On demand session provisioning of IP flows

US 20050108423A1
Filed: 11/06/2003
Published: 05/19/2005
Est. Priority Date: 11/06/2003
Status: Active Grant

First Claim

Patent Images

1. A method for on demand session provisioning comprising:

receiving a first packet from a user at a service selection gateway, the service selection gateway operable to provide the user with access to one or more services, the first packet associated with a selected one of the services;

sending an access request to an authorization server, the access request identifying the user and requesting authorization to allow the user to access the selected service;

creating a temporary user session operable to allow the user to temporarily access the selected service pending authorization;

forwarding subsequently received packets while the temporary user session is valid;

receiving an authorization response from the authorization server;

determining whether the authorization response indicates that the user is authorized to access the selected service; and

if the authorization response indicates that the user is authorized to access the selected service, creating a permanent user session operable to allow the user to access the selected service;

otherwise, terminating the temporary user session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for on demand session provisioning includes receiving a first packet from a user at a service selection gateway. The service selection gateway provides the user with access to one or more services. The first packet is associated with a selected one of the services. An access request is sent to an authorization server. A temporary user session is created to allow the user to temporarily access the selected service pending authorization. Subsequently received packets are forwarded while the temporary user session is valid. An authorization response is received from the authorization server. If the authorization response indicates that the user is authorized to access the selected service, a permanent user session is created to allow the user to access the selected service. Otherwise, the temporary user session is terminated.

56 Citations

View as Search Results

34 Claims

1. A method for on demand session provisioning comprising:
- receiving a first packet from a user at a service selection gateway, the service selection gateway operable to provide the user with access to one or more services, the first packet associated with a selected one of the services;
  
  sending an access request to an authorization server, the access request identifying the user and requesting authorization to allow the user to access the selected service;
  
  creating a temporary user session operable to allow the user to temporarily access the selected service pending authorization;
  
  forwarding subsequently received packets while the temporary user session is valid;
  
  receiving an authorization response from the authorization server;
  
  determining whether the authorization response indicates that the user is authorized to access the selected service; and
  
  if the authorization response indicates that the user is authorized to access the selected service, creating a permanent user session operable to allow the user to access the selected service;
  
  otherwise, terminating the temporary user session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first packet comprises an Internet protocol (IP) packet.
  - 3. The method of claim 1, wherein receiving the first packet comprises receiving the first packet from an access gateway, the access gateway having authenticated the identity of the user.
  - 4. The method of claim 1, further comprising, if the authorization response is not received after a predetermined period of time, terminating the temporary user session.
  - 5. The method of claim 1, further comprising terminating the temporary user session if the authorization response indicates that the user does not have access to the selected service.
  - 6. The method of claim 1, wherein the authorization response comprises a user profile associated with the user, the user profile indicating one or more services that the user is authorized to access.
  - 7. The method of claim 6, wherein the user profile includes billing data and bandwidth specifications associated with the user.
  - 8. The method of claim 6, further comprising storing the user profile in a memory of the service selection gateway.
  - 9. The method of claim 8, further comprising:
    - determining whether the permanent user session is inactive; and
      
      terminating the permanent user session if the permanent user session is inactive; and
      
      deleting the user profile from the memory of the service selection gateway.
  - 10. The method of claim 6, further comprising deleting the user profile after the user terminates the user session.
  - 11. The method of claim 1, further comprising:
    - determining whether the permanent user session is inactive; and
      
      terminating the permanent user session if the permanent user session is inactive.

12. A service selection gateway for providing a user with access to one or more services comprising:
- a first interface of the service selection gateway, the first interface coupling to one or more components of the network and operable to;
  
  receive a first packet from a user, the first packet associated with a selected one of the services;
  
  send an access request to an authorization server, the access request identifying the user and requesting authorization to allow the user to access the selected service; and
  
  a processor operable to;
  
  create a temporary user session operable to allow the user to temporarily access the selected service pending authorization;
  
  forward subsequently received packets while the temporary user session is valid;
  
  receive an authorization response from the authorization server;
  
  determine whether the authorization response indicates that the user is authorized to access the selected service; and
  
  if the authorization response indicates that the user is authorized to access the selected service, create a permanent user session operable to allow the user to access the selected service;
  
  otherwise, terminate the temporary user session.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The service selection gateway of claim 12, wherein the first packet comprises an Internet protocol (IP) packet.
  - 14. The service selection gateway of claim 12, wherein the first interface is operable to receive the first packet from an access gateway, the access gateway having authenticated the identity of the user.
  - 15. The service selection gateway of claim 12, wherein the processor is further operable to terminate the temporary user session if the authorization response is not received after a predetermined period of time.
  - 16. The service selection gateway of claim 12, wherein the processor is further operable to terminate the temporary user session if the authorization response indicates that the user does not have access to the selected service.
  - 17. The service selection gateway of claim 12 wherein the authorization response comprises a user profile associated with the user, the user profile indicating one or more services that the user is authorized to access.
  - 18. The service selection gateway of claim 17, wherein the user profile includes billing data and bandwidth specifications associated with the user.
  - 19. The service selection gateway of claim 17, wherein the processor is further operable to store the user profile in a memory of the service selection gateway.
  - 20. The service selection gateway of claim 19, wherein the processor is further operable to:
    - determine whether the permanent user session is inactive; and
      
      terminate the permanent user session if the permanent user session is inactive; and
      
      delete the user profile from the memory of the service selection gateway.
  - 21. The service selection gateway of claim 17, wherein the processor is further operable to delete the user profile after the user terminates the user session.
  - 22. The service selection gateway of claim 12, wherein the processor is further operable to:
    - determine whether the permanent user session is inactive; and
      
      terminate the permanent user session if the permanent user session is inactive.

23. Logic for configuring enterprise gateways, the logic embodied in a computer-readable medium and operable to:
- receive a first packet from a user at a service selection gateway, the service selection gateway operable to provide the user with access to one or more services, the first packet associated with a selected one of the services;
  
  send an access request to an authorization server, the access request identifying the user and requesting authorization to allow the user to access the selected service;
  
  create a temporary user session operable to allow the user to temporarily access the selected service pending authorization;
  
  forwarding subsequently received packets while the temporary user session is valid;
  
  receiving an authorization response from the authorization server;
  
  determine whether the authorization response indicates that the user is authorized to access the selected service; and
  
  if the authorization response indicates that the user is authorized to access the selected service, create a permanent user session operable to allow the user to access the selected service;
  
  otherwise, terminate the temporary user session.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The logic of claim 23, wherein the first packet comprises an Internet protocol (IP) packet.
  - 25. The logic of claim 23, further operable to receive the first packet from an access gateway, the access gateway having authenticated the identity of the user.
  - 26. The logic of claim 23, further operable to terminate the temporary user session if the authorization response is not received after a predetermined period of time.
  - 27. The logic of claim 23, further operable to terminate the temporary user session if the authorization response indicates that the user does not have access to the selected service.
  - 28. The logic of claim 23, wherein the authorization response comprises a user profile associated with the user, the user profile indicating one or more services that the user is authorized to access.
  - 29. The logic of claim 28, wherein the user profile includes billing data and bandwidth specifications associated with the user.
  - 30. The logic of claim 28, further operable to store the user profile in a memory of the service selection gateway.
  - 31. The logic of claim 30, further operable to:
    - determine whether the permanent user session is inactive; and
      
      terminate the permanent user session if the permanent user session is inactive; and
      
      delete the user profile from the memory of the service selection gateway.
  - 32. The logic of claim 28, further operable to delete the user profile after the user terminates the user session.
  - 33. The logic of claim 23, further operable to:
    - determine whether the permanent user session is inactive; and
      
      terminate the permanent user session if the permanent user session is inactive.

34. A system for providing a user with access to one or more services comprising:
- means for receiving a first packet from a user at a service selection gateway, the service selection gateway operable to provide the user with access to one or more services, the first packet associated with a selected one of the services;
  
  means for sending an access request to an authorization server, the access request identifying the user and requesting authorization to allow the user to access the selected service;
  
  means for creating a temporary user session operable to allow the user to temporarily access the selected service pending authorization;
  
  means for forwarding subsequently received packets while the temporary user session is valid;
  
  means for receiving an authorization response from the authorization server;
  
  means for determining whether the authorization response indicates that the user is authorized to access the selected service; and
  
  if the authorization response indicates that the user is authorized to access the selected service, means for creating a permanent user session operable to allow the user to access the selected service;
  
  otherwise, means for terminating the temporary user session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Centemeri, Marco Cesare

Granted Patent

US 7,853,705 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/237
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

H04L 63/164   at the network layer

H04L 67/306   User profiles

On demand session provisioning of IP flows

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

56 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

On demand session provisioning of IP flows

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links