Secure persistent communication between related domains using cookies

US 9,864,867 B2
Filed: 02/23/2016
Issued: 01/09/2018
Est. Priority Date: 02/23/2016
Status: Active Grant

First Claim

Patent Images

1. A system for secure persistent communication between related domains using cookies, the apparatus comprising:

one or more processors; and

a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to;

transmit, by a first domain, a hyper-text transfer protocol request to a second domain using a uniform resource identifier comprising a name of the second domain, a pre-defined public path associated with the first domain and the second domain, and a cryptographically secure path generated by the first domain;

transmit, by the second domain, a hyper-text transfer protocol request to the first domain using a uniform resource identifier comprising a name of the first domain, the pre-defined public path, and the cryptographically secure path;

set, by a message sender, a hyper-text transfer protocol cookie comprising a message, wherein a path scope associated with the hyper-text transfer protocol cookie comprises the pre-defined public path and the cryptographically secure path, wherein a domain scope associated with the hyper-text transfer protocol cookie comprises all sub-domains of a nearest common ancestor for the first domain and the second domain, and wherein the message sender comprises one of the first domain and the second domain;

transmit, by the message sender, a hyper-text transfer protocol request to a message receiver using a uniform resource identifier comprising a name of the message receiver, the pre-defined public path, and the cryptographically secure path, wherein making the hyper-text transfer protocol request to the message receiver causes a web browser to send the hyper-text transfer protocol cookie to the message receiver, and wherein the message sender comprises another one of the first domain and the second domain, andconfirm, by the first domain, a channel path initialization based on the name of the second domain and the cryptographically secure path in the uniform resource identifier comprising the name of the first domain.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A 1^stdomain makes a request to a 2^nddomain using a URI including the name of the 2^nddomain, a public path for the domains, and a cryptographically secure path generated by the 1^stdomain. The 2^nddomain makes a request to the 1^stdomain using a URI including the name of the 1^stdomain, the pre-defined public path, and the cryptographically secure path. The 1^stdomain or the 2^nddomain sets a cookie including a message (the cookie'"'"'s path scope includes the pre-defined public path and the cryptographically secure path, the cookie'"'"'s domain scope includes all sub-domains of the nearest common ancestor for the 1^stand 2^nddomains), and makes a request to the other domain using a URI including the name of the other domain, the pre-defined public path, and the cryptographically secure path, which causes a web browser to send the cookie to the other domain.

144 Citations

17 Claims

1. A system for secure persistent communication between related domains using cookies, the apparatus comprising:
- one or more processors; and
  
  a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to;
  
  transmit, by a first domain, a hyper-text transfer protocol request to a second domain using a uniform resource identifier comprising a name of the second domain, a pre-defined public path associated with the first domain and the second domain, and a cryptographically secure path generated by the first domain;
  
  transmit, by the second domain, a hyper-text transfer protocol request to the first domain using a uniform resource identifier comprising a name of the first domain, the pre-defined public path, and the cryptographically secure path;
  
  set, by a message sender, a hyper-text transfer protocol cookie comprising a message, wherein a path scope associated with the hyper-text transfer protocol cookie comprises the pre-defined public path and the cryptographically secure path, wherein a domain scope associated with the hyper-text transfer protocol cookie comprises all sub-domains of a nearest common ancestor for the first domain and the second domain, and wherein the message sender comprises one of the first domain and the second domain;
  
  transmit, by the message sender, a hyper-text transfer protocol request to a message receiver using a uniform resource identifier comprising a name of the message receiver, the pre-defined public path, and the cryptographically secure path, wherein making the hyper-text transfer protocol request to the message receiver causes a web browser to send the hyper-text transfer protocol cookie to the message receiver, and wherein the message sender comprises another one of the first domain and the second domain, andconfirm, by the first domain, a channel path initialization based on the name of the second domain and the cryptographically secure path in the uniform resource identifier comprising the name of the first domain.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, comprising further instructions, which when executed, cause the one or more processors to:
    - derive, by the second domain, the name of the first domain associated with the hyper-text transfer protocol request to the second domain.
  - 3. The system of claim 1, comprising further instructions, which when executed, cause the one or more processors to:
    - extract, by the second domain, the cryptographically secure path from the uniform resource identifier comprising the name of the second domain.
  - 4. The system of claim 1, wherein the hyper-text transfer protocol cookie specifies that access to the hyper-text transfer protocol cookie is restricted to hyper-text transfer protocol application program interfaces.
  - 5. The system of claim 1, wherein the hyper-text transfer protocol cookie specifies that access to the hyper-text transfer protocol cookie is restricted to secure channels.
  - 6. The system of claim 1, comprising further instructions, which when executed, cause the one or more processors to:
    - modify, by the message receiver, the hyper-text transfer protocol cookie to acknowledge receipt of the hyper-text transfer protocol cookie to the message sender.

7. A computer program product comprising a non-transitory computer-readable medium having computer-readable program code embodied therein to be executed by one or more processors, the program code including instructions to:
- transmit, by a first domain, a hyper-text transfer protocol request to a second domain using a uniform resource identifier comprising a name of the second domain, a pre-defined public path associated with the first domain and the second domain, and a cryptographically secure path generated by the first domain;
  
  transmit, by the second domain, a hyper-text transfer protocol request to the first domain using a uniform resource identifier comprising a name of the first domain, the pre-defined public path, and the cryptographically secure path;
  
  set, by a message sender, a hyper-text transfer protocol cookie comprising a message, wherein a path scope associated with the hyper-text transfer protocol cookie comprises the pre-defined public path and the cryptographically secure path, wherein a domain scope associated with the hyper-text transfer protocol cookie comprises all sub-domains of a nearest common ancestor for the first domain and the second domain, and wherein the message sender comprises one of the first domain and the second domain;
  
  transmit, by the message sender, a hyper-text transfer protocol request to a message receiver using a uniform resource identifier comprising a name of the message receiver, the pre-defined public path, and the cryptographically secure path, wherein making the hyper-text transfer protocol request to the message receiver causes a web browser to send the hyper-text transfer protocol cookie to the message receiver, and wherein the message sender comprises another one of the first domain and the second domain, andconfirm, by the first domain, a channel path initialization based on the name of the second domain and the cryptographically secure path in the uniform resource identifier comprising the name of the first domain.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7, wherein the program code comprises further instructions to:
    - derive, by the second domain, the name of the first domain associated with the hyper-text transfer protocol request to the second domain.
  - 9. The computer program product of claim 7, wherein the program code comprises further instructions to:
    - extract, by the second domain, the cryptographically secure path from the uniform resource identifier comprising the name of the second domain.
  - 10. The computer program product of claim 7, wherein the hyper-text transfer protocol cookie specifies that access to the hyper-text transfer protocol cookie is restricted to hyper-text transfer protocol application program interfaces.
  - 11. The computer program product of claim 7, wherein the hyper-text transfer protocol cookie specifies that access to the hyper-text transfer protocol cookie is restricted to secure channels.
  - 12. The computer program product of claim 7, wherein the program code comprises further instructions to:
    - modify, by the message receiver, the hyper-text transfer protocol cookie to acknowledge receipt of the hyper-text transfer protocol cookie to the message sender.

13. A method for secure persistent communication between related domains using cookies, the method comprising:
- transmitting, by a first domain, a hyper-text transfer protocol request to a second domain using a uniform resource identifier comprising a name of the second domain, a pre-defined public path associated with the first domain and the second domain, and a cryptographically secure path generated by the first domain;
  
  transmitting, by the second domain, a hyper-text transfer protocol request to the first domain using a uniform resource identifier comprising a name of the first domain, the pre-defined public path, and the cryptographically secure path;
  
  setting, by a message sender, a hyper-text transfer protocol cookie comprising a message, wherein a path scope associated with the hyper-text transfer protocol cookie comprises the pre-defined public path and the cryptographically secure path, wherein a domain scope associated with the hyper-text transfer protocol cookie comprises all sub-domains of a nearest common ancestor for the first domain and the second domain, and wherein the message sender comprises one of the first domain and the second domain;
  
  transmitting, by the message sender, a hyper-text transfer protocol request to a message receiver using a uniform resource identifier comprising a name of the message receiver, the pre-defined public path, and the cryptographically secure path, wherein making the hyper-text transfer protocol request to the message receiver causes a web browser to send the hyper-text transfer protocol cookie to the message receiver, and wherein the message sender comprises an other one of the first domain and the second domain, andconfirming, by the first domain, a channel path initialization based on the name of the second domain and the cryptographically secure path in the uniform resource identifier comprising the name of the first domain.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the method further comprises:
    - deriving, by the second domain, the name of the first domain associated with the hyper-text transfer protocol request to the second domain.
  - 15. The method of claim 13, wherein the method further comprises:
    - extracting, by the second domain, the cryptographically secure path from the uniform resource identifier comprising the name of the second domain.
  - 16. The method of claim 13, wherein the hyper-text transfer protocol cookie specifies that at least one of access to the hyper-text transfer protocol cookie is restricted to hyper-text transfer protocol application program interfaces, and access to the hyper-text transfer protocol cookie is restricted to secure channels.
  - 17. The method of claim 13, wherein the method further comprises:
    - modifying, by the message receiver, the hyper-text transfer protocol cookie to acknowledge receipt of the hyper-text transfer protocol cookie to the message sender.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Gopalakrishnan, Amalkrishnan Chemmany
Primary Examiner(s)
Hailu, Teshome

Application Number

US15/050,636
Publication Number

US 20170243014A1
Time in Patent Office

686 Days
Field of Search

726 26
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0428   wherein the data content is...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

H04L 67/146   Markers for unambiguous ide...

Secure persistent communication between related domains using cookies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

144 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Secure persistent communication between related domains using cookies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

144 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links