公开(公告)号：US10146932B2

公开(公告)日：2018-12-04

申请号：US15387776

申请日：2016-12-22

Applicant: Google LLC

Inventor： Arnar Birgisson ,  Yevgeniy Gutnik

IPC: G06F21/45 ,  G06F21/62 ,  H04L29/06 ,  H04W12/08

Abstract: In some implementations, after one or more users have each been granted a respective access token allowing access to a resource device, revocation data is received by the resource device. The revocation data indicates that the previously granted access to the resource device should be revoked. For example, the revocation data may indicate (i) a user, role, or permission level for which access is revoked and (ii) a duration that access to the resource device was allowed. After receiving the revocation data, the resource device receives token data derived from an access token that allows access to the resource device. The resource device determines that the access token relies on authorization of the user, role, or permission level indicated by the revocation data, and in response, the resource device denies access.