End-to-end service layer authentication
First Claim
1. A method for securing a message to be transmitted from a first application entity to a target one of a plurality of service layer entities over a network, the method comprising:
- requesting, by the first application entity from a trusted third party entity on the network, first credentials to be used for end-to-end authentication of the message by the first application entity and the target service layer entity;
wherein the first application entity is implemented on a first apparatus of the network and the plurality of service layer entities are implemented on respective other apparatuses of the network;
wherein the message is transmitted on a path through the network that traverses one or more intermediate service layer entities between the first application entity and the target service layer entity;
receiving, from the trusted third party on the network, the first credentials;
generating, by the first application entity based on the first credentials and at least some information associated with the message, an authentication code for authenticating the message;
transmitting, by the first application entity to a first intermediate service layer entity on the path to the target service layer entity, via a secure tunnel established between the first application entity and the first intermediate service layer entity using credentials that are different from the first credentials, the message and the authentication code;
wherein the message and the authentication code are securely transmitted thereafter from intermediate service layer entity-to-intermediate service layer entity along the path until they reach the target service layer entity, and wherein each transmission from one intermediate service layer entity to a next intermediate service layer entity along the path is secured using credentials that are different from the first credentials; and
wherein the target service layer entity, upon receiving the message and the authentication code, uses the authentication code and the first credentials to authenticate the message at the target service layer entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A variety of mechanisms to perform End-to-End authentication between entities having diverse capabilities (E.g. processing, memory, etc.) and with no prior security associations are used. Security provisioning and configuration process is done such that appropriate security credentials, functions, scope and parameters may be provisioned to an Entity. Mechanisms to distribute the security credentials to other entities which could then use the credentials to perform an End-to-End authentication at the Service Layer or the Session Layer and using Direct or Delegated modes are developed.
-
Citations
18 Claims
-
1. A method for securing a message to be transmitted from a first application entity to a target one of a plurality of service layer entities over a network, the method comprising:
-
requesting, by the first application entity from a trusted third party entity on the network, first credentials to be used for end-to-end authentication of the message by the first application entity and the target service layer entity; wherein the first application entity is implemented on a first apparatus of the network and the plurality of service layer entities are implemented on respective other apparatuses of the network; wherein the message is transmitted on a path through the network that traverses one or more intermediate service layer entities between the first application entity and the target service layer entity; receiving, from the trusted third party on the network, the first credentials; generating, by the first application entity based on the first credentials and at least some information associated with the message, an authentication code for authenticating the message; transmitting, by the first application entity to a first intermediate service layer entity on the path to the target service layer entity, via a secure tunnel established between the first application entity and the first intermediate service layer entity using credentials that are different from the first credentials, the message and the authentication code; wherein the message and the authentication code are securely transmitted thereafter from intermediate service layer entity-to-intermediate service layer entity along the path until they reach the target service layer entity, and wherein each transmission from one intermediate service layer entity to a next intermediate service layer entity along the path is secured using credentials that are different from the first credentials; and wherein the target service layer entity, upon receiving the message and the authentication code, uses the authentication code and the first credentials to authenticate the message at the target service layer entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A first application entity implemented on a first apparatus of a network, the first application entity being configured to secure a message to be transmitted from the first application entity to a target one of a plurality of service layer entities implemented on respective other apparatuses of the network the first application entity being configured to implement a method comprising:
-
requesting, by the first application entity from a trusted third party entity on the network, first credentials to be used for end-to-end authentication of the message by the first application entity and the target service layer entity; wherein the message is transmitted on a path through the network that traverses one or more intermediate service layer entities between the first application entity and the target service layer entity; receiving, from the trusted third party on the network, the first credentials; generating, by the first application entity based on the first credentials and at least some information associated with the message, an authentication code for authenticating the message; transmitting, by the first application entity to a first intermediate service layer entity on the path to the target service layer entity, via a secure tunnel established between the first application entity and the first intermediate service layer entity using credentials that are different from the first credentials, the message and the authentication code; wherein the message and the authentication code are securely transmitted thereafter from intermediate service layer entity-to-intermediate service layer entity along the path until they reach the target service layer entity, and wherein each transmission from one intermediate service layer entity to a next intermediate service layer entity along the path is secured using credentials that are different from the first credentials; and wherein the target service layer entity, upon receiving the message and the authentication code, uses the authentication code and the first credentials to authenticate the message at the target service layer entity. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification