In a bid to bolster online security measures, PayPal has unveiled a groundbreaking patent application targeting the detection of stolen cookies, a move aimed at fortifying cookie-based authentication systems and curbing account takeover assaults.
The innovation addresses the growing concern of cybercriminals pilfering cookies harboring authentication tokens, thus gaining illicit access to user accounts sans valid credentials and circumventing two-factor authentication (2FA).
Describing the theft of cookies as a sophisticated cyberattack, PayPal underscores the gravity of attackers pilfering or duplicating cookies from a victim’s device onto their own browser, enabling them to masquerade as the user and access sensitive account information seamlessly.
Diverging from conventional cookies stored locally, the patent elucidates the concept of ‘super-cookies,’ also known as Local Shared Objects (LSOs), injected at the network level as unique identifier headers (UIDH) by internet service providers (ISPs). These elusive super-cookies, primarily used for cross-site tracking and establishing persistent ‘device fingerprints,’ pose a formidable challenge for detection and eradication due to their non-standard storage locations.
PayPal’s pioneering methodology revolves around computing a fraud risk score within the cookie-based authentication framework to identify fraudulent login attempts swiftly. Upon receiving an authentication request, the system scrutinises various cookie storage locations on the user’s device, arranging them based on escalating fraud risk. Subsequently, it calculates expected cookie values and evaluates them against predetermined thresholds to ascertain the legitimacy of the authentication request.
Moreover, the patent underscores the importance of encryption in safeguarding against tampering, with retrieved cookie values encrypted using robust public key cryptographic algorithms.
This patent, titled ‘Super-Cookie Identification for Stolen Cookie Detection,’ underscores PayPal’s commitment to combating cyber threats and enhancing user security in the digital realm. While its publication signifies a significant step in the battle against unauthorised logins, the ultimate integration of these protective measures into consumer platforms remains speculative. Nevertheless, it underscores the pressing need for novel defense mechanisms against the pervasive threat of stolen web cookies.
As Vakilsearch experts who assist numerous clients in the patent filing process, we welcome the news of PayPal’s innovative patent application with enthusiasm. PayPal’s proactive approach to address the growing menace of cookie theft, specifically targeting ‘super-cookies’ or Local Shared Objects (LSOs), demonstrates a commendable commitment to enhancing online security. For clients in our portfolio filing patents in a similar domain, this news serves as an opportunity to stay informed about emerging trends and innovative solutions in the realm of online security. For patent related queries get in touch with our experts today.
