| CPC H04L 63/083 (2013.01) [H04L 63/0435 (2013.01); H04L 63/101 (2013.01); H04L 63/20 (2013.01); G06F 21/31 (2013.01); G06F 21/45 (2013.01); G06F 2221/2141 (2013.01); H04L 63/10 (2013.01)] | 18 Claims |
|
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for generating credentials with embedded information, the operations comprising:
securely accessing data associated with authorization of an identity, the identity being capable of accessing an access-controlled network resource based on assertion of an authentication credential to an entity associated with the access-controlled network resource, wherein the data associated with authorization of the identity includes at least one policy defining at least one rule for accessing the access-controlled network resource;
generating an intermediate value based on the data associated with authorization of the identity, wherein generating the intermediate value includes applying a predefined binary encoding to the data associated with authorization of the identity, and wherein the intermediate value includes a binary representation of the data associated with authorization of the identity and represents at least a portion of the at least one policy;
generating a secret data element based on application of a first secret logic algorithm to the intermediate value; and
making the secret data element available to be embedded in the authentication credential;
wherein the entity associated with the access-controlled network resource is implemented by one or more processors and is configured to:
validate the identity based on the at least one policy and based on the secret data element being included in the authentication credential; and
access the data associated with authorization of the identity based on application of a second secret logic algorithm to the secret data element.
|