Methods and systems of generating and using authentication credentials for decentralized authorization in the cloud

Assignee

• Google LLC · US

Inventors

• Ankur Taly · Mountain View, US
• Ulfar Erlingsson · Palo Alto, US
• Arnar Birgisson · San Francisco, US
• Joseph Gibbs Politz · Providence, US
• Mark Lentczner · Mountain View, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/10
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method of controlling the sharing of data between entities that are in electronic communication with each other may include generating an authentication credential comprising an identifier for the target service and a unique signature, attenuating the authentication credential, and determining whether a client device is authorized to access the target service, and, only if so, providing the authentication credential to the client device. In an embodiment, the method may include receiving an access request from the client device, identifying that the authentication credential includes the unique signature and a third party caveat that is associated with a third party authentication service, in response to the identifying, determining whether the request also comprises a discharge credential for the third party caveat, and if the request includes the discharge credential, providing the client device with the requested service, otherwise denying the request.