Patent · US Active

Stateless and secure authentication

US9117062B1 · kind B1 · utility

30Cited by

20References

15Claims

0Family size

Assignee

AMAZON TECHNOLOGIES, INC. · US

Inventors

Nathan R. Fitch · Seattle, US
Gregory Branchek Roth · Seattle, US
Graeme David Baer · Seattle, US

Key dates

Filing date	Dec 6, 2011
Grant date	Aug 25, 2015
Priority date	—
Expiry date	Dec 6, 2031

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/06
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.