VALIDATING AUTHORIZATION FOR USE OF A SET OF FEATURES OF A DEVICE

摘要

A device obtains proof of its authority to use a first set of selectively activated features (first proof). An authorization server signs the first proof with its private key. The device sends a request to use a network service to a network node. The device sends the first proof to the network node. The network node validates the first proof using a public key of the authorization server. The network node grants the request to use the network service. The device sends a request for proof of authority for the network node to provide the network service (second proof). The device obtains the second proof, signed by another authorization server, and validates the second proof before using the network service. The first proof and the second proof each include a list of selectively activated features, where the selectively activated features are needed to use or provide the network service.

主权项

1. A method, operational at a device, comprising:
obtaining a proof of authority for the device to use a first set of selectively activated features at the device, signed by a first authorization server; sending a request to use a network service to a network node, wherein the first set of selectively activated features includes first selectively activated features needed by the device to use the network service; obtaining, from the network node, in response to sending the request to use the network service, a request for the proof of authority for the device; sending, to the network node, the proof of authority for the device; sending, to the network node, a request for a proof of authority for the network node to provide the network service; obtaining, from the network node, the proof of authority for the network node to use a second set of selectively activated features at the network node, signed by a second authorization server, wherein the second set of selectively activated features includes second selectively activated features needed by the network node to provide the network service; and validating the proof of authority for the network node before using the network service.