| 发明名称 | Policy compliance-based secure data access | ||
| 摘要 | Access control techniques relate to verifying compliance with security policies before enabling access to the computing resources. An application is provided on a client that generates verification codes using an authentication seed. Prior to granting the client the authentication seed necessary to generate a verification code, a server may perform a policy check on the client. Some embodiments ensure that the client complies with security policies imposed by an authenticating party by retrieving a number of parameter values from the client and then determining whether those parameter values comply with the security policies. Upon determining that the client complies, the authentication seed is issued to the client. In some embodiments, the authentication seed is provided such that a policy check is performed upon the generation of a verification code. The client is given access to secure information when the client is determined to comply with the security policies. | ||
| 申请公布号 | US8756651(B2) | 申请公布日期 | 2014.06.17 |
| 申请号 | US201113246445 | 申请日期 | 2011.09.27 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Baer Graeme D.;Roth Gregory B. |
| 分类号 | G06F21/00;G06F21/57;H04L29/06 | 主分类号 | G06F21/00 |
| 代理机构 | Kilpatrick Townsend & Stockton, LLP | 代理人 | Kilpatrick Townsend & Stockton, LLP |
| 主权项 | 1. A method of verifying client compliance with a set of security policies in order to grant access to secure data, the method comprising: under control of one or more computer systems configured with executable instructions, receiving, from a mobile device, a request for an authentication seed that includes security information enabling generation of an authentication code that is distinct from the authentication seed; after receiving the request for the authentication seed from the mobile device, sending a request for a set of parameter values corresponding to a set of security policies to the mobile device in order to determine whether the mobile device complies with the set of security policies; instructing the mobile device to impose at least one of the set of security policies on the mobile device; receiving the set of parameter values from the mobile device; determining whether the set of parameter values received from the mobile device indicates that the mobile device is in compliance with the set of security policies; and after determining, sending the authentication seed to the mobile device to enable the mobile device to generate the authentication code when the set of parameter values indicates that the mobile device is in compliance with the set of security policies, the authentication code being generated based at least in part on the authentication seed. | ||
| 地址 | Reno NV US | ||