APPARATUS AND METHODS FOR PROVIDING AUTHORIZED DEVICE ACCESS
First Claim
1. A method of gaining authorized access to a restricted resource on another device, comprising:
- receiving, at an accessor device, an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity;
communicating the access credential, a proof of identity, and a request for interaction with at least one device resource on an accessee device; and
receiving a result of an access authentication process that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, apparatus, and systems are described for providing an accessor device an access credential to interact with a device resource on an accessee device. An authorization entity having a trust relationship with the accessee device, or a linked subordinate authorization entity, generates the access credential. The access credential includes a modification detection indicator, at least one access privilege, and an accessor public key. The at least one access privilege corresponds to at least one device resource on the accessee device. The authorization entity forwards the access credential to the accessor device, which presents the access credential to the accessee device for authentication. Once authenticated, the accessee device grants access to one or more device resources, and controls requests to insure they are within the scope of the at least one access privilege.
292 Citations
66 Claims
-
1. A method of gaining authorized access to a restricted resource on another device, comprising:
-
receiving, at an accessor device, an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; communicating the access credential, a proof of identity, and a request for interaction with at least one device resource on an accessee device; and receiving a result of an access authentication process that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. At least one processor configured to gain authorized access to a restricted resource on another device, comprising:
-
a first module for receiving an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; a second module for communicating the access credential, a proof of identity, and a request for interaction with at least one device resource on an accessee device; and a third module for receiving a result of an access authentication process that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource.
-
-
8. A computer program product, comprising:
a computer-readable medium comprising; at least one instruction operable to cause a computer to receive an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; at least one instruction operable to cause the computer to communicate the access credential, a proof of identity, and a request for interaction with at least one device resource on an accessee device; and at least one instruction operable to cause the computer to receive a result of an access authentication that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource.
-
9. A communication device, comprising:
-
means for receiving an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; means for communicating the access credential, a proof of identity, and a request for interaction with at least one device resource on the accessee device; and means for receiving a result of an access authentication process that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource.
-
-
10. An accessor device for accessing resources on an accessee device, comprising:
-
a processor; a memory in communication with the processor; and an access module stored in the memory and executable by the processor, wherein the access module is operable to; receive an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; initiate communication of the access credential, a proof of identity, and a request for interaction with at least one device resource on the accessee device; and receive a result of an access authentication process that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method of providing access to device resources on an accessee device, comprising:
-
receiving an access credential corresponding to an accessor device, a proof of identity, and a request for interaction with at least one device resource on the accessee device, wherein the access credential is associated with an authorization entity having a direct or an indirect trust relationship with the accessee device, and wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; executing an access authentication process that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction; and transmitting a result of the access authentication process, wherein the result of the access authentication process comprises a grant or a denial of access to the at least one device resource. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. At least one processor configured to provide access to device resources, comprising:
-
a first module for receiving an access credential corresponding to an accessor device, a proof of identity, and a request for interaction with at least one device resource on the accessee device, wherein the access credential is associated with an authorization entity having a direct or an indirect trust relationship with the accessee device, and wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; a second module for executing an access authentication process that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction; and a third module for transmitting a result of the access authentication process, wherein the result of the access authentication process comprises a grant or a denial of access to the at least one device resource.
-
-
24. A computer program product, comprising:
a computer-readable medium comprising; at least one instruction for causing a computer to receive an access credential corresponding to an accessor device, a proof of identity, and a request for interaction with at least one device resource on the accessee device, wherein the access credential is associated with an authorization entity having a direct or an indirect trust relationship with the accessee device, and wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; at least one instruction for causing the computer to execute an access authentication process that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction; and at least one instruction for causing the computer to transmit a result of the access authentication process, wherein the result of the access authentication process comprises a grant or a denial of access to the at least one device resource.
-
25. A communication device, comprising:
-
means for receiving an access credential corresponding to an accessor device, a proof of identity, and a request for interaction with at least one device resource on the accessee device, wherein the access credential is associated with an authorization entity having a direct or an indirect trust relationship with the accessee device, and wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; means for executing an access authentication process that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction; and means for transmitting a result of the access authentication process, wherein the result of the access authentication process comprises a grant or a denial of access to the at least one device resource.
-
-
26. An accessee device for providing access to resources, comprising:
-
a processor; at least one device resource in communication with the processor; a memory in communication with the processor; and an access authorization module stored in the memory and executable by the processor, wherein the access authorization module comprises an access authorization process, and wherein the access authorization module is operable to; receive an access credential corresponding to an accessor device, a proof of identity, and a request for interaction with at least one device resource on the accessee device, wherein the access credential is associated with an authorization entity having a direct or an indirect trust relationship with the accessee device, and wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; execute the access authentication process that verifies an authenticity of the access credential based on the modification detection indicator, that verifies the proof of identity provided based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction; and transmit a result of the access authentication process, wherein the result of the access authentication process comprises a grant or a denial of access to the at least one device resource. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A method for authorizing an accessor device to interact with resources on an accessee device, comprising:
-
generating an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; and communicating the access credential, wherein the access credential is operable to authorize the accessor device to the accessee device and allow interaction with at least one device resource on the accessee device in accordance with the at least one access privilege representation based on an access authentication process executed by the accessee device that verifies an authenticity of the access credential based on the modification detection indicator, that verifies a proof of identity of the accessor device based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource. - View Dependent Claims (36, 37, 38, 39, 40, 41)
-
-
42. At least one processor configured to authorize an accessor device to interact with resources on an accessee device, comprising:
-
a first module for generating an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; and a second module for communicating the access credential, wherein the access credential is operable to authorize the accessor device to the accessee device and allow interaction with at least one device resource on the accessee device in accordance with the at least one access privilege representation based on an access authentication process executed by the accessee device that verifies an authenticity of the access credential based on the modification detection indicator, that verifies a proof of identity of the accessor device based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource.
-
-
43. A computer program product, comprising:
a computer-readable medium comprising; at least one instruction for causing a computer to generate an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; and at least one instruction for causing a computer to communicate the access credential, wherein the access credential is operable to authorize the accessor device to the accessee device and allow interaction with at least one device resource on the accessee device in accordance with the at least one access privilege representation based on an access authentication process executed by the accessee device that verifies an authenticity of the access credential based on the modification detection indicator, that verifies a proof of identity of the accessor device based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource.
-
44. An authorization device, comprising:
-
means for generating an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; and means for communicating the access credential, wherein the access credential is operable to authorize the accessor device to the accessee device and allow interaction with at least one device resource on the accessee device in accordance with the at least one access privilege representation based on an access authentication process executed by the accessee device that verifies an authenticity of the access credential based on the modification detection indicator, that verifies a proof of identity of the accessor device based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource.
-
-
45. A device for authorizing an accessor device to access resources on an accessee device, comprising:
-
a processor; a memory in communication with the processor; a credential management module stored in the memory, executable by the processor and including a privilege establishment module operable to generate an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device, wherein the access credential includes a modification detection indicator, at least one access privilege representation, and an accessor public key, wherein the modification detection indicator was created by the authorization entity; and a communication module in communication with the processor and operable to communicate the access credential, wherein the access credential is operable to authorize the accessor device to the accessee device and allow interaction with at least one device resource on the accessee device in accordance with the at least one access privilege representation based on an access authentication process executed by the accessee device that verifies an authenticity of the access credential based on the modification detection indicator, that verifies a proof of identity of the accessor device based on the accessor public key, and that verifies that the at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource. - View Dependent Claims (46, 47, 48, 49, 50, 51)
-
-
52. A method of gaining authorized access to a restricted resource on another device, comprising:
-
receiving, at an accessor device, an access credential identifier of an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device; communicating the access credential identifier, a proof of identity, and a request for interaction with at least one device resource on an accessee device; and receiving a result of an access authentication process that verifies an authenticity of the access credential based on a corresponding modification detection indicator, that verifies the proof of identity provided based on a corresponding accessor public key, and that verifies that at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource. - View Dependent Claims (53, 54, 55, 56, 57)
-
-
58. At least one processor configured to gain authorized access to a restricted resource on another device, comprising:
-
a first module for receiving an access credential identifier of an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device; a second module for communicating the access credential identifier, a proof of identity, and a request for interaction with at least one device resource on an accessee device; and a third module for receiving a result of an access authentication process that verifies an authenticity of the access credential based on a modification detection indicator, that verifies the proof of identity provided based on an accessor public key, and that verifies that at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource.
-
-
59. A computer program product, comprising:
a computer-readable medium comprising; at least one instruction operable to cause a computer to receive an access credential identifier of an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device; at least one instruction operable to cause the computer to communicate the access credential identifier, a proof of identity, and a request for interaction with at least one device resource on an accessee device; and at least one instruction operable to cause the computer to receive a result of an access authentication that verifies an authenticity of the access credential based on a modification detection indicator, that verifies the proof of identity provided based on an accessor public key, and that verifies that at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource.
-
60. A communication device, comprising:
-
means for receiving an access credential identifier of an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device; means for communicating the access credential identifier, a proof of identity, and a request for interaction with at least one device resource on the accessee device; and means for receiving a result of an access authentication process that verifies an authenticity of the access credential based on a modification detection indicator, that verifies the proof of identity provided based on an accessor public key, and that verifies that at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource.
-
-
61. An accessor device for accessing resources on an accessee device, comprising:
-
a processor; a memory in communication with the processor; and an access module stored in the memory and executable by the processor, wherein the access module is operable to; receive an access credential identifier of an access credential associated with an authorization entity having a direct or an indirect trust relationship with an accessee device; initiate communication of the access credential identifier, a proof of identity, and a request for interaction with at least one device resource on the accessee device; and receive a result of an access authentication process that verifies an authenticity of the access credential based on a modification detection indicator, that verifies the proof of identity provided based on an accessor public key, and that verifies that at least one access privilege representation in the access credential corresponds to a privilege to access the at least one device resource in the request for interaction, wherein the result of the access authentication process comprises being granted or denied access to the at least one device resource. - View Dependent Claims (62, 63, 64, 65, 66)
-
Specification