099-016: Secure Cookies

Secure Cookies is a method invented at George Mason University that protects cookies from network and end-system threats by providing security services such as authentication, integrity, confidentiality, and authorization within regular cookies.

The new technology goes beyond simply encrypted cookies, allowing them to be stored securely in browsers and used in future sessions until they expire.

Features:

- Varying degrees of security for the convenience of system users and system administrators
- Supports the encryption of attributes (passwords, roles, or credit card numbers)
- Eliminates databases storing person sensitive information
- Information no longer is available to penetrating attacks
- Sensitive information not available for misuse
- No need to maintain and synchronize multiple person information databases
- Private keys expire shortly and automatically, adding security
- Simplicity in cookie administration
- Attributes and public-key information bundled in one certificate
- Supports single authority control of attributes and key information

Market Significance:

-Achieves greater efficiencies for User Authentication than address authentication, password-based authentication, Keberos authentication, and standard digital signature methods.
- Create Secure Cookie Tickets for "Pay-per-Access" web sites with time out features
- Support system designs using "Role Based Access Control"