Adaptive timeouts for security credentials
First Claim
1. A system for managing session information, comprising:
- at least one processor; and
memory storing instructions that, when executed by the at least one processor, cause the system to;
receive a request from a client, the request seeking access to at least one resource, the request including at least one security credential;
authenticate a source of the request based at least in part on the at least one security credential;
initiate a session and send the client a session token for the session, the session token including a timestamp indicating a time at which the session was initiated;
receive a second request from the client, the second request including the session token;
determine a confidence value, the confidence value being based at least in part on a comparison between a time indicated by the timestamp in the session token and a current time;
process the second request upon a determination that the confidence value meets a threshold value; and
send a response to the client, the response including an updated session token including an updated timestamp, the updated timestamp differing from the current time by an amount based at least in part on the confidence value.
0 Assignments
0 Petitions
Accused Products
Abstract
Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.
33 Citations
20 Claims
-
1. A system for managing session information, comprising:
-
at least one processor; and memory storing instructions that, when executed by the at least one processor, cause the system to; receive a request from a client, the request seeking access to at least one resource, the request including at least one security credential; authenticate a source of the request based at least in part on the at least one security credential; initiate a session and send the client a session token for the session, the session token including a timestamp indicating a time at which the session was initiated; receive a second request from the client, the second request including the session token; determine a confidence value, the confidence value being based at least in part on a comparison between a time indicated by the timestamp in the session token and a current time; process the second request upon a determination that the confidence value meets a threshold value; and send a response to the client, the response including an updated session token including an updated timestamp, the updated timestamp differing from the current time by an amount based at least in part on the confidence value. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method, comprising:
-
receiving a request from a client, the request seeking access to at least one resource, the request including at least one security credential; authenticating a source of the request based at least in part on the at least one security credential; initiating a session and sending the client a session token for the session, the session token including a timestamp indicating a time at which the session was initiated; receiving a second request from the client, the second request including the session token; determining a confidence value, the confidence value being based at least in part on a comparison between a time indicated by the timestamp in the session token and a current time; processing the second request upon a determination that the confidence value meets a threshold value; and sending a response to the client, the response including an updated session token including an updated timestamp, the updated timestamp differing from the current time by an amount based at least in part on the confidence value. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
receive a request from a client, the request seeking access to at least one resource, the request including at least one security credential; authenticate a source of the request based at least in part on the at least one security credential; initiate a session and send the client a session token for the session, the session token including a timestamp indicating a time at which the session was initiated; receive a second request from the client, the second request including the session token; determine a confidence value, the confidence value being based at least in part on a comparison between a time indicated by the timestamp in the session token and a current time; process the second request upon a determination that the confidence value meets a threshold value; and send a response to the client, the response including an updated session token including an updated timestamp, the updated timestamp differing from the current time by an amount based at least in part on the confidence value. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification