What technology area does this patent fall under?

Primary CPC classification H04L63/102. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jul 22 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Intent-based identity access management systems and methods

US12368702B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12368702-B2
Application number	US-202318324301-A
Country	US
Kind code	B2
Filing date	May 26, 2023
Priority date	May 26, 2022
Publication date	Jul 22, 2025
Grant date	Jul 22, 2025

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

An identity and access management system including: a processor; and memory including instructions that, when executed by the processor, cause the processor to: receive an API token request for an authorization token to authorize an application function associated with a target API of an application; determine identity information from the API token request; retrieve attributes associated with the identity information; identify the target API and an API function profile associated with the target API for the application function; filter the attributes associated with the identity information based on the API function profile; generate the authorization token according to the filtered attributes; and transmit the authorization token in response to the API token request.

First claim

Opening claim text (preview).

What is claimed is: 1. An identity and access management system comprising: at least one processor; and memory comprising instructions that, when executed by the at least one processor, cause the processor to: receive an application programming interface (API) token request for an authorization token to authorize an application function associated with a target API of an application; determine identity information from the API token request; retrieve attributes associated with the identity information; identify the target API and an API function profile associated with the target API for the application function; filter the attributes associated with the identity information based on the API function profile; generate the authorization token according to the filtered attributes; transmit the authorization token in response to the API token request; identify one or more API authorization policies based on the API function profile, wherein the API authorization policies enable only the application function associated with the target API from among a plurality of application functions associated with the application of the target API; execute the one or more API authorization policies based on the filtered attributes to generate the authorization token; receive API requirements registered in an API marketplace for the target API, the API requirements including at least the application function associated with the target API and application requirements for the authorization token to enable the application function by the target API; generate the API authorization policies based on the application function and the application requirements; generate the API function profile for the target API based on the API authorization polices; and associate the API function profile with the target API. 2. The system of claim 1 , wherein the attributes are retrieved from a master data management store configured to store various attributes of various applications and users. 3. The system of claim 1 , wherein the API function profile includes a plurality of attribute types to be included in the authorization token generated for the target API. 4. The system of claim 1 , wherein the authorization token enables only the application function associated with the target API from among a plurality of application functions associated with the application of the target API. 5. A method, comprising: receiving an application programming interface (API) token request for an authorization token to authorize an application function associated with a target API of an application; determining identity information from the API token request; retrieving attributes associated with the identity information; identifying the target API and an API function profile associated with the target API for the application function; filtering the attributes associated with the identity information based on the API function profile; generating the authorization token according to the filtered attributes; transmitting the authorization token in response to the API token request; identifying one or more API authorization policies based on the API function profile, wherein the API authorization policies enable only the application function associated with the target API from among a plurality of application functions associated with the application of the target API; executing the one or more API authorization policies based on the filtered attributes to generate the authorization token; receiving API requirements registered in an API marketplace for the target API, the API requirements including at least the application function associated with the target API and application requirements for the authorization token to enable the application function by the target API; generating the API authorization policies based on the application function and the application requirements; generating the API function profile for the target API based on the API authorization polices; and associating the API function profile with the target API. 6. The method of claim 5 , wherein the attributes are retrieved from a master data management store configured to store various attributes of various applications and users. 7. The method of claim 5 , wherein the API function profile includes a plurality of attribute types to be included in the authorization token generated for the target API. 8. The method of claim 5 , wherein the authorization token enables only the application function associated with the target API from among a plurality of application functions associated with the application of the target API. 9. An identity and access management system comprising: at least one processor; and memory comprising instructions that, when executed by the at least one processor, cause the processor to: receive an application programming interface (API) token request for an authorization token to authorize an application function associated with a target API of an application; receive API requirements registered in an API marketplace for the target API, the API requirements including at least the application function associated with the target API and application requirements for the authorization token to enable the application function by the target API; determine identity information from the API token request; retrieve attributes associated with the identity information; identify the target API and an API function profile associated with the target API for the application function; filter the attributes associated with the identity information based on the API function profile; generate the authorization token according to the filtered attributes; and transmit the authorization token in response to the API token request. 10. The system of claim 9 , wherein the attributes are retrieved from a master data management store configured to store various attributes of various applications and users. 11. The system of claim 9 , wherein the instructions further cause the at least one processor to: identify one or more API authorization policies based on the API function profile; and execute the one or more API authorization policies based on the filtered attributes to generate the authorization token. 12. The system of claim 11 , wherein the API authorization policies enable only the application function associated with the target API from among a plurality of application functions associated with the application of the target API. 13. The system of claim 12 , wherein the instructions further cause the at least one processor to: generate the API authorization policies based on the application function and the application requirements; generate the API function profile for the target API based on the API authorization polices; and associate the API function profile with the target API. 14. The system of claim 13 , wherein the API function profile includes a plurality of attribute types to be included in the authorization token generated for the target API.

Assignees

Level 3 Communications Llc

Inventors

Classifications

H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/102Primary
Entity profiles · CPC title
G06F21/604
Tools and structures for managing or administering access control systems · CPC title
G06F21/629
to features or functions of an application · CPC title
H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title

Patent family

Related publications grouped by family.

View patent family 87136267

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12368702B2 cover?: An identity and access management system including: a processor; and memory including instructions that, when executed by the processor, cause the processor to: receive an API token request for an authorization token to authorize an application function associated with a target API of an application; determine identity information from the API token request; retrieve attributes associated with …
Who is the assignee on this patent?: Level 3 Communications Llc
What technology area does this patent fall under?: Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jul 22 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Identity access management system and method

System, methods, and devices for data storage and processing with identity management

Method for authentication and authorization and authentication server using the same

System, methods, and devices for data storage and processing with identity management

Certificate Obtaining Method, Authentication Method, and Network Device

Rest-based declarative policy management

Frequently asked questions