Secure content delivery
US-9819648-B1 · Nov 14, 2017 · US
Method and apparatus for secure token generation
US11146398B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11146398-B2 |
| Application number | US-201916557508-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 30, 2019 |
| Priority date | Aug 30, 2019 |
| Publication date | Oct 12, 2021 |
| Grant date | Oct 12, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and apparatuses are described herein for improved communications between a service and end devices via a gateway. A token may be in a signed encrypted state when sent to untrusted devices and may be signed, but not encrypted, when used by trusted devices. Untrusted devices may receive the encrypted token and may use it to access services. An untrusted device may send the received encrypted token to the gateway, which may then send the token to its issuer so that the token issuer may decrypt the data payload. The token may then be sent back to the gateway, which may then read the decrypted data and verify whether the untrusted device is permitted to access the requested service. The gateway may then send, within the trusted domain, the request and token to the service provider so that the untrusted device can obtain access to the requested service.
First claim
Opening claim text (preview).
What is claimed: 1. A method comprising: receiving, from a first computing device communicating in an untrusted system, information comprising: a request for a service; and a token comprising a signature and encrypted data; validating, based on the signature, the token; determining, based on the validated token, a second computing device that generated the token and that communicates in a trusted system; sending, to the second computing device, the validated token; receiving, from the second computing device, the validated token, wherein the encrypted data has been decrypted by the second computing device; determining, based on the decrypted data, whether the first computing device has permission to access the service; and sending, based on the determining whether the first computing device has permission to access the service and to a third computing device communicating in the trusted system, the request for the service. 2. The method of claim 1 , wherein the second computing device is associated with a service provider providing network access and security to the first computing device and the third computing device. 3. The method of claim 1 , wherein third computing device is associated with a third party service or cloud platform. 4. The method of claim 1 , wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key. 5. The method of claim 4 , wherein the token further comprises a header comprising the encrypted first key. 6. The method of claim 4 , wherein the first key is a random content encryption key (CEK). 7. The method of claim 4 , wherein the encrypted first key comprises an encrypted content encryption key (eCEK). 8. The method of claim 4 , wherein the second key is a public key. 9. The method of claim 4 , wherein the token further comprises a Uniform Resource Locator (URL) providing a link to a public key certificate associated with the signature. 10. The method of claim 1 , wherein the encrypted data comprises information indicating at least one of: permissions of the first computing device, account information of the first computing device, or capabilities of the first computing device. 11. A device, comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the device to: receive, from a first computing device communicating in an untrusted system, information comprising: a request for a service; and a token comprising a signature and encrypted data; validate, based on the signature, the token; determine, based on the validated token, a second computing device that generated the token and that communicates in a trusted system; send, to the second computing device, the validated token; receive, from the second computing device, the validated token, wherein the encrypted data has been decrypted by the second computing device; determine, based on the decrypted data, whether the first computing device has permission to access the service; and send, based on the determining whether the first computing device has permission to access the service and to a third computing device communicating in the trusted system, the request for the service. 12. The device of claim 11 , wherein the second computing device is associated with a service provider providing network access and security to the first computing device and the third computing device. 13. The device of claim 11 , wherein third computing device is associated with a third party service or cloud platform. 14. The device of claim 11 , wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key, wherein the token further comprises a header comprising the encrypted first key. 15. The device of claim 14 , wherein the token further comprises a Uniform Resource Locator (URL) providing a link to a public key certificate associated with the signature. 16. The device of claim 11 , wherein the encrypted data comprises information indicating at least one of: permissions of the first computing device, account information of the first computing device, or capabilities of the first computing device. 17. A method comprising: receiving, from a computing device over a trust boundary, a request for a token; generating a first key, wherein the first key comprises a random content encryption key (CEK); encrypting, using the first key, data comprising information associated with the computing device; encrypting, using a second key, the first key to generate an encrypted first key; generating a token comprising the encrypted first key, the encrypted data, and a signature signed using a third key; and sending, to the computing device over the trust boundary, the generated token. 18. The method of claim 17 , wherein the token further comprises a Uniform Resource Locator (URL) providing a link to a public key certificate associated with the signature. 19. The method of claim 17 , wherein the information indicates at least one of: permissions of the first computing device, account information of the first computing device, or capabilities of the first computing device. 20. The method of claim 17 , wherein the computing device communicates in an untrusted system.
Assignees
Inventors
Classifications
for controlling access to devices or network resources · CPC title
using a plurality of keys or algorithms · CPC title
involving digital signatures · CPC title
applying encryption of the keys · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11146398B2 cover?
- Methods and apparatuses are described herein for improved communications between a service and end devices via a gateway. A token may be in a signed encrypted state when sent to untrusted devices and may be signed, but not encrypted, when used by trusted devices. Untrusted devices may receive the encrypted token and may use it to access services. An untrusted device may send the received encryp…
- Who is the assignee on this patent?
- Comcast Cable Comm Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3213. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 12 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).