Patent Application
20120089849
1. Technical Field
The disclosure generally relates to a system and method for managing cookies in a client device on a network.
2. Description of Related Art
Many web sites attempt to store information on a user's computer in a small file referred to as a cookie. Cookies provide for HTTP state management, by which a server may correlate multiple requests from the same client. Cookies may include sensitive and personal information, or contain keys needed to access a user's sensitive and personal information. However, there is a common security problem that user's information may be easily divulged since cookies are conventionally stored in a local hard drive which may possibly be accessed by the network. Therefore, there is room for improvement in cookie management.
Many aspects of the embodiments can be better understood with references to the following drawings. The components in the drawings are not necessarily drawn to scale, the emphasis instead being placed upon clearly illustrating the principles of the embodiments. Moreover, in the drawings, like reference numerals designate corresponding parts throughout the several views.
The disclosure is illustrated by way of example and not by way of limitation in the figures of the accompanying drawings in which like references indicate similar elements. It should be noted that references to “an” or “one” embodiment in this disclosure are not necessarily to the same embodiment, and such references mean at least one.
In general, the word “module”, as used herein, refers to logic embodied in hardware or firmware, or to a collection of software instructions, written in a programming language, such as, Java, C, or assembly. One or more software instructions in the modules may be embedded in firmware, such as EPROM. The modules described herein may be implemented as either software and/or hardware modules and may be stored in any type of non-transitory computer-readable medium or other storage device. Some non-limiting examples of non-transitory computer-readable media include CDs, DVDs, BLU-RAY, flash memory, and hard disk drives.
In one embodiment, the storage system 120 may be a magnetic or an optical storage system, such as a hard disk drive, an optical drive, or a tape drive. The RAM disk 160 is a step of RAM that is treated as a disk drive available for memory by software in a computer. The network adapter 180 may be a network interface card using a specific physical layer and data link layer standard such as Ethernet or Wi-Fi. The network 30 may be a local area network (LAN) or a wide area network (WAN), such as the Internet.
The communication module 101 may send an HTTP request to a web server on the network, and receive a response from the web server. Both the HTTP request and the HTTP response include a header for defining the operating parameters of an HTTP transaction. The header of the HTTP request includes a host address of the web server for communication with the communication module 101. The header of the HTTP response includes a Set-Cookie segment that contains cookie data. A typical Set-Cookie segment may include a set of cookie attributes such as cookie name, cookie value, domain and expiration time. For example, a Set-Cookie segment may read “Set-Cookie:name=value; domain=.google.com;path=/;expires=Sat Oct 16 22:27:18 2011”.
The cookie parser 102 may extract the cookie data from the HTTP response.
The encryption module 104 may associate an encryption key with the cookie data and encrypt the cookie data using that key. The encryption key associated with the cookie data may be stored in the database 190. In one embodiment, the compression module 103 may compress the cookie data before encryption by the encryption module 104. In another embodiment, the compression module 103 may compress the encrypted cookie data after the encryption module 104 has encrypted the cookie data.
The storing module 105 may store the encrypted cookie data as a cookie in a memory area associated with the client device 10. In one embodiment, the memory area is part of the RAM disk 160. The content in the RAM disk 160 will be lost every time when the client device 10 shuts down, so the cookies stored in the RAM disk 160 will accordingly be lost. It can prevent the cookies from being filched by an unauthorized agency.
The packing module 106 may obtain a plurality of cookies from the memory area, pack the plurality of cookies into a single composite file, and store the single file in non-volatile storage associated with the client device 10. In one embodiment, the packing module 106 may encrypt the single composite file before storing the single file in non-volatile storage. In another embodiment, the packing module 106 may determine whether any of the plurality of cookies has expired before packing the plurality of cookies into a single file. In response to determining the expiry or otherwise of a cookie, the packing module 106 may at any time delete the cookie from the plurality of cookies.
In step S301, the communication module 101 sends an HTTP request to a web server on the network.
In step S302, the communication module 101 receives an HTTP response from the web server.
In step S303, the cookie parser 102 extracts cookie data from the HTTP response.
In step S304, the compression module 103 compresses the cookie data.
In step S305, the encryption module 104 associates an encryption key with the compressed cookie data, and encrypts the compressed cookie data using that encryption key. In another embodiment, the step S305 can be performed prior to the step S304. The encryption module 104 associates an encryption key with the cookie data and encrypts the cookie data using the encryption key, and then the compression module 103 compresses the encrypted cookie data.
In step S306, the storing module 105 stores the encrypted, compressed cookie data as a cookie in a memory area associated with the client device 10. In one embodiment, the memory area is part of the RAM disk 160.
In step S401, the packing module 106 obtains a plurality of existing cookies from the memory area.
In step S402, the packing module 106 determines whether or not any of the plurality of cookies has expired before packing the plurality of cookies into a single file. If a cookie has expired, the flow goes to step S403, if not the flow goes to step S404.
In step S403, the packing module 106 deletes the cookie from the plurality of cookies and then proceeds to step S404.
In step S404, if there is a cookie that has not been checked for expiration, the flow goes to step S402. If every one of the plurality of cookies has already been checked, the flow goes to step S405.
In step S405, the packing module 106 packs the plurality of cookies into a single composite file.
In step S406, the packing module 106 encrypts the single file.
In step S407, the packing module 106 stores the encrypted single file in non-volatile storage associated with the client device 10.
It is to be understood, however, that even though numerous characteristics and advantages have been set forth in the foregoing description of embodiments, together with details of the structures and functions of the embodiments, the disclosure is illustrative only and changes may be made in detail, especially in matters of shape, size, and arrangement of parts within the principles of the disclosure to the full extent indicated by the broad general meaning of the terms in which the appended claims are expressed.
Depending on the embodiment, certain steps or methods described may be removed, others may be added, and the sequence of steps may be altered. The description and the claims drawn for or from a method may include some indication in reference to certain steps. However, the indication used is only to be viewed for identification purposes and not as a suggestion as to any order of the steps.
| Number | Date | Country | Kind |
|---|---|---|---|
| 99134135 | Oct 2010 | TW | national |
