WO2012174210A2 - Method and system for cloud-based identity management (c-idm) implementation - Google Patents

Method and system for cloud-based identity management (c-idm) implementation Download PDF

Info

Publication number
WO2012174210A2
WO2012174210A2 PCT/US2012/042408 US2012042408W WO2012174210A2 WO 2012174210 A2 WO2012174210 A2 WO 2012174210A2 US 2012042408 W US2012042408 W US 2012042408W WO 2012174210 A2 WO2012174210 A2 WO 2012174210A2
Authority
WO
WIPO (PCT)
Prior art keywords
idm
virtual
resources
apis
server
Prior art date
Application number
PCT/US2012/042408
Other languages
French (fr)
Other versions
WO2012174210A3 (en
Inventor
Bhumip Khasnabish
Original Assignee
Zte Corporation
Zte (Usa) Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US14/125,855 priority Critical patent/US20140181309A1/en
Application filed by Zte Corporation, Zte (Usa) Inc. filed Critical Zte Corporation
Priority to CN201280028695.3A priority patent/CN103765404B/en
Priority to EP12799804.5A priority patent/EP2721503A4/en
Priority to KR1020137034389A priority patent/KR101869584B1/en
Priority to JP2014515983A priority patent/JP5778862B2/en
Publication of WO2012174210A2 publication Critical patent/WO2012174210A2/en
Publication of WO2012174210A3 publication Critical patent/WO2012174210A3/en
Priority to HK14105788.9A priority patent/HK1192631A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/003Arrangements for allocating sub-channels of the transmission path
    • H04L5/0037Inter-user or inter-terminal allocation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Definitions

  • C-IDM Cloud-based Identity Management
  • the present invention generally relates to subscriber and user identity management (IDM) implementation.
  • IDM subscriber and user identity management
  • IDM identity management
  • system such as a country, a network, or an organization
  • IDM is a term related to how humans are identified and authorized across computer networks. It covers issues such as how users are given an identity, the protection of that identity, and the technologies supporting that protection (e.g., network protocols, digital certificates, passwords, etc.).
  • IDM may be implemented on standalone devices called IDM database or IDM server that is directly connected to other servers such as application server, policy server, home subscriber server (HSS), gateway devices, etc., so that these servers can directly request IDM services from the IDM server.
  • IDM may be Integrated in the network infrastructure elements such as (a) Edge Devices (routers, gateways, switches, optical line termination (OLT) equipment, and Internet protocol based Digital Subscriber Line Access Multiplexer (IP-DSLAM), (b) Service Elements like edge/core service control function, (c) Transport Elements like mobility and resource management functions, etc.
  • IP-DSLAM Internet protocol based Digital Subscriber Line Access Multiplexer
  • IDM features and functions can be found in, for example the 3GPP spec. TS 24.109 (ftp://3gpp.org/Specs/latest/Rel-10/24_series/) and in ITU-T Focus Group on IDM documents (FGIdM,
  • FIG. 1a shows schematically the block diagrams of a current model for IDM implementations.
  • the IDM server 110 is directly connected to other network entities that would be involved in the current IDM implementations. These network elements may include Application servers 120, session control elements 130, service gateway 140, etc.
  • FIGs. 1 b-1c schematically depict the signaling flow and the messages exchanged between different network entities that would be involved in the current IDM implementations.
  • the standalone IDM server 110 receives requests such as requests for identity verification of subscriber and user in order to authenticate access to a transaction or a session-based service.
  • the IDM server 110 may use a predetermined number of attributes (e.g., service name and location), credentials (e.g., secret codes or biometrics information), and identifier (names, userlD, MACId, IP address, geo-location, etc.) to authenticate the access.
  • attributes e.g., service name and location
  • credentials e.g., secret codes or biometrics information
  • identifier names, userlD, MACId, IP address, geo-location, etc.
  • implementations may or may not control the resources for session and media once the user/subscribed has been authenticated. It is possible that policy, quality of service and security requirements may dictate these allocations.
  • the interface between the Signaling elements of IDM and the Media control elements of IDM can be open (standard protocol) or proprietary protocol, and the interface can be point to point or point to multi-point in order to support reliability through distribution of the resource requests.
  • the current invention addresses these major issues and therefore, enables the service providers to allocate their budget for computing, communications, and control infrastructure development rather than creating and installing silos of computing and networking gears which very often either remain underutilized or becomes obsolete before reaching the full potential (or providing the full return on investment).
  • This invention discloses a virtual IDM server.
  • the IDM server utilizes a plurality of shared resources residing on a plurality of computers in one or more computer networks.
  • the IDM server also controls the allocation and usage of the shared resources on a real-time basis.
  • the IDM server further comprises one or more APIs for receiving messages related to IDM service requests and one or more APIs for accessing a plurality of said shared resources on a real-time basis during processing of said IDM service requests.
  • FIG. 1a shows schematically the block diagrams of current models for IDM implementations.
  • FIG. 1b shows schematically the signaling flow involved in the current IDM implementations.
  • FIG. 1c shows schematically the message exchanges involved in the current IDM implementations.
  • FIG. 2 shows schematically the IDM implementation model in one
  • FIG. 3 shows schematically a method for providing IDM service in one embodiment of this invention.
  • FIG. 2 shows one embodiment of the IDM implementation model of this invention.
  • the IDM features and functions are implemented on one or more virtual IDM servers 210.
  • a virtual IDM server may be designed to utilize a set of resources in the network on a real-time and on-demand basis. The resources can be obtained from public, private or community networks.
  • such a virtual server may be implemented as a cloud-based virtual IDM server by configuring existing cloud-computing resources to provide IDM services.
  • Such an implementation may be achieved by designing IDM application interfaces (APIs) or resource programming interfaces (RPIs) using programming languages that are well-known in the art.
  • APIs application interfaces
  • RPIs resource programming interfaces
  • these AIPs/RPIs can use any one or more of the following: SOAP, XML, WSDL, Parlay/Parlay-X, HTTP, CORBA, etc.
  • the design of these APIs/RPIs may be based on existing cloud-computing platforms such as the Amazon Elastic Compute Cloud (Amazon EC2).
  • Amazon EC2 Information about Amazon EC2 can be obtained from the EC2 website at http://aws.amazon.com/ec2/. The content of this website is incorporated herein.
  • the virtual IDM server 210 further comprises a set of virtual signaling/compute resource blocks 212 and a set of virtual media/storage resource blocks 215.
  • the virtual signaling/compute resource blocks 212 receive the IDM service and process requests from the APIs/RPIs, and allocate or obtain media/storage resources (such as storage space, computing capacity, etc.) from the virtual blocks of media/storage resources 215 through open/standard protocols 216 or virtual communication links (VPNs) 218.
  • the virtual blocks of media or signaling resources may be obtained from a variety of networked resources, and utilized for any extended duration of the requirements. In one embodiment, this duration of usage may vary from a few hours to a few days.
  • the blocks of virtual signaling/compute resources 212 that are obtained from a variety of networked sources are integrated into a pool of IDM signaling resources, and an unified API 221 is created for accessing this pool of IDM signaling resources.
  • This provides a way for the IDM service to be easily available to the applications and services, such as Subscriber info/profile Server 220, Trust and Key Authority 230, Access/Media Policy Control 240, Session/Transaction Control Server 250, etc, to communicate with the signaling part of IDM.
  • the signaling part of the IDM implementation also comprises one or more modules 222 for controlling or allocating the signaling resources needed to process the IDM service request.
  • signaling/compute resources 224 may exist in a variety of computers in a distributed fashion and existing cloud computing techniques may be utilized to integrate these distributed resources as a virtual resource 223 to ease the communication between control modules 222 and physical resources 224.
  • the signaling part of the IDM implementation also controls the allocation of resources from the media control part of IDM through virtual network links using either open protocol 216 or VPNs 218 .
  • the resource blocks for the media part of IDM may also be obtained from a variety of networked sources and these blocks may be integrated into a pool of IDM media resources, and an unified API 225 for accessing the pool of IDM media resources may be created to ease the communication between the signaling part and the media part of IDM.
  • the media part of the IDM implementation also comprises one or more modules 226 for controlling or allocating the media resources needed to process the IDM service request.
  • the physical media/storage resources 228 may exist in a variety of computers in a distributed fashion and existing cloud computing techniques may be utilized to integrate these distributed resources as a virtual resource 227 to ease the communication between control modules 226 and physical resources 228.
  • the signaling or media resources that are required for processing the IDM service request may be obtained from a variety of networked resources, and utilized for the required duration.
  • the duration may vary from a few minutes to tens or hundreds of hours.
  • FIG. 3 shows a method of providing IDM services according to one
  • a message related to an IDM service request is first received by the signaling APIs of the IDM implementation in step 310.
  • a request message may originate from Subscriber info/profile Server 220, Trust and Key Authority 230, Access/Media Policy Control 240, or Session/Transaction Control Server 250, etc.
  • the control module of the signaling part of this IDM implementation determines the amount of needed signaling resources and the amount of time the required resources are needed.
  • the signaling control module contacts the virtual signaling resource to request allocation of signaling resources, and such resources are obtained in step 330.
  • the signaling part of the IDM implementation contacts the media resource control APIs to request an allocation of the media resources.
  • both the signaling APIs and the media control APIs may be designed using based on existing cloud computing platforms.
  • the control module of the media part of this IDM implementation determines the amount of needed signaling resources and the amount of time the required resources are needed.
  • the signaling control module contacts the virtual media resources to request allocation of signaling resources, and such resources are obtained in step 360.
  • step 370 the IDM service request message is processed using the obtained resources.
  • the retention of signaling and media resources and processing of IDM requests may be achieved by utilizing existing cloud-computing services such as the Amazon EC2.
  • the signaling and media resources are released in step 380 after the IDM service request is processed.

Abstract

A virtual IDM server is disclosed. In one embodiment, the server utilizes a plurality of shared resources residing on a plurality of computers in one or more computer networks. The server also controls the allocation and usage of said shared resources on a real-time basis. The server further comprises: one or more APIs for receiving messages related to IDM service requests; and one or more APIs for accessing a plurality of said shared resources on a real-time basis during processing of said IDM service requests.

Description

SPECIFICATION
TITLE
Method and System for Cloud-based Identity Management (C-IDM)
Implementation
BACKGROUND
1. Field of Invention
[0001] The present invention generally relates to subscriber and user identity management (IDM) implementation. In particular, it relates to a method and system for an IDM implementation that utilizes distributed virtual resources.
2. Background
[0002] Generally speaking, identity management (IDM) is a broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an organization) and controlling access to the resources in that system by placing restrictions on the established identities of the individuals. In the field of computer networks, IDM is a term related to how humans are identified and authorized across computer networks. It covers issues such as how users are given an identity, the protection of that identity, and the technologies supporting that protection (e.g., network protocols, digital certificates, passwords, etc.).
[0003] Traditionally, the IDM features and functions are implemented in the following two different ways. First, IDM may be implemented on standalone devices called IDM database or IDM server that is directly connected to other servers such as application server, policy server, home subscriber server (HSS), gateway devices, etc., so that these servers can directly request IDM services from the IDM server. Second, IDM may be Integrated in the network infrastructure elements such as (a) Edge Devices (routers, gateways, switches, optical line termination (OLT) equipment, and Internet protocol based Digital Subscriber Line Access Multiplexer (IP-DSLAM), (b) Service Elements like edge/core service control function, (c) Transport Elements like mobility and resource management functions, etc. [0004] A list of IDM features and functions can be found in, for example the 3GPP spec. TS 24.109 (ftp://3gpp.org/Specs/latest/Rel-10/24_series/) and in ITU-T Focus Group on IDM documents (FGIdM,
http://www.itu.int/ITUT/studygroups/com17/fgidm/index.html). The contents of these documents are incorporated in their entirety in this application.
[0005] FIG. 1a shows schematically the block diagrams of a current model for IDM implementations. In the diagram, the IDM server 110 is directly connected to other network entities that would be involved in the current IDM implementations. These network elements may include Application servers 120, session control elements 130, service gateway 140, etc. FIGs. 1 b-1c schematically depict the signaling flow and the messages exchanged between different network entities that would be involved in the current IDM implementations.
[0006] The standalone IDM server 110 receives requests such as requests for identity verification of subscriber and user in order to authenticate access to a transaction or a session-based service. The IDM server 110 may use a predetermined number of attributes (e.g., service name and location), credentials (e.g., secret codes or biometrics information), and identifier (names, userlD, MACId, IP address, geo-location, etc.) to authenticate the access.
[0007] It is worth noticing that the IDM server 110 pursuant to current
implementations may or may not control the resources for session and media once the user/subscribed has been authenticated. It is possible that policy, quality of service and security requirements may dictate these allocations. The interface between the Signaling elements of IDM and the Media control elements of IDM can be open (standard protocol) or proprietary protocol, and the interface can be point to point or point to multi-point in order to support reliability through distribution of the resource requests.
[0008] The major drawback of the current IDM implementations is that they utilize dedicated servers or network infrastructure elements for IDM services. Such implementation of IDM features and functions would bring the following undesirable results:
A. Increase of Service Costs B. Increase of time required for testing and integration with network
C. Static allocation of resources
D. Less flexibility in repositioning the resources
E. Tighter coupling of computing and communications resources with predesigned features and functions
F. Reduced opportunity for innovation
[0009] By contrast, what the network service providers need in a dynamic and continuously-evolving networking and service development environment are 1 ) protection of investment, that is, investment in the resources that can be rapidly repurposed for different revenue generating applications and services; and 2) agility and flexibility, that is, deploying the emerging features and function utilizing the same resources that already exist in the network.
[0010] The current invention addresses these major issues and therefore, enables the service providers to allocate their budget for computing, communications, and control infrastructure development rather than creating and installing silos of computing and networking gears which very often either remain underutilized or becomes obsolete before reaching the full potential (or providing the full return on investment).
SUMMARY OF THE INVENTION
[0011] This invention discloses a virtual IDM server. The IDM server utilizes a plurality of shared resources residing on a plurality of computers in one or more computer networks. The IDM server also controls the allocation and usage of the shared resources on a real-time basis. The IDM server further comprises one or more APIs for receiving messages related to IDM service requests and one or more APIs for accessing a plurality of said shared resources on a real-time basis during processing of said IDM service requests. BRIEF DESCRIPTION OF THE DRAWINGS
[0012] Having thus described the invention in general terms, reference will now be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein:
[0013] FIG. 1a shows schematically the block diagrams of current models for IDM implementations.
[0014] FIG. 1b shows schematically the signaling flow involved in the current IDM implementations.
[0015] FIG. 1c shows schematically the message exchanges involved in the current IDM implementations.
[0016] FIG. 2 shows schematically the IDM implementation model in one
embodiment of this invention.
[0017] FIG. 3 shows schematically a method for providing IDM service in one embodiment of this invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0018] The present inventions now will be described more fully hereinafter with reference to the accompanying drawings, in which some examples of the
embodiments of the inventions are shown. Indeed, these inventions may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example so that this disclosure will satisfy applicable legal requirements.
[0019] FIG. 2 shows one embodiment of the IDM implementation model of this invention. In this implementation, the IDM features and functions are implemented on one or more virtual IDM servers 210. Such a virtual IDM server may be designed to utilize a set of resources in the network on a real-time and on-demand basis. The resources can be obtained from public, private or community networks. In one embodiment, such a virtual server may be implemented as a cloud-based virtual IDM server by configuring existing cloud-computing resources to provide IDM services. Such an implementation may be achieved by designing IDM application interfaces (APIs) or resource programming interfaces (RPIs) using programming languages that are well-known in the art. For example, these AIPs/RPIs can use any one or more of the following: SOAP, XML, WSDL, Parlay/Parlay-X, HTTP, CORBA, etc. The design of these APIs/RPIs may be based on existing cloud-computing platforms such as the Amazon Elastic Compute Cloud (Amazon EC2). Information about Amazon EC2 can be obtained from the EC2 website at http://aws.amazon.com/ec2/. The content of this website is incorporated herein.
[0020] Note that these APIs/RPIs not only simplify access to the desired resources but also guarantee rapid integration and interoperability with the existing
network/infrastructure, security, availability, service continuity, etc. This is due to the fact that the desired IDM features/functions are obtained by shopping around the available networked resources through these open APIs/RPIs, and fetching them so that these can be utilized per the requirements of the applications and services for the duration of the service. For example, real-time availability of firewalling and encryption Key resources is mandatory for real-time Enterprise secure voice communications services over the public Internet.
[0021] In one embodiment, the virtual IDM server 210 further comprises a set of virtual signaling/compute resource blocks 212 and a set of virtual media/storage resource blocks 215. The virtual signaling/compute resource blocks 212 receive the IDM service and process requests from the APIs/RPIs, and allocate or obtain media/storage resources (such as storage space, computing capacity, etc.) from the virtual blocks of media/storage resources 215 through open/standard protocols 216 or virtual communication links (VPNs) 218. The virtual blocks of media or signaling resources may be obtained from a variety of networked resources, and utilized for any extended duration of the requirements. In one embodiment, this duration of usage may vary from a few hours to a few days.
[0022] In one embodiment, the blocks of virtual signaling/compute resources 212 that are obtained from a variety of networked sources are integrated into a pool of IDM signaling resources, and an unified API 221 is created for accessing this pool of IDM signaling resources. This provides a way for the IDM service to be easily available to the applications and services, such as Subscriber info/profile Server 220, Trust and Key Authority 230, Access/Media Policy Control 240, Session/Transaction Control Server 250, etc, to communicate with the signaling part of IDM.
[0023] In another embodiment, the signaling part of the IDM implementation also comprises one or more modules 222 for controlling or allocating the signaling resources needed to process the IDM service request. The physical
signaling/compute resources 224 may exist in a variety of computers in a distributed fashion and existing cloud computing techniques may be utilized to integrate these distributed resources as a virtual resource 223 to ease the communication between control modules 222 and physical resources 224.
[0024] In yet another embodiment, the signaling part of the IDM implementation also controls the allocation of resources from the media control part of IDM through virtual network links using either open protocol 216 or VPNs 218 .
[0025] In yet another embodiment, the resource blocks for the media part of IDM may also be obtained from a variety of networked sources and these blocks may be integrated into a pool of IDM media resources, and an unified API 225 for accessing the pool of IDM media resources may be created to ease the communication between the signaling part and the media part of IDM.
[0026] In one embodiment, the media part of the IDM implementation also comprises one or more modules 226 for controlling or allocating the media resources needed to process the IDM service request. The physical media/storage resources 228 may exist in a variety of computers in a distributed fashion and existing cloud computing techniques may be utilized to integrate these distributed resources as a virtual resource 227 to ease the communication between control modules 226 and physical resources 228.
[0027] The signaling or media resources that are required for processing the IDM service request may be obtained from a variety of networked resources, and utilized for the required duration. The duration may vary from a few minutes to tens or hundreds of hours.
[0028] FIG. 3 shows a method of providing IDM services according to one
embodiment of the present invention, in this embodiment, a message related to an IDM service request is first received by the signaling APIs of the IDM implementation in step 310. Such a request message may originate from Subscriber info/profile Server 220, Trust and Key Authority 230, Access/Media Policy Control 240, or Session/Transaction Control Server 250, etc. In step 320, the control module of the signaling part of this IDM implementation determines the amount of needed signaling resources and the amount of time the required resources are needed. In step 325, the signaling control module contacts the virtual signaling resource to request allocation of signaling resources, and such resources are obtained in step 330.
[0029] Then in step 340, the signaling part of the IDM implementation contacts the media resource control APIs to request an allocation of the media resources. As described above, both the signaling APIs and the media control APIs may be designed using based on existing cloud computing platforms. In step 350, the control module of the media part of this IDM implementation determines the amount of needed signaling resources and the amount of time the required resources are needed. In step 355, the signaling control module contacts the virtual media resources to request allocation of signaling resources, and such resources are obtained in step 360.
[0030] Then, in step 370, the IDM service request message is processed using the obtained resources. The retention of signaling and media resources and processing of IDM requests may be achieved by utilizing existing cloud-computing services such as the Amazon EC2. Finally, the signaling and media resources are released in step 380 after the IDM service request is processed.
[0031] Many modifications and other embodiments of the inventions set forth herein will come to mind to one skilled in the art to which these inventions pertain having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the inventions are not to be limited to the specific examples of the embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

Claims What is claimed is:
1. A virtual IDM server, said server utilizing a plurality of shared resources residing on a plurality of computers in one or more computer networks; said server also controlling the allocation and usage of said shared resources on a real-time basis; said server further comprising: one or more APIs for receiving messages related to IDM service requests; and one or more APIs for accessing a plurality of said shared resources on a real-time basis during processing of said IDM service requests.
2. The virtual IDM server of claim 1 , further comprising a signaling control module; said signaling control module controlling the allocation and usage of said shared resources by communicating with one or more virtual signaling resources APIs.
3. The virtual IDM server of claim 2, further comprising a media control module, said media control module controlling the allocation and usage of said shared resources by communicating with one or more virtual media resources APIs.
4. The virtual IDM server of claim 1 , further comprising a virtual signaling portion and a virtual media portion, said virtual signaling portion and virtual media portion communicate through standard network protocol or VPN.
5. The virtual IDM server of claim 1 , wherein one or more of the APIs are designed based on a cloud computing platform.
6. The virtual IDM server of claim 1 , wherein the shared resources are fetched and released based on the requirements of the IDM service request.
7. A computer network comprising the virtual IDM server of claim 1.
8. The virtual IDM server of claim 1 , wherein the one or more APIs comprise a unified API for all shared resources.
9. The virtual IDM server of claim 1 , wherein the shared resources comprising resources residing in one or more public or community computer networks.
10. A method for providing IDM services, comprising: receiving messages related to requests for IDM service; determining the allocation and usage of a plurality of shared resources on a real-time basis, said shared resources residing in a plurality of computers in one or more computer networks; and communicating with one or more APIs for accessing said shared resources on a real-time basis during processing of said IDM service requests.
11. The method of claim 10, wherein the step of determining further comprising determining the allocation and usage of signaling resources on a real timer basis.
12. The method of claim 10, wherein the step of determining further comprising determining the allocation and usage of media resources on a real timer basis.
13. The method of claim 10, wherein the step of communicating further comprising communicating with one or more virtual signaling APIs to access shared resource for signaling.
14. The method of claim 10, wherein the step of communicating further comprising communicating with one or more virtual media APIs to access shared resource for media usage.
15. The method of claim 13, wherein the one or more APIs comprise a unified API for accessing all shared resources.
16. The method of claim 13, wherein one or more of the APIs are designed based on a cloud computing platform.
17. The method of claim 10, wherein the shared resources are fetched and released based on the requirements of the IDM service request.
18. The method of claim 10, wherein the shared resources comprising resources residing in one or more public or community computer networks.
19. The method of claim 14, wherein the one or more APIs comprise a unified API for accessing all shared resources.
20. The method of claim 14, wherein one or more of the APIs are designed based on a cloud computing platform.
PCT/US2012/042408 2011-06-14 2012-06-14 Method and system for cloud-based identity management (c-idm) implementation WO2012174210A2 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US14/125,855 US20140181309A1 (en) 2011-06-14 2011-06-14 Method and system for cloud-based identity management (c-idm) implementation
CN201280028695.3A CN103765404B (en) 2011-06-14 2012-06-14 The method and system of realizing for the Identity Management (C-IDM) based on cloud
EP12799804.5A EP2721503A4 (en) 2011-06-14 2012-06-14 Method and system for cloud-based identity management (c-idm) implementation
KR1020137034389A KR101869584B1 (en) 2011-06-14 2012-06-14 Method and system for cloud-based identity management (c-idm) implementation
JP2014515983A JP5778862B2 (en) 2011-06-14 2012-06-14 Method and virtual IDM server for implementing cloud-based ID management (C-IDM)
HK14105788.9A HK1192631A1 (en) 2011-06-14 2014-06-18 Method and system for cloud-based identity management (c-idm) implementation (c-idm)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161496874P 2011-06-14 2011-06-14
US61/496,874 2011-06-14

Publications (2)

Publication Number Publication Date
WO2012174210A2 true WO2012174210A2 (en) 2012-12-20
WO2012174210A3 WO2012174210A3 (en) 2013-02-28

Family

ID=47357725

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2012/042408 WO2012174210A2 (en) 2011-06-14 2012-06-14 Method and system for cloud-based identity management (c-idm) implementation

Country Status (7)

Country Link
US (1) US20140181309A1 (en)
EP (1) EP2721503A4 (en)
JP (1) JP5778862B2 (en)
KR (1) KR101869584B1 (en)
CN (1) CN103765404B (en)
HK (1) HK1192631A1 (en)
WO (1) WO2012174210A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014209184A1 (en) * 2013-06-28 2014-12-31 Telefonaktiebolaget L M Ericsson (Publ) Identity management system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10872023B2 (en) 2017-09-24 2020-12-22 Microsoft Technology Licensing, Llc System and method for application session monitoring and control

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7478407B2 (en) * 2002-07-11 2009-01-13 Oracle International Corporation Supporting multiple application program interfaces
US7613812B2 (en) * 2002-12-04 2009-11-03 Microsoft Corporation Peer-to-peer identity management interfaces and methods
US9177124B2 (en) * 2006-03-01 2015-11-03 Oracle International Corporation Flexible authentication framework
US8935692B2 (en) * 2008-05-22 2015-01-13 Red Hat, Inc. Self-management of virtual machines in cloud-based networks
US7886038B2 (en) * 2008-05-27 2011-02-08 Red Hat, Inc. Methods and systems for user identity management in cloud-based networks
US8782233B2 (en) * 2008-11-26 2014-07-15 Red Hat, Inc. Embedding a cloud-based resource request in a specification language wrapper
KR101277273B1 (en) * 2008-12-08 2013-06-20 한국전자통신연구원 Resource allocate method of each terminal apparatus using resource management system and resource management sever apparatus
US9026456B2 (en) * 2009-01-16 2015-05-05 Oracle International Corporation Business-responsibility-centric identity management
JP5061167B2 (en) * 2009-09-08 2012-10-31 株式会社野村総合研究所 Cloud computing system
US20110126197A1 (en) * 2009-11-25 2011-05-26 Novell, Inc. System and method for controlling cloud and virtualized data centers in an intelligent workload management system
CN101719931B (en) * 2009-11-27 2012-08-15 南京邮电大学 Multi-intelligent body-based hierarchical cloud computing model construction method
WO2011091056A1 (en) * 2010-01-19 2011-07-28 Servicemesh, Inc. System and method for a cloud computing abstraction layer
US9274821B2 (en) * 2010-01-27 2016-03-01 Vmware, Inc. Independent access to virtual machine desktop content
EP2583211B1 (en) * 2010-06-15 2020-04-15 Oracle International Corporation Virtual computing infrastructure

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
L. SHUANG: "The Design and Realization of Cloud Computing Framework Model Based on SOA", ADVANCED MATERIALS RESEARCH, vol. 171-1782, December 2010 (2010-12-01), pages 696 - 701

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014209184A1 (en) * 2013-06-28 2014-12-31 Telefonaktiebolaget L M Ericsson (Publ) Identity management system
CN105493064A (en) * 2013-06-28 2016-04-13 瑞典爱立信有限公司 Identity management system
US9954839B2 (en) 2013-06-28 2018-04-24 Telefonaktiebolaget Lm Ericsson (Publ) Systems and methods for providing distributed authentication of service requests by identity management components

Also Published As

Publication number Publication date
JP5778862B2 (en) 2015-09-16
EP2721503A2 (en) 2014-04-23
CN103765404B (en) 2016-05-18
JP2014519672A (en) 2014-08-14
US20140181309A1 (en) 2014-06-26
KR101869584B1 (en) 2018-06-20
WO2012174210A3 (en) 2013-02-28
EP2721503A4 (en) 2016-06-22
KR20140047623A (en) 2014-04-22
HK1192631A1 (en) 2014-08-22
CN103765404A (en) 2014-04-30

Similar Documents

Publication Publication Date Title
US11843602B2 (en) Embedded authentication in a service provider network
EP3871382A1 (en) System and method of verifying network communication paths between applications and services
US9246906B1 (en) Methods for providing secure access to network resources and devices thereof
US20160323280A1 (en) Privileged access to target services
US11895501B2 (en) Methods, systems, and computer readable media for automatic key management of network function (NF) repository function (NRF) access token public keys for 5G core (5GC) authorization to mitigate security attacks
RU2387089C2 (en) Method of allocating resources with limited access
US9774588B2 (en) Single sign off handling by network device in federated identity deployment
EP2845404A1 (en) Network application function authorisation in a generic bootstrapping architecture
WO2018021964A1 (en) A key generation and distribution method based on identity-based cryptography
US20150067807A1 (en) Operating a user device
Edris et al. The case for federated identity management in 5G communications
US20140181309A1 (en) Method and system for cloud-based identity management (c-idm) implementation
US20130191894A1 (en) Integrating Server Applications with Multiple Authentication Providers
CN111163069A (en) Block chain-based Internet of things user privacy protection method
US9432306B2 (en) System and method for cloud-based implementation of control of focused overload of network element (COFO-NE)
Song et al. Design and security analysis of improved identity management protocol for 5G/IoT networks
Zouari et al. AIDF: An identity as a Service Framework for the Cloud
Lewis Virtual private cloud security
CN113169953A (en) Method and apparatus for authenticating a device or user
US11171988B2 (en) Secure communication system and method for transmission of messages
Neretljak Správa autentizace a autorizace uživatelů v moderních telekomunikačních systémech
Neretljak Security and Authorization Management in modern telecommunication systems
Poole et al. Will the Phone Number Disappear?
Yang et al. A personalized service authentication system in storage cloud computing based d-catv
JP2013175838A (en) Communication control system and network controller

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12799804

Country of ref document: EP

Kind code of ref document: A2

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
ENP Entry into the national phase

Ref document number: 2014515983

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 20137034389

Country of ref document: KR

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 14125855

Country of ref document: US