Supporting statements for credential based access control
First Claim
Patent Images
1. A system employing an access control language that use logic forms including variables and/or prerequisite clauses, comprising:
- a server component linked with at least one resource and an associated use policy for accessing the resource;
a client component that requests to access the resource; and
one or more assertions instructing how to construct a proof demonstrating that the requested access should be granted.
2 Assignments
0 Petitions
Accused Products
Abstract
Supporting statements are provided to help safely and efficiently construct and verify proofs necessary for deciding whether to grant a request from one entity for accessing a resource owned or administered by another entity.
78 Citations
18 Claims
-
1. A system employing an access control language that use logic forms including variables and/or prerequisite clauses, comprising:
-
a server component linked with at least one resource and an associated use policy for accessing the resource;
a client component that requests to access the resource; and
one or more assertions instructing how to construct a proof demonstrating that the requested access should be granted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented method for communicating between an entity (“
- server”
) associated with a resource, wherein the resource is associated with a use policy, and an entity (“
client”
) requesting to access the resource, comprising;
upon the server receiving from the client a request to access the resource, the server sends the client a proposition, wherein the proposition includes additional assertions that help the client to construct a proof demonstrating that the client should be granted the access request;
upon receiving the proof, the server examines the proof;
the server grants the access request if the proof is correct; and
the server denies the access request if the proof is incorrect. - View Dependent Claims (16)
- server”
-
17. A computer-implemented method for communicating between an entity (“
- server”
) associated with a resource, wherein the resource is associated with a use policy, and an entity (“
client”
) requesting to access the resource, comprising the client sends an access request to the server, along with credential statements and one or more additional assertions, wherein one or more additional assertions instruct the server how to construct a proof demonstrating that the requested access should be granted. - View Dependent Claims (18)
- server”
Specification