Means and method for controlling service progression between different domains
First Claim
1. An Application Gateway Module suitable for use in a telecommunication system wherein a service network authenticates a user and authorizes the user for accessing a service offered by a service provider, the Application Gateway Module arranged for intercepting application messages between the user and the service and for identifying said user and said service, and including:
- means for obtaining an authorization decision on whether the user is allowed to access the service;
the Application Gateway Module comprising;
means for assigning a service session identifier intended to identify those application messages exchanged between the user and the service and that belong to a same service delivery authorized for said user;
means for configuring a first finite-state machine with a number of status intended to identify specific events in service delivery where service progression can be controlled; and
means for activating service policies applicable to said specific events and resulting in a state transition.
1 Assignment
0 Petitions
Accused Products
Abstract
At present, the existing mechanisms for authorising a user of a service network operator to access a service provided by a third party service provider are valid for most of the existing services based on a request and an answer, but for transactional services, those where a service delivery implies several transactions, the existing techniques present serious limitations for the operators to fully control the progression of services. To overcome this limitation, the invention provides means and methods to control the progression of a service, service which requires a plurality of transactions, at a first domain where the service has been authorised while the user is using said service provided by a second domain, as well as a verification mechanism for verifying the use of the service between the service network operator and the service provider.
-
Citations
30 Claims
-
1. An Application Gateway Module suitable for use in a telecommunication system wherein a service network authenticates a user and authorizes the user for accessing a service offered by a service provider, the Application Gateway Module arranged for intercepting application messages between the user and the service and for identifying said user and said service, and including:
-
means for obtaining an authorization decision on whether the user is allowed to access the service;
the Application Gateway Module comprising;
means for assigning a service session identifier intended to identify those application messages exchanged between the user and the service and that belong to a same service delivery authorized for said user;
means for configuring a first finite-state machine with a number of status intended to identify specific events in service delivery where service progression can be controlled; and
means for activating service policies applicable to said specific events and resulting in a state transition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An Authorization Module suitable for use in a telecommunication system wherein a service network authenticates a user and authorizes the user for accessing a service offered by a service provider, the Authorization Module arranged for deciding whether a user is allowed to access a service and having:
-
means for receiving a service authorization request from an Application Gateway Module; and
means for returning to the Application Gateway Module a response on whether the user is granted access to the requested service;
the Authorization Module comprising;
means for generating a service session identifier intended to correlate those application messages exchanged between the user and the service and that belong to a same service delivery authorized for said user;
means for configuring a second finite-state machine with a number of status intended to identify specific events in service progression where the Authorization Module can act over the Application Gateway Module to control the service progression; and
means for determining service policies applicable to said specific events and resulting in a state transition. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for authorizing a user of a service network to access a service offered by a service server of a service provider, the user already authenticated by the service network, the server arranged to deliver a service that comprises a plurality of transactions by exchanging a plurality of application messages with the user the method comprising the steps of:
-
obtaining a first authorization decision on whether the user is allowed to access the service;
generating and assigning a service session identifier intended to identify those application messages exchanged between the user and the service and that belong to a same service delivery authorized for said user;
configuring at least one finite-state machine with a number of status intended to identify specific events in service delivery where service progression can be controlled; and
activating service policies applicable to said specific events and resulting in a state transition. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification