Secret variation for network sessions
First Claim
1. A computer-implemented method of managing session information, comprising:
- receiving a first request from a client device, the first request including at least one security credential and first identifying information describing properties of the client device;
in response to authenticating the client device using the at least one security credential, providing a response to the client device including a session token, the session token including at least an operation count for the session, the operation count for the session configured to be updated in response to operations performed for the session, and a timestamp for the session, the timestamp for the session indicating a time at which the session token was issued;
receiving a second request including the session token and second identifying information describing properties of the client device;
processing the second request when the timestamp falls within a first allowable range of a current time for the session and when the operation count from the session token falls within a second allowable range of a current operation count for the session; and
in response to processing the second request, sending a response including an updated session token, the updated session token including an updated timestamp and an updated operation count, the value of the updated operation count determined by comparing the first and second identifying information.
1 Assignment
0 Petitions
Accused Products
Abstract
Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.
41 Citations
23 Claims
-
1. A computer-implemented method of managing session information, comprising:
-
receiving a first request from a client device, the first request including at least one security credential and first identifying information describing properties of the client device; in response to authenticating the client device using the at least one security credential, providing a response to the client device including a session token, the session token including at least an operation count for the session, the operation count for the session configured to be updated in response to operations performed for the session, and a timestamp for the session, the timestamp for the session indicating a time at which the session token was issued; receiving a second request including the session token and second identifying information describing properties of the client device; processing the second request when the timestamp falls within a first allowable range of a current time for the session and when the operation count from the session token falls within a second allowable range of a current operation count for the session; and in response to processing the second request, sending a response including an updated session token, the updated session token including an updated timestamp and an updated operation count, the value of the updated operation count determined by comparing the first and second identifying information. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method, comprising:
-
receiving a request from a client device, the request including a session token and current identifying information describing properties of the client device; determining a session parameter value stored in the session token; when the session parameter value matches a current value for a corresponding session parameter for the session within an allowable amount of deviation; updating the current value of the session parameter for the session; and providing a response to the client device upon processing the request, the response including an updated session parameter value, the updated session parameter value comprising at least one of the current value of the session parameter or an incremented value of the session parameter value based at least in part upon how closely the session parameter value matched the current value for the session parameter within the allowable amount of deviation and how closely the current identifying information associated with the client device matches past identifying information describing properties of the client device; wherein the session parameter includes an operation count for the session, the operation count incremented in response to each matching of a session parameter value in a session token to the current value for the session parameter. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computing device, comprising:
-
at least one processor; and a memory device including instructions that, when executed by the at least one processor, cause the computing device to; receive a request from a client device, the request including a session token and current identifying information describing properties of the client device; determine a session parameter value stored in the session token; process the request and update the current value of the session parameter for the session when the session parameter value matches a current value for the session parameter for the session within an allowable amount of deviation; and provide a response to the client device upon processing the request, the response including an updated session parameter value, the updated session parameter value comprising at least one of the current value of the session parameter or an incremented value of the session parameter value based at least in part upon how closely the session parameter value matched the current value for the session parameter within the allowable amount of deviation and how closely the current identifying information associated with the client device matches past identifying information describing properties of the client device; wherein the session parameter includes an operation count for the session, the operation count incremented in response to each matching of a session parameter value in a session token to the current value for the session parameter. - View Dependent Claims (19, 20)
-
-
21. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
receive a request from a client device, the request including a session token and current identifying information describing properties of the client device; determine a session parameter value stored in the session token; process the request and update the current value of the session parameter for the session when the session parameter value matches a current value for the session parameter for the session within an allowable amount of deviation; and provide a response to the client device upon processing the request, the response including an updated session parameter value, the updated session parameter value comprising at least one of the current value of the session parameter or an incremented value of the session parameter value based at least in part upon how closely the session parameter value matched the current value for the session parameter within the allowable amount of deviation and how closely the current identifying information associated with the client device matches past identifying information describing properties of the client device; wherein the session parameter includes an operation count for the session, the operation count incremented in response to each matching of a session parameter value in a session token to the current value for the session parameter. - View Dependent Claims (22, 23)
-
Specification