What technology area does this patent fall under?

Primary CPC classification H04L63/083. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Dec 21 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Representation tokens in indirect communication

US2023412589A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2023412589-A1
Application number	US-202117913889-A
Country	US
Kind code	A1
Filing date	Mar 16, 2021
Priority date	Mar 31, 2020
Publication date	Dec 21, 2023
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method comprises receiving an access token request from a first network entity for granting access to a network function, NF, service producer. The method further comprises determining whether an access token can be granted for the first network entity. Responsive to determining that the access token can be granted, the method further comprises generating the access token that includes an identifier of a NF consumer associated with the first network entity and an identifier of each network entity in a communication path between the first network entity and the NF service producer and transmitting the access token towards the first network entity.

First claim

Opening claim text (preview).

1 . A method performed by a network equipment, the method comprising: receiving an access token request from a first network entity for granting access to a network function, NF, service producer; determining whether an access token can be granted for the first network entity; responsive to determining that the access token can be granted: generating the access token that includes an identifier of a NF consumer associated with the first network entity and an identifier of each network entity in a communication path between the first network entity and the NF service producer; and transmitting the access token towards the first network entity. 2 . The method of claim 1 , wherein the network equipment implements a Network Repository Function, NRF and the first network entity comprises one of a consumer device user equipment or a service communications proxy, SCP. 3 . The method of claim 1 , wherein receiving the access token request from the first network entity comprises receiving the access token request from the NF consumer associated with the first network entity. 4 . The method of claim 1 , wherein receiving the access token request from the first network entity comprises receiving the access token request from a service communications proxy on behalf of the NF consumer. 5 . A network equipment comprising: processing circuitry; and memory coupled with the processing circuitry, wherein the memory includes instructions that when executed by the processing circuitry causes the network equipment to perform operations comprising: receiving an access token request from a first network entity for granting access to a network function, NF, service producer; determining whether an access token can be granted for the first network entity; responsive to determining that the access token can be granted: generating the access token that includes an identifier of a consumer associated with the first network entity and an identifier of each network entity in a path between the first network entity and the NF service producer; and transmitting the access token towards the first network entity. 6 . The network equipment of claim 5 , wherein the memory includes instructions that when executed by the processing circuitry causes the network equipment to implement a network resource function, NRF. 7 . The network equipment of claim 5 , wherein in receiving the access token request from the first network entity, the memory includes further instructions that when executed by the processing circuitry causes the network equipment to perform operations comprising: receiving the access token request from a network function, NF, consumer associated with the first network entity. 8 . The network equipment of claim 5 , wherein in receiving the access token request from the first network entity, the memory includes further instructions that when executed by the processing circuitry causes the network equipment to perform operations comprising: receiving the access token request from a service communication proxy on behalf of a network function, NF, consumer. 9 - 10 . (canceled) 11 . A method performed by a network equipment, the method comprising: receiving a service request from a first network entity, the service request comprising an access token that includes an identifier of a NF consumer associated with the first network entity and an identifier of each network entity in a path between the first network entity and the NF service producer; verifying a signature of the access token with a public key of a network resource function, NRF, node; determining whether an identifier of a last hop network entity that transmitted the service request is included in the access token; and responsive to the identifier of the last hop network entity being included in the access token and the signature being valid, determining that the NF consumer is allowed to access a service provided by the network equipment. 12 . The method of claim 11 wherein the network equipment implements a network function, NF, service producer. 13 . The method of claim 11 , further comprising: verifying whether or not the access token has expired; and wherein determining that the NF consumer is allowed to access a service provided by the network equipment comprises responsive to the identifier of the last hop network entity is included in the access token and the signature is valid and the access token has not expired, determining that the NF consumer is allowed to access a service provided by the network equipment. 14 . The method of claim 11 , further comprising: responsive to the identifier of the last hop network entity not being included in the access token or the signature is not valid, determining that the NF consumer is not allowed to access a service provided by the network equipment. 15 . (canceled) 16 . The method of claim 11 , further comprising: responsive to the identifier of the last hop network entity is included in the access token and the signature is valid, transmitting a service request response indicating the NF consumer can access the service. 17 - 18 . (canceled) 19 . A network equipment comprising: processing circuitry; and memory coupled with the processing circuitry, wherein the memory includes instructions that when executed by the processing circuitry causes the network equipment to perform operations comprising: receiving a service request from a first network entity, the service request comprising an access token that includes an identifier of a NF consumer associated with the first network entity and an identifier of each network entity in a path between the first network entity and an NF service producer; verifying a signature of the access token with a public key of a network resource function, NRF, node; determining whether an identifier of a last hop network entity that transmitted the service request is included in the access token; and responsive to the identifier of the last hop network entity is included in the access token and the signature is valid, determining that the NF consumer is allowed to access a service provided by the NF service producer. 20 . The network equipment of claim 19 wherein the wherein the memory includes instructions that when executed by the processing circuitry causes the network equipment to implement an NF service producer. 21 . The network equipment of claim 19 , further comprising: verifying whether or not the access token has expired; and wherein determining that the NF consumer is allowed to access a service provided by the network node/function comprises responsive to the identifier of the last hop network entity is included in the access token and the signature is valid and the access token has not expired, determining that the NF consumer is allowed to access a service provided by the network equipment. 22 . The network equipment of claim 19 , wherein the memory includes further instructions that when executed by the processing circuitry causes the NF service producer node to perform further operations comprising: responsive to the identifier of the last hop network entity not being included in the access token or the signature is not valid, determining that the NF consumer is not allowed to access a service provided by the NF service producer. 23 . (canceled) 24 . The network equipment of claim 19 , wherein the memory includes further instructions that when executed by the processing circuitry

Assignees

Ericsson Telefon Ab L M

Inventors

Classifications

H04L63/083Primary
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
H04L63/102
Entity profiles · CPC title
H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
H04W12/084
using delegated authorisation, e.g. open authorisation [OAuth] protocol · CPC title

Patent family

Related publications grouped by family.

View patent family 75108328

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2023412589A1 cover?: A method comprises receiving an access token request from a first network entity for granting access to a network function, NF, service producer. The method further comprises determining whether an access token can be granted for the first network entity. Responsive to determining that the access token can be granted, the method further comprises generating the access token that includes an ide…
Who is the assignee on this patent?: Ericsson Telefon Ab L M
What technology area does this patent fall under?: Primary CPC classification H04L63/083. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Dec 21 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

System and method for enabling secure service-based communications via 5g proxies

Systems and methods for associating a user with a task executed in a computing system

Cloud-based forensic ip traceback

Method for improving link selection at the borders of SDN and traditional networks

Routing method, device, and system

Frequently asked questions