Controlling access using additional data
First Claim
1. A method of determining access, comprising:
- using at least one processor to determine whether credentials/proofs indicate that access is allowed, wherein the credentials/proofs include credentials and proofs;
using at least one processor to determine whether additional data associated with the credentials/proofs has been received, wherein the additional data is separate from the credentials/proofs; and
using at least one processor to determine whether to deny access according to the credentials/proofs and the additional data that is received, wherein access is denied if the credentials/proofs do not indicate that access is allowed, and wherein access is denied if information provided by the additional data directly indicates revocation of access rights, wherein the information provided by the additional data is obtained by performing a one-way function on the additional data, and wherein the information is locally verifiable at a point of access.
5 Assignments
0 Petitions
Accused Products
Abstract
Determining access includes determining if particular credentials/proofs indicate that access is allowed, determining if there is additional data associated with the credentials/proofs, wherein the additional data is separate from the credentials/proofs, and, if the particular credentials/proofs indicate that access is allowed and if there is additional data associated with the particular credentials/proofs, then deciding whether to deny access according to information provided by the additional data. The credentials/proofs may be in one part or in separate parts. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or may not generate proofs. The credentials may correspond to a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
230 Citations
45 Claims
-
1. A method of determining access, comprising:
-
using at least one processor to determine whether credentials/proofs indicate that access is allowed, wherein the credentials/proofs include credentials and proofs; using at least one processor to determine whether additional data associated with the credentials/proofs has been received, wherein the additional data is separate from the credentials/proofs; and using at least one processor to determine whether to deny access according to the credentials/proofs and the additional data that is received, wherein access is denied if the credentials/proofs do not indicate that access is allowed, and wherein access is denied if information provided by the additional data directly indicates revocation of access rights, wherein the information provided by the additional data is obtained by performing a one-way function on the additional data, and wherein the information is locally verifiable at a point of access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification