公开(公告)号：US20170104764A1

公开(公告)日：2017-04-13

申请号：US14881316

申请日：2015-10-13

Applicant: Yahoo!, Inc.

Inventor： Binu Ramakrishnan

IPC: H04L29/06 ,  G06F3/0484 ,  G06F17/24

CPC classification number: H04L63/123 ,  G06F17/243 ,  G06F21/31 ,  G06F21/44 ,  G06F2221/2119 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/126 ,  H04L63/1483

Abstract: As provided herein, a user of a client device may navigate to a webpage using a browser. A browser window, populated with a verification image and/or details about the webpage, is generated and presented to the user. The verification image and/or details about the webpage differentiate a browser window generated by the browser, from the webpage, from a browser window generated by a malicious user. The browser window comprises a login box into which credentials for logging into the user account may be entered. Responsive to the user entering correct credentials into the login box and selecting a submit option based upon recognition of the verification image, the browser window may be submitted to a server and the user may be presented with a window comprising access to the user account.

公开(公告)号：US20160277421A1

公开(公告)日：2016-09-22

申请号：US14969847

申请日：2015-12-15

Applicant: Yahoo! Inc.

Inventor： Maria Eugenia Tornos Lahoz ,  Anna Chu-Sumida ,  Nikunj Koolar ,  Peter Chan ,  Aditi Sinha Gundlapalli ,  Surajit Dutta ,  Binu Ramakrishnan ,  Venkatesh Dharmar

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/126 ,  G06F21/6245 ,  G06F21/6263 ,  G06Q20/382 ,  G06Q20/3821 ,  G06Q30/0613 ,  H04L63/04 ,  H04L63/102

Abstract: Methods and systems for receiving sensitive information include receiving a request for entering sensitive information, the request received from a user interface rendered on a client device. The methods and systems rely upon nested iframes, each of which is hosted by a different server. An inner iframe is hosted by a server within a secure zone, such as a digital vault. A middle iframe is hosted within the secure zone and is invoked by an intermediate server. An outer iframe is hosted by a server that provides the user interface. The server that provides the user interface may be hosted by a cloud service provider, for example. Using the nested iframes and the network topology described in the present disclosure, users are able to exchange sensitive information with a server within the secure zone through a user interface provided outside the secure zone.

Abstract translation: 用于接收敏感信息的方法和系统包括接收从客户端设备上呈现的用户界面接收的请求，用于输入敏感信息。 方法和系统依赖于嵌套iframe，每个iframe都由不同的服务器托管。 内部iframe由安全区域内的服务器（如数字保险库）托管。 中间iframe驻留在安全区域内，由中间服务器调用。 外部iframe由提供用户界面的服务器托管。 提供用户界面的服务器可以由例如云服务提供商托管。 使用本公开中描述的嵌套式iframe和网络拓扑，用户能够通过设置在安全区域之外的用户界面与安全区域内的服务器交换敏感信息。

公开(公告)号：US20160323309A1

公开(公告)日：2016-11-03

申请号：US14700456

申请日：2015-04-30

Applicant: Yahoo! Inc.

Inventor： Vibha Sethi ,  Binu Ramakrishnan ,  Christopher Harrell

IPC: H04L29/06 ,  G06F17/30 ,  H04L29/08

Abstract: The present teaching relates to blocking malicious third party site tagging using content security policy (CSP). A request to access a web page is first received for obtaining a page resource associated with the web page. One or more tags are further added to the page resource, and one or more tag sources corresponding to the one or more tags are interpreted. Based on the one or more tag sources, at least one content security policy is constructed and enforced on the page resource. The web page is presented to the user with whitelisted tags in accordance with the enforced at least one content security policy.

Abstract translation: 本教程涉及使用内容安全策略（CSP）阻止恶意第三方站点标记。 首先接收访问网页的请求以获得与网页相关联的页面资源。 将一个或多个标签进一步添加到页面资源中，并且解释与一个或多个标签对应的一个或多个标签源。 基于一个或多个标签源，在页面资源上构建和实施至少一个内容安全策略。 根据强制执行的至少一个内容安全策略，该网页被呈现给具有白名单标签的用户。

公开(公告)号：US09781132B2

公开(公告)日：2017-10-03

申请号：US14881316

申请日：2015-10-13

Applicant: Yahoo!, Inc.

Inventor： Binu Ramakrishnan

IPC: H04L29/06 ,  G06F17/24

CPC classification number: H04L63/123 ,  G06F17/243 ,  G06F21/31 ,  G06F21/44 ,  G06F2221/2119 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/126 ,  H04L63/1483

Abstract: As provided herein, a user of a client device may navigate to a webpage using a browser. A browser window, populated with a verification image and/or details about the webpage, is generated and presented to the user. The verification image and/or details about the webpage differentiate a browser window generated by the browser, from the webpage, from a browser window generated by a malicious user. The browser window comprises a login box into which credentials for logging into the user account may be entered. Responsive to the user entering correct credentials into the login box and selecting a submit option based upon recognition of the verification image, the browser window may be submitted to a server and the user may be presented with a window comprising access to the user account.

公开(公告)号：US09251372B1

公开(公告)日：2016-02-02

申请号：US14794733

申请日：2015-07-08

Applicant: Yahoo! Inc.

Inventor： Maria Eugenia Tornos Lahoz ,  Anna Chu-Sumida ,  Nikunj Koolar ,  Peter Chan ,  Aditi Sinha Gundlapalli ,  Surajit Dutta ,  Binu Ramakrishnan ,  Venkatesh Dharmar

IPC: G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  H04L29/06 ,  H04L9/32 ,  G06F21/62 ,  G06Q20/38

CPC classification number: H04L63/126 ,  G06F21/6245 ,  G06F21/6263 ,  G06Q20/382 ,  G06Q20/3821 ,  G06Q30/0613 ,  H04L63/04 ,  H04L63/102

Abstract: Methods and systems for receiving sensitive information include receiving a request for entering sensitive information, the request received from a user interface rendered on a client device. The methods and systems rely upon nested iframes, each of which is hosted by a different server. An inner iframe is hosted by a server within a secure zone, such as a digital vault. A middle iframe is hosted within the secure zone and is invoked by an intermediate server. An outer iframe is hosted by a server that provides the user interface. The server that provides the user interface may be hosted by a cloud service provider, for example. Using the nested iframes and the network topology described in the present disclosure, users are able to exchange sensitive information with a server within the secure zone through a user interface provided outside the secure zone.

Abstract translation: 用于接收敏感信息的方法和系统包括接收从客户端设备上呈现的用户界面接收的请求，用于输入敏感信息。 方法和系统依赖于嵌套iframe，每个iframe都由不同的服务器托管。 内部iframe由安全区域内的服务器（如数字保险库）托管。 中间iframe驻留在安全区域内，由中间服务器调用。 外部iframe由提供用户界面的服务器托管。 提供用户界面的服务器可以由例如云服务提供商托管。 使用本公开中描述的嵌套式iframe和网络拓扑，用户能够通过设置在安全区域之外的用户界面与安全区域内的服务器交换敏感信息。

公开(公告)号：US20160014060A1

公开(公告)日：2016-01-14

申请号：US14329489

申请日：2014-07-11

Applicant: Yahoo! Inc.

Inventor： Sudharsan Vasudevan ,  Mayukh Bhaowal ,  Binu Ramakrishnan ,  Supreeth Rao

IPC: H04L12/58

CPC classification number: H04L51/14 ,  H04L51/32

Abstract: Techniques are provided that include displaying an offer for an interest-based content subscription on an email application Web site, the offer being selectable and displayed in a native format of the email application, and, upon receiving an indication that the offer has been selected by a user, generating an interest-based content subscription without directing a browser application away from the email application Web site. According to some such arrangements, generating the interest-based content subscription may include contacting a third-party Web site associated with the offer, and communicating at least one of an actual identification and a disposable identification of the user to the third-party Web site. The interest-based content subscription may be limited based on at least one of a time duration and a frequency parameter.

Abstract translation: 提供了技术，其包括在电子邮件应用程序网站上显示基于兴趣的内容订阅的提议，该提议是可选择的并且以电子邮件应用的本机格式显示，并且在接收到通过以下方式选择了该提议的指示 用户，生成基于兴趣的内容订阅，而不指示浏览器应用远离电子邮件应用程序网站。 根据一些这样的安排，生成基于兴趣的内容订阅可以包括联系与提供相关联的第三方网站，并将用户的实际标识和一次性标识中的至少一个传达到第三方网站 。 基于兴趣的内容订阅可以基于持续时间和频率参数中的至少一个来限制。