| 发明名称 |
DETECTING STOLEN AUTHENTICATION COOKIE ATTACKS |
| 摘要 |
<p>In one embodiment, an apparatus comprises logic for detecting stolen authentication cookie attacks. A first transport connection is established between a client and a gateway server, where the first transport connection is authenticated by the gateway server. A first authentication cookie is associated with a client session, between the client and the gateway server, that includes the first transport connection. A second transport connection is established at the gateway server. A request is received over the second transport connection. The request includes the first authentication cookie to associate the second transport connection with the client session. A second authentication cookie is generated for the client session and is returned over the second transport connection. Thereafter, a determination is made whether the second authentication cookie is received over the first transport connection. An attack is detected when the second authentication cookie is not received over the first transport connection.</p> |
| 申请公布号 |
EP2078260(A2) |
申请公布日期 |
2009.07.15 |
| 申请号 |
EP20070871334 |
申请日期 |
2007.11.02 |
| 申请人 |
CISCO TECHNOLOGY, INC. |
发明人 |
SOIN, TARUN;DIXIT, VINEET;SUN, YIXIN |
| 分类号 |
G06F21/33;G06F21/31;G06F21/55;H04L29/06 |
主分类号 |
G06F21/33 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
