PARAMETER BASED KEY DERIVATION AND RESOURCE ACCESS DELEGATION
A computer-implemented method is provided. The method comprises: generating a signing key by performing at least: obtaining a key that is a shared secret between a client device and a computer system of a service; deriving, based at least in part on the shared secret and information indicating a dat...
Gespeichert in:
| Hauptverfasser: | , , , , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng ; fre ; ger |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | A computer-implemented method is provided. The method comprises: generating a signing key by performing at least: obtaining a key that is a shared secret between a client device and a computer system of a service; deriving, based at least in part on the shared secret and information indicating a date on which use of the signing key is to be restricted, a date key whose use is limited to the date; deriving, based at least in part on the date key and information indicating a region in which use of the signing key is to be restricted, a region key whose use is restricted to both the date and the region; and deriving, based at least in part on the region key and information indicating a service to which use of the signing key is to be restricted, a service key whose use is restricted to the date, the region, and the service; obtaining, at the computer system of the service, a canonicalized message from the client device and a first digital signature; deriving, at the computer system of the service, a second digital signature based at least in part on the canonicalized message and the signing key; and determining, at the computer system of the service, that the canonicalized message is authentic as a result of the first digital signature matching the second digital signature. |
|---|