Information security – Access control or authentication – Network
Reexamination Certificate
2006-11-02
2011-12-13
Srivastava, Vivek (Department: 2433)
Information security
Access control or authentication
Network
C726S003000, C726S004000, C726S005000, C726S006000, C726S007000, C726S002000
Reexamination Certificate
active
08079076
ABSTRACT:
In one embodiment, an apparatus comprises logic for detecting stolen authentication cookie attacks. A first transport connection is established between a client and a gateway server, where the first transport connection is authenticated by the gateway server. A first authentication cookie is associated with a client session, between the client and the gateway server, that includes the first transport connection. A second transport connection is established at the gateway server. A request is received over the second transport connection. The request includes the first authentication cookie to associate the second transport connection with the client session. A second authentication cookie is generated for the client session and is returned over the second transport connection. Thereafter, a determination is made whether the second authentication cookie is received over the first transport connection. An attack is detected when the second authentication cookie is not received over the first transport connection.
REFERENCES:
patent: 6092196 (2000-07-01), Reiche
patent: 6374359 (2002-04-01), Shrader et al.
patent: 6857009 (2005-02-01), Ferreria et al.
patent: 7016960 (2006-03-01), Howard et al.
patent: 7568224 (2009-07-01), Jennings et al.
patent: 7610622 (2009-10-01), Touitou et al.
patent: 2002/0143770 (2002-10-01), Schran et al.
patent: 2003/0140140 (2003-07-01), Lahtinen
patent: 2006/0090067 (2006-04-01), Edmonds et al.
Cisco Systems, “Deployment of Cisco IOS Software-Based SSLVPN in Cisco's Internal Enterprise Class Teleworker Network”, Cisco Systems Inc., Oct. 6, 2006, pp. 1-24.
Kolsek, Mitja, “Session Fixation Vulnerability in Web-based Applications”, Version 1.0—revision 1, 2002 ACROS d.o.o., pp. 1-16.
Cisco Systems, “Deployment of Cisco IOS Software-Based SSLVPN in Cisco's Internal Enterprise Class Teleworker Network”, Cisco Systems Inc., published Oct. 6, 2006, pp. 1-24.
Kolsek, Mitja, “Session Fixation Vulnerability in Web-based Applications”, Version 1.0—revision 1, ACROS d.o.o., published Dec. 2002, pp. 1-16.
International Searching Authority, “International Search Report”, PCT/US07/83429, dated Jun. 12, 2008, 9 pages.
Claims, PCT/US07/83429, 8 pages.
“Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority, or the Declaration” received in International application No. PCT/US07/83429 dated May 14, 2009 (10 pages).
Current Claims, PCT/US07/83429 (2009) 8 pages.
European Search Report in EPO Appl No. 07 871 334.4, filed Apr. 8, 2010, Cisco Technology, Inc.
Dixit Vineet
Soin Tarun
Sun Yixin
Cisco Technology Inc.
Hickman Palermo & Truong & Becker LLP
Salehi Helai
Srivastava Vivek
LandOfFree
Detecting stolen authentication cookie attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Detecting stolen authentication cookie attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detecting stolen authentication cookie attacks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4301670