What technology area does this patent fall under?

Primary CPC classification H04L9/3213. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Aug 29 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method and apparatus for secure token generation

US11743048B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11743048-B2
Application number	US-202117473172-A
Country	US
Kind code	B2
Filing date	Sep 13, 2021
Priority date	Aug 30, 2019
Publication date	Aug 29, 2023
Grant date	Aug 29, 2023

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods and apparatuses are described herein for improved communications between a service and end devices via a gateway. A token may be in a signed encrypted state when sent to untrusted devices and may be signed, but not encrypted, when used by trusted devices. Untrusted devices may receive the encrypted token and may use it to access services. An untrusted device may send the received encrypted token to the gateway, which may then send the token to its issuer so that the token issuer may decrypt the data payload. The token may then be sent back to the gateway, which may then read the decrypted data and verify whether the untrusted device is permitted to access the requested service. The gateway may then send, within the trusted domain, the request and token to the service provider so that the untrusted device can obtain access to the requested service.

First claim

Opening claim text (preview).

The invention claimed is: 1. A method comprising: receiving, from a first computing device communicating in an untrusted system, information comprising: a request for a service; and a token comprising a signature and encrypted data; sending, to a second computing device that generated the token and that communicates in a trusted system, the token; receiving, from the second computing device and based on the encrypted data, decrypted data indicating that the first computing device has permission to access the service; and sending, to a third computing device communicating in the trusted system and based on a determination that the first computing device has permission to access the service, the request for the service. 2. The method of claim 1 , wherein the second computing device is associated with a service provider providing network access and security to the first computing device and the third computing device. 3. The method of claim 1 , wherein the third computing device is associated with a third party service or cloud platform. 4. The method of claim 1 , wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key. 5. The method of claim 4 , wherein the token further comprises a header comprising the encrypted first key. 6. The method of claim 4 , wherein the first key is a random content encryption key (CEK). 7. The method of claim 4 , wherein the encrypted first key comprises an encrypted content encryption key (eCEK). 8. The method of claim 4 , wherein the second key is a public key. 9. The method of claim 4 , wherein the token further comprises a Uniform Resource Locator (URL) providing a link to a public key certificate associated with the signature. 10. The method of claim 1 , wherein the encrypted data comprises information indicating at least one of: permissions of the first computing device, account information of the first computing device, or capabilities of the first computing device. 11. A method comprising: receiving, from a first computing device communicating in an untrusted system, information comprising: a request for sensitive data; and a token comprising a signature and encrypted data; sending, to a second computing device that generated the token and that communicates in a trusted system, the token; receiving, from the second computing device and based on the encrypted data, decrypted data indicating that the first computing device has permission to access the sensitive data; and sending, to a third computing device communicating in the trusted system and based on a determination that the first computing device has permission to access the sensitive data, the request for sensitive data. 12. The method of claim 11 , wherein the second computing device is associated with a service provider providing network access and security to the first computing device and the third computing device. 13. The method of claim 11 , wherein the third computing device is associated with a third party service or cloud platform. 14. The method of claim 11 , wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key. 15. The method of claim 14 , wherein the token further comprises a header comprising the encrypted first key. 16. The method of claim 11 , wherein the encrypted data comprises information indicating at least one of: permissions of the first computing device, account information of the first computing device, or capabilities of the first computing device. 17. A method comprising: receiving, by a first computing device communicating in a trusted system and based on a request for a service from a second computing device communicating in an untrusted system, a token comprising a signature and encrypted data; determining, by the first computing device and based on the encrypted data, that the second computing device has permission to access the service; and sending, by the first computing device, decrypted data indicating that the second computing device has permission to access the service to cause sending, to a third computing device communicating in the trusted system, the request for the service. 18. The method of claim 17 , wherein the first computing device is associated with a service provider providing network access and security to the second computing device and the third computing device. 19. The method of claim 17 , wherein the third computing device is associated with a third party service or cloud platform. 20. The method of claim 17 , wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key.

Assignees

Comcast Cable Comm Llc

Inventors

Classifications

H04L9/3213Primary
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
H04L9/3247
involving digital signatures · CPC title
H04L9/3263
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
H04L63/10
for controlling access to devices or network resources · CPC title
H04L63/062Primary
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title

Patent family

Related publications grouped by family.

View patent family 74679243

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11743048B2 cover?: Methods and apparatuses are described herein for improved communications between a service and end devices via a gateway. A token may be in a signed encrypted state when sent to untrusted devices and may be signed, but not encrypted, when used by trusted devices. Untrusted devices may receive the encrypted token and may use it to access services. An untrusted device may send the received encryp…
Who is the assignee on this patent?: Comcast Cable Comm Llc
What technology area does this patent fall under?: Primary CPC classification H04L9/3213. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Aug 29 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).