ANONYMOUS PRINCIPALS FOR POLICY LANGUAGES
First Claim
1. A method of evaluating a statement in a security policy language, the method comprising:
- in response to a principal requesting access to a resource, receiving a policy containing the statement, the statement specifying a condition for access to the resource and comprising a placeholder symbol that represents an anonymous credential; and
verifying an attribute of the anonymous credential using a key corresponding to the anonymous credential, and based thereon determining whether to grant the principal access to the resource.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques to allow a security policy language to accommodate anonymous credentials are described. A policy statement in a security policy language can reference an anonymous credential. When the policy statement is evaluated to decide whether to grant access to a resource mediated by the policy statement, the anonymous credential is used. The policy language can be implemented to allow one anonymous credential to delegate access-granting rights to another anonymous credential. Furthermore, an anonymous credential can be re-randomized to avoid linkage between uses of the anonymous credential, which can compromise anonymity.
114 Citations
20 Claims
-
1. A method of evaluating a statement in a security policy language, the method comprising:
-
in response to a principal requesting access to a resource, receiving a policy containing the statement, the statement specifying a condition for access to the resource and comprising a placeholder symbol that represents an anonymous credential; and verifying an attribute of the anonymous credential using a key corresponding to the anonymous credential, and based thereon determining whether to grant the principal access to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more computer readable storage media storing information to enable one or more computers to perform a process, the process comprising:
-
receiving a request for access to a service from a user represented by a corresponding anonymous credential, the anonymous credential comprising an attribute and a cryptographic signature that verifies the attribute, wherein the signature does not identify the user; accessing a security policy comprising a statement in a security policy language that comprises a symbol configured to represent any arbitrary anonymous principal that requests access to the resource, where the statement also comprises a condition that must be met for access to the resource; and granting access to the user by determining that the attribute of the anonymous credential satisfies the condition of the statement. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method performed by one or more computers to control access to resources provided by a network service, the method comprising:
-
receiving via a network a request for one of the resources, the request including information identifying the resource and having originated from a computer operated by a user represented by an anonymous credential; obtaining a security policy corresponding to the resource based on the information identifying the resource, the security policy conforming to a policy language and having a symbol, also conforming to the policy language, that functions as a placeholder for any anonymous credential; and processing the security policy with a module that implements the policy language, the processing comprising using the anonymous credential of the user in place of the symbol. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification