| CPC H04L 63/0272 (2013.01) [H04L 9/3213 (2013.01); H04L 63/0435 (2013.01); H04L 63/0876 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A method for providing access by a device to a resource server, the method comprising:
transmitting a first part of a master session key to the resource server;
responsive to transmitting the first part of the master session key to the resource server, receiving a second part of the master session key from the resource server;
generating, using a resource client software application installed on the device, from the first part and the second part of the master session key, the master session key for a communication session between the device and the resource server;
transmitting, from the device to an identity platform, an authentication request for providing an access token for use by the device in accessing the resource server for the communication session between the device and the resource server, the authentication request including a nonce derived using the resource client software application installed on the device, the nonce derived from the master session key by generating a hash of the master session key;
determining if the resource server requires compliance with one or more conditional access policies;
upon determining that the resource server requires compliance with the one or more conditional access policies, transmitting information to the identity platform that verifies that the device complies with the one or more conditional access policies, and
responsive to transmitting the authentication request, receiving the access token from the identity platform, the access token including the nonce and the access token including information that provides confirmation that the device complies with the one or more conditional access policies.
|