METHOD FOR ESTABLISHING RESOURCE ACCESS AUTHORIZATION IN M2M COMMUNICATION

US 20150143472A1
Filed: 11/21/2012
Published: 05/21/2015
Est. Priority Date: 05/30/2012
Status: Active Grant

First Claim

Patent Images

1-34. -34. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for establishing a resource access authorization in M2M communication is provided. When an entity including a terminal, a gateway and an end user as client in a first M2M service provider domain attempts to access resource located in terminal or gateway in second M2M service provider domain, the method includes receiving client credential allocated from M2M Authentication Server (MAS1) in first M2M service provider domain by performing client registration to Network Service Capabilities Layer (NSCL1) in first M2M service provider domain by client, requesting an authorization to access resource to resource owner through NSCL (NSCL2) in second M2M service provider domain based on information about Universal Resource Identifier (URI) of resource by client, verifying client through MAS1 by the resource owner, authorizing client to access the resource by the resource owner, and issuing access token to the client by MAS (MAS2) in second M2M service provider domain.

35 Citations

View as Search Results

57 Claims

1-34. -34. (canceled)

35. A method for establishing an authorization to access resource in Machine-to-Machine (M2M) communication, when an entity selected from a terminal, a gateway and an end user as a client in an M2M service provider domain attempts to access resource located in a terminal or a gateway in the same M2M service provider domain, the method comprising:
- receiving by the client a client credential allocated from an authentication server for providing an authentication service in the M2M service provider domain by performing a client registration to a service layer of an M2M server for providing an M2M service which is required in the M2M service provider domain;
  
  requesting an authorization to access the resource to a resource owner of the resource through the service layer based on information about a Universal Resource Identifier (URI) of the resource by the client;
  
  verifying by the resource owner the client through the authentication server;
  
  granting the authorization for the client to access the resource by the resource owner; and
  
  issuing an access token to the client by the authentication server in the M2M service provider domain.
- View Dependent Claims (36, 37, 38, 40, 42)
- - 36. The method of claim 35, further comprising acquiring the information about the URI of the resource through one of the service layer and the resource owner by the client.
  - 37. The method of claim 35, further comprising:
    - issuing an authorization code to the client by the authentication server; and
      
      requesting an access token to the authentication server using the issued authorization code by the client.
  - 38. The method of claim 35, wherein the authorization comprises:
    - requesting generation or update of an access right source associated with the resource to an entity in which the resource is located; and
      
      notifying the authentication server that the client has been authorized.
  - 40. The method of claim 35, wherein a lifetime is set for the access token.
  - 42. The method of claim 40, further comprising acquiring information about the resource through one of the service layer and the resource owner.

39. (canceled)

41. A method for accessing resource located in a terminal or a gateway in a Machine-to-Machine (M2M) service provider domain by an entity selected from a terminal, a gateway and an end user as a client in the same M2M service provider domain, the method comprising:
- receiving a client credential allocated from an authentication server for providing an authentication service which is required in the M2M service provider domain by performing a client registration to a service layer of an M2M server for providing an M2M service in the M2M service provider domain;
  
  requesting an authorization to access the resource to a resource owner of the resource based on information about a Universal Resource Identifier (URI) of the resource;
  
  receiving an access token issued from the MAS in the M2M service provider domain; and
  
  accessing the resource based on the issued access token.
- View Dependent Claims (43, 44)
- - 43. The method of claim 41, wherein the client credential includes Client_identifier identifying the client and Client_Secret used as a password corresponding to the Client_identifier.
  - 44. The method of claim 41, further comprising:
    - getting an authorization code issued from the authentication server, as an indication indicating that the authorization request has been accepted; and
      
      requesting an access token to the authentication server using the issued authorization code.

45. A method for establishing an authorization of a client to access resource located in a terminal or a gateway in a Machine-to-Machine (M2M) service provider domain by a resource owner of the resource, the client being one of a terminal, a gateway, and an end user in the M2M service provider domain, the method comprising:
- receiving an authorization request for the client;
  
  verifying the client through an authentication server for providing an authentication service which is required in the M2M service provider domain; and
  
  authorizing the client to an entity in which the resource is located and the authentication server.
- View Dependent Claims (46, 47, 48, 49)
- - 46. The method of claim 45, wherein the reception of an authorization request comprises receiving an authorization request message for the client through a service layer, andwherein the authorization request message includes information about a client credential of the client and authorization type information.
  - 47. The method of claim 46, wherein the verification of the client comprises determining whether the client is normally registered to the authentication server based on the information about the client credential of the client.
  - 48. The method of claim 45, wherein the authorization comprises:
    - requesting generation or update of an access right resource for the resource to an entity in which the resource is located; and
      
      notifying the authentication server that the client has been authorized.
  - 49. The method of claim 48, wherein if the resource owner is identical to the entity in which the resource is located, the requesting of generation or update of an access right resource comprises requesting generation or update of the access right resource locally.

50. A method for authorizing access of a client to resource by a terminal or gateway having the resource in Machine-to-Machine (M2M) communication, the method comprising:
- receiving an authorization request for the client from a resource owner of the resource;
  
  establishing an authorization of the client to access the resource;
  
  receiving an access token issued to the client from an authentication server for providing an authentication service; and
  
  determining whether to authorize the client to access the resource according to whether the access token received from the authentication server is identical to an access token provided by the client.
- View Dependent Claims (51, 54, 55, 56, 57)
- - 51. The method of claim 50, wherein the receiving of the authorization request comprises receiving the authorization request locally, if the terminal or gateway having the resource is identical to the resource owner.
  - 54. The method of claim 50, wherein the receiving of the authorization request comprises receiving an authorization request message including information about at least one of a client credential of the client, an access scope, and a resource location.
  - 55. The method of claim 54, wherein the establishing the authorization comprises generating or updating an access right resource having information about an authorization to access the resource based on information included in the authorization request message.
  - 56. The method of claim 55, wherein the receiving of the access token comprises managing the received access token by mapping the access token to the access right resource.
  - 57. The method of claim 55, wherein the determining of whether to authorize the client to access the resource comprises checking an allowed access scope for the client from the access right resource.

52. (canceled)

53. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Moda Inc.
Original Assignee
Moda Inc.
Inventors
Kim, Yong-jin, Kim, Kyung-su, Lee, Jaeho

Granted Patent

US 9,319,413 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0892   by using authentication-aut...

H04L 63/10   for controlling access to d...

H04W 12/069   using certificates or pre-s...

H04W 12/084   using delegated authorisati...

H04W 4/70   Services for machine-to-mac...

H04W 48/02   Access restriction performe...

METHOD FOR ESTABLISHING RESOURCE ACCESS AUTHORIZATION IN M2M COMMUNICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR ESTABLISHING RESOURCE ACCESS AUTHORIZATION IN M2M COMMUNICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links