| CPC H04L 9/3213 (2013.01) [H04L 9/3247 (2013.01); H04L 9/3263 (2013.01); H04L 9/3268 (2013.01); H04L 9/3297 (2013.01); H04L 63/166 (2013.01); H04L 2463/121 (2013.01)] | 16 Claims |
|
1. A method of providing secure data to a client device having a token, comprising:
(a) binding the token to the client device according to first token binding information comprising a first token identifier (ID), first client device fingerprint data, and a first timestamp, comprising:
receiving the first token binding information from the client device in a token binding service;
determining if the first token ID does not match a previously stored token ID;
if the first token ID does not match a previously stored token ID, associatively storing the first token ID with the first client device fingerprint data, and the first timestamp;
signing the first token binding information; and
returning the signed first token binding information to the client device;
(b) receiving a request to provide secure data to the client device in a service, the request comprising the signed first token binding information and timestamp;
(c) determining if the request to provide the secure data to the client device was received within an acceptable temporal range of the stored timestamp; and
(d) providing the requested secure data according to the determination, comprising:
if the request to provide the secure data to the client device was received within an acceptable temporal range of the first timestamp, providing the requested secure data;
if the request to provide the secure data to the client device was not received within an acceptable temporal range of the first timestamp:
rejecting the request to provide the secure data;
receiving second token binding information from the client device in a token binding service, the second token binding information comprising a second token ID and second client device fingerprint data and a second timestamp; and
providing the requested secure data according to the received second token binding information.
|