Using tokens for identification
Devices, owners, or third-party services can use tokens to identify either a service, a device, or a user. These tokens are small and easy to distribute in distributed transactions. They can also be challenged: a process used to verify that a sender is allowed to use a given token.
To get a token, the corresponding entity registers a certificate with a public key with the provisioning server, and gets a token as a response. Anyone receiving a token can ask the provisioning server for the corresponding public certificate. But only the original sender of the certificate retains the private key. To challenge a token, a challenge message is sent to the sender of the token. If the token is resent from another source, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access