Secure client-side key storage for web applications
First Claim
1. A computer-implemented method for secure client-side key storage for authentication tracking, the method being executed using one or more processors and comprising:
- establishing, by a browser executed on a client-side computing device, a mutual authentication between the client-side computing device and a server-side computing device, the client-side computing device comprising the one or more processors, and the server-side computing device executing an application;
in response to establishing the mutual authentication, receiving a session signing key (SSK) at a sub-domain of an application domain, the sub-domain comprising a static script that handles the SSK and that selectively provides request signatures;
receiving, at the sub-domain, a message requesting a request signature;
determining that the message originated from an authentic origin; and
in response to determining that the message originated from an authentic origin, providing a request signature to a source of the message, the request signature being based on the SSK.
2 Assignments
0 Petitions
Accused Products
Abstract
Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for secure client-side key storage for authentication tracking. Implementations include actions of determining, at a browser executed on a client-side computing device, that an application is authentic, the application being executed on a server-side computing device, in response to determining that the application is authentic, receiving a session signing key (SSK) at a sub-domain of an application domain, the sub-domain including a static script that handles the SSK and that selectively provides request signatures, receiving, at the sub-domain, a message requesting a request signature, determining that the message originated from an authentic origin, and in response to determining that the message originated from an authentic origin, providing a request signature to a source of the message, the request signature being based on the SSK.
25 Citations
10 Claims
-
1. A computer-implemented method for secure client-side key storage for authentication tracking, the method being executed using one or more processors and comprising:
-
establishing, by a browser executed on a client-side computing device, a mutual authentication between the client-side computing device and a server-side computing device, the client-side computing device comprising the one or more processors, and the server-side computing device executing an application; in response to establishing the mutual authentication, receiving a session signing key (SSK) at a sub-domain of an application domain, the sub-domain comprising a static script that handles the SSK and that selectively provides request signatures; receiving, at the sub-domain, a message requesting a request signature; determining that the message originated from an authentic origin; and in response to determining that the message originated from an authentic origin, providing a request signature to a source of the message, the request signature being based on the SSK. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for secure client-side key storage for authentication tracking, the operations comprising:
-
establishing, by a browser executed on a client-side computing device, a mutual authentication between the client-side computing device and a server-side computing device, the client-side computing device comprising the one or more processors, and the server-side computing device executing an application; in response to establishing the mutual authentication, receiving a session signing key (SSK) at a sub-domain of an application domain, the sub-domain comprising a static script that handles the SSK and that selectively provides request signatures; receiving, at the sub-domain, a message requesting a request signature; determining that the message originated from an authentic origin; and in response to determining that the message originated from an authentic origin, providing a request signature to a source of the message, the request signature being based on the SSK.
-
-
10. A system, comprising:
-
a client-side computing device; and a computer-readable storage device coupled to the client-side computing device and having instructions stored thereon which, when executed by the client-side computing device, cause the client-side computing device to perform operations for secure client-side key storage for authentication tracking, the operations comprising; establishing, by a browser executed on a client-side computing device, a mutual authentication between the client-side computing device and a server-side computing device, the client-side computing device comprising one or more processors, and a server-side computing device executing an application; in response to establishing the mutual authentication, receiving a session signing key (SSK) at a sub-domain of an application domain, the sub-domain comprising a static script that handles the SSK and that selectively provides request signatures; receiving, at the sub-domain, a message requesting a request signature; determining that the message originated from an authentic origin; and in response to determining that the message originated from an authentic origin, providing a request signature to a source of the message, the request signature being based on the SSK.
-
Specification