Origin aware cookie verification systems and methods

US 20070005779A1
Filed: 06/30/2005
Published: 01/04/2007
Est. Priority Date: 06/30/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving a server generated identification value;

generating a client side identification value;

creating a composite client identification value from the server generated client identification value and the client side identification value;

transforming the composite client identification value; and

returning the composite client identification value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods operate to verify the origin of page requests. The systems and methods use a client identification value that may be sent from a client to a server. The server uses the client identification value to determine that the origin of the request matches the origin of previous requests so that personalized or other private data is not improperly sent to the wrong client. One aspect of the systems and methods includes creating the client identification value on the client and sending the client identification value to a server. The client identification value may then be compared in subsequent requests to the server to verify that the subsequent request comes from the same origin.

52 Citations

View as Search Results

32 Claims

1. A computer-implemented method comprising:
- receiving a server generated identification value;
  
  generating a client side identification value;
  
  creating a composite client identification value from the server generated client identification value and the client side identification value;
  
  transforming the composite client identification value; and
  
  returning the composite client identification value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein the composite client identification value is transformed using an irreversible transformation.
  - 3. The computer-implemented method of claim 1, wherein transforming the composite client identification value comprises hashing the composite client identification value.
  - 4. The computer-implemented method of claim 1, wherein transforming the composite client identification value comprises digesting the composite client identification value.
  - 5. The computer-implemented method of claim 1, wherein returning the composite client identification value comprises inserting the composite client identification value in a cookie.
  - 6. The computer-implemented method of claim 5, wherein the cookie comprises a persistent cookie.
  - 7. The computer-implemented method of claim 5, wherein the cookie comprises a session cookie.
  - 8. The computer-implemented method of claim 1, further comprising:
    - receiving a cookie from the server, the cookie including a client-side transformed composite client identification value;
      
      comparing the client-side transformed composite client identification value with the composite client identification value; and
      
      if the client-side transformed composite client identification value does not match the composite client identification value then disabling private content viewing.
  - 9. The computer-implemented method of claim 8, wherein the cookie is a personalization cookie.
  - 10. The computer-implemented method of claim 8, further comprising receiving an authentication cookie containing a server-side encrypted client identification value.
  - 11. The computer-implemented method of claim 10, wherein the server-side encrypted client identification value is included in a signed portion of the authentication cookie.

12. A computer-implemented method comprising:
- receiving an authentication cookie, the cookie including an server-side encrypted composite client identification value;
  
  receiving a composite client identification value;
  
  decrypting the server-side encrypted composite client identification value;
  
  comparing the decrypted composite client identification value with the composite client identification value; and
  
  if the decrypted composite client identification value does not match the composite client identification value then de-authenticating the client.
- View Dependent Claims (13, 14, 15)
- - 13. The computer-implemented method of claim 12, wherein the cookie is an authentication cookie.
  - 14. The computer-implemented method of claim 12, wherein de-authenticating the client includes re-issuing a sign-on page to the client.
  - 15. The method of claim 12, further comprising:
    - generating a server generated identification value;
      
      sending the server generated identification value to a client via a secure channel;
      
      receiving the composite client identification;
      
      encrypting the composite client identification value; and
      
      inserting the composite client identification value into a signed cookie.

16. A client comprising:
- a cookie management component to send and receive one or more cookies; and
  
  a scripting component to execute one or more scripts, the one or more scripts operable to access a client identification value.
- View Dependent Claims (17, 18)
- - 17. The client of claim 16, wherein the one or more scripts includes a script operable to generate the client identification value.
  - 18. The client of claim 16, wherein the one or more scripts includes a script operable to transform the client identification value.

19. A server comprising:
- a cookie management component to send and receive one or more cookies, an encryption component to encrypt the one or more cookies; and
  
  an authentication component to;
  
  authenticate the one or more cookies;
  
  read a composite client identification value from the one or more cookies; and
  
  de-authenticate a client if the composite client identification value does not match a server-side encrypted composite client identification value.
- View Dependent Claims (20, 21)
- - 20. The server of claim 19, wherein the one or more cookies include an authentication cookie.
  - 21. The server of claim 19, wherein the authentication component re-issues a sign-on page to a client upon detecting the client identification value does not match the server-side encrypted client identification value.

22. A machine-readable medium having computer executable instructions for performing a method, the method comprising:
- receiving a server generated identification value;
  
  generating a client side identification value;
  
  creating a composite client identification value from the server generated client identification value and the client side identification value;
  
  transforming the composite client identification value; and
  
  returning the composite client identification value.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The machine-readable medium of claim 22, wherein the composite client identification value is transformed using an irreversible transformation.
  - 24. The machine-readable medium of claim 22, wherein transforming the composite client identification value comprises hashing the composite client identification value.
  - 25. The machine-readable medium of claim 22, wherein transforming the composite client identification value comprises digesting the composite client identification value.
  - 26. The machine-readable medium of claim 22, wherein returning the composite client identification value comprises inserting the composite client identification value in a cookie.
  - 27. The machine-readable medium of claim 22, wherein the method further comprises:
    - receiving a cookie from the server, the cookie including a client-side transformed composite client identification value;
      
      comparing the client-side transformed composite client identification value with the composite client identification value; and
      
      if the client-side transformed composite client identification value does not match the composite client identification value then disabling private content viewing.
  - 28. The machine-readable medium of claim 27, wherein the cookie is a personalization cookie.

29. A machine-readable medium having computer executable instructions for performing a method, the method comprising:
- receiving an authentication cookie, the cookie including an server-side encrypted composite client identification value;
  
  receiving a composite client identification value;
  
  decrypting the server-side encrypted composite client identification value;
  
  comparing the decrypted composite client identification value with the composite client identification value; and
  
  if the decrypted composite client identification value does not match the composite client identification value then de-authenticating the client.
- View Dependent Claims (30, 31, 32)
- - 30. The machine-readable medium of claim 29, wherein the cookie is an authentication cookie.
  - 31. The machine-readable medium of claim 29, wherein de-authenticating the client includes re-issuing a sign-on page to the client.
  - 32. The machine-readable medium of claim 29, wherein the method further comprises:
    - generating a server generated identification value;
      
      sending the server generated identification value to a client via a secure channel;
      
      receiving the composite client identification;
      
      encrypting the composite client identification value; and
      
      inserting the composite client identification value into a signed cookie.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Yao, Yitao, Goldberg, Arnold, Palaima, Mark

Application Number

US11/172,625
Publication Number

US 20070005779A1
Time in Patent Office

Days
Field of Search
US Class Current

709/228
CPC Class Codes

H04L 63/0807 using tickets, e.g. Kerbero...

Origin aware cookie verification systems and methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Origin aware cookie verification systems and methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links