PayPal Seeks Patent for Method to Detect Stolen “Super-Cookies”

In a bid to enhance security and combat account takeover attacks, PayPal has submitted a patent application for a new method designed to identify when “super-cookies” are stolen. These super-cookies, also known as Local Shared Objects (LSOs), are injected at the network level by internet service providers as unique identifier headers (UIDH) for tracking users across browsers and devices.

The concern PayPal aims to address is the theft of cookies containing authentication tokens, which can enable hackers to log into victim accounts without valid credentials and bypass two-factor authentication measures. By impersonating the user using stolen cookies with hashed passwords, attackers can gain access to sensitive information associated with the account without needing to provide authentication credentials.

The patent application outlines a system that calculates a fraud risk score within the cookie-based authentication mechanism to detect fraudulent login attempts on PayPal’s platform. When a user’s device requests authentication, the system identifies and evaluates cookie storage locations in order of increasing fraud risk. By comparing expected cookie values with values assigned to storage locations, a risk score is determined to aid in authentication decision-making.

To safeguard against tampering, the retrieved cookie values are encrypted using a public key cryptographic algorithm. The system then manages authentication requests based on the risk assessment, either accepting, rejecting, or implementing additional security measures as necessary.

While the publication of this patent signifies PayPal’s commitment to enhancing cybersecurity measures, there is no guarantee that the described technology will be implemented for consumers. However, the focus on detecting stolen web cookies highlights the ongoing battle against unauthorized logins and the importance of developing innovative protection mechanisms in the digital landscape.

Fabio

Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles