CERTIFICATE-BASED MUTUAL AUTHENTICATION FOR DATA SECURITY
First Claim
Patent Images
1. A method of protecting sensitive data from unauthorized access, said method comprising the computer-implemented steps of:
- establishing a plurality of client roles for authorizing access to a set of API functions;
establishing a plurality of API keys for authorizing access to a subset of said set of API functions;
providing a first client role and a first API key to a first client;
receiving from said first client, at a first server, a request for access to a protected API function;
requiring the mutual exchange and verification of certificates between said first client and said first server; and
allowing said request if both said first client role and said first API key authorize access to said protected API function.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for maintaining data security using client roles, API keys, and certificate-based mutual authentication are presented. A method of protecting sensitive data includes both client authorization techniques and the mutual exchange and verification of certificates between client and server. In one embodiment, access by a client to a server is further limited by temporal constraints, volume constraints, and an end user identity filter.
27 Citations
9 Claims
-
1. A method of protecting sensitive data from unauthorized access, said method comprising the computer-implemented steps of:
-
establishing a plurality of client roles for authorizing access to a set of API functions; establishing a plurality of API keys for authorizing access to a subset of said set of API functions; providing a first client role and a first API key to a first client; receiving from said first client, at a first server, a request for access to a protected API function; requiring the mutual exchange and verification of certificates between said first client and said first server; and allowing said request if both said first client role and said first API key authorize access to said protected API function. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of protecting sensitive data from unauthorized access, said method comprising the computer-implemented steps of:
-
establishing a plurality of client roles for authorizing access to a set of API functions; establishing a plurality of API keys for authorizing access to a subset of said set of API functions; establishing one or more constraints for limiting access to said subset of said set of API functions, said constraints comprising one or more temporal constraints, one or more volume constraints, and an end user identity filter; assigning a first client role and a first API key to a first client; receiving from said first client, at a first server, a request for access to a protected API function; requiring the mutual exchange and verification of certificates between said first client and said first server; and allowing said request if both said first client role and said first API key authorize access to said protected API function, while also limiting said access by imposing one or more of said one or more constraints. - View Dependent Claims (7, 8, 9)
-
Specification