| 发明名称 |
MECHANISM FOR ENFORCING USER-SPECIFIC AND DEVICE-SPECIFIC SECURITY CONSTRAINTS IN AN ISOLATED EXECUTION ENVIRONMENT ON A DEVICE |
| 摘要 |
A method and system for receiving from an authenticated user, at an authorization server, via a service provider, an authorization request to perform a sensitive operation on a first device. The method also includes generating, by the authorization server and in response to receiving the authorization request, an authorization token that includes a device constraint and a binding code constraint, which includes a binding code. Additionally, the method includes transmitting the authorization token to an isolated execution environment of the first device, where the sensitive operation is not permitted on the first device unless the first device successfully performs a verification in the isolated execution environment using the authorization token. Furthermore, the method includes permitting the sensitive operation based on the verification. |
| 申请公布号 |
US2016232335(A1) |
申请公布日期 |
2016.08.11 |
| 申请号 |
US201514615274 |
申请日期 |
2015.02.05 |
| 申请人 |
ORACLE INTERNATIONAL CORPORATION |
发明人 |
Violleau Thierry;Van Haver Patrick |
| 分类号 |
G06F21/30 |
主分类号 |
G06F21/30 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
receiving from an authenticated user, at an authorization server, via a service provider, an authorization request to perform a sensitive operation on a first device; generating, by the authorization server and in response to receiving the authorization request, an authorization token comprising a device constraint and a binding code constraint comprising a binding code; transmitting the authorization token to an isolated execution environment of the first device, wherein the sensitive operation is not permitted on the first device unless the first device successfully performs a verification in the isolated execution environment using the authorization token; and permitting the sensitive operation based on the verification. |
| 地址 |
Redwood Shores CA US |
