×

Asymmetric session credentials

  • US 9,900,160 B1
  • Filed: 12/03/2015
  • Issued: 02/20/2018
  • Est. Priority Date: 12/03/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for authenticating resource requests, comprising:

  • under the control of one or more computer systems configured with executable instructions,receiving, from a device associated with a customer, a first request for a session, the request for the session digitally signed using a long-term key associated with an account of the customer;

    validating the first request;

    generating a set of session data, the set of session data at least including a public session key corresponding to a private session key, the public session key and the private session key forming a public key cryptography key pair;

    encrypting the set of session data to generate a session token, the session token encrypted by a security service using a session encryption key, the session encryption key maintained as a secret by the security service;

    providing the session token and the private session key to the device associated with the customer; and

    as a result of receiving a request for resources from the device associated with the customer, the request for resources including the session token, the request for resources digitally signed using a digital signature generated from the private session key, at least;

    extracting the public session key from the session token using the session encryption key to produce an extracted public session key;

    validating the digital signature using the extracted public session key; and

    satisfying the request for resources by providing access to one or more resources associated with the request for resources.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×