Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Encrypting user entered fields in cookie file contents for decreasing risk of password theft in Web browsers

IP.com Disclosure Number: IPCOM000013517D
Original Publication Date: 2000-Mar-01
Included in the Prior Art Database: 2003-Jun-18
Document File: 2 page(s) / 44K

Publishing Venue

IBM

Abstract

Encrypting user entered fields in cookie file contents for decreasing risk of password theft in Web browsers Disclosed are methods for encrypting user entered fields in cookie file contents for decreasing risk of password theft in Web browsers. The methods involves encrypting the cookie files of a user in the client and having a log on function in Web browsers that would enable the decryption of cookie files for a particular user. The solution is necessary because storing username and passwords associated with the use of a particular Web server, for reuse later on, has become commonplace in Web browsers. With the proliferation of usernames and passwords for registration purposes Web browsers have been inadvertently storing them in cookie files sent by the server to the client. Note, the effect of doing this in the case of the Web site, infogate.ibm.com in Example 1 given below. The username DUTTA and the password "mysecret" is visible in plain text files for anyone to view should they gain access to the cookie.txt file in a typical browser. This is a security hazard. Cookie files can be accessed by administrators, other people who use the machine etc. In general, users rarely store username/passwords in obvious locations on their disk. Furthermore, even when users store username and passwords on disk they typically encrypt the file or store some coded version of the password. Using the same password for several tasks make exposure of plain text password a security hazard for a user.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 55% of the total text.

Page 1 of 2

Encrypting user entered fields in cookie file contents for decreasing risk of

password theft in Web browsers

Disclosed are methods for encrypting user entered fields in cookie file contents for decreasing risk of password theft in Web browsers. The methods involves encrypting the cookie files of a user in the client and having a log on function in Web browsers that would enable the decryption of cookie files for a particular user.

The solution is necessary because storing username and passwords associated with the use of a particular Web server, for reuse later on, has become commonplace in Web browsers. With the proliferation of usernames and passwords for registration purposes Web browsers have been inadvertently storing them in cookie files sent by the server to the client. Note, the effect of doing this in the case of the Web site, infogate.ibm.com in Example 1 given below. The username DUTTA and the password "mysecret" is visible in plain text files for anyone to view should they gain access to the cookie.txt file in a typical browser. This is a security hazard. Cookie files can be accessed by administrators, other people who use the machine etc. In general, users rarely store username/passwords in obvious locations on their disk. Furthermore, even when users store username and passwords on disk they typically encrypt the file or store some coded version of the password. Using the same password for several tasks make exposure of plain text password a securit...