Controlling use of temporary credentials using network metadata
US12177185B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 30, 2022 |
| Grant date | Dec 24, 2024 |
| Priority date | — |
| Expiry date | Jun 27, 2043 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/102
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are described for enabling users of a cloud provider network to create policies used to control the use of temporary security credentials by computing resources other than a computing resource to which the credentials were issued. An identity and access management service encodes, into temporary security credentials, information about the virtual private network to which the credentials are issued. When a computing resource subsequently issues requests to perform actions and uses the temporary security credentials to sign the request, the cloud provider network further adds, to the network traffic, information associated with the virtual private network from which the request originates. A user can then create a policy with a statement indicating that request are to be permitted only if, e.g., the identity of the virtual private network as encoded in the temporary security credentials matches the identity of the virtual private network identified by the information included in the request.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.