-
公开(公告)号:US20200311309A1
公开(公告)日:2020-10-01
申请号:US16365067
申请日:2019-03-26
Applicant: salesforce.com, inc.
Inventor: Puneet Kumar Dawer , Chandra Sekhar Varanasi , Neelamani Durga Siva Prasad Kolluru , Raju Rama Krishnam Chekuri , Amrendra Singh , Rakesh Garishakurthi
Abstract: Techniques are disclosed relating to preventing unauthorized access to private user information by improving cookie security. Cookie data may be subject to interception and replay attempts by malicious users. In disclosed techniques, a server computing system receives a request from a user device that includes encrypted cookie data and device identification information encrypted using a first key of a key pair generated by the server system. The server system may decrypt encrypted cookie data included with the request using a server encryption key. Based on decrypting the cookie data, the server system may retrieve previously-stored device identification information. The server system may decrypt device identification information received with the request using a second key of the key pair. The server system may compare the decryption result with the previously-stored device identification information and, based on the comparison, determine whether to use the cookie data for the request.