US 12,137,097 B1
Security measures for extended sessions using multi-domain data
Mengmeng Chen, Mountain View, CA (US); Sumit Agarwal, Palo Alto, CA (US); and Yao Zhao, Fremont, CA (US)
Assigned to Shape Security, Inc., Seattle, WA (US)
Filed by Shape Security, Inc., Santa Clara, CA (US)
Filed on Jul. 11, 2023, as Appl. No. 18/220,782.
Application 18/220,782 is a continuation of application No. 17/087,840, filed on Nov. 3, 2020, granted, now 11,743,256.
Claims priority of provisional application 62/931,203, filed on Nov. 5, 2019.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 9/32 (2006.01)
CPC H04L 63/0876 (2013.01) [H04L 9/32 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A security server device comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to:
receive request data for a request from a client to a web server system, the request comprising a session identifier (ID) for a session between an authenticated user and the web server system;
obtain user identifier (UID) data for the client;
determine when the client is a single-user device based on the UID data, wherein the UID data corresponds to one or more users that have previously used the client to successfully authenticate with two or more web server systems;
determine when the client is compromised based on security data for the client; and
in response to the determinations that the client is a single-user device and is not compromised, cause extension of the session between the authenticated user on the client and the web server system.