End-to-end service layer authentication
First Claim
Patent Images
1. A method comprising:
- receiving, from a first service layer entity performing delegated authentication on behalf of a second service layer entity, a request for one or more security credentials;
accessing a security profile associated with the second service layer entity, wherein the security profile comprises an indication of one or more security requirements associated with the second service layer entity, and wherein the one or more security requirements comprise an indication of at least one of a security level and a type of security protection mechanism associated with the second service layer entity;
generating, based on the security profile, the one or more security credentials; and
sending, to the first service layer entity, the one or more security credentials,wherein the one or more security credentials enable the first service layer entity to establish a security association with at least one other service layer entity over a network,wherein the first service layer entity is implemented on an apparatus of the network and the other service layer entity is implemented on another apparatus of the network, andwherein the first service layer entity and the other service layer entity are interconnected to one another by one or more intermediate service layer entities.
0 Assignments
0 Petitions
Accused Products
Abstract
A variety of mechanisms to perform End-to-End authentication between entities having diverse capabilities (E.g. processing, memory, etc.) and with no prior security associations are used. Security provisioning and configuration process is done such that appropriate security credentials, functions, scope and parameters may be provisioned to an Entity. Mechanisms to distribute the security credentials to other entities which could then use the credentials to perform an End-to-End authentication at the Service Layer or the Session Layer and using Direct or Delegated modes are developed.
158 Citations
20 Claims
-
1. A method comprising:
-
receiving, from a first service layer entity performing delegated authentication on behalf of a second service layer entity, a request for one or more security credentials; accessing a security profile associated with the second service layer entity, wherein the security profile comprises an indication of one or more security requirements associated with the second service layer entity, and wherein the one or more security requirements comprise an indication of at least one of a security level and a type of security protection mechanism associated with the second service layer entity; generating, based on the security profile, the one or more security credentials; and sending, to the first service layer entity, the one or more security credentials, wherein the one or more security credentials enable the first service layer entity to establish a security association with at least one other service layer entity over a network, wherein the first service layer entity is implemented on an apparatus of the network and the other service layer entity is implemented on another apparatus of the network, and wherein the first service layer entity and the other service layer entity are interconnected to one another by one or more intermediate service layer entities. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device comprising a processor and a memory, the memory storing computer-executable instructions which, when executed by the processor, cause the device to perform operations comprising:
-
receiving, from a first service layer entity performing delegated authentication on behalf of a second service layer entity, a request for one or more security credentials; accessing a security profile associated with the second service layer entity, wherein the security profile comprises an indication of one or more security requirements associated with the second service layer entity, and wherein the one or more security requirements comprise an indication of at least one of a security level and a type of security protection mechanism associated with the second service layer entity; generating, based on the security profile, the one or more security credentials; and sending, to the first service layer entity, the one or more security credentials, wherein the one or more security credentials enable first service layer entity to establish a security association with at least one other service layer entity over a network, wherein the first service layer entity is implemented on an apparatus of the network and the other service layer entity is implemented on another apparatus of the network, and wherein the first service layer entity and the other service layer entity are interconnected to one another by one or more intermediate service layer entities. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable storage medium comprising computer-executable instructions which, when executed by a processor of a device, cause the device to perform operations comprising:
-
receiving, from a first service layer entity performing delegated authentication on behalf of a second service layer entity, a request for one or more security credentials; accessing a security profile associated with the second service layer entity, wherein the security profile comprises an indication of one or more security requirements associated with the second service layer entity, and wherein the one or more security requirements comprise an indication of at least one of a security level and a type of security protection mechanism associated with the second service layer entity; generating, based on the security profile, the one or more security credentials; and sending, to the first service layer entity, the one or more security credentials, wherein the one or more security credentials enable the first service layer entity to establish a security association with at least one other service layer entity over a network, wherein the first service layer entity is implemented on an apparatus of the network and the other service layer entity is implemented on another apparatus of the network, and wherein the first service layer entity and the other service layer entity are interconnected to one another by one or more intermediate service layer entities. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification