Multiple authority key derivation
    1.
    发明授权
    Multiple authority key derivation 有权
    多权限密钥导出

    公开(公告)号:US08892865B1

    公开(公告)日:2014-11-18

    申请号:US13431760

    申请日:2012-03-27

    IPC分类号: H04L9/32 H04L9/00 G06F21/60

    摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

    摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥,使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构,使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备,以使得设备能够解密内容,使得未经授权的内容的源或潜在来源可以从解密的内容中识别。

    Techniques for delegation of access privileges
    2.
    发明授权
    Techniques for delegation of access privileges 有权
    授权访问权限的技术

    公开(公告)号:US08769642B1

    公开(公告)日:2014-07-01

    申请号:US13149718

    申请日:2011-05-31

    IPC分类号: H04L29/06

    摘要: Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.

    摘要翻译: 用于控制对一个或多个计算资源的访问的系统和方法涉及生成可用于访问所述一个或多个计算资源的会话凭证。 对计算资源的访问可以由一组策略来管理,并且可以根据它们是否被该策略集合允许而使用会话凭证进行访问的请求来实现。 会话凭证本身可以包括可用于确定是否实现访问一个或多个计算资源的请求的元数据。 元数据可以包括会话证书的用户的权限,与一个或多个用户相关的声明以及其他信息。

    Source identification for unauthorized copies of content
    3.
    发明授权
    Source identification for unauthorized copies of content 有权
    来源识别未经授权的内容副本

    公开(公告)号:US08739308B1

    公开(公告)日:2014-05-27

    申请号:US13431898

    申请日:2012-03-27

    IPC分类号: G06F21/00

    摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

    摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥,使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构,使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备,以使得设备能够解密内容,使得未经授权的内容的源或潜在来源可以从解密的内容中识别。

    Key generation for hierarchical data access
    4.
    发明授权
    Key generation for hierarchical data access 有权
    层次数据访问的密钥生成

    公开(公告)号:US09215076B1

    公开(公告)日:2015-12-15

    申请号:US13431882

    申请日:2012-03-27

    IPC分类号: H04L29/06 H04L9/32

    摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

    摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥,使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构,使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备,以使得设备能够解密内容,使得未经授权的内容的源或潜在来源可以从解密的内容中识别。

    Use of metadata for computing resource access
    5.
    发明授权
    Use of metadata for computing resource access 有权
    使用元数据来计算资源访问

    公开(公告)号:US08973108B1

    公开(公告)日:2015-03-03

    申请号:US13149619

    申请日:2011-05-31

    IPC分类号: H04L29/06 H04L9/32

    摘要: Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.

    摘要翻译: 用于控制对一个或多个计算资源的访问的系统和方法涉及生成可用于访问所述一个或多个计算资源的会话凭证。 对计算资源的访问可以由一组策略来管理,并且可以根据它们是否被该策略集合允许而使用会话凭证进行访问的请求来实现。 会话凭证本身可以包括可用于确定是否实现访问一个或多个计算资源的请求的元数据。 元数据可以包括会话证书的用户的权限,与一个或多个用户相关的声明以及其他信息。

    Entity to authorize delegation of permissions
    6.
    发明授权
    Entity to authorize delegation of permissions 有权
    实体授权授权

    公开(公告)号:US08966570B1

    公开(公告)日:2015-02-24

    申请号:US13427622

    申请日:2012-03-22

    IPC分类号: G06F17/00 H04L29/06

    摘要: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.

    摘要翻译: 描述了授权以启用帐户访问的系统和方法。 系统利用可以在至少一个用户的安全帐户内创建的委托简档。 授权简介包括一个名称,一个确认策略,指定可能在该帐户外部以及被允许承担该授权简档的主体,以及一个授权策略,指示在该帐户内为在 委托简介。 创建授权配置文件后,可以将其提供给外部主体或服务。 这些外部主体或服务可以使用委托简档来获取使用委托简档的凭据在帐户中执行各种操作的凭据。

    Constrained credentialed impersonation
    7.
    发明授权
    Constrained credentialed impersonation 有权
    受限证明的假冒

    公开(公告)号:US09225744B1

    公开(公告)日:2015-12-29

    申请号:US13461562

    申请日:2012-05-01

    IPC分类号: G06F17/00 H04L29/06

    摘要: Client impersonation is recognized by an access control service using servicer credentials to allow a servicer to impersonate a user's context while requesting actions be performed on a computing resource. A servicer may be requested to perform an action through impersonation, granting access to the context of a user related to the computing resource. The computing resource receives servicer credentials and impersonation information from the servicer. After verifying the servicer's authorization to perform actions under the context of the user, the servicer may attempt to perform the requested action. The action may be logged as performed by the servicer impersonating the user. The user may also be billed for any costs incurred.

    摘要翻译: 使用服务器凭据的访问控制服务识别客户端模拟,以允许服务器模拟用户的上下文,同时请求在计算资源上执行操作。 可能请求服务器通过模拟来执行操作,授予访问与计算资源相关的用户的上下文的权限。 计算资源从服务器接收服务器凭据和模拟信息。 在验证服务器在用户上下文中执行操作的授权之后,服务器可能会尝试执行请求的操作。 该操作可能会记录在服务器模拟用户的情况下。 用户也可能会收取任何费用。

    Authorized delegation of permissions
    9.
    发明授权
    Authorized delegation of permissions 有权
    授权授权

    公开(公告)号:US09098675B1

    公开(公告)日:2015-08-04

    申请号:US13614867

    申请日:2012-09-13

    摘要: Systems and methods are described for delegating permissions to enable account access to entities not directly associated with the account. The systems determine a delegation profile associated with a secured account of at least one customer. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.

    摘要翻译: 描述的系统和方法用于委派权限来启用帐户访问与帐户无直接关联的实体。 系统确定与至少一个客户的安全帐户相关联的授权简档。 授权简介包括一个名称,一个确认策略,指定可能在该帐户外部以及被允许承担该授权简档的主体,以及一个授权策略,指示该帐户内允许的行为在这些主体内的主体 委托简介。 创建授权配置文件后,可以将其提供给外部主体或服务。 这些外部主体或服务可以使用委托简档来获取使用委托简档的凭据在帐户中执行各种操作的凭据。

    PARAMETER BASED KEY DERIVATION
    10.
    发明申请
    PARAMETER BASED KEY DERIVATION 有权
    基于参数的关键衍生

    公开(公告)号:US20130086662A1

    公开(公告)日:2013-04-04

    申请号:US13248962

    申请日:2011-09-29

    IPC分类号: G06F21/00

    摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.

    摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用专用信息,作为用于生成密钥的结果,使生成的密钥可用于比秘密凭证更小的使用范围。 此外,密钥生成可以涉及函数的多次调用,其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。 生成的密钥可以用作签名密钥来签名消息。 取决于消息和/或提交消息的方式是否符合密钥使用的限制,可以采取一个或多个动作。