| CPC H04L 9/0816 (2013.01) [H04L 9/0866 (2013.01); H04L 9/3213 (2013.01); H04L 9/3236 (2013.01); H04L 9/3247 (2013.01); H04L 9/3263 (2013.01); H04L 9/3271 (2013.01)] | 21 Claims |
|
1. A method at a device, comprising:
obtaining first information that asserts an identity of the device;
obtaining second information that asserts an identity of a user of the device;
generating, at a cryptographic component internal to the device, a public key of the device that corresponds to a private key of the device stored in the cryptographic component; and
registering, with a service of a resource management system that is operated by a party, the public key of the device to a combination of the device and the user, wherein registering the public key of the device comprises:
sending, to the service of the resource management system, a registration message that indicates the first information that asserts the identity of the device, the second information that asserts the identity of the user, and the public key of the device, the method further comprising:
receiving, based on the public key of the device being registered to the combination of the device and the user at the service of the resource management system, a refresh token;
requesting, after the refresh token is received, access to resources of a second party;
sending, based on the access to the resources of the second party being requested, the refresh token to the service of the resource management system;
receiving, in response to the refresh token, a session token associated with accessing the resources of the second party;
generating an access request that comprises the refresh token;
generating, based on access to the resources of the second party being requested, a string of random characters;
generating a hash of the string of random characters, wherein the string of random characters is included in the access request as a challenge as part of the access request being generated;
signing the access request with the private key of the device to obtain a signed access request;
sending, after the access request is signed, the signed access request to the service of the resource management system, wherein the refresh token is sent to the service of the resource management system in association with sending the signed access request to the service of the resource management system.
|