View All Documents & Correspondence
Method And System For Generating Authorization Token Using Attribute Based Access Control And Authorization Framework
Abstract: A method and system is provided for generating secured authorization token using an attribute based access control and authorization (AACA) framework. The present application provides a method and system for generating a secured authorization token for allowing secured access to an application registered on the AACA framework, comprises receiving a signed and encrypted request object from the application, authenticating the request object by decrypting the request object and verifying the signature on the request object. Prompting the client device to provide user credentials. Validating the user credentials generating and a secured authorization token after successful validation. Sending a signed and encrypted response object to the application wherein the encrypted response object contains the authorization token. Authorizing the at least one client device and the application to access resources on the AACA framework after decrypting the encrypted response object and verifying the signature on decrypted response object.
Notices, Deadlines & Correspondence
Patent Information
Applicants
TATA CONSULTANCY SERVICES LIMITED
Inventors
1. REDDY, Rajidi Satish Chandra
2. GOPU, Srinivas Reddy
Specification
Claims:1. A method for generating secured authorization tokens; the method comprising processor implemented steps of:
registering an application on an attribute based access control and authorization (AACA) framework, wherein registration comprises:
generating a application id, an application password, an application key having a private key and a public key for the application and a certificate comprising an AACA framework public key; and
sending the generated application id, application password, application key and certificate to the application;
receiving, a request object from the application for a user authorization to access the user’s resources on the AACA framework, wherein the request object comprises the application id and the application password which are encrypted using a session key and the session key which is encrypted using the AACA framework public key such that the request object is signed using an application private key;
authenticating the request object, by decrypting the session key using an AACA framework private key, decrypting the request using the decrypted session key and verifying the signature using the application public key;
displaying, a login interface on at least one client device on successful authentication of the request object;
receiving a user credentials from the login interface displayed on the at least one client device wherein user credential include user id, password, mac address and login time of the at least one client device; and
generating an authorization token based on user id, mac address and login time of the at least one client device, after validating the received user credentials.
2. The method according to claim 1 further comprising:
sending an encrypted response object to the application, wherein the response object is encrypted using the session key and signed using AACA framework private key and wherein the encrypted response object contains the authorization token; and
authorizing, by the user, the at least one client device and the application to access the user’s resources on the AACA framework.
3. The method of claim 1 wherein validation of user credentials comprises matching of the user credentials received using the login page with a previously stored user credentials on a memory operatively coupled with the AACA framework.
4. The method of claim 2 further comprising generating, by at least one client device, one or more policies for allowing the application to use one or more resources of the AACA framework.
5. The method according to claim 2 wherein authorization comprises:
decrypting , by the application, the encrypted response object, using the session key to generate a decrypted response object; and
verifying the signature on the decrypted response object using the AACA framework public key.
6. The method according to claim 1 wherein the generation of authorization token comprises:
generating a unique string by combining user id, password, mac address and login time of the at least one client device and
generating the authorization token by generating the hash of the unique string and by implementing MD5 algorithm on the unique string.
7. The method according to claim 1 wherein the authorization token expires after a predetermined time period and wherein the authorization token is stored by the AACA framework in a memory during the predetermined time period.
8. The method according to claim 1 wherein the authorization token expires if the application is not accessed by the at least one client device for a predetermined time period, wherein the authorization token is stored by the AACA framework in a memory until it expires.
9. A system (102), for generating secured authorization tokens, comprising a processor (410) configured to:
register an application on an attribute based access control and authorization (AACA) framework, wherein registration comprises:
generating an application Id, an application password, an application key having a private key and a public key for the application and a certificate comprising an AACA framework public key; and
sending the generated application id, application password, application key and certificate to the application;
receive, a request object from the application for a user authorization to access the user’s resources on the AACA framework, wherein the request object comprises the application id and the application password which are encrypted using a session key and the session key which is encrypted using the AACA framework public key such that the request object is signed using an application private;
authenticate the request object, by decrypting the session key using an AACA framework private key, decrypting the request using the decrypted session key and verifying the signature using an application public key;
display, a login interface on the at least one client device on successful authentication of the request object;
receive an user credentials from the login interface displayed on the at least one client device wherein user credential include user id, password, mac address and login time of the at least one client device;
generate an authorization token based on user id, password, mac address and login time of the at least one client device, after validating the received user credentials; and
a memory (412) coupled to the processor (410) and configured to provide the processor (412) with instructions.
10. The system (102) according to claim 9, further configured to:
send an encrypted response object to the application, wherein the response object is encrypted using the session key and signed using AACA framework private key and wherein the encrypted response object contains the authorization token; and
authorize, by the user, the at least one client device and the application to access resources on the AACA framework.
11. The system (102) of claim 10, wherein authorization comprises:
decrypting , by the application, the encrypted response object, using the session key to generate a decrypted response object; and
verifying the signature on the decrypted response object using an AACA framework public key.
12. The system (102) of claim 9 wherein the system is further configured to:
generate a unique string by combining user id, password, mac address and login time of the at least one client device; and
generate the authorization token by generating the hash of the unique string and by implementing MD5 algorithm on the unique string;
13. The system according to claim 9 further configured such that the authorization token expires after a predetermined time period and wherein the authorization token is stored by the AACA framework in the memory (206) during the predetermined time period.
14. The system according to claim 9 further configured such that the authorization token expires if the application is not accessed by the at least one client device for a
predetermined time period, wherein the authorization token is stored by the AACA framework in the memory (206) until it expires.
, Description:As Attached
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | Form 5 [02-02-2016(online)].pdf | 2016-02-02 |
| 2 | Form 3 [02-02-2016(online)].pdf | 2016-02-02 |
| 3 | Form 18 [02-02-2016(online)].pdf | 2016-02-02 |
| 4 | Drawing [02-02-2016(online)].pdf | 2016-02-02 |
| 5 | Description(Complete) [02-02-2016(online)].pdf | 2016-02-02 |
| 6 | ABSTRACT1.jpg | 2018-08-11 |
| 7 | 201621003756-Power of Attorney-220416.pdf | 2018-08-11 |
| 8 | 201621003756-Form 1-150216.pdf | 2018-08-11 |
| 9 | 201621003756-Correspondence-220416.pdf | 2018-08-11 |
| 10 | 201621003756-Correspondence-150216.pdf | 2018-08-11 |
| 11 | 201621003756-FER.pdf | 2020-06-12 |
| 12 | 201621003756-FER_SER_REPLY [11-12-2020(online)].pdf | 2020-12-11 |
| 13 | 201621003756-DRAWING [11-12-2020(online)].pdf | 2020-12-11 |
| 14 | 201621003756-CLAIMS [11-12-2020(online)].pdf | 2020-12-11 |
| 15 | 201621003756-US(14)-HearingNotice-(HearingDate-13-02-2024).pdf | 2024-01-09 |
| 16 | 201621003756-Correspondence to notify the Controller [07-02-2024(online)].pdf | 2024-02-07 |
| 17 | 201621003756-FORM-26 [12-02-2024(online)].pdf | 2024-02-12 |
| 18 | 201621003756-Written submissions and relevant documents [28-02-2024(online)].pdf | 2024-02-28 |
| 19 | 201621003756-PatentCertificate14-03-2024.pdf | 2024-03-14 |
| 20 | 201621003756-IntimationOfGrant14-03-2024.pdf | 2024-03-14 |
Search Strategy
| 1 | search003756E_11-06-2020.pdf |
| 2 | amdsearch003756AE_13-07-2021.pdf |