公开(公告)号：US11005853B1

公开(公告)日：2021-05-11

申请号：US15912982

申请日：2018-03-06

Applicant: Amazon Technologies, Inc.

Inventor： Ankur Agarwal ,  Praveen Akinapally ,  Conor Patrick Cahill ,  Dmitry Frenkel ,  Rachit Jain ,  Lennart Christopher Leon Kats ,  Julian Eric Naydichev

IPC: H04L29/00 ,  H04L29/06

Abstract: Transitive restrictions can be applied to requests received on a session. A session token can be issued for an active session, and a transitivity setting specified to indicate the types of requests for which the transitive restriction is to be enforced. This can include enforcing the restriction on requests received from outside a trusted environment, requests within a scope of enforcement, or enforcing the restriction at request authentication. Any request received from an untrusted source that fails to satisfy the transitive restriction will be denied. Requests from inside the trusted environment may not have the transitive restriction enforced, such as where a new token is issued. This enables services within the environment to make calls on behalf of the customer, while ensuring that third parties obtaining the session token cannot successfully initiate such calls.