Apparatus for certificate-based cookie security
First Claim
1. Apparatus, comprising:
- a processor;
computer memory holding computer program instructions that when executed by the processor perform a method comprising;
during a first secure transport session with a first server, receiving a cookie having an attribute that identifies a first server certificate associated with the first server, the attribute having a value for use in determining a characteristic associated with a second server certificate distinct from the first server certificate;
during setup of a second secure transport session with a second server distinct from the first server;
receiving the second server certificate, the second server certificate associated with the second server;
comparing information in the second server certificate to the value of the attribute; and
responsive to a match between the information in the second server certificate and the value of the attribute, sending to the second server the cookie received from the first server during the first secure transport session to facilitate completion of the setup of the second secure transport session.
2 Assignments
0 Petitions
Accused Products
Abstract
A cookie attribute for use during secure HTTP transport sessions. This attribute points to a server-supplied certificate and, in particular, a digital certificate. The cookie attribute includes a value, and that value is designed to correspond to one or more content fields in the digital certificate. During a first https session, a first web application executing on a first server provides a web browser with the cookie having the server certificate identifier attribute set to a value corresponding to a content field in a server certificate. Later, when the browser is accessing a second server during a second https session, the browser verifies that the value in the cookie matches a corresponding value in the server certificate received from the second server before sending the cookie to the second server. This approach ensures that the cookie is presented only over specified https connections and to trusted organizations.
-
Citations
20 Claims
-
1. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; during a first secure transport session with a first server, receiving a cookie having an attribute that identifies a first server certificate associated with the first server, the attribute having a value for use in determining a characteristic associated with a second server certificate distinct from the first server certificate; during setup of a second secure transport session with a second server distinct from the first server; receiving the second server certificate, the second server certificate associated with the second server; comparing information in the second server certificate to the value of the attribute; and responsive to a match between the information in the second server certificate and the value of the attribute, sending to the second server the cookie received from the first server during the first secure transport session to facilitate completion of the setup of the second secure transport session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18, 19, 20)
-
-
9. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
during a first secure transport session with a first server, receiving a cookie having an attribute that identifies a first server certificate associated with the first server, the attribute having a value for use in determining a characteristic associated with a second server certificate distinct from the first server certificate; during setup of a second secure transport session with a second server distinct from the first server; receiving the second server certificate, the second server certificate associated with the second server; comparing information in the second server certificate to the value of the attribute; and responsive to a match between the information in the second server certificate and the value of the attribute, sending to the second server the cookie received from the first server during the first secure transport session to facilitate completion of the setup of the second secure transport session. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. Apparatus, comprising:
-
a processor; computer memory; a web application executed by the processor; and computer program instructions executed by the processor during a first https session between a browser and the web application to set a cookie having an attribute that identifies a first server certificate associated with the apparatus, the value adapted to be verified against a X.509-compliant digital certificate distinct from the first server certificate and that is provided to the web browser from a different web application during setup of a second https session distinct from the first https session.
-
Specification