System and method for ubiquitous network access

US 20040225898A1
Filed: 01/27/2004
Published: 11/11/2004
Est. Priority Date: 01/28/2003
Status: Abandoned Application

First Claim

Patent Images

1. A system, comprising:

at least one port component through which an end user needs to be authenticated and authorized in order to access a network resource via a network provider'"'"'s network, the port component being able to enforce an access policy and to apply rules of a service provider of the end user during the end user'"'"'s use of the network provider'"'"'s network;

at least one first director component communicatively coupled to the port component to provide the access policy to be used in connection with the network provider'"'"'s grant of access to its network;

at least one second director component communicatively coupled to the first director component to provide the access policy to the first director component in connection with the service provider'"'"'s request for access to the network provider'"'"'s network on behalf of its end user and in connection with authentication and authorization of the end user; and

a home provider register (HPR) component communicatively coupled to the first director component to be used by the first director component in connection with determination of a service provider of the end user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed embodiments significantly increase the power and flexibility of public access network roaming systems. This is accomplished in one or more embodiments by requiring no new software or hardware to be installed by the end user. Further, an end user'"'"'s service provider can be automatically determined. If a pre-negotiated network sharing agreement does not exist between the network provider and service provider, a network sharing agreement can be dynamically facilitated, even if the network provider and the service provider have no prior business relationship; while protecting the business and financial interests of both providers. Embodiments allow for a clearinghouse for revenue assurance. Embodiments contemplate a scalable, distributable system. Embodiments allow for variable access charges among and within venues and a wide variety of service plans for end users. Embodiments remain backward compatible with legacy systems for maximum flexibility.

228 Citations

57 Claims

1. A system, comprising:
- at least one port component through which an end user needs to be authenticated and authorized in order to access a network resource via a network provider'"'"'s network, the port component being able to enforce an access policy and to apply rules of a service provider of the end user during the end user'"'"'s use of the network provider'"'"'s network;
  
  at least one first director component communicatively coupled to the port component to provide the access policy to be used in connection with the network provider'"'"'s grant of access to its network;
  
  at least one second director component communicatively coupled to the first director component to provide the access policy to the first director component in connection with the service provider'"'"'s request for access to the network provider'"'"'s network on behalf of its end user and in connection with authentication and authorization of the end user; and
  
  a home provider register (HPR) component communicatively coupled to the first director component to be used by the first director component in connection with determination of a service provider of the end user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The system of claim 1, further comprising a business support system (BSS) component communicatively coupled to the director component, from which the Director component obtains data associated with the access policy.
  - 3. The system of claim 1 wherein different director components are associated with the network provider and with the service provider, the director components of these providers being able to communicate with each other to provide the access policy to the port component to allow the user to access the network resource via the network provider'"'"'s network.
  - 4. The system of claim 1 wherein the network provider and the service provider have no existing network share agreement between them.
  - 5. The system of claim 4 wherein, if the end user is authenticated and authorized to access the network resource via the network provider'"'"'s network, the network share agreement is established between the network provider and service provider for the duration of the end user'"'"'s access of the network provider'"'"'s network.
  - 6. The system of claim 1 wherein the network provider and the service provider have an existing network share agreement between them.
  - 7. The system of claim 1, further comprising a provider revocation list communicatively coupled to the director components, and usable to verify whether there is a denial of service for either the service provider and the network provider.
  - 8. The system of claim 1 wherein alternatively or additionally to the HPR, the director component is able to determine the service provider of the end user based on at least one of token information, multiple tokens corresponding to multiple providers, identification information on a device being used by the end user, email address of the end user, an open search interface technique, a RADIUS technique, and user-input data provided by the end user.
  - 9. The system of claim 8 wherein the director component is able to determine the service provider of the end user without requiring additional hardware and software on the device used by the end user.
  - 10. The system of claim 1 wherein if the service provider is unavailable or if an agreement between the service provider and network providers cannot be made, the network provider through the director component can associate the end user with a preferred service provider.
  - 11. The system of claim 1 wherein the port component is further able to track accounting data for each end user and to shape service metrics according to a service plan of the service provider.
  - 12. The system of claim 1 wherein the port component is further able to use a heartbeat process to monitor activity of the end user, if authenticated, for purposes of billing and to verify that no end user sessions are left open.
  - 13. The system of claim 1 wherein at least one of the director components is able to securely perform at least one of:
    - determine a network-share agreement between the network provider and the service provider, if any;
      
      import brand information of the service provider to the port component to deliver to the user;
      
      communicate authentication credentials of the end user to the service provider;
      
      communicate, to the port component, whether to allow or deny access to the end user and impose the restrictions from the service provider, if any; and
      
      communicate accounting information to the network provider and to the service provider as part of a network share arrangement.
  - 14. The system of claim 1, further comprising at least one of the following network sharing components:
    - a PartnerAccept component that identifies pre-negotiated cross-license terms between the network provider and the service provider;
      
      a billing component wherein end-user usage metrics collected by the port component are transmitted to the network provider and the service provider for accounting purposes;
      
      a Clearinghouse component to coordinate and ensure payment to the network provider from the service provider as a result of allowing access to the end user;
      
      an AutoAccept component to determine a minimum compensation that a network provider will accept to allow access to its network by end users of the service provider;
      
      an AutoPay component to determine a maximum compensation that a service provider will pay to allow its users to access a network provider'"'"'s network;
      
      a first AutoRefuse component to specify service providers whose end users are banned from accessing a network provider'"'"'s network; and
      
      a second AutoRefuse component to specify network providers whose networks are banned from use by a service provider'"'"'s end users.
  - 15. The system of claim 14, further comprising an All Access Pass component in which the end user is allowed access to any network provider'"'"'s network by agreeing to network provider'"'"'s payment metrics, provided no AutoRefuse component exists for either the network provider or the service provider.
  - 16. The system of claim 1 wherein the service provider, through the port component, is able to enforce its rules on its end user while accessing the network provider'"'"'s network that is not owned by the service provider.
  - 17. The system of claim 1 wherein a plurality of port components are associated with a corresponding plurality of different pricing metrics.
  - 18. The system of claim 1 wherein the system allows the end user to roam amongst different network providers'"'"' networks.
  - 19. The system of claim 1 wherein at least one of port components, network resources, service provider rules, management operations, and geographic locations are organized based on group containers.
  - 20. The system of claim 19 wherein at least one of the group containers is used in connection with authorization.
  - 21. The system of claim 1 wherein the director component is communicatively coupled to a legacy system.
  - 22. The system of claim 1 wherein at least some of the director components and the port component are distributed.
  - 23. The system of claim 1 wherein at least some of the director components, port component, and HLR component are scalable to accommodate additional end users, network providers, or service providers.

24. A system, comprising:
- a means for allowing an end user, associated with a service provider, to use a network provider'"'"'s network that is not managed by the service provider;
  
  a means for determining the service provider of the end user of the network provider'"'"'s network; and
  
  a means for automatically and dynamically facilitating network sharing agreements between the network provider and the service provider, including a means for applying the service provider'"'"'s rules to the end user while the end user uses the network provider'"'"'s network.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 25. The system of claim 24, further comprising means for authorizing and authenticating the end user to the network provider'"'"'s network.
  - 26. The system of claim 24, further comprising a means for using a preferred provider if the service provider of the end user is unavailable or if a network share agreement between the network provider and the service provider cannot be implemented.
  - 27. The system of claim 24 wherein the means for allowing the end user to use the network provider'"'"'s network includes:
    - at least one first component means for accessing the network provider'"'"'s network;
      
      at least one second component means for managing the end user'"'"'s use of the network provider'"'"'s network; and
      
      at least another second component means for restricting usage to only end user'"'"'s whose service provider is willing to agree to network sharing terms
  - 28. The system of claim 27 wherein the at least one first component means includes means for applying different pricing policies to different first component means.
  - 29. The system of claim 24, further comprising a heartbeat means for monitoring activity of the user for purposes of billing and to verify that no user sessions are left open.
  - 30. The system of claim 24, further comprising a plurality of different payment means for implementing billing associated with servicing the user.
  - 31. The system of claim 30 wherein one of the payment means includes an All Access Pass means for allowing the end user to access any network provider'"'"'s network subject to payment policies of these network providers and provided that another billing component of either the network provider and the service provider do not preclude access.
  - 32. The system of claim 24, further comprising container means for defining access and network use privileges.
  - 33. The system of claim 24, further comprising means for allowing access to and use of legacy systems.
  - 34. The system of claim 24, further comprising a means for importing a brand or content of the service provider to the network provider'"'"'s network during use by the end user.
  - 35. The system of claim 24, further comprising device means for accessing the network provider'"'"'s network, and network means within the network provider'"'"'s network for supporting the device means'"'"' access and use of the network provider'"'"'s network.
  - 36. The system of claim 24, further comprising a means for using multiple tokens in different classes to represent different service provider states.
  - 37. The system of claim 24, further comprising means for distributing and scaling to accommodate additional network providers, service providers, or users.

38. A method, comprising:
- authenticating and authorizing a user to access a network resource via a network provider'"'"'s network;
  
  providing an access policy to be used in connection with the authenticating and authorizing;
  
  determining a service provider of the user, the service provider not being substantially involved in managing use of the network provider'"'"'s network; and
  
  enforcing the access policy and applying rules of the service provider during the user'"'"'s use of the network provider'"'"'s network.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 39. The method of claim 38 wherein providing the access policy includes providing the access policy based on data from a business support system.
  - 40. The method of claim 38, further comprising communicating between different director components to obtain service provider rules and access policies.
  - 41. The method of claim 38, further comprising implementing either a new or existing network share agreement between the network provider and the service provider.
  - 42. The method of claim 41 wherein implementing the new network share agreement including implementing terms of the new network share agreement only for the duration of the end user'"'"'s use of the network provider'"'"'s network.
  - 43. The method of claim 38 wherein if the service provider is unavailable or if an agreement between the service provider and network provider cannot be made, the method includes associating the end user with a preferred service provider.
  - 44. The method of claim 38, further comprising using a heartbeat process to monitor activity of the end user for purposes of billing and to verify that no end user sessions are left open.
  - 45. The method of claim 38, further comprising implementing at least one of the following service payment components:
    - a PartnerAccept component that identifies pre-negotiated cross-license terms between network providers and service providers;
      
      a billing component that distributes accounting information to the service provider and the network provider as a result of allowing access to the end user a clearinghouse component to coordinate and attempt to ensure payment to the network provider from the service provider as a result of allowing access to the end user;
      
      an AutoAccept component to determine a minimum compensation that a network provider will accept to allow access to its network by a service provider'"'"'s end users;
      
      an AutoPay component to determine a maximum compensation that a service provider will pay to allow its end users to access a network provider'"'"'s network;
      
      a first AutoRefuse component to specify service providers whose end users are banned from accessing a network provider'"'"'s network; and
      
      a second AutoRefuse component to specify network providers whose networks are banned for use by a service provider'"'"'s end users.
  - 46. The method of claim 45, further comprising implementing an all access pass to allow the end user to access any network provider'"'"'s network subject to billing policies of these network providers, provided that at least one of the AutoRefuse components does not negate a network share between the network provider and the service provider.
  - 47. The method of claim 38, further comprising managing access and use of network resources based on group container definitions.
  - 48. The method of claim 38, further comprising disabling capability to access a network resource based on provider revocation settings.
  - 49. The method of claim 38, further comprising importing brand and content information of the service provider to the network provider'"'"'s network during use of that network by the end user.
  - 50. The method of claim 38, further comprising implementing network authorization, access, and use in conjunction with legacy systems.
  - 51. The method of claim 38, further comprising implementing different pricing policies for different port components that can be used by the end user to access the network provider'"'"'s network.
  - 52. The method of claim 38 wherein determining the service provider of the end user includes determining the service provider without requiring additional hardware and software on a device used by the end user.

53. An article of manufacture, comprising:
- a machine-readable medium having instructions stored thereon to;
  
  authenticate and authorize an end user to access a network resource via a network provider'"'"'s network;
  
  provide an access policy to be used in connection with the authenticating and authorizing;
  
  determine a service provider of the end user, the service provider not being substantially involved in managing use of the network provider'"'"'s network; and
  
  initiate enforcement of the access policy and application of rules of the service provider during the end user'"'"'s use of the network provider'"'"'s network.
- View Dependent Claims (54, 55, 56, 57)
- - 54. The article of manufacture of claim 53 wherein the machine-readable medium further includes instructions stored thereon to initiate implementation of either a new or existing network share agreement between the network provider and the service provider.
  - 55. The article of manufacture of claim 53 wherein the machine-readable medium includes at least one of instructions stored thereon to:
    - determine a network-share agreement between the network provider and the service provider, if any;
      
      import brand and content information of the service provider to be delivered to the end user;
      
      communicate authentication credentials of the end user to the service provider;
      
      communicate whether to allow or deny access to the end user and impose the restrictions from the service provider, if any; and
      
      communicate accounting information to the network provider and to the service provider as part of a network share arrangement.
  - 56. The article of manufacture of claim 53 wherein the machine-readable medium further includes instructions stored thereon to monitor use of the network provider'"'"'s network by the end user.
  - 57. The article of manufacture of claim 53 wherein the machine-readable medium further includes instructions stored thereon to disable capability to access a network resource based on provider revocation settings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
David D Miller, D. Gabriel Frost
Original Assignee
David D Miller, D. Gabriel Frost
Inventors
Miller, David D., Frost, D. Gabriel

Application Number

US10/766,670
Publication Number

US 20040225898A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2876   Handling of subscriber poli...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04W 12/062   Pre-authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

System and method for ubiquitous network access

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

228 Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for ubiquitous network access

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

228 Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links