PayPal files patent for new method to detect stolen cookies

PayPal files patent for new method to detect stolen cookies

February 25, 2024 at 11:08AM

PayPal has filed a patent for a method to detect stolen “super-cookies,” aiming to enhance cookie-based authentication and prevent account takeover attacks. It deals with the risk of hackers using stolen cookies for unauthorized logins. The patent outlines a system to calculate fraud risk scores and manage authentication requests, ensuring legitimate cookie usage.

Based on the meeting notes, it appears that PayPal has filed a patent application for a method to address the risk of hackers stealing cookies containing authentication tokens. The proposed method involves identifying when “super-cookies” are stolen, which could improve cookie-based authentication and limit account takeover attacks. The super-cookies, also known as Local Shared Objects (LSOs), are injected at the network level by the user’s internet service provider and are used for cross-site tracking and persistent device fingerprinting.

The patent describes a method to calculate a fraud risk score in the cookie-based authentication mechanism, which involves sorting cookie storage locations by fraud risk, retrieving cookie values, and assessing a risk score to manage authentication requests. Additionally, to ensure safety against tampering, the retrieved cookie values are encrypted using a public key cryptographic algorithm.

The aim of this method is to defend against cyberattacks by ensuring that cookies are used legitimately during the authentication process. It should be noted that while the patent has been filed, there is no guarantee that the described technology will be implemented for consumer use, but it signals the importance of developing new protection mechanisms against stolen web cookies for unauthorized logins.

Full Article