| 发明名称 | Method for assembling authorization certificate chains | ||
| 摘要 | A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access. | ||
| 申请公布号 | US8769266(B2) | 申请公布日期 | 2014.07.01 |
| 申请号 | US200912504009 | 申请日期 | 2009.07.16 |
| 申请人 | Intel Corporation | 发明人 | Lortz Victor B. |
| 分类号 | H04L9/32;H04L29/06 | 主分类号 | H04L9/32 |
| 代理机构 | Schwegman, Lundberg & Woessner, P.A. | 代理人 | Schwegman, Lundberg & Woessner, P.A. |
| 主权项 | 1. A method performed by a computing device, the method comprising: obtaining, on a computing device via a network coupled to the computing device, data to include in a message to send, via the network, to a third party delegating at least one ability to perform at least one task, the data including: a second digital certificate issued from a client to the third party; anda universal resource identifier (URI) identifying a storage location for retrieving a first digital certificate from a database associated with the client, wherein the first digital certificate is issued from an authorizer to the client, is stored by the client in the database associated with the client, and is never provided to the third party; generating, on the computing device, the message including the obtained data; transmitting the message from the computing device via the network to the third party; receiving, by the computing device via the network and from the authorizer, a request to authorize the at least one ability to perform the at least one task delegated to the third party, the authorization request received with regard to an attempt by the third party to perform at least one of the at least one tasks on behalf of the client; and in response to the received request, retrieving the first digital certificate based on the URI and providing the first digital certificate directly to the authorizer to authorize the third party's delegated at least one ability to perform the at least one task. | ||
| 地址 | Santa Clara CA US | ||