专利名称:ADAPTIVE TIMEOUTS FOR SECURITY
CREDENTIALS
发明人:Gregory B. Roth,Nicholas Alexander
Allen,Cristian M. Ilac
申请号:US14954744申请日:20151130
公开号:US20160080367A1公开日:20160317
专利附图:
摘要:Session-specific information stored to a cookie or other secure token can beselected and/or caused to vary over time, such that older copies will become less useful
over time. Such an approach reduces the ability of entities obtaining a copy of the cookiefrom performing unauthorized tasks on a session. A cookie received with a request cancontain a timestamp and an operation count for a session that may need to fall within anacceptable range of the current values in order for the request to be processed. Acookie returned with a response can be set to the correct value or incremented from theprevious value based on various factors. The allowable bands can decrease with age ofthe session, and various parameter values such as a badness factor for a session can beupdated continually based on the events for the session.
申请人:Amazon Technologies, Inc.
地址:Reno NV US
国籍:US
更多信息请下载全文后查看
因篇幅问题不能全部显示,请点此查看更多更全内容