Security Assertion Revocation
First Claim
Patent Images
1. One or more processor-accessible media comprising processor-executable instructions that include a security token (204), the security token comprising multiple respective assertion (602) that are associated with multiple respective assertion identifiers (604);
- wherein an individual assertion of the multiple respective assertions may be independently revoked using a particular assertion identifier that is associated with the individual assertion.
2 Assignments
0 Petitions
Accused Products
Abstract
Security assertion revocation enables a revocation granularity in a security scheme down to the level of individual assertions. In an example implemenation, a security token includes multiple respective assertions that are associated with multiple respective assertion identifiers. More specifically, each individual assertion is associated with at least one individual assertion identifier.
-
Citations
20 Claims
-
1. One or more processor-accessible media comprising processor-executable instructions that include a security token (204), the security token comprising multiple respective assertion (602) that are associated with multiple respective assertion identifiers (604);
- wherein an individual assertion of the multiple respective assertions may be independently revoked using a particular assertion identifier that is associated with the individual assertion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method for creating a security token having independently-revocable assertions, the method comprising:
-
generating (802) a first assertion wit an associated first assertion identifier; generating (804) a second assertion with an associated second assertion identifier; combining (806) the first assertion and the second assertion into the security token; and digitally signing (808) the security token after the combining. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method for filtering revoked assertions, the method comprising:
-
acquiring (902) multiple assertions from a security token, each respective assertion of the multiple assertions associated with a respective assertion identifier of multiple assertion identifiers; comparing (904) the multiple assertion identifiers to a set of revoked assertion identifiers; determining (906) if at least one assertion identifier of the multiple assertion identifiers matches a revoked assertion identifier of the set of revoked assertion identifiers; and if at least one assertion identifier of the multiple assertion identifiers is determined to match a revoked assertion identifier of the set of revoked assertion identifiers, rejecting (910) at least one assertion that is associated with the at least one assertion identifier that is determined to match the revoked assertion identifier. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification