IDENTITY MANAGEMENT SYSTEM

US 20160142392A1
Filed: 06/28/2013
Published: 05/19/2016
Est. Priority Date: 06/28/2013
Status: Active Grant

First Claim

Patent Images

1-48. -48. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is described a system for authenticating a client device in a network having a plurality of IDM components. One or more of the IDM components subscribes (using the publish-subscribe message pattern) to authentication requests published by client devices. The client device publishes an authentication request into the network. The most appropriate IDM component to process the published authentication request is selected, and the authentication request forwarded to the selected IDM component. The selected IDM component is then operated to negotiate with and authenticate the client device.

22 Citations

View as Search Results

68 Claims

1-48. -48. (canceled)

49. A client device in a network having a plurality of identity management, IDM, components, the client device comprising:
- a processor and a memory, said memory containing instructions executable by said processor to cause the processor to;
  
  generate a request for authentication;
  
  publish the authentication request using a publish-subscribe message pattern into the network via an input/output unit operably connected to the processor;
  
  receive an authentication initiation message from one of the IDM components in the network; and
  
  negotiate the receipt of authentication information from the IDM component.
- View Dependent Claims (50, 51, 52, 53, 54, 61, 66, 67, 68)
- - 50. The client device of claim 49, wherein the instructions are configured to cause the processor to request a service from a service provider in the network and to send the authentication information to the service provider.
  - 51. The client device of claim 49, wherein the authentication information includes an assertion token.
  - 52. The client device of claim 51, wherein the assertion token is service-specific.
  - 53. The client device of claim 49, wherein the authentication initiation message from the IDM component includes a certificate of the IDM component, and the instructions are configured to cause the processor to verify the certificate.
  - 54. The client device of claim 49, wherein the instructions are configured so that the negotiation includes the establishment of a secure session with the IDM component.
  - 61. The IDM component of claim 49, wherein the capabilities include one or more selected from a region of the IDM component, authentication protocols available to the IDM component, availability of IDM component, number of authentications currently being handled by IDM component.
  - 66. A memory comprising a computer program having a computer readable code which, when run on a device, causes it to behave as a device according to claim 49, the memory further comprising a computer readable means on which the computer program is stored.
  - 67. The memory according to claim 66, wherein the memory is arranged in the form of a computer program product.
  - 68. A vessel or vehicle comprising the client device of claim 49.

55. An identity management, IDM, component in a network having a plurality of IDM components, the IDM component comprising:
- a processor and a memory, said memory containing instructions executable by said processor to cause the processor to;
  
  subscribe, via an input/output unit, to authentication requests published in the network;
  
  receive an authentication request published by a client device;
  
  initiate a negotiation with the client device; and
  
  authenticate the client device or a user of the client device.
- View Dependent Claims (56, 57, 58, 59, 60)
- - 56. The IDM component of claim 55, wherein the authentication of the client device includes sending an assertion token to the client device.
  - 57. The IDM component of claim 55, wherein the instructions are configured to cause the processor to:
    - receive a verification request from a service provider in the network, the verification request including an identifier of the client device or user or the assertion token; and
      
      verify the authentication of the client device or user or assertion token to the service provider.
  - 58. The IDM component of claim 57, wherein the instructions are configured to cause the processor to subscribe to verification requests published in the network, and wherein the verification request received from the service provider is a verification request published by the service provider.
  - 59. The IDM component of claim 55, wherein the instructions are configured to cause the processor to subscribe to the authentication request and/or verification request at a broker in the network, and receive the published authentication request and/or verification request from said broker.
  - 60. The IDM component of claim 59, wherein the subscription includes details of the capabilities of the IDM component.

62. A service provider in a network having distributed identity management, IDM, components, the service provider comprising:
- a processor and a memory, said memory containing instructions executable by said processor to cause the processor to;
  
  receive, via an input/output device, a service request from a client device in the network, said service request including an authentication of the client and/or an assertion token and an identification of one of the IDM components in the network;
  
  send a verification request to the IDM component;
  
  receive a verification from the IDM component of the client authentication and/or assertion token; and
  
  deliver the requested service to the client device.

63. A service provider in a network having distributed identity management, IDM, components, the service provider comprising:
- a processor and a memory, said memory containing instructions executable by said processor to cause the processor to;
  
  receive, via an input/output device, a service request from a client device in the network, said service request including an authentication of the client and/or an assertion token;
  
  publish a verification request into the network;
  
  receive a verification, from one of the IDM components in the network, of the client authentication and/or assertion token; and
  
  deliver the requested service to the client device.

64. A broker in a network having distributed identity management, IDM, components, the broker comprising:
- a processor and a memory, said memory containing instructions executable by said processor to cause the processor to;
  
  receive, from at least one of the IDM components via an input/output device, a subscription to authentication requests;
  
  receive an authentication request published by a client device in the network;
  
  determine if the subscription matches the published authentication request; and
  
  forward the authentication request to one of the at least one IDM components.
- View Dependent Claims (65)
- - 65. The broker of claim 64, wherein the instructions are configured to cause the processor to determine if capabilities of the IDM component, included in the subscription, are suitable for the authentication request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
AHMED, Abu Shohel, JOKELA, Petri

Granted Patent

US 9,954,839 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/205   involving negotiation or de...

H04L 67/10   in which an application is ...

IDENTITY MANAGEMENT SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

68 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTITY MANAGEMENT SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

68 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links