Predefined Access Policy Implementation Based on Auxiliary Information Embedded in One-Time Authentication Passcodes
US-2019182232-A1 · Jun 13, 2019 · US
Secure token passing via hash chains
US10567369B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10567369-B2 |
| Application number | US-201715645823-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 10, 2017 |
| Priority date | Jul 10, 2017 |
| Publication date | Feb 18, 2020 |
| Grant date | Feb 18, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments presented herein provide systems and methods for creating and modifying a hash chain. A hash chain is created to track resource-privilege transfers between entities. A root node of the hash chain identifies the resource and specifies a digest of a possession token held by a first entity that initially possesses the privilege. A transfer of the privilege to a second entity can be recorded by adding an expansion node to the hash chain. If the second entity successfully reveals a possession token that a hashing function associated with the hash chain maps to the digest, an expansion node is linked to the root node. The expansion node indicates the possession token and a successor digest that is based on a successor possession token.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving a request to add an expansion node to a hash chain associated with a resource, wherein: the expansion node signifies a transfer of a privilege associated with the resource from a first entity to a second entity, the request includes a confirmation possession token of the first entity, the first entity comprises one of a set of entities, and the second entity comprises a plurality of entities; generating a confirmation hash digest based on the confirmation possession token via a hashing function associated with the hash chain; verifying the confirmation hash digest matches a predecessor hash digest indicated in a predecessor node of the hash chain, wherein the hashing function maps a predecessor possession token to the predecessor hash digest; and linking the expansion node to the predecessor node, wherein the expansion node indicates the predecessor possession token and a successor hash digest, wherein the successor hash digest is based on a successor possession token. 2. The method of claim 1 , wherein the predecessor node includes an identifier of the first entity and the expansion node includes an identifier of the second entity. 3. The method of claim 1 , further comprising: determining an order of a set of nodes included in a predecessor level of the hash chain, wherein the set of nodes includes the predecessor node; and selecting the predecessor node from the set of nodes based on a position of the predecessor node in the order and a predefined policy. 4. The method of claim 1 , further comprising: receiving a plurality of requests to add additional nodes to the hash chain, wherein each request indicates a corresponding confirmation possession token; generating, for each additional node, a corresponding hash digest based on the corresponding confirmation possession token; verifying each corresponding hash digest matches the predecessor hash digest; and linking each respective additional node to the predecessor node, wherein each additional node indicates the predecessor possession token and an additional hash digest based on an additional possession token associated with the respective additional node. 5. The method of claim 1 , further comprising: receiving, in the request, a plurality of segments derived from the predecessor possession token, wherein the segments are associated with a set of nodes in a predecessor level of the hash chain, and wherein the set of nodes includes the predecessor node; generating the confirmation possession token from the plurality of segments based on a segmentation scheme; and generating the confirmation hash digest by inputting the confirmation possession token into the hashing function associated with the hash chain. 6. The method of claim 1 , further comprising: receiving, in the request, a second confirmation possession token; generating a second confirmation hash digest based on the second confirmation possession token via the hashing function; verifying the second confirmation hash digest matches a second predecessor hash digest indicated in a second predecessor node of the hash chain, wherein the hashing function maps a second predecessor possession token to the second predecessor hash digest; and linking the expansion node to the second predecessor node, wherein the expansion node indicates the second predecessor possession token. 7. The method of claim 1 , wherein a root node of the hash chain includes a resource-identifier token that identifies the resource associated with the hash chain. 8. A system comprising: one or more processors; and memory storing one or more applications that, when executed on the one or more processors, perform an operation comprising: receiving a request to add an expansion node to a hash chain associated with a resource, wherein: the request signifies a transfer of a privilege associated with the resource from a first entity to a second entity, the request includes a confirmation possession token of the first entity, the first entity comprises one of a set of entities, and the second entity comprises a plurality of entities generating a confirmation hash digest based on the confirmation possession token via a hashing function associated with the hash chain, verifying the confirmation hash digest matches a predecessor hash digest indicated in a predecessor node of the hash chain, wherein the hashing function maps a predecessor possession token to the predecessor hash digest, and linking the expansion node to the predecessor node, wherein the expansion node indicates the predecessor possession token and a successor hash digest, wherein the successor hash digest is based on a successor possession token. 9. The system of claim 8 , wherein the predecessor node includes an identifier of the first entity and the expansion node includes an identifier of the second entity. 10. The system of claim 8 , wherein the operation further comprises: determining an order of a set of nodes included in a predecessor level of the hash chain, wherein the set of nodes includes the predecessor node; and selecting the predecessor node from the set of nodes based on a position of the predecessor node in the order and a predefined policy. 11. The system of claim 8 , wherein the operation further comprises: receiving a plurality of requests to add additional nodes to the hash chain, wherein each request indicates a corresponding confirmation possession token; generating, for each additional node, a corresponding hash digest based on the corresponding confirmation possession token; verifying each corresponding hash digest matches the predecessor hash digest; and linking each respective additional node to the predecessor node, wherein each additional node indicates the predecessor possession token and an additional hash digest based on an additional possession token associated with the respective additional node. 12. The system of claim 8 , wherein the operation further comprises: receiving, in the request, a plurality of segments derived from the predecessor possession token, wherein the segments are associated with a set of nodes in a predecessor level of the hash chain, and wherein the set of nodes includes the predecessor node; generating the confirmation possession token from the plurality of segments based on a segmentation scheme; and generating the confirmation hash digest by inputting the confirmation possession token into the hashing function associated with the hash chain. 13. The system of claim 8 , wherein the operation further comprises: receiving, in the request, a second confirmation possession token; generating a second confirmation hash digest based on the second confirmation possession token via the hashing function; verifying the second confirmation hash digest matches a second predecessor hash digest indicated in a second predecessor node of the hash chain, wherein the hashing function maps a second predecessor possession token to the second predecessor hash digest; and linking the expansion node to the second predecessor node, wherein the expansion node indicates the second predecessor possession token. 14. The system of claim 8 , wherein a root node of the hash chain includes a resource-identifier token that identifies the resource associated with the hash chain. 15. A non-transitory computer-readable storage medium containing instructions that, when executed by one or more processors, perform an operation comprising: receiving a request to add an expansion node to a hash chain associated with a resource, wherein: the request
Assignees
Inventors
Classifications
using cryptographic hash functions · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10567369B2 cover?
- Embodiments presented herein provide systems and methods for creating and modifying a hash chain. A hash chain is created to track resource-privilege transfers between entities. A root node of the hash chain identifies the resource and specifies a digest of a possession token held by a first entity that initially possesses the privilege. A transfer of the privilege to a second entity can be rec…
- Who is the assignee on this patent?
- Intuit Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 18 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).