Data access control utilizing key restriction
First Claim
Patent Images
1. A computer-implemented method, comprising:
- obtaining a set of key-use restriction information that includes first key-use restriction information and second key-use restriction information, the second key-use restriction information being different from the first key-use restriction information, each of the set of key-use restriction information being associated with a restriction on use of one or more computing resources;
the first key-use restriction information and a first key into a function to produce a second key;
inputting the second key-use restriction information and the second key into the function to produce a signing key; and
using the signing key to evaluate whether access to the one or more computing resources is to be granted, the set of key-use restriction information for each key of a plurality of keys preventing the access from being granted as a result of a request for the access being submitted out of compliance with the set of key-use restriction information for the signing key.
1 Assignment
0 Petitions
Accused Products
Abstract
A plurality of keys is obtained, with each obtained key of the plurality of keys being based at least in part on an information set for the plurality of keys and at least one other key distinct from the plurality of keys. A signing key is calculated by inputting a combination of the plurality of keys into a function with the information set for the plurality of keys, and the signing key is used to evaluate whether access to one or more computing resources is to be granted, with the information set preventing access from being granted when a request for the access is submitted out of compliance with the information set for the plurality of keys.
-
Citations
19 Claims
-
1. A computer-implemented method, comprising:
-
obtaining a set of key-use restriction information that includes first key-use restriction information and second key-use restriction information, the second key-use restriction information being different from the first key-use restriction information, each of the set of key-use restriction information being associated with a restriction on use of one or more computing resources; the first key-use restriction information and a first key into a function to produce a second key; inputting the second key-use restriction information and the second key into the function to produce a signing key; and using the signing key to evaluate whether access to the one or more computing resources is to be granted, the set of key-use restriction information for each key of a plurality of keys preventing the access from being granted as a result of a request for the access being submitted out of compliance with the set of key-use restriction information for the signing key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
one or more processors; and memory including instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least, for an electronic signature submitted for verification in connection with a message; obtain a plurality of keys, each obtained key of the plurality of keys being based at least in part on; a set of key-use restriction information for the plurality of keys that includes a first key-use restriction information and a second key-use restriction information, individual key-use restriction information of the set of key-use restriction information being nested to form a layered key-tree based on recursive derivation by a function, the set of key-use restriction information corresponding to at least one of time, date, region, zone, service, protocol, device, device model, or device manufacturer; and at least one other key distinct from the plurality of keys; compute, based at least in part on information derived based at least in part on the plurality of keys by the function by inputting the first key-use restriction information and the second key-use restriction information, whether the electronic signature is valid; and cause one or more actions to be taken based at least in part on whether the electronic signature is valid, the one or more actions including evaluating whether access to one or more computing resources is permitted, with the set of key-use restriction information for each key of the plurality of keys preventing use of a key of the plurality of keys that is noncompliant with the set of key-use restriction information for the key. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium that stores instructions that, as a result of being executed by a computer system, cause the computer system to at least:
-
obtain a plurality of keys, each obtained key of the plurality of keys being based at least in part on; a set of key-use restriction information for the plurality of keys that includes a first key-use restriction information and a second key-use restriction information, individual key-use restriction information of the set of key-use restriction information being recursively derived by a function to form a layered key-tree, the set of key-use restriction information corresponding to at least one of time, date, region, zone, service, protocol, device, device model, or device manufacturer; and at least one other key distinct from the plurality of keys; calculate, based at least in part on the plurality of keys, a signing key by recursively inputting the first key-use restriction information and the second key-use restriction information into the function; generate, based at least in part on the signing key and a message, a signature for the message; and cause the message and the signature to be transmitted to another computer system for use in evaluating whether access to one or more computing resources is permitted, the set of key-use restriction information for each key of the plurality of keys preventing use of the signing key that is noncompliant with set of key-use restriction information for the key. - View Dependent Claims (16, 17, 18, 19)
-
Specification