System, apparatus and method for managing lifecycle of secure publish-subscribe system
First Claim
1. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a system to:
- receive a first request, for a first security ticket, from a first device, wherein the first request includes;
(a)(i) a first device identity credential corresponding to a role for the first device with a publish-subscribe protocol of a distributed network, and (a)(ii) a first filter element associated with a publish-subscribe protocol;
send the first security ticket, which is restricted to the first filter element, to the first device;
receive a second request, for a second security ticket, from a second device that is a publisher for the first filter element, wherein the second request includes the first filter element; and
send the second security ticket to the second device, the second security ticket being restricted to the first filter element;
wherein (a) the first security ticket includes a first key, (b) the second security ticket includes a second key, (c) the second key is a symmetric group key, (d) receiving the first request includes receiving the first request into a memory, and (e) sending the first security ticket includes sending the first security ticket via a processor that is coupled to the memory.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes: request enrollment of the device with an identity provider, the enrollment including at least one role for the device for a publish-subscribe protocol of a distributed network; receiving a device identity credential from the identity provider and store the device identity credential in the device; receiving a ticket credential for a first topic associated with a first publisher, the ticket credential including the at least one role for the device; receiving a group key from a key manager for a group associated with the publish-subscribe protocol; and receiving content for the first topic in the device, the content protected by the group key.
15 Citations
24 Claims
-
1. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a system to:
-
receive a first request, for a first security ticket, from a first device, wherein the first request includes;
(a)(i) a first device identity credential corresponding to a role for the first device with a publish-subscribe protocol of a distributed network, and (a)(ii) a first filter element associated with a publish-subscribe protocol;send the first security ticket, which is restricted to the first filter element, to the first device; receive a second request, for a second security ticket, from a second device that is a publisher for the first filter element, wherein the second request includes the first filter element; and send the second security ticket to the second device, the second security ticket being restricted to the first filter element; wherein (a) the first security ticket includes a first key, (b) the second security ticket includes a second key, (c) the second key is a symmetric group key, (d) receiving the first request includes receiving the first request into a memory, and (e) sending the first security ticket includes sending the first security ticket via a processor that is coupled to the memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a first device to:
-
request enrollment of the first device with an identity provider, the enrollment including a role for the first device for a publish-subscribe protocol of a distributed network; receive a first device identity credential, from the identity provider and corresponding to the role, and store the first device identity credential in at least one memory of the first device; send a first request, for a first security ticket, to a key manager, wherein the first request includes;
(a)(i) the first device identity credential, and (a)(ii) a first filter element associated with the a publish-subscribe protocol; andreceive the first security ticket, which is restricted to the first filter element, from the key manager; wherein (a) the first security ticket includes a first key, (b) receiving the first security ticket includes receiving the first security ticket into the at least one memory, and (c) sending the first request includes sending the first request via a processor that is coupled to the at least one memory. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An apparatus comprising:
-
at least one memory; and at least one processor, coupled to the at least one memory, to perform operations comprising; request at least one enrollment with at least one identity provider, the enrollment including at least one role for the apparatus for a publish-subscribe protocol of a distributed network; receive at least one first identity credential, from the at least one identity provider and corresponding to the at least on role, and store the at least one first device identity credential in the at least one memory; send at least one first request, for at least one first security ticket, to at least one key manager, wherein the at least one first request includes;
(a)(i) the at least one first identity credential, and (a)(ii) at least one first filter element associated with the a publish-subscribe protocol; andreceive the at least one first security ticket, which is restricted to the at least one first filter element, from the at least one key manager; wherein (a) the at least one first security ticket includes at least one first key, (b) receiving the at least one first security ticket includes receiving the at least one first security ticket into the at least one memory, and (c) sending the at least one first request includes sending the at least one first request via the at least one processor. - View Dependent Claims (24)
-
Specification