METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR BRIDGING USER AUTHENTICATION, AUTHORIZATION, AND ACCESS BETWEEN WEB-BASED AND TELECOM DOMAINS

US 20130139241A1
Filed: 11/29/2011
Published: 05/30/2013
Est. Priority Date: 11/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method for bridging authentication, authorization, and access between web-based and telecommunications networks, the method comprising:

issuing, to an application hosted in a web-based network, an access token associated with a user identifier subscribed to a telecommunications network, wherein the access token is issued in response to receiving telecommunications network credentials from a client device associated with the user identifier;

receiving, at an over the top (OTT) proxy element in the telecommunications network from the application, the access token for requesting user data associated with the client device to be used to access the application;

retrieving the user data if the access token is valid a telecommunications network context condition is met; and

providing the user data to the application, wherein access to the application by the client device is based on the user data.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer readable media for bridging user authentication, authorization, and access between web-based and telecom domains are disclosed. In one example, a method includes issuing, to an application hosted in a web-based network, an access token associated with a user identifier subscribed to a telecommunications network, wherein the access token is issued in response to receiving telecommunications network credentials from a client device associated with the user identifier and receiving, at an over the top (OTT) proxy element in the telecommunications network from the application, the access token for requesting user data associated with the client device to be used to access the application. The method further includes retrieving the user data if the access token is valid a telecommunications network context condition is met and providing the user data to the application, wherein access to the application by the client device is based on the user data.

150 Citations

27 Claims

1. A method for bridging authentication, authorization, and access between web-based and telecommunications networks, the method comprising:
- issuing, to an application hosted in a web-based network, an access token associated with a user identifier subscribed to a telecommunications network, wherein the access token is issued in response to receiving telecommunications network credentials from a client device associated with the user identifier;
  
  receiving, at an over the top (OTT) proxy element in the telecommunications network from the application, the access token for requesting user data associated with the client device to be used to access the application;
  
  retrieving the user data if the access token is valid a telecommunications network context condition is met; and
  
  providing the user data to the application, wherein access to the application by the client device is based on the user data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the application includes at least one of:
    - a web application, an enterprise based application, and a mobile device application.
  - 3. The method of claim 1 wherein the client device includes at least one of:
    - a mobile device and a fixed device.
  - 4. The method of claim 1 wherein the telecommunications network context condition includes at least one of:
    - the client device having an active registration in the telecommunications network, an approved subscription state associated with the client device, and the presence of the client device in the telecommunications network.
  - 5. The method of claim 4 wherein the active registration includes an active registration in accordance with at least one of:
    - a subscriber identification module (SIM) protocol, a radius protocol, a Diameter protocol, a packet data protocol (PDP) context protocol, an extensible messaging and presence protocol (XMPP), a voice over IP application protocol, and session initiation protocol (SIP).
  - 6. The method of claim 1 wherein issuing an access token includes:
    - receiving, at the OTT proxy element, a request for authentication for access to the application from the client device, wherein the request includes an application identifier associated with the application;
      
      providing an access token authorization code to the application in response to authenticating the client device;
      
      receiving, at the OTT proxy element, an access token request containing the authorization code and the application identifier; and
      
      providing the access token to the application in response to validating the application identifier and the authorization code.
  - 7. The method of claim 1 wherein the user data includes at least one of:
    - a session initiation protocol (SIP) public user identifier, token access policies, user profile data, user context data, and user status data associated with the client device.
  - 8. The method of claim 1 wherein the access token includes an oAuth-based token.
  - 9. The method of claim 1 wherein the client device includes a non-telecom client application.
  - 10. The method of claim 1 wherein the user data includes token privileges that control access to application programming interfaces, network services, and static user data.
  - 11. The method of claim 1 wherein the telecommunications network includes at least one of:
    - a session initiation protocol (SIP) based network and an Internet protocol multimedia subsystem (IMS) based network.
  - 12. The method of claim 1 wherein providing the access token includes providing the access token over a secure transport layer.
  - 13. The method of claim 12 wherein the secure transport layer utilizes a hypertext transfer protocol secure (HTTPS) protocol.

14. A system for bridging authentication, authorization, and access between web-based and telecommunications networks, the system comprising:
- an application server residing in a web-based network that is configured to host an application and to provide an access token associated with a user identifier subscribed to a telecommunications network, wherein the access token is initially received by the application in response to a client device associated with the user identifier providing telecommunications network login credentials to an OTT proxy element; and
  
  an OTT proxy element that resides in a telecommunications network and is configured to receive the access token from the application server, to retrieve the user data if the access token is valid and a telecommunications network context condition is met, and to provide the user data to the application, wherein access to the application by the client device is based on the user data.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The system of claim 14 wherein the application includes at least one of:
    - a web-based application, an enterprise based application, and a mobile device application.
  - 16. The system of claim 14 wherein the client device includes at least one of:
    - a mobile device and a fixed device.
  - 17. The system of claim 14 wherein the telecommunications network context condition includes at least one of:
    - the client device having an active registration in the telecommunications network, an approved subscription state associated with the client device, and the presence of the client device in the telecommunications network.
  - 18. The system of claim 17 wherein the active registration includes an active registration in accordance with at least one of:
    - a subscriber identification module (SIM) protocol, a radius protocol, a Diameter protocol, a packet data protocol (PDP) context protocol, an extensible messaging and presence protocol (XMPP), a voice over IP application protocol, and session initiation protocol (SIP).
  - 19. The system of claim 14 wherein the OTT proxy element is further configured to receive a request for authentication for access to the application from the client device, wherein the request includes an application identifier associated with the application, to provide an access token authorization code to the application in response to authenticating the client device, to receive, at the OTT proxy element, an access token request containing the authorization code and the application identifier, and to provide the access token to the application in response to validating the application identifier and the authorization code.
  - 20. The system of claim 14 wherein the user data includes at least one of:
    - a SIP public user identifier, token access policies, user profile data, user context data, and user status data associated with the client device.
  - 21. The system of claim 14 wherein the access token includes an oAuth token.
  - 22. The system of claim 14 wherein the client device includes a non-telecom client application.
  - 23. The system of claim 14 wherein the user data includes token privileges that control access to application programming interfaces, network services, and static user data.
  - 24. The system of claim 14 wherein the telecom-based network includes at least one of:
    - a session initiation protocol (SIP) based network and an Internet protocol multimedia subsystem (IMS) based network.
  - 25. The system of claim 14 wherein the OTT proxy element is further configured to provide the access token over a secure transport layer.
  - 26. The system of claim 25 wherein the secure transport layer utilizes a hypertext transfer protocol secure (HTTPS) protocol.

27. A non-transitory computer readable medium comprising computer executable instructions that when executed by a processor of a computer control the computer to perform steps comprising:
- issuing, to an application hosted in a web-based network, an access token associated with a user identifier subscribed to a telecommunications network, wherein the access token is issued in response to receiving telecommunications network credentials from a client device associated with the user identifier;
  
  receiving, at an over the top (OTT) proxy element in the telecommunications network from the application, the access token for requesting user data associated with the client device to be used to access the application;
  
  retrieving the user data if the access token is valid a telecommunications network context condition is met; and
  
  providing the user data to the application, wherein access to the application by the client device is based on the user data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ribbon Communications Operating Company, Inc. (Ribbon Communications, Inc.)
Original Assignee
Genband US LLC (Ribbon Communications, Inc.)
Inventors
Leeder, Michael

Granted Patent

US 8,667,579 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

H04W 12/068   using credential vaults, e....

H04W 4/60   Subscription-based services...

H04W 88/182   Network node acting on beha...

METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR BRIDGING USER AUTHENTICATION, AUTHORIZATION, AND ACCESS BETWEEN WEB-BASED AND TELECOM DOMAINS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

150 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR BRIDGING USER AUTHENTICATION, AUTHORIZATION, AND ACCESS BETWEEN WEB-BASED AND TELECOM DOMAINS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

150 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links