ENCODING AN AUTHENTICATION COOKIE WITH METADATA

ENCODING AN AUTHENTICATION COOKIE WITH METADATA

INVENTIV.ORG

Invented by GUPTA; Peyush, JONES; Raqib Hesaam, MANGLA; Umesh, SANGHAVI; Dilip H.

The way we log in to online services is always changing. Security is important, but people also want things to be easy. Today, we will talk about a new method for logging in to secure services in the cloud. This method uses special cookies that hold more information and make moving between different network points much smoother. We’ll break down why this is needed, how it compares to older ideas, and what makes this new invention so useful.

Background and Market Context

Cloud services are everywhere. Businesses run their tools online, and workers often need to log in from different places—at home, at the office, or while traveling. Every time someone connects, the service needs to know that person is really who they say they are. This is called “authentication.”

The simplest way to do this is for a user to type in a username and password. But this is not always safe. People can forget passwords, or someone else might steal them. Plus, having to enter your password again and again is annoying. So, many systems use something called an “authentication cookie.” After you log in once, you get this cookie—a tiny piece of data that your browser saves. When you come back later, your browser shows the cookie to the server, and if it’s still valid, you don’t have to log in again.

But things get tricky in the cloud. People don’t only work from one place anymore. They might connect to a service from New York this morning, and from Paris tonight. Each place where a user enters the network is called a “point of presence,” or POP. These POPs are scattered around the world to make connections faster and more reliable.

Here’s the problem: If you log in at one POP and get a cookie, will another POP recognize that cookie? If not, you’ll have to log in again. This is not just annoying—it can slow down business and make people unhappy. Some companies have tried to fix this by copying all cookie records between every POP. But that uses a lot of resources and can make the network slower, especially if POPs are in different countries. There are also privacy rules about moving data from one country to another.

So, the market needs a better way. Users want a smooth experience—they don’t want to keep logging in whenever they move. Companies want to keep things secure without using too much network power or breaking privacy laws. The solution needs to be strong, easy to use, and able to work across many locations.

Scientific Rationale and Prior Art

Let’s look at how authentication cookies have worked before and why they need improvement.

Traditional cookies are simple. You log in at one POP, and you get a cookie that says “this user is authorized.” The next time you visit that same POP, your browser shows the cookie, and you get access. But if you go to a different POP, that POP doesn’t know your cookie. You have to log in again. This is especially bad for people who travel or when the network moves you to a different POP for better performance.

To get around this, some systems share cookie records between POPs. This means if you log in at POP A, POP B will copy that information. But this has problems:

– It uses a lot of computer and network resources.
– It needs to copy information quickly, or else the system won’t work well.
– It can break privacy rules if the data goes from one country to another.
– If a user logs out or changes their account, it takes time for all POPs to get the update.

Another approach is to use tokens—special codes that act like a pass. Some systems use tokens that hold information about who you are and what you can do. These can be checked by any POP. But, if someone steals your token, they can pretend to be you. To fix this, some tokens are signed or encrypted. This helps, but it doesn’t solve all problems. Sometimes, POPs still need to talk to a central server to check if a token is valid, which can be slow.

Some advanced systems use “federated authentication.” This means a trusted service (like Google or Microsoft) tells the POP who you are. This can be complex to set up and manage, especially for smaller companies.

In short, the old ways of using cookies and tokens work, but they have limits when people move between lots of POPs. They are either too slow, too complex, or not secure enough. The market is looking for something better—a way to identify users quickly, no matter where they connect, without using too much power or breaking privacy rules.

Invention Description and Key Innovations

This new invention is a smart way to handle authentication in cloud services. It uses cookies in a better way. Let’s break down how it works and what makes it special.

First, when a user wants to connect, they go to a POP with their browser and enter their login details. The POP checks if the user is allowed. If yes, the POP creates a special cookie and sends it to the browser. But this cookie is not just a simple “yes/no” pass. It carries extra information called “metadata.”

This metadata includes things like:

– Who the user is (their username).
– What role they have (like “admin” or “employee”).
– What groups they belong to.
– When the cookie will expire.

The POP doesn’t just hand this information over plainly. It protects the cookie by:

– Encrypting it with a special key (so only trusted POPs can read it).
– Signing it with a special code from a “root certificate authority.” This means any POP can check if the cookie is real and hasn’t been changed.

Now, when the user goes to a new POP—even across the world—their browser shows the same cookie. The new POP can decrypt and check the cookie (using the shared secrets and certificates) and see who the user is, what they can do, and if their cookie is still valid. This means the user does not have to log in again.

Here’s why this is so helpful:

– No more repeated logins: The user logs in once, and can move between POPs without stopping to enter a password every time.

– Faster and smoother experience: The POP doesn’t need to ask a central server about the user every time. The information is right in the cookie, but still protected and safe.

– Less network overhead: There’s no need to copy big cookie tables between POPs. This saves power and bandwidth.

– Stronger security and privacy: The cookie is encrypted and signed. Only trusted POPs can read it, and no one can change it without being caught.

– Easy compliance: Since the user’s information does not need to be copied across countries, it’s easier to follow privacy laws.

Let’s look at some of the technical steps in simple language:

1. Creating the Cookie: The POP checks the login details. If the user is authorized, it creates a cookie with all the details needed. It then encrypts this cookie and signs it.

2. Moving Across POPs: When the user travels or the network moves them, their browser shows the same cookie to the new POP.

3. Checking the Cookie: The new POP decrypts and checks the cookie. It sees who the user is, what they can do, and if the cookie is still good.

4. Responding: If everything checks out, the user gets access. If not (maybe the cookie expired, or the user is no longer allowed), the POP can ask for a new login.

There are even more details that help make this system robust:

– The encryption key is stored in a cloud-based service and is never kept on the POP for long. That means even if someone hacks one POP, they can’t get the key.

– The signing keys come from a central, trusted authority. Each POP gets these keys in a secure way.

– The system can fetch user and group updates from an identity provider, so if a user’s role changes or they are removed, all POPs know quickly.

All of this is done in a way that is invisible to the user. They just log in once, and everything works.

This new method is not just for big companies. It can help anyone who runs a cloud service with users spread across many places. It gives a fast, safe, and simple way for users to access what they need, no matter where they are.

Conclusion

Authentication is a big part of cloud security. Users need things to be easy. Companies need things to be safe. The old ways of using cookies were either too slow, too hard to manage, or not safe enough. This new invention solves those problems. By putting smart, protected information inside each cookie, and letting every POP check it quickly, users can move around without headaches. At the same time, companies save resources and keep everything secure.

If you are building or running a cloud service, this system can make your users happier and your service smoother. It shows how a small change—making cookies smarter—can have a big impact on user experience and security in the cloud.

Click here https://ppubs.uspto.gov/pubwebapp/ and search 20250219849.

--- oOo ---

Patent FAQs - Patent Guide

Check out some our latest posts on patent filling and patent news:

Related Blogs

Disclaimer:

The information provided on this blog does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the reader, user or browser; we do not recommend or endorse the contents of the third-party sites.

Readers of this website should contact their attorney to obtain advice for any particular legal matter. No reader, user, or browser of this site should act or refrain from acting based on information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of and access to this website or any links or resources within this site do not create an attorney-client relationship between the reader, user, or browser and website authors, contributors, contributing law firms, and their respective employers.

The views expressed at or through this site are those of the authors writing in their individual capacities only – not this site. All liability for actions taken or not taken based on the contents of this site are expressly disclaimed. The content on this posting is provided “as is;” no representations are made that the content is error-free.