Methods and systems for secure onboarding of devices over a wireless network
US-2019200405-A1 · Jun 27, 2019 · US
Method for authorization management in a community of connected objects
US11277396B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11277396-B2 |
| Application number | US-201716345795-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 9, 2017 |
| Priority date | Nov 10, 2016 |
| Publication date | Mar 15, 2022 |
| Grant date | Mar 15, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present invention relates to a method for authorization management in a community (106) of connected objects (103, 104, 105), a master object being determined in said community, the method comprising:receipt, by the master object (102), of a request (110, 123, 130) to carry out an action concerning:the community (106) of connected objects (103, 104, 105) oran internal object of the community (106), the internal object being distinct from the master object (102);receipt (119, 124, 137) of a list of attributes (101), by an authentication server (107) that is distinct from the master object (102);after the list of attributes is verified by the authentication server (107) and a capability of the requesting object (101) is determined based on said list of attributes, receipt (201, 211, 221) by the master object (102) of an authentication token comprising said capability;transfer (202, 212, 222) of said authentication token to said requesting object (101).
First claim
Opening claim text (preview).
The invention claimed is: 1. Method for authorization management in a community of connected objects, a master object being determined in said community, the method comprising: receipt, by the master object from a requesting object, of a request to carry out an action concerning: the community of connected objects, or an internal object of the community, the internal object being distinct from the master object; receipt, by an authentication server that is distinct from the master object, of a list of certified attributes associated with the requesting object, an attribute being a characteristic linked to the requesting object, this characteristic being intrinsic to the requesting object; after the list of attributes is verified by the authentication server and a capability of the requesting object is determined based on said list of attributes, a capability being a set of authorizations describing the various actions or rights that the requesting object has, receipt by the master object of an authentication token comprising said capability; transfer of said authentication token to said requesting object by the master object; receipt of said authentication token by the master object; verification by the master object that the authentication token authorizes said action; transmission of a message authorizing said action if the verification is successful, wherein the request to carry out an action concerns the act of joining the community, and wherein the transmission of said message authorizing said action includes a transmission by the master object of a community token relating to said community; and upon receipt of said community token by the master object, updating a database stored in the master object in order to add a new member to said community. 2. Method according to claim 1 , wherein the request to carry out an action concerns the act of communicating with an internal object of the community that is distinct from the master object, and wherein the transmission of said message authorizing said action comprises a transmission by the master object of an object token relating to said internal object. 3. Method according to claim 1 , wherein the receipt of the request comes directly from the requesting object. 4. Method according to claim 2 , wherein the transmission of said message authorizing said action further comprises an address of the internal object. 5. Method according to claim 1 , wherein the receipt of the list of certified attributes takes place via the master object. 6. Method according to claim 1 , wherein the receipt of the list of certified attributes takes place via at least one certification server, said certification server having certified at least one attribute of the list of attributes. 7. Method according to claim 1 , wherein the method further comprises: negotiation between the requesting object and the authentication server in order to define at least one certification server able to certify at least one attribute of the list of attributes. 8. Method according to claim 1 , wherein the method further comprises: the requesting object sending a request for certification of at least one attribute, to a certification server. 9. Device able to be connected and to be part of a community of connected objects, wherein the device comprises: an interface for receiving a message from a requesting object; a processor adapted for: determining whether said received message comprises an authentication token comprising a capability authorizing an action relating to said device, the capability being a set of authorizations describing the various actions or rights that the requesting object has; if this determination is positive, transmitting said message to a master object of said community, said master object being able to verifying the validity of the authentication token, wherein a request to carry out the action concerns the act of joining the community, and wherein the transmission of said message authorizing said action includes a transmission by the master object of a community token relating to said community; an interface for receiving a response message from said master object; the processor being further adapted for: executing said action relating to said device if said response message comprises an indication that validates said authentication token; transmitting a result of the action to the requesting object; and upon receipt of said community token by the master object, updating a database stored in the master object in order to add a new member to said community. 10. Method for executing an action relating to a device, said device being connected and being part of a community of connected objects, wherein the method comprises: receiving a message from a requesting object; determining whether said received message comprises an authentication token comprising a capability authorizing the action relating to said device, the capability being a set of authorizations describing the various actions or rights that the requesting object has; if this determination is positive, transmitting said message to a master object of said community, said master object being able to verifying the validity of the authentication token; receiving a response message from said master object; executing said action relating to said device if the response message comprises an indication that validates said authentication token, wherein a request to carry out the action concerns the act of joining the community, and wherein the transmission of said message authorizing said action includes a transmission by the master object of a community token relating to said community; transmitting a result of the action to the requesting object; and upon receipt of said community token by the master object, updating a database stored in the master object in order to add a new member to said community. 11. Device able to be connected, wherein the device comprises: an interface for receiving a first message from a master object of a community of connected objects, said first message containing an authentication token comprising a capability of said device that is determined based on a list of certified attributes, an attribute being a characteristic linked to the requesting object, this characteristic being intrinsic to the requesting object, the capability being a set of authorizations describing the various actions or rights that the requesting object has; an interface for sending a second message to an object of said community, said second message containing said authentication token and a request to carry out an action, said action being: a request to join said community or a request to access a service offered by an internal object of said community, the internal object being distinct from the master object wherein a request to carry out the action concerns the act of joining the community; an interface for receiving a third message authorizing said action or indicating a result of said action, wherein transmission of the third message authorizing said action includes a transmission by the master object of a community token relating to said community; and upon receipt of said community token by the master object, updating a database stored in the master object in order to add a new member to said community. 12. Method for executing an action, wherein the method comprises the following steps implemented by a requesting object: receiving a first message from a master object of a community of connected objects, said first message containing an authentication token comprising a capability of said requesting object that is determined based on a list of
Assignees
Inventors
Classifications
Services for machine-to-machine communication [M2M] or machine type communication [MTC] · CPC title
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Grouping of entities · CPC title
specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11277396B2 cover?
- The present invention relates to a method for authorization management in a community (106) of connected objects (103, 104, 105), a master object being determined in said community, the method comprising:receipt, by the master object (102), of a request (110, 123, 130) to carry out an action concerning:the community (106) of connected objects (103, 104, 105) oran internal object of the communit…
- Who is the assignee on this patent?
- Orange
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 15 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).