PARAMETER BASED KEY DERIVATION
First Claim
Patent Images
1. A computer-implemented method, comprising:
- under the control of one or more computer systems configured with executable instructions,receiving a delegation request from a first entity, fulfillment of which involves granting a second entity an access privilege to a computing resource;
generating a session key based at least in part on a restriction and a secret credential shared with the first entity;
providing the session key to the first entity;
receiving, from the second entity, an access request to access the computing resource, the access request including the session key provided to the first entity;
validating the access request based at least in part on the session key included with the access request; and
granting, to the second entity, access to the computing resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A delegation request is submitted to a session-based authentication service, fulfillment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
under the control of one or more computer systems configured with executable instructions, receiving a delegation request from a first entity, fulfillment of which involves granting a second entity an access privilege to a computing resource; generating a session key based at least in part on a restriction and a secret credential shared with the first entity; providing the session key to the first entity; receiving, from the second entity, an access request to access the computing resource, the access request including the session key provided to the first entity; validating the access request based at least in part on the session key included with the access request; and granting, to the second entity, access to the computing resource. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A system, comprising:
-
one or more processors; and memory including instructions that, when executed by the one or more processors, cause the system to; receive a delegation request from a first entity, fulfillment of which involving granting a second entity an access privilege to a computing resource; in response to receipt of the delegation request; generate a session key based at least in part on passing a secret credential, shared between the first entity and the one or more computer systems, and a session restriction through a cryptographic hash algorithm; and provide the session key to the first entity; receive an access request from the second entity to access the computing resource, the access request associated with the session key; and in response to receipt of the access request; validate the access request based at least in part on the session key; and grant, to the second entity, access to the computing resource. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
receive a first request from a first entity, fulfillment of which involving granting a second entity an access privilege to a computing resource; generate a session key based at least in part on a restriction and a secret credential shared between the entity and the computer system; provide the session key, usable at least in part to prove possession of an access privilege to a computing resource, to the first entity; receive a second request to access the computing resource, fulfillment of which involves providing a second entity access to a computing resource, the second request associated with the session key; validate the second request based at least in part on the session key; and fulfill the second request by providing access to the computing resource depending at least in part on validation of the session key. - View Dependent Claims (18, 19, 20)
-
Specification