Device validation using tokens
US-2021184854-A1 · Jun 17, 2021 · US
Identity verification method for network function service and related apparatus
US12052233B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12052233-B2 |
| Application number | US-202117512627-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 27, 2021 |
| Priority date | Apr 28, 2019 |
| Publication date | Jul 30, 2024 |
| Grant date | Jul 30, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In an identity verification method for a network function service, a network element receives from a requesting network element a network function (NF) service request that includes a token, The token includes first certificate information. The network element verifies the first certificate information to determine whether an identity represented by the first certificate information is consistent with an identity of the requesting network element. When the network element determines that the identity represented by the first certificate information is inconsistent with the identity of the requesting network element, the network element rejects the NF service request.
First claim
Opening claim text (preview).
The invention claimed is: 1. An identity verification method performed by a managing network element in a service network, comprising: receiving, via the service network, a network function (NF) service request from a requesting network element in the service network, wherein the NF service request comprises a service token for a first NF service provided by the managing network element, the service token is provided by a service token server of the service network for the first NF service and comprises first certificate information, wherein the first certificate information is related to a certificate of a requester of the service token and comprises identity information of the requester of the service token as used in the certificate of the requester of the service token, wherein the managing network element is a control plane network element of the service network, and the first certificate information comprises an identifier or an NF type of the requester of the service token; obtaining, via the service network, a certificate of the requesting network element; determining-whether the identity information of the requester of the service token in the first certificate information is consistent with identity information of the requesting network element in the certificate of the requesting network element; and upon determining that the identity information of the requester of the service token in the first certificate information is inconsistent with the identity information of the requesting network element in the certificate of the requesting network element, rejecting the NF service request. 2. The method according to claim 1 , wherein the identity information of the requester of the service token in the first certificate information comprises an identifier of the requester of the service token, and the identity information in the certificate of the requesting network element comprises an identifier of the requesting network element. 3. The method according to claim 1 , wherein the first certificate information comprises an NF type of the requester of the service token, and the certificate of the requesting network element indicates an NF type of the requesting network element. 4. A requester identity verification method performed by a requesting network element in a service network, comprising: obtaining, from a service token server in the service network, a service token corresponding to a first NF service provided by a managing network element in the service network, wherein the service token comprises first certificate information related to a certificate of a requester of the service token and comprising identity information of the requester of the service token as used in the certificate of the requester of the service token, wherein the managing network element is a control plane network element of the service network, and the first certificate information comprises an identifier or an NF type of the requester of the service token; sending an NF service request for the first NF service to the managing network element, wherein the NF service request comprises the service token; and receiving a reject message from the managing network element, wherein receiving the reject message indicates that the managing network element fails to verify the requesting network element based on the service token in the NF service request. 5. The method according to claim 4 , wherein the identity information in the first certificate information comprises an identifier of the requester of the service token. 6. The method according to claim 4 , wherein the identity information in the first certificate information comprises an NF type of the requester of the service token. 7. The method according to claim 4 , wherein the step of obtaining the service token corresponding to the first NF service comprises: sending a token obtaining request to the service token server in a control plane network of the service network; and receiving, by the requesting network element, the service token returned by the service token server. 8. A network element in a service network comprising: a transceiver for network communications; a memory storing executable instructions; a processor configured to execute the executable instructions to: receive, via the service network, a network function (NF) service request for a first NF service from a requesting network element in the service network, wherein the NF service request comprises a service token provided by a service token server of the service network for the first NF service, the service token comprises first certificate information related to a certificate of a requester of the service token and comprising identity information of the requester of the service token as used in the certificate of the requester of the service token, wherein the network element is a control plane network element of the service network, and the first certificate information comprises an identifier or an NF type of the requester of the service token; obtaining, via the service network, a certificate of the requesting network element; determine whether the identity information of the requester of the service token in the first certificate information is consistent with identity information of the requesting network element in the certificate of the requesting network element; and upon determining that the identity information of the requester in the service token in the first certificate information is inconsistent with the identity information of the requesting network element in the certificate of the requesting network element, reject the NF service request. 9. The network element according to claim 8 , wherein the processor is further configured to: process the NF service request when the identity information of the requester of the service token in represented by the first certificate information is consistent with the identity information of the requesting network element in the certificate of the requesting network element. 10. The network element according to claim 8 , wherein identify information in the first certificate information comprises an identifier of the requester of the service token, and the identity information in the certificate of the requesting network element comprises an identifier of the requesting network element. 11. The network element according to claim 8 , wherein the identify information in the first certificate information comprises an NF type of the requester of the service token, and the identify information of the requesting network element in the certificate of the requesting network element.
Assignees
Inventors
Classifications
Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources (admission control or resource allocation H04L47/70) · CPC title
Entity profiles · CPC title
using certificates · CPC title
using delegated authorisation, e.g. open authorisation [OAuth] protocol · CPC title
Program or device authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12052233B2 cover?
- In an identity verification method for a network function service, a network element receives from a requesting network element a network function (NF) service request that includes a token, The token includes first certificate information. The network element verifies the first certificate information to determine whether an identity represented by the first certificate information is consiste…
- Who is the assignee on this patent?
- Huawei Tech Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 30 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).