WO2015199592A1 - Gestion d'accord de niveau de service - Google Patents

Gestion d'accord de niveau de service Download PDF

Info

Publication number
WO2015199592A1
WO2015199592A1 PCT/SE2014/050795 SE2014050795W WO2015199592A1 WO 2015199592 A1 WO2015199592 A1 WO 2015199592A1 SE 2014050795 W SE2014050795 W SE 2014050795W WO 2015199592 A1 WO2015199592 A1 WO 2015199592A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
service
negotiator
credentials
service provider
Prior art date
Application number
PCT/SE2014/050795
Other languages
English (en)
Inventor
Abu Shohel AHMED
Udit ANAND
Kazi Wali ULLAH
Original Assignee
Telefonaktiebolaget L M Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget L M Ericsson (Publ) filed Critical Telefonaktiebolaget L M Ericsson (Publ)
Priority to PCT/SE2014/050795 priority Critical patent/WO2015199592A1/fr
Publication of WO2015199592A1 publication Critical patent/WO2015199592A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5006Creating or negotiating SLA contracts, guarantees or penalties
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/24Negotiating SLA [Service Level Agreement]; Negotiating QoS [Quality of Service]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/18Negotiating wireless communication parameters

Definitions

  • Embodiments presented herein relate to handling a service level agreement, and particularly to methods, a negotiator node, a service provider node, a service consumer node, computer programs, and a computer program product for handling a service level agreement between the service provider node and the service consumer node.
  • communications networks there may be a challenge to obtain good performance and capacity for a given communications protocol, its parameters and the physical environment in which the communications network is deployed.
  • a service level agreement is an agreement between the service provider and the service consumer which is targeted to ensure Quality of Service (QoS) guarantees. It may be expressed in terms of observable, measurable quantities (or key performance indicators - KPIs), so that there is a clear statement of what kind of data has to be
  • each participant may have three basic characteristics: it may specify the service level commitment; it may specify the penalties in case on any SLA violation; it may be legally enforceable.
  • SLAs are: service availability, network delay, jitter, packet loss, mean time between failures, mean time to recover, helpdesk response time, etc. Further, SLAs related to security are targeted to achieve a specific service level for a security service. Example of such SLAs maybe: Security Auditing, Contingency planning, Backup policy, Password policy, Intrusion detection time, Time to recover from an intrusion after it is detected, Security Patch Management within an agreed time window, Data encryption / Encryption key size, etc.
  • the service consumer maybe hosted by a low-power device or by a device having limited processing capabilities.
  • Existing mechanisms for SLA negotiation lacks the capabilitieslity to deploy and verify the integrity of deployed SLAs for constrained devices in an automatic fashion.
  • An object of embodiments herein is to provide improved handling of SLAs between a service provider node and a service consumer node.
  • a method for handling a service level agreement (SLA) between a service provider node and a service consumer node is performed by a negotiator node.
  • the method comprises performing authentication with the service consumer node, involving providing an access token to the service consumer node.
  • the method comprises performing authentication with the service provider node, involving receiving credentials comprising a random-valued parameter and a negotiator identity, and the access token from the service provider node.
  • the method comprises verifying the received access token by comparing it to the access token provided to the service consumer node.
  • the method comprises, only if the received access token matches the access token provided to the service consumer node, selecting an SLA profile together with the service provider node, involving receiving the SLA profile signed by the service provider node.
  • the method comprises, only if the received access token matches the access token provided to the service consumer node signing the credentials and providing the signed credentials to the service provider node.
  • this provides efficient handling of SLAs between a service provider node and a service consumer node.
  • a negotiator node for handling a SLA between a service provider node and a service consumer node, the negotiator node comprising a processing unit configured to perform a method according to the first aspect.
  • a computer program for handling a service level agreement, SLA, between a service provider node and a service consumer node comprising computer program code which, when run on a processing unit of a negotiator node, causes the processing unit to perform a method according to the first aspect.
  • a method for handling a service level agreement (SLA) between a service provider node and a service consumer node The method is performed by the service provider node.
  • the method comprises performing authentication with the service consumer node.
  • the method comprises receiving credentials comprising a random- valued parameter and a negotiator identity, and an access token from the service consumer node, the access token having been received by the service consumer node from a negotiator node.
  • the method comprises performing authentication with the negotiator node, involving providing the credentials and the access token to the negotiator node.
  • the method comprises selecting an SLA profile together with the negotiator node, involving signing the SLA profile and providing the signed SLA profile to the negotiator node.
  • the method comprises receiving a signed credentials from the negotiator node.
  • the method comprises providing the signed credentials to the service consumer node.
  • the method comprises performing a service operation for the service consumer node.
  • a service provider node for handling a SLA between the service provider node and a service consumer node, the service provider node comprising a processing unit configured to perform a method according to the fourth aspect.
  • a computer program for handling a SLA between the service provider node and a service consumer node comprising computer program code which, when run on a processing unit of the service provider node, causes the processing unit to perform a method according to the fourth aspect.
  • a seventh aspect there is presented a method for handling a service level agreement (SLA) between a service provider node and a service consumer node.
  • the method is performed by the service consumer node.
  • the method comprises performing authentication with the service provider node.
  • the method comprises performing authentication with a negotiator node, involving receiving an access token from the negotiator node.
  • the method comprises generating credentials comprising a random-valued parameter and a negotiator identity and providing the credentials and access token to the service provider node.
  • the method comprises receiving a signed credentials from service provider node, the signed credentials being the credentials as signed by the negotiator node.
  • the method comprises verifying the signed credentials by comparing it to the credentials.
  • the method comprises, only if the signed credentials matches the credentials, performing a service operation with the service provider node.
  • service consumer node for handling a SLA between a service provider node and the service consumer node, the service consumer node comprising a processing unit configured to perform a method according to the seventh aspect.
  • a computer program for handling a SLA between a service provider node and the service consumer node comprising computer program code which, when run on a processing unit of a service consumer node, causes the processing unit to perform a method according to the seventh aspect.
  • a computer program product comprising a computer program according to at least one of the third aspect, the sixth aspect, and the ninth aspect and a computer readable means on which the computer program is stored. It is to be noted that any feature of the first, second, third, fourth, fifth, sixth, seventh, eight, ninth and tenth aspects may be applied to any other aspect, wherever appropriate. Likewise, any advantage of the first aspect may equally apply to the second, third, fourth, fifth, sixth, seventh, eight, ninth and/or tenth aspect, respectively, and vice versa. Other objectives, features and advantages of the enclosed embodiments will be apparent from the following detailed disclosure, from the attached dependent claims as well as from the drawings.
  • Figs la, lb, IC are schematic diagrams illustrating communications networks according to embodiments
  • Fig 2a is a schematic diagram showing functional units of a negotiator node according to an embodiment
  • Fig 2b is a schematic diagram showing functional modules of a negotiator node according to an embodiment
  • Fig 3a is a schematic diagram showing functional units of a service provider node according to an embodiment
  • Fig 3b is a schematic diagram showing functional modules of a service provider node according to an embodiment
  • Fig 4a is a schematic diagram showing functional units of a service consumer node according to an embodiment
  • Fig 4b is a schematic diagram showing functional modules of a service consumer node according to an embodiment
  • FIG 5 shows one example of a computer program product comprising computer readable means according to an embodiment
  • Figs 6, 7, 8, 9, and 10 are flowcharts of methods according to embodiments.
  • Figs 11 and 12 are signal flow diagrams of methods according to
  • Fig la is a schematic diagram illustrating a communications network 10a where embodiments presented herein can be applied.
  • the communications network 10a comprises a radio transceiver device n in the form of a network node (NN).
  • the network node maybe provided as a base transceiver station (BTS), a Node B, an Evolved Node B, or an access point, such as an access point for Wi-Wi.
  • the radio transceiver device n in Fig la is configured to provide network coverage to a radio transceiver device 12 in the form of a wireless device (WD).
  • WD wireless device
  • the wireless device may be a hand -held wireless transceiver device, such as a mobile phone, a smartphones, a tablet computer, a laptop computer or the like, or other type of user equipment (UE) or Wi-Fi device, or an Internet of Things (IoT) device.
  • the radio transceiver device 11 thus acts as a radio base stations for the radio
  • the transceiver device 12 are configured to be operatively connected via a wireless link 15a.
  • the communications network 10a further comprises a core network 13.
  • the radio transceiver device 11 is operatively connected to the core network 13.
  • the core network 13 is in turn operatively connected to an Internet Protocol (IP) based service network 14.
  • IP Internet Protocol
  • the radio transceiver device 12 is thereby enabled to access content and services as provided by the IP based service network 14 via the wireless link 15a.
  • the radio transceiver device 12 maybe enabled to access content and services as provided by the IP based service network 14 via a wired link 15b.
  • Services as provided by the IP based service network 14 are represented by a service provider node 17.
  • the service consumer of the radio transceiver device 12 is represented by a service consumer node 18.
  • SLA service level agreement
  • the radio transceiver device 12 may have constrained power requirements, limited processing capabilities, etc. Therefore, the service consumer node 18 delegates the functionality to establish the SLA between the service provider node 17 and the service consumer node 18 to a negotiator node 16.
  • Fig lb is a schematic diagram illustrating a communications network 10b where embodiments presented herein can be applied.
  • the communications network 10b is similar to the communications network 10a of Fig la but with the difference that in the communications network 10b the negotiator node 16 is provided in the core network 13.
  • Fig lc is a schematic diagram illustrating a communications network 10c where embodiments presented herein can be applied.
  • the communications network 10c is similar to the communications network 10a of Fig la but with the difference that in the communications network 10c the negotiator node 16 is provided in the service network 14.
  • the embodiments disclosed herein relate to handling the SLA between the service provider node 17 and the service consumer node 18. According to some embodiments there is disclosed mechanisms for delegation of SLA negotiation, profile selection, and integrity and accountability of SLA profiles.
  • a negotiator node 16 In order to obtain such handling of the SLA there is provided a negotiator node 16, a method performed by the negotiator node 16, a computer program comprising code, for example in the form of a computer program product, that when run on a processing unit of the negotiator node 16, causes the processing unit to perform the method.
  • a service provider node 17 In order to obtain such handling of the SLA there is further provided a service provider node 17, a method performed by the service provider node 17, a computer program comprising code, for example in the form of a computer program product, that when run on a processing unit of the service provider node 17, causes the processing unit to perform the method.
  • a service consumer node 18 a method performed by the service consumer node 18, a computer program comprising code, for example in the form of a computer program product, that when run on a processing unit of the service consumer node 18, causes the processing unit to perform the method.
  • FIG 2a schematically illustrates, in terms of a number of functional units, the components of a negotiator node 16 according to an embodiment.
  • a processing unit 21 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), application specific integrated circuit (ASIC), field programmable gate arrays (FPGA) etc., capable of executing software instructions stored in a computer program product 51a (as in Fig 5), e.g. in the form of a storage medium 23.
  • the storage medium 23 may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the negotiator node 16 may further comprise a communications interface 22 for communications with the service provider node 17 and the service consumer node 18.
  • the communications interface 22 may comprise one or more transmitters and receivers, comprising analogue and digital components and a suitable number of antennas for wireless communications and/ or a suitable number of ports for wired communications.
  • the processing unit 21 controls the general operation of the negotiator node 16 e.g. by sending data and control signals to the communications interface 22 and the storage medium 23, by receiving data and reports from the communications interface 22, and by retrieving data and instructions from the storage medium 23.
  • Other components, as well as the related functionality, of the negotiator node 16 are omitted in order not to obscure the concepts presented herein.
  • Fig 2b schematically illustrates, in terms of a number of functional modules, the components of a negotiator node 16 according to an embodiment.
  • the negotiator node 16 of Fig 2b comprises a number of functional modules; an authenticate module 21a, a verify module 21b, and a sign module 21c.
  • the negotiator node 16 of Fig 2b may further comprises a number of optional functional modules, such as any of a send and/or receive module 2id and a select module 2ie.
  • the functionality of each functional module 2ia-e will be further disclosed below in the context of which the functional modules 2ia-e maybe used. In general terms, each functional module 2ia-e maybe implemented in hardware or in software.
  • the processing unit 21 may thus be arranged from the storage medium 23 fetch instructions as provided by a functional module 2ia-e and to execute these instructions, thereby
  • the negotiator node 16 may be provided as a standalone device or as a part of a further device.
  • the negotiator node 16 may be hosted by a network node 11 as in Fig la, by an entity of the core network as in Fig lb or by an entity of the service providing network 14.
  • Fig 3a schematically illustrates, in terms of a number of functional units, the components of a service provider node 17 according to an embodiment.
  • a processing unit 31 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), application specific integrated circuit (ASIC), field programmable gate arrays (FPGA) etc., capable of executing software instructions stored in a computer program product 51b (as in Fig 5), e.g. in the form of a storage medium 33.
  • a storage medium 33 may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the service provider node 17 may further comprise a communications interface 32 for communications with the negotiator node 16 and the service consumer node 18.
  • the communications interface 22 may comprise one or more transmitters and receivers, comprising analogue and digital components and a suitable number of antennas for wireless communications and/or a suitable number of ports for wired communications.
  • the processing unit 31 controls the general operation of the service provider node 17 e.g. by sending data and control signals to the communications interface 22 and the storage medium 33, by receiving data and reports from the communications interface 32, and by retrieving data and instructions from the storage medium 33.
  • Other components, as well as the related functionality, of the service provider node 17 are omitted in order not to obscure the concepts presented herein.
  • Fig 3b schematically illustrates, in terms of a number of functional modules, the components of a service provider node 17 according to an embodiment.
  • the service provider node 17 of Fig 3b comprises a number of functional modules; a authenticate module 31a, a send and/or receive module 31b, a select module 31c, and a perform module 3id.
  • the service provider node 17 of Fig 3b may further comprises a number of optional functional modules.
  • the functionality of each functional module 3ia-d will be further disclosed below in the context of which the functional modules 3ia-d maybe used. In general terms, each functional module 3ia-d may be implemented in hardware or in software.
  • the processing unit 31 may thus be arranged from the storage medium 33 fetch instructions as provided by a functional module 3ia-d and to execute these instructions, thereby performing any steps as will be disclosed hereinafter.
  • the service provider node 17 may be provided as a standalone device or as a part of a further device.
  • the service provider node 17 may be hosted by an entity of the service providing network 14 as in Figs la, lb, and lc.
  • Fig 4a schematically illustrates, in terms of a number of functional units, the components of a service consumer node 18 according to an embodiment.
  • a processing unit 41 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), application specific integrated circuit (ASIC), field programmable gate arrays (FPGA) etc., capable of executing software instructions stored in a computer program product 51c (as in Fig 5), e.g. in the form of a storage medium 43.
  • a storage medium 43 may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the service consumer node 18 may further comprise a communications interface 42 for communications with the service provider node 17 and the negotiator node 16.
  • the communications interface 22 may comprise one or more transmitters and receivers, comprising analogue and digital components and a suitable number of antennas for wireless communications and/ or a suitable number of ports for wired communications.
  • the processing unit 41 controls the general operation of the service consumer node 18 e.g. by sending data and control signals to the communications interface 22 and the storage medium 43, by receiving data and reports from the communications interface 42, and by retrieving data and instructions from the storage medium 43.
  • Other components, as well as the related functionality, of the service consumer node 18 are omitted in order not to obscure the concepts presented herein.
  • Fig 4b schematically illustrates, in terms of a number of functional modules, the components of a service consumer node 18 according to an embodiment.
  • the service consumer node 18 of Fig 4b comprises a number of functional modules; an authenticate module 41a, a generate module 41b, and a send and/ or receive module 41c.
  • the service consumer node 18 of Fig 4b may further comprises a number of optional functional modules, such as any of a verify module 4id, a perform module 41 ⁇ , a sign module 4if, and a select module 4ig.
  • the functionality of each functional module 4ia-g will be further disclosed below in the context of which the functional modules 4ia-g may be used. In general terms, each functional module 4ia-g may be implemented in hardware or in software.
  • the processing unit 41 may thus be arranged from the storage medium 43 fetch instructions as provided by a functional module 4ia-g and to execute these instructions, thereby performing any steps as will be disclosed hereinafter.
  • the service consumer node 18 may be provided as a standalone device or as a part of a further device.
  • service consumer node 18 maybe hosted by a wireless device, as in Figs la, lb, and lc.
  • Fig 5 shows one example of a computer program product 51a, 51b, 51c comprising computer readable means 53.
  • a computer program 52a can be stored, which computer program 52a can cause the processing unit 21 and thereto operatively coupled entities and devices, such as the communications interface 22 and the storage medium 23, to execute methods of the negotiator node 16 according to embodiments described herein.
  • a computer program 52b can be stored, which computer program 52 can cause the processing unit 31 and thereto operatively coupled entities and devices, such as the
  • a computer program 52c can be stored, which computer program 52c can cause the processing unit 41 and thereto operatively coupled entities and devices, such as the communications interface 42 and the storage medium 43, to execute methods of the service consumer node 18 according to embodiments described herein.
  • the computer program 52a, 52b, 52c and/or computer program product 51a, 51b, 51c may thus provide means for performing any steps as herein disclosed.
  • the computer program product 51a, 51b, 51c is illustrated as an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc) or a Blu-Ray disc.
  • the computer program product 51a, 51b, 51c could also be embodied as a memory, such as a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), or an electrically erasable programmable read-only memory (EEPROM) and more particularly as a non-volatile storage medium of a device in an external memory such as a USB (Universal Serial Bus) memory.
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • the computer program 52a, 52b, 52c can be stored in any way which is suitable for the computer program product 51a, 51b, 51c.
  • Figs 6 and 7 are flow charts illustrating embodiments of methods for handling a service level agreement between a service provider node and a service consumer node as performed by the negotiator node.
  • Fig 8 is a flow chart illustrating an embodiment of a method for handling a service level agreement between a service provider node and a service consumer node as performed by the service provider node.
  • Figs 9 and 10 are flow charts illustrating embodiments of methods for handling a service level agreement between a service provider node and a service consumer node as performed by the service consumer node.
  • the methods are advantageously provided as computer programs 52a, 52b, 52c.
  • Fig 6 illustrating a method for handling a service level agreement (SLA) between a service provider node 17 and a service consumer node 18 as performed by a negotiator node 16 according to an embodiment.
  • SLA service level agreement
  • the negotiator node 16 in a step S102 performs authentication with the service consumer node 18.
  • the authentication in S102 involves providing an access token to the service consumer node 18.
  • the authentication is an electronic authentication. Tokens generically are something the claimant (i.e., in the present case the service consumer node 18) possesses and controls that maybe used to authenticate the claimant's identity (i.e., in the present case an identity of the service consumer node 18).
  • the authentication process may further involve exchange of electronic credentials, such as electronic identity credentials.
  • the authentication may involve using message authentication codes (MACs).
  • the processing unit 21 of the negotiator node 16 maybe configured to perform step S102 by executing functionality of the authenticate module 21a.
  • the computer program 52a and/or computer program product 51a may thus provide means for this step.
  • the negotiator node 16 in a step S104 performs authentication with the service provider node 17. S104 also involves receiving credentials comprising a random-valued parameter and a negotiator identity and the access token from the service provider node 17.
  • the processing unit 21 of the negotiator node 16 may be configured to perform step S104 by executing functionality of the authenticate module 21a.
  • the computer program 52a and/or computer program product 51a may thus provide means for this step.
  • the negotiator node 16 in a step S106 verifies the received access token by comparing it to the access token provided to the service consumer node 18.
  • the negotiator node 16 performs the following steps S108 and S110 only if the received access token matches the access token provided to the service consumer node.
  • the processing unit 21 of the negotiator node 16 maybe configured to perform step S106 by executing functionality of the verify module 21b.
  • the computer program 52a and/or computer program product 51a may thus provide means for this step.
  • the negotiator node 16 in a step S108 selects an SLA profile together with the service provider node 17.
  • the selection in SLA involves receiving the SLA profile signed by the service provider node 17.
  • the processing unit 21 of the negotiator node 16 maybe configured to perform step S 108 by executing functionality of the select module 2ie.
  • the computer program 52a and/ or computer program product 51a may thus provide means for this step.
  • the negotiator node 16 in a step S110 signs the credentials and provides the signed credentials to the service provider node 17.
  • the processing unit 21 of the negotiator node 16 maybe configured to perform step S110 by executing functionality of the sign module 21c.
  • the computer program 52a and/ or computer program product 51a may thus provide means for this step.
  • Fig 7 illustrating methods for handling an SLA between the service provider node 17 and the service consumer node 18 as performed by the negotiator node 16 according to further general
  • the SLA profile may for example comprise quality of service (QoS) settings to be used during service operations between the service consumer node 18 and the service provider node 17.
  • QoS quality of service
  • the QoS settings maybe related to an available bandwidth or bitrate for the service consumer node 18 to be used during access to services provided by the service providing network 14.
  • the QoS settings may be related to an amount of data to be transferred from the service providing network 14 to the service consumer node 18.
  • the amount of data maybe regulated per day, per month, etc.
  • the QoS settings maybe related to: service availability, network delay, jitter, packet loss, mean time between failures, mean time to recover, helpdesk response time, etc.
  • the QoS settings may further be related to: Security Auditing, Contingency planning, Backup policy, Password policy, Intrusion detection time, Time to recover from an intrusion after it is detected, Security Patch Management within an agreed time window, Data encryption / Encryption key size, etc.
  • the negotiator node 16 may in an optional step Sio8a select the SLA profile by providing a set of allowable SLA profiles to the service provider node 17.
  • the negotiator node 16 may perform the authentication with the service consumer node 18 as in step S102 and with the service provider node 17.
  • the negotiator node 16 may in an optional step Si02a receive a trust identity from the service consumer node 18.
  • the processing unit 21 of the negotiator node 16 maybe configured to perform step Si02a by executing functionality of the send and/or receive module 2id.
  • the computer program 52a and/or computer program product 51a may thus provide means for this step.
  • the negotiator node 16 may then in an optional step Si04a perform authentication with the service provider node 17 by providing the trust identity to an identity provider 16' in order to receive the access token from the identity provider.
  • the processing unit 21 of the negotiator node 16 maybe configured to perform step Si04a by executing functionality of the authenticate module 21a.
  • the computer program 52a and/ or computer program product 51a may thus provide means for this step.
  • the trust between the negotiator node 16 and the service consumer node 18 may be limited.
  • the credentials may by the trust identity be limited to any of a duration in time, number of times allowed to be used, and which properties to include in the SLA profile.
  • the credentials and the trust identity may limit the negotiator node's 16 capabilities to perform negotiations on behalf of the service consumer node 18.
  • the credentials may further comprise a profile identity.
  • the profile identity may enhance the service consumer node's 18 capability to select an SLA profile.
  • performing the authentication with the service consumer node 18 in S102 may further comprise an optional step Si02b of selecting a group of negotiator nodes based on information received from the service consumer node 18 during the authenticating.
  • the processing unit 21 of the negotiator node 16 maybe configured to perform step Si02b by executing functionality of the select module 2ie.
  • the computer program 52a and/or computer program product 51b may thus provide means for this step.
  • the negotiator node 16 may then in an optional step Si02c provide information relating to the group of negotiator nodes to the service consumer node 18.
  • the processing unit 21 of the negotiator node 16 maybe configured to perform step Si02c by executing functionality of the send and/or receive module 2 id.
  • the computer program 52a and/ or computer program product 51a may thus provide means for this step.
  • Fig 8 illustrating a method for handling an SLA between the service provider node 17 and the service consumer node 18 as performed by the service provider node 17 according to an embodiment.
  • the service provider node 17 in a step S202 performs authentication with the service consumer node 18.
  • the processing unit 31 of the service provider node 17 maybe configured to perform step S202 by executing functionality of the authenticate module 31a.
  • the computer program 52b and/or computer program product 51b may thus provide means for this step.
  • the service provider node 17 in a step S204 receives credentials comprising a random-valued parameter and a negotiator identity and an access token from the service consumer node 18.
  • the processing unit 31 of the service provider node 17 maybe configured to perform step S204 by executing functionality of the send and/ or receive module 31b.
  • the computer program 52b and/ or computer program product 51b may thus provide means for this step.
  • the access token has been received by the service consumer node 18 from the negotiator node 16, as in step S102 above.
  • the service provider node 17 in a step S206 performs authentication with the negotiator node 16.
  • Step S206 also involves providing the credentials and the access token to the negotiator node 16, as in step S104 above.
  • the processing unit 31 of the service provider node 17 maybe configured to perform step S206 by executing functionality of the authenticate module 31a.
  • the computer program 52b and/ or computer program product 51b may thus provide means for this step.
  • the service provider node 17 in a step S208 selects an SLA profile together with the negotiator node 16. Selecting the SLA profile involves signing the SLA profile and providing the signed SLA profile to the negotiator node 16, as in step S108 above.
  • the processing unit 31 of the service provider node 17 may be configured to perform step S208 by executing functionality of the select module 31c and/or the send and/or receive 31b.
  • the computer program 52b and/ or computer program product 51b may thus provide means for this step.
  • the service provider node 17 in a step S210 receives a signed credentials from the negotiator node 16, as in step S110 above.
  • the processing unit 31 of the service provider node 17 maybe configured to perform step S210 by executing functionality of the send and/or receive module 31b.
  • the computer program 52b and/ or computer program product 51b may thus provide means for this step.
  • the service provider node 17 in a step S212 provides the signed credentials to the service consumer node 18.
  • the processing unit 31 of the service provider node 17 maybe configured to perform step S212 by executing functionality of the send and/or receive module 31b.
  • the computer program 52b and/or computer program product 51b may thus provide means for this step.
  • the service provider node 17 in a step S214 performs a service operation for the service consumer node 18.
  • the processing unit 31 of the service provider node 17 maybe configured to perform step S214 by executing functionality of the perform module 3id.
  • the computer program 52b and/ or computer program product 51b may thus provide means for this step.
  • Embodiments relating to further details of handling an SLA between the service provider node 17 and the service consumer node 18 as related to the service provider node 17 will now be disclosed.
  • the SLA profile comprises quality of service (QoS) settings to be used during the service operations between the service consumer node 18 and the service provider node 18.
  • QoS quality of service
  • the credentials may further comprise a profile identity.
  • Fig 9 illustrating a method for handling an SLA between the service provider node 17 and the service consumer node 18 as performed by the service consumer node 18 according to an embodiment.
  • the service consumer node 18 in a step S302 performs authentication with the service provider node 17, as in step S202 above.
  • the processing unit 41 of the service consumer node 18 maybe configured to perform step S302 by executing functionality of the authenticate module 41a.
  • the computer program 52c and/ or computer program product 51c may thus provide means for this step.
  • the service consumer node 18 in a step S304 performs authentication with the negotiator node 18.
  • the authentication in step S304 involves receiving an access token from the negotiator node 18, as in step S104 above.
  • the processing unit 41 of the service consumer node 18 may be configured to perform step S304 by executing functionality of the authenticate module 41a.
  • the computer program 52c and/ or computer program product 51c may thus provide means for this step.
  • the service consumer node 18 in a step S306 generates credentials
  • the random-valued parameter may be provided as a random number acquired or generated by the service consumer node 18 when generating the credentials.
  • the service consumer 18 in step S306 also provides the credentials and access token to the service provider node 18, as in step S204 above.
  • the processing unit 41 of the service consumer node 18 may be configured to perform step S306 by executing functionality of the generate module 41b and/or the send and/or receive module 41c.
  • the computer program 52c and/ or computer program product 51c may thus provide means for this step.
  • the service consumer node 18 in a step S308 receives signed credentials from service provider node 17.
  • the signed credentials are the credentials as signed by the negotiator node 18, as in step S110.
  • the processing unit 41 of the service consumer node 18 maybe configured to perform step S306 by executing functionality of the send and/or receive module 41c and/or the sign module 4if .
  • the computer program 52c and/ or computer program product 51c may thus provide means for this step.
  • the service consumer node 18 in a step S310 verifies the signed credentials by comparing it to the credentials (generated in step S306).
  • the processing unit 41 of the service consumer node 18 maybe configured to perform step S310 by executing functionality of the verify module 4 id.
  • the computer program 52c and/ or computer program product 51c may thus provide means for this step.
  • the service consumer node 18 in a step S312 performs a service operation with the service provider node 17, as in step S214, only if the signed credentials match the credentials.
  • the processing unit 41 of the service consumer node 18 maybe configured to perform step S312 by executing functionality of the perform module 4ie.
  • the computer program 52c and/ or computer program product 51c may thus provide means for this step.
  • Embodiments relating to further details of handling an SLA between the service provider node 17 and the service consumer node 18 as related to the service consumer node 18 will now be disclosed.
  • Fig 10 illustrating methods for handling an SLA between the service provider node 17 and the service consumer node 18 as performed by the service consumer node 18 according to further general embodiments.
  • the service consumer node 18 may, in an optional step S3o6a, sign the credentials prior to providing the signed credentials to the service provider node 17.
  • the processing unit 41 of the service consumer node 18 may be configured to perform step S306a by executing functionality of the sign module 4if.
  • the computer program 52c and/ or computer program product 51c may thus provide means for this step.
  • the service consumer node 18 may perform the authentication with the negotiator node 18 by, in an optional step 8304a, receive information relating to a group of negotiator nodes from the negotiator node 16, as in step Si02c.
  • the processing unit 41 of the service consumer node 18 may be configured to perform step 8304a by executing functionality of the send and/or receive module 41c.
  • the computer program 52c and/ or computer program product 51c may thus provide means for this step.
  • the group of negotiator nodes is based on information provided from the service consumer node 18 to the negotiator node 16 during the authentication.
  • the service consumer node 18 may then, in an optional step 8304b, select the negotiator node 16 from the group of negotiator nodes prior to performing the authentication with the negotiator node 16.
  • the processing unit 41 of the service consumer node 18 maybe configured to perform step S3ob4 by executing functionality of the select module 4ig.
  • the computer program 52c and/ or computer program product 51c may thus provide means for this step.
  • the SLA profile may comprise quality of service (QoS) settings to be used during service operations between the service consumer node 18 and the service provider node 17.
  • QoS quality of service
  • the credentials may further comprise a profile identity.
  • the above disclosed general embodiments of the negotiator node 16, the service provider node 17, and the service consumer node 18 enable:
  • the service provider node 17 has provided its commitment to the negotiator node 16 by signing the SLA profile for a particular SLA. This can later be used for any legal purposes. Although the above disclosed embodiments may not provide any real time verification of the SLA
  • the service consumer node 18 may verify the authenticity of negotiation and the selected profile (optionally) by verifying the signature of the credentials (as signed by the negotiator node 16).
  • the negotiator node 16 may also optionally verify the authenticity of the SLA request from the service consumer node 18 by verifying the signature of the service consumer node 18.
  • the validity of the credentials is guaranted by the RAND number.
  • the service consumer node 18 may delegate the negotation to a third party node, i.e., the negotiator node 18, which it trusts.
  • the trust may be unconstrained trust or constrained trust (for example bounded by time, usage, count and the negotiator identity parameter).
  • the herein disclosed embodiments provide a mechanism to centrally manage SLA profiles and negotiation operations.
  • the herein disclosed embodiments relive the service consumer node 18 from SLA negotiation operations.
  • the herein disclosed embodiments also provide a mechanism to verify the delegated negotiation.
  • Fig 11 illustrating a signal flow diagram of a method for handling an SLA between a service provider node 17 and a service consumer node 18 according to a first particular embodiment.
  • the service consumer node 18 places unconstrained trust to the negotiator node 16.
  • the service consumer node 18 may optionally select the negotiator node 16 and may optionally select an SLA profile identity (Profile_ID).
  • the actions of the negotiator node 16 are auditable/verifiable by the service consumer node 18.
  • Step 401 Device authentication is performed between the negotiator node 16 and the service consumer node 18. After a successful authentication, the service consumer node 18 is in possession of an access token from the negotiator node 16
  • the negotiator node 16 may optionally select a set of negotiators (as represented by the Negotiator_ID) based on the device authentication request - similar to a service catalog in a cloud service - which could be provided by the negotiator node 16 after authentication.
  • One way to implement step S401 is to perform any of steps S102, Si02b, Si02c, and S304.
  • Step 402 The service consumer node 18 performs authentication with the service provider node 17. During this step the service consumer node 18 also delegates the responsibility of negotiation to a third party (i.e., the negotiator node 16). The service consumer node 18 also needs a mechanism to verify that the service provider node 17 has agreed to the terms of the device specific SLA. To achieve this, the service consumer node 18 generates credentials (an SLA_RAND parameter), where the credentials consists of a random-valued parameter (RAND) and a negotiator identity (Negotiator_ID) and an optional profile identity (Profile_ID) selected by the service consumer node 18.
  • credentials an SLA_RAND parameter
  • the credentials consists of a random-valued parameter (RAND) and a negotiator identity (Negotiator_ID) and an optional profile identity (Profile_ID) selected by the service consumer node 18.
  • Profile_ID is the SLA profile identity selected by the service consumer node 18
  • Negotiator_ID is the negotiator node 16 selected by the service consumer node 18.
  • the service consumer node 18 may select the negotiator node 16 from the set of negotiators it receives in step 401 or its own mandated one.
  • the service consumer node 18 passes the credentials and access token to the service provider node 17.
  • the credentials can be optionally signed by the service consumer node 18 to prove the authenticity of the SLA negotiation request from the service consumer node 18.
  • One way to implement step S402 is to perform any of steps S202, S204, S302, 8304a, 8304b, S306, S3o6a, and S308.
  • Step 403 The service consumer node 18 requests authentication.
  • the service provider node 17 needs to verify the authenticity of the request from the service consumer node 18. Second, the service provider node 17 will negotiate with the negotiator node 16 of the service consumer node 18 to agree on the SLA term(s), see Step 405 below. For this, the service provider node 17 sends the access token and the credentials to the negotiator node 16.
  • step S403 is to perform any of steps S104 and S206.
  • Step 404 The negotiator node 16 verifies the authenticity of the access token, and if it is a valid request, the negotiator node 16 proceeds to the negotiation phase.
  • the negotiator node 16 may send a set of allowable SLA profiles (USPG) to the service provider node 17.
  • USPG allowable SLA profiles
  • Step 405 Negotiation is performed between the service provider node 17 and the negotiator node 16.
  • One way to implement step S405 is to perform any of steps S108 and S206.
  • Step 405' After the negotiation in step 405, if the service provider node 17 and the negotiator node 16 agrees, a suitable SLA profile is selected and signed by the service provider node 17 and sent to the negotiator node 16. This provides a guarantee from the service provider node 17 to maintain the negotiated SLA conditions.
  • the negotiator node 16 may store it for
  • step S405' is to perform any of steps S110 and S208.
  • Step 406 The negotiator node 16 signs the credentials and sends the signed credentials back to the service provider node 17. If credentials includes a Profile_ID as stated in step 403, then the signed credentials guarantees to the service consumer node 18 that the correct SLA profile has been selected. However, if it does not include a Profile_ID in step 403, the service consumer node 18 may not know which SLA profile is selected. Hence, the SLA selection is delegated to the negotiator node 16, and the service consumer node 18 only needs the assurance that the negotiator node 18 has correctly performed the negotiation with the service provider node 17.
  • One way to implement step S406 is to perform any of steps S110 and S210.
  • Step 407 The signed credentials is returned to the service consumer node 18.
  • the service consumer node 18 may now verify the signature of the negotiator node 16 and compare the values of the credentials with the earlier one (see, step 401). If the comparison results in a match, the service consumer node 18 knows that a successful negotiation has been performed between the negotiator node 16 and the service provider node 17.
  • One way to implement step S407 is to perform any of steps S212 and S310.
  • Step 408 The service consumer node 18 proceeds to perform operations with the service providing network 14 via the service provider node 17.
  • One way to implement step S408 is to perform any of steps step S214, and S312.
  • Step 501 Device authentication is performed between the identity provider node 16' and the service consumer node 18. After a successful authentication, the service consumer node 18 is in possession of an access token from the identity provider node 16'
  • the identity provider node 16 may optionally select a set of negotiators (as represented by the Negotiator_ID) based on the device authentication request - similar to a service catalog in a cloud service - which could be provided by the negotiator node 16 after authentication.
  • Step S501 One way to implement step S501 is to perform any of step S102, Si02b, Si02c, and S304.
  • Step 502 The service consumer node 18 creates a constrained trust to perform the SLA negotiation.
  • the trustor i.e., the service consumer node 18
  • the trustee i.e., the negotiator node 16
  • Only the trustee may consume the trust.
  • the trust may be revoked anytime by the trustor.
  • the service consumer node 18 thus delegates constrained trust to peform SLA operation on behalf of the service consumer node 18 to the negotiator node 16.
  • step S502 One way to implement step S502 is to perform step S304.
  • Step 503 The service consumer node 18 sends trust information (a trust identity; Trust_ID) to the negotiator node 16.
  • the service consumer node 18 also needs a mechanism to later on verify that the trusted negotiator node 16 can be held accountable for its actions.
  • the service consumer node 18 generates credentials (an SLA_RAND parameter).
  • the credentials consists of a random-valued parameter (RAND) and a negotiator identity (Negotiator_ID) and optionally a profile identity (Profile_ID) selected by the service consumer node 18.
  • Profile_ID is the SLA profile ID selected by the service consumer node 18
  • Negotiator_ID is the negotiator node 16 selected by the service consumer node 18.
  • the service consumer node 18 may select the negotiator node 16 from the set of negotiators it receives in step 401 or its own mandated one.
  • the credentials can be optionally signed by the service consumer node 18 to prove the authenticity of the SLA negotiation request from the service consumer node 18.
  • One way to implement step S503 is to perform any of steps Si02a and S304.
  • Step 504 The negotiator node 16 authenticates with the identity provider node 16' to verify the identity of the negotiator node 16. Next, the negotiator node 16 uses the trust identity received from the service consumer node 18 to receive an access token from Identity provider 16'. The received access token has the properties of the service consumer node 18 (because a trust has been delegated earlier by the service consumer node 18 to the negotiator node 16). One way to implement step S504 is to perform step Si04a.
  • Step 505 Negotiation is performed between the service provider node 17 and the negotiator node 16.
  • step S505 is to perform any of steps S108 and S206.
  • Step 506 At the end of negotiation, a user SLA profile [USP] is selected by the service provider node 17 and the negotiator node 16.
  • USP user SLA profile
  • One way to implement step S506 is to perform any of steps S110 and S208
  • Step S506' Optionally, the credentials parameter is signed by the service provider node 17.
  • One way to implement step S506' is to perform any of steps S110 and S210.
  • Step 507 The negotiator node 16 sends back a success request along with the signed credentials received earlier to the service consumer node 18. This guarantees that the negotiator node 16 has committed the device specific SLA with the service provider node 17. This can be later used for accountability.
  • the service consumer node 18 may verify the signature of the negotiator node 16 and compare the values of the credentials with the earlier one. If both matches, the service consumer node 18 knows that a successful SLA negotiation has been performed between the negotiator node 16 and the service provider node 17.
  • One way to implement step S507 is to perform any of steps S212 and S310.
  • Step 508 The service consumer node 18 proceeds to perform operations with the service providing network 14 via the service provider node 17.
  • One way to implement step S508 is to perform any of steps step S214, and S312.
  • some of the herein disclosed embodiments may require that the negotiator node 16, the service provider node 17, and/ or the service consumer node 18 has credentials which may be used for authentication from an identity provider.
  • some of the herein disclosed embodiments may require that the negotiator node 16 has access to device specific SLA negotiation rules and parameters (configured by the owner of the service consumer node 18).
  • some of the herein disclosed embodiments may require that the service consumer node 18 has a mechanism to verify the signature of the negotiator node 16.

Abstract

La présente invention concerne la gestion d'un accord de niveau de service (SLA) entre un nœud de fournisseur de services et un nœud de client de service. Un procédé réalisé par un nœud négociateur consiste à réaliser une authentification avec le nœud de client de service, impliquant la fourniture d'un jeton d'accès au nœud de client de service. Le procédé consiste à réaliser une authentification avec le nœud de fournisseur de services, impliquant la réception de justificatifs d'identité comprenant un paramètre à valeur aléatoire et une identité de négociateur, et le jeton d'accès à partir du nœud de fournisseur de services. Le procédé consiste à vérifier le jeton d'accès reçu en le comparant au jeton d'accès fourni au nœud de client de service. Le procédé consiste, uniquement si le jeton d'accès reçu correspond au jeton d'accès fourni au nœud de client de service, à sélectionner un profil SLA conjointement avec le nœud de fournisseur de services, impliquant la réception du profil SLA signé par le nœud de fournisseur de services. Le procédé consiste, uniquement si le jeton d'accès reçu correspond au jeton d'accès fourni au nœud de client de service, à signer les justificatifs d'identité et à fournir les justificatifs d'identité signés au nœud de fournisseur de services.
PCT/SE2014/050795 2014-06-26 2014-06-26 Gestion d'accord de niveau de service WO2015199592A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2014/050795 WO2015199592A1 (fr) 2014-06-26 2014-06-26 Gestion d'accord de niveau de service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2014/050795 WO2015199592A1 (fr) 2014-06-26 2014-06-26 Gestion d'accord de niveau de service

Publications (1)

Publication Number Publication Date
WO2015199592A1 true WO2015199592A1 (fr) 2015-12-30

Family

ID=51210721

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2014/050795 WO2015199592A1 (fr) 2014-06-26 2014-06-26 Gestion d'accord de niveau de service

Country Status (1)

Country Link
WO (1) WO2015199592A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3700129A4 (fr) * 2017-11-15 2020-12-16 Huawei Technologies Co., Ltd. Procédé, dispositif, et système de gestion de service de réseau
US11968242B2 (en) 2021-07-01 2024-04-23 Cisco Technology, Inc. Differentiated service in a federation-based access network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008136713A1 (fr) * 2007-05-08 2008-11-13 Telefonaktiebolaget Lm Ericson (Publ) Négociation sla dynamique
WO2009074709A1 (fr) * 2007-12-10 2009-06-18 Nokia Corporation Agencement d'une authentification
US20120284786A1 (en) * 2011-05-05 2012-11-08 Visto Corporation System and method for providing access credentials

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008136713A1 (fr) * 2007-05-08 2008-11-13 Telefonaktiebolaget Lm Ericson (Publ) Négociation sla dynamique
WO2009074709A1 (fr) * 2007-12-10 2009-06-18 Nokia Corporation Agencement d'une authentification
US20120284786A1 (en) * 2011-05-05 2012-11-08 Visto Corporation System and method for providing access credentials

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
BASTIAN KOLLER ET AL: "Towards autonomous SLA management using a Proxy-like approach", CONFERENCE PROCEEDINGS, NODE 2005 GSEM 2005, ERFURT, GERMANY, 20.-22. SEPTEMBER 2005, 22 September 2005 (2005-09-22), pages 259 - 275, XP055170945, Retrieved from the Internet <URL:http://subs.emis.de/LNI/Proceedings/Proceedings69/GI-Proceedings.69-17.pdf> [retrieved on 20150219] *
OLIVER WAELDRICH ET AL: "GFD-R-P.193 WS-Agreement Negotiation Version 1.0", 10 October 2011 (2011-10-10), pages 1 - 65, XP055170908, Retrieved from the Internet <URL:http://www.ogf.org/documents/GFD.193.pdf> [retrieved on 20150219] *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3700129A4 (fr) * 2017-11-15 2020-12-16 Huawei Technologies Co., Ltd. Procédé, dispositif, et système de gestion de service de réseau
US11153200B2 (en) 2017-11-15 2021-10-19 Huawei Technologies Co., Ltd. Network service management method, apparatus, and system
US11968242B2 (en) 2021-07-01 2024-04-23 Cisco Technology, Inc. Differentiated service in a federation-based access network

Similar Documents

Publication Publication Date Title
CN110932858B (zh) 认证方法和系统
CN102801616B (zh) 报文发送和接收的方法、装置和系统
US8875265B2 (en) Systems and methods for remote credentials management
US10523659B2 (en) Server authentication using multiple authentication chains
AU2011101295A4 (en) Hardware identity in multi-factor authentication layer
US8495377B2 (en) Enabling secure access to sensor network infrastructure using multiple interfaces and application-based group key selection
GB2558205A (en) Enabling communications between devices
US10693879B2 (en) Methods, devices and management terminals for establishing a secure session with a service
EP2747377A2 (fr) Autorité de certificat sécurisée pour créer des certificats d&#39;après des capacités de procédés
CN106936600B (zh) 流量计费方法和系统以及相关设备
KR100722253B1 (ko) 센서네트워크 환경에 적합한 센서 인증 시스템 및 방법
US9306932B2 (en) Utilizing a stapling technique with a server-based certificate validation protocol to reduce overhead for mobile communication devices
CN115643039A (zh) 物联终端的安全防护方法、装置及计算机可读存储介质
US9503269B2 (en) Utilizing a stapling technique with a server-based certificate validation protocol to reduce overhead for mobile communication devices
WO2015199592A1 (fr) Gestion d&#39;accord de niveau de service
US11797712B2 (en) Verifying data integrity
US20180103032A1 (en) Authorization of Computing Devices Using Cryptographic Action Tokens
US20220311617A1 (en) Cryptographic signing of a data item
CN113169953B (zh) 用于验证设备或用户的方法和装置
EP2950591B1 (fr) Procédé, système et produit de programme d&#39;ordinateur permettant de déterminer des points d&#39;accès sans fil sécurisé
US20100162366A1 (en) Apparatus and method of protecting private information in distributed network
US20230112126A1 (en) Core network transformation authenticator
WO2023212051A1 (fr) Procédés, architectures, appareils et systèmes de contrôle et de gestion d&#39;accès de données décentralisées
CN116074028A (zh) 加密流量的访问控制方法、装置及系统
CN117792859A (zh) 一种业务访问方法、终端设备、服务器、路由节点

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14739984

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14739984

Country of ref document: EP

Kind code of ref document: A1