This document introduces cryptography concepts like encryption, integrity protection, and digital signatures. It discusses how Adobe Experience Manager (AEM) implements cryptography to encrypt tokens and protect against CSRF attacks. Specifically, AEM uses JSON Web Tokens (JWTs) to encapsulate tokens, signs them with an HMAC key for integrity, and includes the token in non-GET requests to prevent CSRF without requiring changes to application code or dependencies on server-side sessions. Developers do not need to handle the CSRF token explicitly in their JavaScript code.