Methods and apparatus for identity and role management in communication networks
First Claim
Patent Images
1. A method for identity and role management in a communication network, the method comprisingassociating an entity with a key;
- associating the entity with a role;
associating the key and the role with a signature;
providing an identity of the entity, the key, the role and the signature to be accessed through the communication network in response to an authentication query specifying the role but not identifying the entity, the entity being selected from a set of entities each associated with the role specified in the authentication query, wherein the providing comprises publishing a resource record group comprising the key, the role and the signature in a name server communicatively coupled to the communication network, wherein the resource record group is associated with the identity; and
receiving a communication message routed through the communication network based on the provided identity of the entity and not the role specified in the authentication query, the identity being different from the role.
11 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for identity and role management in communication networks are disclosed. An example method for identity and role management in a communication network associates an entity with a key, associates the entity with a role, associates the key and the role with a signature, and enables the key, the role and the signature to be accessed through the communication network based on an identity of the entity.
-
Citations
40 Claims
-
1. A method for identity and role management in a communication network, the method comprising
associating an entity with a key; -
associating the entity with a role; associating the key and the role with a signature; providing an identity of the entity, the key, the role and the signature to be accessed through the communication network in response to an authentication query specifying the role but not identifying the entity, the entity being selected from a set of entities each associated with the role specified in the authentication query, wherein the providing comprises publishing a resource record group comprising the key, the role and the signature in a name server communicatively coupled to the communication network, wherein the resource record group is associated with the identity; and receiving a communication message routed through the communication network based on the provided identity of the entity and not the role specified in the authentication query, the identity being different from the role. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An article of manufacture storing machine readable instructions on a non-transitory storage medium which, when the machine readable instructions are executed by at least one processor, cause a machine comprising the at least one processor to:
-
associate the entity with a key; associate the entity with a role; associate the key and the role with a signature; provide an identity of the entity, the key, the role and the signature to be accessed through a communication network in response to an authentication query specifying the role but not identifying the entity, the entity being selected from a set of entities each associated with the role specified in the authentication query, wherein providing the identity, the key, the role, and the signature comprises publishing a resource record group comprising the key, the role and the signature in a name server communicatively coupled to the communication network, wherein the resource record group is associated with the identity; and receive a communication message routed through the communication network based on the provided obfuscated identity of the entity and not the role specified in the authentication query, the obfuscated identity being different from the role. - View Dependent Claims (22, 23, 24, 25)
-
-
26. An identity manager for identity and role management in a communication network, the identity manager comprising
a role manager comprising computer program instructions stored on at least one non-transitory medium, wherein said role manager is to determine a role to associate with an entity, and to associate a keyword with the role; -
a credential manager comprising computer program instructions stored on at least one non-transitory medium, wherein said credential manager is to; associate a key with the entity; and associate a signature with the key and the role; an identity publisher comprising computer program instructions stored on at least one non-transitory medium, wherein said identity publisher is to provide an identity of the entity, the key, the role and the signature to be accessed through the communication network in response to an authentication query specifying the role but not identifying the entity, the entity being selected from a set of entities each associated with the role specified in the authentication query, wherein providing the entity, the key, the role, and the signature comprises publishing a resource record group comprising the key, the role and the signature in a name server communicatively coupled to the communication network, wherein the resource record group is associated with the identity; a role server comprising computer program instructions stored on at least one non-transitory medium, wherein said role server is to provide the role to the authenticator to replace the keyword provided by the resource record group when the authenticator is determined to be authorized to access the role, the resource record group also including a reference to the role server to enable the authenticator to access the role server. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A system comprising:
-
a name server, comprising hardware, communicatively coupled to a communication network, the name server to associate a plurality of identities and a plurality of roles associated with a plurality of entities in the communication network; an identity manager, comprising hardware, communicatively coupled to at least one of the communication network or the name server, the identity manager to provide an identity of an entity, a key, a role and a signature to be accessed through the communication network in response to an authentication query specifying the role but not identifying the entity, the entity being selected from a set of entities each associated with the role specified in the authentication query, wherein providing the identity, the key, the role, and the signature comprises publishing a resource record group comprising the key, the role and the signature in a name server communicatively coupled to the communication network, wherein the resource record group is associated with the identity, wherein said identity manager manages the plurality of identities and the plurality of roles associated with the plurality of entities; and an authentication processor, comprising hardware, communicatively coupled to the communication network, the authentication processor to authenticate an identity and a role associated with an entity provided by the name server in response to an authentication query specifying the role associated with the entity but not identifying the entity. - View Dependent Claims (39, 40)
-
Specification