| CPC H04L 9/3213 (2013.01) [H04L 9/3073 (2013.01)] | 16 Claims |
|
1. A system for enabling access across platforms, the system comprising:
one or more processors; and
one or more non-transitory, computer-readable storage media storing instructions, which when executed by the one or more processors cause the one or more processors to perform operations comprising:
receiving, at a server, an authorization request to generate an authorization token for a service, wherein the authorization request comprises i) an indication of a service public key associated with the service and ii) an encrypted service account token associated with the service, wherein the encrypted service account token is generated by encrypting a service account token using a first service key generated based on a client private key and a server public key, and wherein the client private key is associated with a requesting device hosting the service;
decrypting, using a second service key, the encrypted service account token, wherein the second service key is generated based on a client public key associated with the requesting device hosting the service and a server private key associated with the server;
generating, based on the service account token, a service identity for the service, wherein the service identity comprises a cluster identifier, a name space, and a deployment name, wherein the cluster identifier, the name space, and the deployment name are retrieved from the service account token;
generating, for the service identity, a key identifier and an access key pair comprising a private access key and a public access key;
generating a service identity token comprising the service identity, the private access key, and the key identifier;
generating a server token comprising access permissions for the service;
encrypting the server token and the service identity token using the second service key into an encrypted usage token; and
transmitting the encrypted usage token to the requesting device, the requesting device being configured for decrypting the encrypted usage token using the first service key.
|