Certificate-based service authorization

Assignee

• AMAZON TECHNOLOGIES, INC. · US

Inventors

• Malcolm Russell Ah Kun · Bellevue, US
• Uday Bheema · Bellevue, US
• Ankur Goyal · San Jose, US
• Chao Li · Beijing, CN
• Alexey A. Nikitin · Seattle, US
• Himesh Pandya · Seattle, US
• Prasanna Subash · Kenmore, US
• Zhenghong Sun · Seattle, US
• Nathan Bartholomew Thomas · Seattle, US
• Harshit Tiwari · Seattle, US
• Venkatesh Velaga · Redmond, US
• Lihao Wang · Seattle, US
• Brian Scott Waters · Renton, US
• Jeffery David Wells · Redmond, US
• Anand Krishnamoorthy · Redmond, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/126
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computer server controls access to a hosted service using digital certificates that are requested from each client attempting to access the service. When a particular client accesses the hosted service, the host service requests a digital certificate from the particular client and issues a challenge message. The particular client signs the challenge message and provides a client digital certificate to the hosted service. The hosted service confirms that the signature on the challenge message matches the client digital certificate, and that the client digital certificate is signed by a trusted entity. Trusted entities are defined by an administrator by uploading, to the hosted service, one or more trusted digital certificates associated with a trusted entities. Using the trusted digital certificates, the hosted service confirms that the digital certificate provided by the particular client is signed by at least one of the trusted entities.