US Patent No. 10,992,660

AUTHENTICATION AND AUTHORIZATION OF A PRIVILEGE-CONSTRAINED APPLICATION


Patent No. 10,992,660
Issue Date April 27, 2021
Title Authentication And Authorization Of A Privilege-constrained Application
Inventorship Jesper Mikael Johansson, Redmond, WA (US)
Jon Arron McClintock, Seattle, WA (US)
Assignee Amazon Technologies, Inc., Seattle, WA (US)

Claim of US Patent No. 10,992,660

13. A computer implemented method, comprising:receiving a request for access to a remote resource and a permitted action token from a privilege-constrained application, the permitted action token associated with an application-identifying application key embedded within the privilege-constrained application, the permitted action token identifying a limited set of privileges that the privilege-constrained application is authorized to perform in connection with the remote resource, the request further directing the remote resource to perform an action of interest;
accessing the remote resource in response to the request according to the limited set of privileges identified in the permitted access token;
passing the request to the remote resource when the action of interest falls within the limited set of privileges identified by the permitted action token; and
blocking the request when the action of interest falls outside the limited set of privileges;
wherein the limited set of privileges comprises less than a full set of privileges that would be performable by the privilege-constrained application when unconstrained, the limited set of privileges placing restrictions on at least one operation performed in connection with the remote resource, wherein the privilege-constrained application is authorized to perform at least one permitted action in connection with the remote resource and lacks permission to perform at least one blocked action in connection with the remote resource according to the limited set of privileges.