TLS key and CGI session ID pairing
First Claim
1. A method for facilitating communication between a server and a first client, comprising:
- forming a first secured communication channel between the server and the first client using an initial transport layer security (TLS) key;
forming an authenticated common gateway interface (CGI) session over the first secured communication channel based on an initial CGI session identifier (ID);
combining the initial CGI session ID and the initial TLS key into a pair;
receiving incoming data that includes an incoming CGI session ID via the first secured communication channel or a second secured communication channel;
retrieving an incoming TLS key of the first or the second secured communication channel that carries the incoming CGI session ID; and
permitting the incoming data to execute on the server when the incoming TLS key matches the initial TLS key of the pair.
2 Assignments
0 Petitions
Accused Products
Abstract
The prevention of impersonation attacks based on hijacked common gateway interface (CGI) session IDs is disclosed. In accordance with one embodiment, a secured communication channel is formed between a server and a client using an initial transport layer security (TLS) key. Additionally, an authenticated CGI session is formed over the secured communication channel based on an initial CGI session identifier (ID). Further, the initial CGI session ID and the initial TLS key are combined into a pair. Next, incoming data that includes an incoming CGI session ID is received via a secured communication channel. An incoming TLS key of the secured communication channel that carries the incoming CGI session ID is then retrieved. Based on the retrieved incoming TLS key, the incoming data is permitted to execute on the server when the incoming TLS key matches the initial TLS key of the pair.
30 Citations
20 Claims
-
1. A method for facilitating communication between a server and a first client, comprising:
-
forming a first secured communication channel between the server and the first client using an initial transport layer security (TLS) key; forming an authenticated common gateway interface (CGI) session over the first secured communication channel based on an initial CGI session identifier (ID); combining the initial CGI session ID and the initial TLS key into a pair; receiving incoming data that includes an incoming CGI session ID via the first secured communication channel or a second secured communication channel; retrieving an incoming TLS key of the first or the second secured communication channel that carries the incoming CGI session ID; and permitting the incoming data to execute on the server when the incoming TLS key matches the initial TLS key of the pair. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable storage device storing computer-executable instructions that, when executed, cause one or more processors to perform acts comprising:
-
forming a first secured communication channel between a server and a first client using an initial transport layer security (TLS) key; forming an authenticated common gateway interface (CGI) session over the first secured communication channel based on an initial CGI session identifier (ID); combining the initial CGI session ID and the initial TLS key into a pair at the server; receiving incoming data that includes an incoming CGI session ID via a second secured communication channel at the server; retrieving an incoming TLS key of the second secured communication channel that carries the incoming CGI session ID at the server; and terminating the authenticated CGI session when the incoming TLS key does not match the initial TLS key of the pair. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A server, comprising:
-
a transport layer security (TLS) server component to form a first secured communication channel between a server and a first client using an initial TLS key; a first common gateway interface (CGI) platform component to form an authenticated CGI session over the first secured communication channel based on an initial CGI session identifier (ID); a pairing component to combine the initial CGI session ID and the initial TLS key into a pair at the server; a second CGI platform component to receive incoming data that includes an incoming CGI session ID via a second secured communication channel at the server; a retrieval component to retrieve an incoming TLS key of the second secured communication channel that carries the incoming CGI session ID at the server; and a comparison component to terminate at least one of the first and second secured communication channels when the incoming TLS key does not match the initial TLS key of the pair. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification