Patents by Inventor Thomas Patrick Gallagher

Thomas Patrick Gallagher has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Dynamic cross-site request forgery protection in a web-based client application
    Patent number: 9191405
    Abstract: A canary value is used to validate a message from a non-web browser client application to a web server providing web services to mitigate cross-site forgery attacks. The canary value is generated by the server in party by applying a hash function to a user identifier and a time stamp. The server provides the canary value to the client application in response to receiving a message that does not have a canary or has an expired canary. The client application upon receiving an error message with a canary message will resend the prior message with the canary value present. The client application caches the canary value for subsequent messages until a new canary value is received. The canary value allows the server to ignore messages generated by the client application under control of an attacker.
    Type: Grant
    Filed: January 30, 2012
    Date of Patent: November 17, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Thomas Patrick Gallagher, Venkataramann Renganathan, Brian Thomas Carver, Muhammed Serdar Soran, Matthew Michael Swann, Trace David Ferrier
  • DYNAMIC CROSS-SITE REQUEST FORGERY PROTECTION IN A WEB-BASED CLIENT APPLICATION
    Publication number: 20130198294
    Abstract: A canary value is used to validate a message from a non-web browser client application to a web server providing web services to mitigate cross-site forgery attacks. The canary value is generated by the server in party by applying a hash function to a user identifier and a time stamp. The server provides the canary value to the client application in response to receiving a message that does not have a canary or has an expired canary. The client application upon receiving an error message with a canary message will resend the prior message with the canary value present. The client application caches the canary value for subsequent messages until a new canary value is received. The canary value allows the server to ignore messages generated by the client application under control of an attacker.
    Type: Application
    Filed: January 30, 2012
    Publication date: August 1, 2013
    Applicant: Microsoft Corporation
    Inventors: Thomas Patrick Gallagher, Venkataramann Renganathan, Brian Thomas Carver, Muhammed Serdar Soran, Matthew Michael Swann, Trace David Ferrier
  • Method, system, and computer-readable medium for filtering harmful HTML in an electronic document
    Patent number: 7308648
    Abstract: A method and system are provided for filtering harmful HTML content from an electronic document. An application program interface (API) examines the fundamental structure of the HTML content in the document. The HTML content in the electronic document is parsed into HTML elements and attributes by a tokenizer and compared to a content library by a filter in the API. The filter removes unknown HTML content as well as known content that is listed as harmful in the content library. After the harmful HTML content has removed, a new document is encoded which includes the remaining safe HTML content for viewing in a web browser.
    Type: Grant
    Filed: November 27, 2002
    Date of Patent: December 11, 2007
    Assignee: Microsoft Corporation
    Inventors: David Michael Buchthal, Lucas Jason Forschler, Thomas Patrick Gallagher, Christophe Rene Loisey, Walter David Pullen, Andrzej Turski