在服务器侧计算设备上执行的操作，接收会话签名密钥（SSK），子域包括处理SSK的静态脚本，并且选择性地提供请求签名，在子域处接收请求签名的消息，确定该密钥所述消息源自真实来源，并且响应于确定所述消息来自真实来源，向所述消息的源提供请求签名，所述请求签名基于所述SSK。

8. 发明申请

US20160314301A1 Cooperative Static and Dynamic Analysis of Web Application Code for Finding Security Vulnerabilities 有权
标题翻译：用于查找安全漏洞的Web应用程序代码的协作静态和动态分析
公开(公告)号：US20160314301A1
公开(公告)日：2016-10-27
申请号：US14692003
申请日：2015-04-21
申请人： Martin Johns , Sebastian Lekies , Benjamin Raethlein
发明人： Martin Johns , Sebastian Lekies , Benjamin Raethlein
IPC分类号： G06F21/57
CPC分类号： G06F21/577 , G06F21/14 , G06F2221/033
摘要： Implementations of the present disclosure include methods, systems, and computer-readable storage media for receiving, by a SSCA module of a server, source code data based on one or more web pages of a website, analyzing, by the SSCA module, the source code data using static analysis to provide initial results, the initial results including identifiers respectively assigned to one or more variables provided in the source code data, transmitting, by the SSCA module, a request to the website through a proxy server, the request being based on the initial results, the proxy server receiving a response and transmitting a rewritten response to a DSCA module executed on a client, receiving, by the SSCA module, updated source code data from the DSCA module, the updated source code data being provided based on the rewritten response, and updating, by the SSCA module, the initial results based on the updated source code data.
摘要翻译：本公开的实现包括用于由服务器的SSCA模块接收基于网站的一个或多个网页的源代码数据的方法，系统和计算机可读存储介质，由SSCA模块分析源代码数据使用静态分析来提供初始结果，初始结果包括分别分配给源代码数据中提供的一个或多个变量的标识符，由SSCA模块通过代理服务器向网站发送请求，所述请求基于在初始结果中，代理服务器接收响应并向客户端上执行的DSCA模块发送重写的响应，由SSCA模块从DSCA模块接收更新的源代码数据，基于重写的响应，并由SSCA模块更新基于更新的源代码数据的初始结果。

9. 发明申请

US20130318056A1 Lightweight Integrity Protection for Web Storage-Driven Content Caching 审中-公开
标题翻译：用于Web存储驱动的内容缓存的轻量级完整性保护
公开(公告)号：US20130318056A1
公开(公告)日：2013-11-28
申请号：US13478991
申请日：2012-05-23
申请人： Sebastian Lekies , Martin Johns
发明人： Sebastian Lekies , Martin Johns
IPC分类号： G06F17/30 , G06F15/16
CPC分类号： H04L63/1441 , G06F21/64 , H04L63/123 , H04L63/168
摘要： Methods, systems, and computer-readable storage media for providing integrity protection for web storage-driven content caching. Implementations include receiving a web page from a server, the web page being associated with a script library and one or more items that can be stored in web storage of a web browser executed on a client computing device, each of the one or more items being associated with a pre-determined checksum value, and loading the script library, such that a local storage API is overwritten using a wrapper function, the script library being executable to, in response to a request for an item from web storage, perform operations including: determining a generated checksum value based on the item, and verifying an integrity of the item based on the generated checksum value and a pre-determined checksum value associated with the item.
摘要翻译：方法，系统和计算机可读存储介质，用于为Web存储驱动的内容缓存提供完整性保护。实现包括从服务器接收网页，网页与脚本库相关联，以及可以存储在客户端计算设备上执行的web浏览器的web存储器中的一个或多个项目，所述一个或多个项目是与预定义的校验和值相关联，并且加载脚本库，使得使用包装函数覆盖本地存储API，该脚本库可响应于来自web存储的对项目的请求而执行，执行包括：基于所述项目确定生成的校验和值，以及基于所生成的校验和值和与所述项目相关联的预定的校验和值来验证所述项目的完整性。

10. 发明授权

US09934393B2 Transparent namespace-aware mechanism for encrypted storage of data within web applications 有权
公开(公告)号：US09934393B2
公开(公告)日：2018-04-03
申请号：US14691959
申请日：2015-04-21
申请人： Martin Johns , Sebastian Lekies
发明人： Martin Johns , Sebastian Lekies
IPC分类号： G06F11/30 , G06F21/62
CPC分类号： G06F21/6209
摘要： Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing data security in web applications operating offline, and actions include receiving a request from a user of a web application during offline use of the web application in a web browser, the request implicating a data item, receiving an offline password from the user, decrypting an encrypted offline key to provide an offline key, and selectively using the offline key to process the data item based on a data protection policy stored in storage of the web browser and a protection level assigned to the data item.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式