Combining a browser cache and cookies to improve the security of token-based authentication protocols
First Claim
Patent Images
1. A method of improving the security of protocols for communication between a client and a server coupled to a data communication network, the method comprising:
- receiving, at the server, a request from the client for a resource;
computing a first portion of data from the authentication token;
providing the computed first portion to the client in response to the received request for the resource, said computed first portion being adapted for storage in a first memory area associated with the client, said first memory area comprising a cookie;
computing a second portion of data from the authentication token; and
providing the computed second portion to the client in response to the received request for the resource, said computed second portion being adapted for storage as information in a second memory area associated with the client, said information being inaccessible to the server.
2 Assignments
0 Petitions
Accused Products
Abstract
Combining a browser cache and cookies to improve the security of token-based authentication protocols. A client stores a first portion of an authentication token as information (e.g., a cookie) in a first memory area. The client stores a second portion of the authentication token as server-inaccessible information (e.g., cached web content) in a second memory area. A server obtains the first and second portions from the client to recreate the authentication token to authenticate the client.
97 Citations
37 Claims
-
1. A method of improving the security of protocols for communication between a client and a server coupled to a data communication network, the method comprising:
-
receiving, at the server, a request from the client for a resource; computing a first portion of data from the authentication token; providing the computed first portion to the client in response to the received request for the resource, said computed first portion being adapted for storage in a first memory area associated with the client, said first memory area comprising a cookie; computing a second portion of data from the authentication token; and providing the computed second portion to the client in response to the received request for the resource, said computed second portion being adapted for storage as information in a second memory area associated with the client, said information being inaccessible to the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of improving the security of protocols for communication between a client and a server coupled to a data communication network, the method comprising:
-
receiving, at the server, a request from the client for a resource; obtaining, in response to the received request for the resource, a first portion of data associated with an authentication token from the client, said first portion being stored by the client in a first memory area, said first memory area comprising a cookie, wherein a second portion of data is stored by the client as information in a second memory area, said information being inaccessible to the server; obtaining, in response to the received request for the resource, the second portion associated with the authentication token from the client; and combining the obtained first and second portions to recreate the authentication token. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. One or more computer-readable media having computer-executable components for improving the security of protocols for communication between a client and a server coupled to a data communication network, the components comprising:
-
an interface module for receiving, at the server, a request from the client for a resource; and an authentication module for providing a first portion of data associated with the authentication token to the client in response to the request for the resource received by the interface module, said first portion being adapted for storage in a first memory area associated with the client, said first memory area comprising a cookie, said authentication module further providing a second portion of data associated with the authentication token to the client in response to the request for the resource received by the interface module, said second portion being adapted for storage as information in a second memory area associated with the client, said information being inaccessible to the server. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
-
Specification