On demand session provisioning of IP flows
First Claim
1. A method for on demand session provisioning comprising:
- receiving a first packet from a user at a service selection gateway, the service selection gateway operable to provide the user with access to one or more services, the first packet associated with a selected one of the services;
sending an access request to an authorization server, the access request identifying the user and requesting authorization to allow the user to access the selected service;
creating a temporary user session operable to allow the user to temporarily access the selected service pending authorization;
forwarding subsequently received packets while the temporary user session is valid;
receiving an authorization response from the authorization server;
determining whether the authorization response indicates that the user is authorized to access the selected service; and
if the authorization response indicates that the user is authorized to access the selected service, creating a permanent user session operable to allow the user to access the selected service;
otherwise, terminating the temporary user session.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for on demand session provisioning includes receiving a first packet from a user at a service selection gateway. The service selection gateway provides the user with access to one or more services. The first packet is associated with a selected one of the services. An access request is sent to an authorization server. A temporary user session is created to allow the user to temporarily access the selected service pending authorization. Subsequently received packets are forwarded while the temporary user session is valid. An authorization response is received from the authorization server. If the authorization response indicates that the user is authorized to access the selected service, a permanent user session is created to allow the user to access the selected service. Otherwise, the temporary user session is terminated.
56 Citations
34 Claims
-
1. A method for on demand session provisioning comprising:
-
receiving a first packet from a user at a service selection gateway, the service selection gateway operable to provide the user with access to one or more services, the first packet associated with a selected one of the services;
sending an access request to an authorization server, the access request identifying the user and requesting authorization to allow the user to access the selected service;
creating a temporary user session operable to allow the user to temporarily access the selected service pending authorization;
forwarding subsequently received packets while the temporary user session is valid;
receiving an authorization response from the authorization server;
determining whether the authorization response indicates that the user is authorized to access the selected service; and
if the authorization response indicates that the user is authorized to access the selected service, creating a permanent user session operable to allow the user to access the selected service;
otherwise, terminating the temporary user session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A service selection gateway for providing a user with access to one or more services comprising:
-
a first interface of the service selection gateway, the first interface coupling to one or more components of the network and operable to;
receive a first packet from a user, the first packet associated with a selected one of the services;
send an access request to an authorization server, the access request identifying the user and requesting authorization to allow the user to access the selected service; and
a processor operable to;
create a temporary user session operable to allow the user to temporarily access the selected service pending authorization;
forward subsequently received packets while the temporary user session is valid;
receive an authorization response from the authorization server;
determine whether the authorization response indicates that the user is authorized to access the selected service; and
if the authorization response indicates that the user is authorized to access the selected service, create a permanent user session operable to allow the user to access the selected service;
otherwise, terminate the temporary user session. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. Logic for configuring enterprise gateways, the logic embodied in a computer-readable medium and operable to:
-
receive a first packet from a user at a service selection gateway, the service selection gateway operable to provide the user with access to one or more services, the first packet associated with a selected one of the services;
send an access request to an authorization server, the access request identifying the user and requesting authorization to allow the user to access the selected service;
create a temporary user session operable to allow the user to temporarily access the selected service pending authorization;
forwarding subsequently received packets while the temporary user session is valid;
receiving an authorization response from the authorization server;
determine whether the authorization response indicates that the user is authorized to access the selected service; and
if the authorization response indicates that the user is authorized to access the selected service, create a permanent user session operable to allow the user to access the selected service;
otherwise, terminate the temporary user session. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A system for providing a user with access to one or more services comprising:
-
means for receiving a first packet from a user at a service selection gateway, the service selection gateway operable to provide the user with access to one or more services, the first packet associated with a selected one of the services;
means for sending an access request to an authorization server, the access request identifying the user and requesting authorization to allow the user to access the selected service;
means for creating a temporary user session operable to allow the user to temporarily access the selected service pending authorization;
means for forwarding subsequently received packets while the temporary user session is valid;
means for receiving an authorization response from the authorization server;
means for determining whether the authorization response indicates that the user is authorized to access the selected service; and
if the authorization response indicates that the user is authorized to access the selected service, means for creating a permanent user session operable to allow the user to access the selected service;
otherwise, means for terminating the temporary user session.
-
Specification