Method and system for controlling access for mobile agents in home network environments
First Claim
Patent Images
1. A method for controlling access for a mobile agent, the method comprising the steps of:
- transmitting the mobile agent and a role to a domain management server;
determining, by the domain management server, a service of a platform corresponding to the role;
issuing, by the domain management server, a role ticket to the mobile agent based on the service of the platform;
transmitting the mobile agent and the role ticket to the platform;
verifying, by the platform, access authority to the service requested by the mobile agent through the role ticket;
granting, by the platform, the mobile agent access authority to the service, andperforming authentication for the mobile agent accessing a domain,wherein the role ticket authorizes the mobile agent to perform the service on the platform,wherein the step of performing authentication for the mobile agent comprises the steps of;
receiving an authenticator transmitted from the mobile agent; and
verifying integrity of data obtained by decoding a digital signature of the authenticator,wherein the authenticator comprises an ID of the mobile agent, an ID of a home platform, a message digest of an execution code corresponding to the mobile agent, a lifetime of the authenticator, the digital signature, and a certificate, andwherein the ID of the mobile agent is granted by the home platform when the mobile agent is created, in which the home platform corresponds to a home platform from which the mobile agent has been created.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a method and system for controlling access for a mobile agent in a home network environment. The method includes the steps of: issuing a role ticket to the mobile agent; verifying access authority to service requested by the mobile agent through the role ticket; and granting the mobile agent access authority to the service. Accordingly, a table for managing access authority of a user is distributed to devices, so that it is possible to provide the mobile agent access control method and system capable of minimizing network traffic in the home network environment.
-
Citations
20 Claims
-
1. A method for controlling access for a mobile agent, the method comprising the steps of:
-
transmitting the mobile agent and a role to a domain management server; determining, by the domain management server, a service of a platform corresponding to the role; issuing, by the domain management server, a role ticket to the mobile agent based on the service of the platform; transmitting the mobile agent and the role ticket to the platform; verifying, by the platform, access authority to the service requested by the mobile agent through the role ticket; granting, by the platform, the mobile agent access authority to the service, and performing authentication for the mobile agent accessing a domain, wherein the role ticket authorizes the mobile agent to perform the service on the platform, wherein the step of performing authentication for the mobile agent comprises the steps of; receiving an authenticator transmitted from the mobile agent; and verifying integrity of data obtained by decoding a digital signature of the authenticator, wherein the authenticator comprises an ID of the mobile agent, an ID of a home platform, a message digest of an execution code corresponding to the mobile agent, a lifetime of the authenticator, the digital signature, and a certificate, and wherein the ID of the mobile agent is granted by the home platform when the mobile agent is created, in which the home platform corresponds to a home platform from which the mobile agent has been created. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for controlling access for a mobile agent in a home network environment, the system comprises:
-
a domain management server which is a gateway of a domain, the domain management server performing authentication for a mobile agent which accesses the domain, and issuing a role ticket; and a platform for performing an integrity verification on the role ticket, verifying access authority of the mobile agent, and granting access authority to service, wherein; the domain management server is configured to receive the mobile agent and a role, determine a service of the platform corresponding to the role, issue a role ticket to the mobile agent based on the service of the platform, and transmit the mobile agent and role ticket to the platform, the platform is configured to verify access authority to the service requested by the mobile agent through the role ticket, and grant mobile agent access authority to the service, and wherein the domain corresponds to a region which is managed by the domain management server based on one access control policy, wherein the domain management server receives an authenticator transmitted from the mobile agent, and verifies integrity of data obtained by decoding a digital signature of the authenticator, in which the authenticator comprises an ID of the mobile agent, an ID of a home platform, a message digest of an execution code corresponding to the mobile agent, a lifetime of the authenticator, the digital signature, and a certificate, and wherein the ID of the mobile agent is granted by the home platform when the mobile agent is created. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer readable recording medium in which a program including instructions to be executed to perform an access control method for a mobile agent in an access control system of a home network environment is materially implemented, and is stored in such a manner as to be readable by the access control system, wherein the program comprises the steps of:
-
transmitting the mobile agent and a role to a domain management server; determining, by the domain management server, a service of a platform corresponding to the role; issuing, by the domain management server, a role ticket to the mobile agent based on the service of the platform; transmitting the mobile agent and role ticket to the platform; verifying, by the platform, access authority to the service requested by the mobile agent through the role ticket; granting, by the platform, the mobile agent access authority to the service, and performing authentication for the mobile agent accessing a domain, wherein the role ticket authorizes the mobile agent to perform the service on the platform, wherein the step of performing authentication for the mobile agent comprises the steps of; receiving an authenticator transmitted from the mobile agent; and verifying integrity of data obtained by decoding a digital signature of the authenticator, wherein the authenticator comprises an ID of the mobile agent, an ID of a home platform, a message digest of an execution code corresponding to the mobile agent, a lifetime of the authenticator, the digital signature, and a certificate, and wherein the ID of the mobile agent is granted by the home platform when the mobile agent is created, in which the home platform corresponds to a home platform from which the mobile agent has been created.
-
Specification