公开(公告)号：US11784993B2

公开(公告)日：2023-10-10

申请号：US17202871

申请日：2021-03-16

Applicant: Cisco Technology, Inc.

Inventor： Iain Maclachlan Hamilton ,  Kousik Nandy

IPC: H04L9/40 ,  G06F9/54 ,  H04L9/32 ,  H04W12/06

CPC classification number: H04L63/0807 ,  G06F9/547 ,  H04L9/3213 ,  H04L63/029 ,  H04L63/0853 ,  H04W12/06

Abstract: Techniques are described for providing an application programming interface (API) architecture that is capable of supporting cross-site request forgery (CSRF) protection with an attribute flag in a cookie, for client devices that utilize a stateless user session to interface with an API gateway. A client device may transmit session requests received by an API gateway. The API gateway may generate a session, and a cookie including session properties associated with the session. The cookie may further include the attribute flag associated with a CSRF token. By transmitting the cookie with the attribute flag to the client device, the client device may receive and insert the cookie into subsequent requests to indicate a requirement that the subsequent requests be accompanied by the CSRF token. In this way, the API gateway may utilize the attribute flag indicating the requirement for the CSRF token to protect the client device from malicious attacks.

公开(公告)号：US20220191193A1

公开(公告)日：2022-06-16

申请号：US17202871

申请日：2021-03-16

Applicant: Cisco Technology, Inc.

Inventor： Iain Maclachlan Hamilton ,  Kousik Nandy

IPC: H04L29/06 ,  G06F9/54

Abstract: Techniques are described for providing an application programming interface (API) architecture that is capable of supporting cross-site request forgery (CSRF) protection with an attribute flag in a cookie, for client devices that utilize a stateless user session to interface with an API gateway. A client device may transmit session requests received by an API gateway. The API gateway may generate a session, and a cookie including session properties associated with the session. The cookie may further include the attribute flag associated with a CSRF token. By transmitting the cookie with the attribute flag to the client device, the client device may receive and insert the cookie into subsequent requests to indicate a requirement that the subsequent requests be accompanied by the CSRF token. In this way, the API gateway may utilize the attribute flag indicating the requirement for the CSRF token to protect the client device from malicious attacks.