US 12,326,927 B2
System and method for automatic onboarding of network functions to a credential vault
Akashdeep Chopra, Tokyo (JP); Manish Kumar, Tokyo (JP); and Ashish Madan, Singapore (SG)
Assigned to RAKUTEN SYMPHONY, INC., Tokyo (JP)
Appl. No. 18/023,216
Filed by Rakuten Symphony, Inc., Tokyo (JP)
PCT Filed Dec. 21, 2022, PCT No. PCT/US2022/053676
§ 371(c)(1), (2) Date Feb. 24, 2023,
PCT Pub. No. WO2024/136860, PCT Pub. Date Jun. 27, 2024.
Prior Publication US 2025/0077638 A1, Mar. 6, 2025
Int. Cl. G06F 21/44 (2013.01); H04L 9/32 (2006.01)
CPC G06F 21/44 (2013.01) [H04L 9/3213 (2013.01); H04L 9/3247 (2013.01); H04L 9/3263 (2013.01); G06F 2221/2141 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method for onboarding of network functions to a credential vault, the credential vault including a vault memory and a vault processor, the vault memory storing an authentication code at a code address thereof, the method comprising, by at least one processor:
actuating establishment of an cluster account for a network cluster;
actuating a cluster configuration of the vault processor to enable authentication of the network cluster; and
for each network function of a plurality of network functions associated with the network cluster:
generating an identifier for the network function,
setting values for parameters of an initialization parameter set for the network function, the initialization parameter set including a credential address in the vault memory for storage of a credential for the network function, a value of the credential address being based on the generated identifier for the network function,
actuating assignment of access permissions to the network function for the code address on the vault memory,
actuating assignment of elevated access permissions to the network function for the credential address on the vault memory, and
actuating association of the network function with the cluster account of the network cluster;
the vault memory thereby defining a plurality of credential addresses each corresponding to a respective one of the plurality of network functions,
wherein the vault processor is configured to:
provide, based on receipt of a code retrieval request identifying the code address from a device having access permissions thereto, the authentication code,
store at a selected credential address, based on receipt of a credential storage request providing a credential and identifying the selected credential address from a device having elevated access permissions thereto, the provided credential, and
provide, based on receipt of a credential retrieval request identifying the selected credential address from a device having elevated access permissions thereto, the credential stored at the selected credential address.