People use computers to control access to resources. An ideal access control system allows access to users with permission and denies access to users without permission. As an example, an ideal medical record database allows a patient and their doctor access to the patient's medical records, and denies access to all other users.
Access control systems commonly perform at least two operations: authentication and authorization. An access control system first authenticates by determining and verifying the identity of a requesting user. The access control system then authorizes the resource access request, allowing the requesting user to access the requested resource.
Credentials are often used by access control systems to authenticate users. A credential (such as a username and password) can be used to both identify a user and verify the user's identity. Usernames and passwords are often used to access resources over the web, such as emails or videos from online streaming services. In commerce, a payment account number (PAN) is used to both authenticate a consumer and authorize a payment between the payment account associated with the PAN and an account associated with a merchant.
Credentials are frequently targeted by thieves because they allow for access to protected resources. Thieves target credentials (such as social security numbers, PANs, driver's license numbers, usernames and passwords, etc.) and use these credentials to impersonate victims, steal from bank accounts, take out loans, defame victims, etc.
Tokenization is a means to protect credentials. A token is a replacement for a credential. Rather than providing a credential to an access control system, a user can provide an access token. The access control system can detokenize the access token, determining the credential that the access token replaces. The access control system can authenticate the user based on the credential and authorize access to the requested resource. A lost or stolen access token can be revoked and replaced, preventing thieves from doing any serious damage.
While tokenization is useful in mitigating theft, conventional access tokens are non-transferable. This property prevents conventional access tokens from being used in a number of useful contexts (e.g., allowing a guest to access an apartment).
In this example, a resident living in an apartment complex may have an access token that they use to access the apartment complex. The access token may be thought of as an analog to a physical key. The access token may be stored on an electronic device, such as a smart card, key fob, or smart phone, and the resident may present the access token to an access control system via the electronic device.
The resident may be expecting a guest and may want to allow the guest access to the apartment complex. However, the resident cannot transfer the access token because it is bound to the resident's electronic device. Even if it were possible to transfer the access token, transferring the access token would effectively give the guest the same level of access as the resident, analogous to giving the guest a copy of a physical key. If at some point the resident does not want the guest to have access to the apartment, the resident needs to have the current access token revoked and have a new access token issued, analogous to changing the resident's lock, which is inconvenient to the resident. This example highlights a problem with conventional access tokens.
Embodiments of the invention solve these and other problems individually and collectively.