公开(公告)号：US09032519B1

公开(公告)日：2015-05-12

申请号：US13663256

申请日：2012-10-29

Applicant: Amazon Technologies, Inc.

Inventor： Brian Evan Maher ,  Sachin Purushottam Joglekar ,  Jesper Mikael Johansson

IPC: G06F11/00 ,  H04L29/06 ,  G06F21/55

CPC classification number: H04L63/08 ,  G06F21/55 ,  H04L29/06 ,  H04L63/123 ,  H04L63/1466 ,  H04L67/02

Abstract: Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to the client. If the web page does not comprise the data integrity token or if the value does not match the expected value, a protective operation is performed.

Abstract translation: 披露了用于保护网站免受跨站脚本影响的方法和系统。 从客户端接收到包括网页元素的网页的请求。 确定网页是否包括网页元素的数据完整性令牌。 还确定数据完整性令牌的值是否与预期值相匹配。 如果网页包括数据完整性令牌，并且如果该值与期望值匹配，则包含网页元素的网页被发送到客户端。 如果网页不包含数据完整性令牌，或者如果该值与预期值不匹配，则执行保护操作。

公开(公告)号：US09015820B1

公开(公告)日：2015-04-21

申请号：US13931613

申请日：2013-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Amit Bhosle ,  Scott G. Carmack ,  Dhanvi Harsha Kapila ,  Shilpi Gupta ,  Mehul Jain ,  Sachin Purushottam Joglekar ,  Ashish Agrawal

IPC: G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  H04L9/32 ,  H04N7/167

CPC classification number: H04L63/08 ,  H04L9/3213 ,  H04L63/0807 ,  H04L63/1441

Abstract: Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.

Abstract translation: 描述用于认证从客户端设备通过第三方内容提供商提交给电子实体的请求的系统和方法。 在一个实施例中，一种方法包括向第三方内容提供者提供可信脚本，将信任令牌传递到第三方内容提供者和客户端设备，以及响应于通过第三方从客户端设备提交的请求 内容提供商，使用传递给客户端设备的令牌验证与请求相关联的信任令牌，以及处理该请求。 可信脚本被配置为在客户端计算设备上显示的第三方网页上创建可信任窗口，通过可信窗口从电子实体接收信任令牌，并将信任令牌与从客户端计算设备提交的请求相关联，通过 电子实体的第三方内容提供商。

公开(公告)号：US09575979B1

公开(公告)日：2017-02-21

申请号：US14107950

申请日：2013-12-16

Applicant: AMAZON TECHNOLOGIES, INC.

Inventor： Jon Arron McClintock ,  Shailendra Batra ,  Thibault Candebat ,  Scott Gerard Carmack ,  Sachin Purushottam Joglekar ,  Alun Mark Jones ,  William Frederick Kruse ,  Narasimha Rao Lakkakula ,  Sunu Aby Mathew

IPC: G06F17/30 ,  G06F21/62

CPC classification number: G06F17/30109 ,  G06F21/604 ,  G06F21/6218 ,  G06F2221/034

Abstract: Techniques are described for automatically determining application composition and application ownership of an application that may include a plurality of files deployed to a plurality of host devices. The determination of application composition may be based on analyzing various types of metadata that may provide evidence of associations between deployed files, such as metadata describing the deployment of files to host devices, metadata describing the files tracked within a source control system, or other types of metadata. The determination of application ownership may also be based on analyzing the various types of metadata that provide evidence of associations between files and individuals or groups of individuals within an organization.

Abstract translation: 描述了用于自动确定应用程序的应用程序组成和应用程序所有权的技术，其中可能包括部署到多个主机设备的多个文件。 应用程序组合的确定可以基于分析可以提供部署文件之间的关联的各种类型的元数据，例如描述向主机设备部署文件的元数据，描述在源控制系统中跟踪的文件的元数据或其他类型 的元数据。 应用程序所有权的确定也可以基于分析各种类型的元数据，这些元数据提供文件与组织内的个人或个人组之间的关联的证据。

公开(公告)号：US09553865B2

公开(公告)日：2017-01-24

申请号：US14709003

申请日：2015-05-11

Applicant: Amazon Technologies, Inc.

Inventor： Brian Evan Maher ,  Sachin Purushottam Joglekar ,  Jesper Mikael Johansson

IPC: G06F11/00 ,  H04L29/06 ,  G06F21/55 ,  H04L29/08

CPC classification number: H04L63/08 ,  G06F21/55 ,  H04L29/06 ,  H04L63/123 ,  H04L63/1466 ,  H04L67/02

Abstract: Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to the client. If the web page does not comprise the data integrity token or if the value does not match the expected value, a protective operation is performed.

Abstract translation: 披露了用于保护网站免受跨站脚本影响的方法和系统。 从客户端接收到包括网页元素的网页的请求。 确定网页是否包括网页元素的数据完整性令牌。 还确定数据完整性令牌的值是否与预期值相匹配。 如果网页包括数据完整性令牌，并且如果该值与期望值匹配，则包含网页元素的网页被发送到客户端。 如果网页不包含数据完整性令牌，或者如果该值与预期值不匹配，则执行保护操作。