Access control using mediated location, attribute, policy, and purpose verification
US-2024121081-A1 · Apr 11, 2024 · US
Method, server, and computer program product for identity authentication
US12452225B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12452225-B2 |
| Application number | US-202318317291-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 15, 2023 |
| Priority date | Apr 14, 2023 |
| Publication date | Oct 21, 2025 |
| Grant date | Oct 21, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure relates to a method, a server, and a computer program product for identity authentication. The method includes searching, in response to receiving an identity authentication request from a user at an edge server, an identity authentication database of the edge server for identity authentication information associated with the user. The method further includes sending, in response to the identity authentication information associated with the user not being found in the identity authentication database, the identity authentication request to a cloud server, the cloud server including an agent for interfacing with a plurality of identity authentication providers. In addition, the method further includes receiving the identity authentication information associated with the user from the cloud server, storing the identity authentication information to the identity authentication database, and using the identity authentication information to authenticate the user.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for identity authentication, comprising: in response to receiving an identity authentication request from a user at an edge server, searching an identity authentication database of the edge server for identity authentication information associated with the user; in response to the identity authentication information associated with the user not being found in the identity authentication database, sending the identity authentication request to a cloud server, the cloud server comprising an agent for interfacing with a plurality of identity authentication providers including at least a first identity authentication provider and a second identity authentication provider different than the first identity authentication provider, the first and second identity authentication providers being configured to provide the agent of the cloud server with respective different types of identity authentication information associated with the user, via respective first and second different interfaces with the agent of the cloud server, wherein in response to the identity authentication information associated with the user being found in the identity authentication database, the user is authenticated by the edge server using the identity authentication information found in the identity authentication database without sending the identity authentication request to the cloud server and without requiring the edge server to access any of the first and second identity authentication providers; in response to sending the identity authentication request to the cloud server, receiving the identity authentication information associated with the user from the cloud server as obtained by the agent of the cloud server via at least one of the first and second different interfaces; storing the received identity authentication information to the identity authentication database; using the received identity authentication information to authenticate the user; and in response to movement of the user from a range of one edge serviced by the edge server to a range of another edge serviced by another edge server, triggering transfer of at least a portion of the identity authentication information of the identity authentication database to another identity authentication database of the other edge server, such that the user can be authenticated by the other edge server without sending an additional identity authentication request to the cloud server and without requiring the other edge server to access any of the first and second identity authentication providers. 2. The method according to claim 1 , further comprising: receiving a second identity authentication request from the user at the edge server; and in response to receiving the second identity authentication request from the user at the edge server, authenticating the user at the edge server using the identity authentication information stored in the identity authentication database. 3. The method according to claim 1 , further comprising: collecting user behaviors by the edge server; sending the user behaviors to the cloud server; and receiving an authentication policy change for the user from the cloud server. 4. The method according to claim 1 , wherein the edge server is a first edge server located at a first edge, the method further comprising: in response to determining that a user device of the user will be connected to a second edge server located at a second edge, transferring identity authentication information for the user by the first edge server to the second edge server. 5. The method according to claim 4 , further comprising: sending a notification by the first edge server to the agent that the identity authentication information for the user has been transferred to the second edge server. 6. The method according to claim 5 , further comprising: deleting the identity authentication information for the user from the first edge server. 7. The method according to claim 1 , wherein the edge server is a first edge server located at a first edge, the method further comprising: in response to the first edge server losing a connection to a user device of the user, sending, by the first edge server to the agent, a notification of losing user connection, wherein when a second edge server located at a second edge receives a second identity authentication request from the user, the agent transmits new identity authentication information for the user to the second edge server. 8. The method according to claim 7 , further comprising: receiving, at the first edge server, an instruction to delete information associated with the user; and in response to receiving, at the first edge server, an instruction to delete information associated with the user, deleting the identity authentication information for the user. 9. The method according to claim 1 , wherein the identity authentication information comprises user attribute information and login session information, the method further comprising: receiving a logout request from the user at the edge server; and in response to receiving the logout request, deleting the login session information from the edge server, and deleting the user attribute information from the edge server after a predetermined period of time. 10. The method according to claim 1 , wherein at least one of the plurality of identity authentication providers comprises at least one of an identity provider (IDP) and an identity and access management (IAM) system. 11. An edge server, comprising: at least one processor; and memory coupled to the at least one processor and having instructions stored thereon, wherein the instructions, when executed by the at least one processor, cause the edge server to perform actions comprising: in response to receiving an identity authentication request from a user, searching an identity authentication database of the edge server for identity authentication information associated with the user; in response to the identity authentication information associated with the user not being found in the identity authentication database, sending the identity authentication request to a cloud server, the cloud server comprising an agent for interfacing with a plurality of identity authentication providers including at least a first identity authentication provider and a second identity authentication provider different than the first identity authentication provider, the first and second identity authentication providers being configured to provide the agent of the cloud server with respective different types of identity authentication information associated with the user, via respective first and second different interfaces with the agent of the cloud server, wherein in response to the identity authentication information associated with the user being found in the identity authentication database, the user is authenticated by the edge server using the identity authentication information found in the identity authentication database without sending the identity authentication request to the cloud server and without requiring the edge server to access any of the first and second identity authentication providers; in response to sending the identity authentication request to the cloud server, receiving the identity authentication information associated with the user from the cloud server as obtained by the agent of the cloud server via at least one of the first and second different interfaces; storing the received identity authentication information to the identity authentication database; using the received identity authentication information to authenticate the user; and in respo
Assignees
Inventors
Classifications
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
User authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12452225B2 cover?
- The present disclosure relates to a method, a server, and a computer program product for identity authentication. The method includes searching, in response to receiving an identity authentication request from a user at an edge server, an identity authentication database of the edge server for identity authentication information associated with the user. The method further includes sending, in …
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 21 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).