US 12,250,314 B2
Attribute based encryption key based third party data access authorization
Mark Duane Seaborn, Algonquin, IL (US); and Patrick Aaron Tamborski, Chicago, IL (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Feb. 13, 2023, as Appl. No. 18/109,129.
Prior Publication US 2024/0275584 A1, Aug. 15, 2024
Int. Cl. H04L 9/32 (2006.01); H04L 9/08 (2006.01)
CPC H04L 9/321 (2013.01) [H04L 9/0825 (2013.01); H04L 9/0866 (2013.01); H04L 9/3213 (2013.01)] 25 Claims
OG exemplary drawing
 
1. A method, in a data processing system, for computing resource access security, the method comprising:
authenticating, by authentication and authorization logic of the data processing system, a credential of a user agent to determine if the user agent is associated with an entity for which an attribute based encryption (ABE) key is to be generated;
generating, by the authentication and authorization logic, in response to determining that the user agent is associated with the entity for which an ABE key is to be generated, the ABE key and providing the ABE key to the user agent, wherein the ABE key corresponds to a set of attributes of the entity;
receiving, by a token issuance logic of the data processing system, a token request and the ABE key from a relying party computing device;
executing a decryption operation, by the token issuance logic, on locking metadata associated with at least one attribute value, based on the ABE key; and
issuing, by the token issuance logic, in response to the decryption operation successfully decrypting the locking metadata, a generated token to the relying party computing device based on the at least one attribute value, wherein the relying party computing device accesses the computing resources using the generated token.