公开(公告)号：US09397990B1

公开(公告)日：2016-07-19

申请号：US14074941

申请日：2013-11-08

Applicant: Google Inc.

Inventor： Ankur Taly ,  Ulfar Erlingsson ,  Arnar Birgisson ,  Joseph Gibbs Politz ,  Mark Lentczner

IPC: G06F21/00 ,  H04L29/06

CPC classification number: H04L63/08 ,  H04L63/0807 ,  H04L63/10

Abstract: A method of controlling the sharing of data between entities that are in electronic communication with each other may include generating an authentication credential comprising an identifier for the target service and a unique signature, attenuating the authentication credential, and determining whether a client device is authorized to access the target service, and, only if so, providing the authentication credential to the client device. In an embodiment, the method may include receiving an access request from the client device, identifying that the authentication credential includes the unique signature and a third party caveat that is associated with a third party authentication service, in response to the identifying, determining whether the request also comprises a discharge credential for the third party caveat, and if the request includes the discharge credential, providing the client device with the requested service, otherwise denying the request.

Abstract translation: 控制彼此进行电子通信的实体之间的数据共享的方法可以包括生成包括目标服务的标识符和唯一签名的认证证书，衰减认证证书，以及确定客户端设备是否被授权 访问目标服务，并且只有在此情况下，向客户端设备提供验证凭据。 在一个实施例中，该方法可以包括从客户端设备接收访问请求，识别认证证书包括唯一签名和与第三方验证服务相关联的第三方注意事项，以响应于识别，确定是否 请求还包括用于第三方警告的排出凭证，并且如果请求包括排出凭证，则向客户端设备提供所请求的服务，否则拒绝该请求。