Systems and methods for exposing functionality with strict access controls

US 7,733,884 B1
Filed: 01/06/2004
Issued: 06/08/2010
Est. Priority Date: 01/06/2004
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a service gateway in communication with a first entity and a second entity, the service gateway comprising;

a first interface module to receive, from the first entity, a message requesting performance of a service in an extensible set of services offered by the second entity, the message including a service name that corresponds to the service and an argument that includes data used to perform the service;

an access control module to;

make a first determination of whether the first entity is permitted to request performance of the service corresponding to the service name,make a second determination of whether the argument is permitted to be provided by the first entity, andmake a third determination of whether the argument is permitted to be requested for the service corresponding to the service name; and

a second interface module to selectively request performance of the service by the second entity based, at least in part, on results of the first, second, and third determinations of the access control module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A service provider system connects to systems associated with a group of business-partners. Each of the business-partners sells services, of an extensible set of services provided by the service provider system, to its customers. The service provider system provides a common interface via which the business-partner systems can request one or more services from the extensible set of services. The service provider system exposes subsets of the common interface to each of the business-partner systems by controlling access to the extensible set of services by the business-partner systems.

Citations

22 Claims

1. A system, comprising:
- a service gateway in communication with a first entity and a second entity, the service gateway comprising;
  
  a first interface module to receive, from the first entity, a message requesting performance of a service in an extensible set of services offered by the second entity, the message including a service name that corresponds to the service and an argument that includes data used to perform the service;
  
  an access control module to;
  
  make a first determination of whether the first entity is permitted to request performance of the service corresponding to the service name,make a second determination of whether the argument is permitted to be provided by the first entity, andmake a third determination of whether the argument is permitted to be requested for the service corresponding to the service name; and
  
  a second interface module to selectively request performance of the service by the second entity based, at least in part, on results of the first, second, and third determinations of the access control module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, where the second entity includes:
    - a service activation component offering the extensible set of services.
  - 3. The system of claim 2, where the service activation component is to configure a router to deliver the service.
  - 4. The system of claim 1, where the first entity corresponds to a business partner system and the second entity corresponds to a service activation component, the service activation component provides the service to a customer associated with the business partner system, the business partner system generates the message requesting service for the customer;
    - andwhere the first interface module is further to;
      
      authenticate the business partner system based, at least in part, on information included in the message.
  - 5. The system of claim 1, where the first entity includes a plurality of service activation components;
    - andwhere the system further comprises;
      
      a second entity locator to obtain information associated with the service activation components; and
      
      where the second interface module is further to;
      
      contact the second entity locator to identify one of the service activation components from which to request performance of the service.
  - 6. The system of claim 5, where the message includes a subscriber identifier that identifies a subscriber on whose behalf the service is being requested;
    - andwhere the second entity locator is to map the subscriber identifier to the identified one of the service activation components.
  - 7. The system of claim 1, further comprising:
    - an extension manager to facilitate at least one of modification of services in the extensible set of services or addition of new services to the extensible set of services offered by the second entity.
  - 8. The system of claim 1, where the extensible set of services includes network services associated with communication on the Internet.
  - 9. The system of claim 1, where the access control module is further to reject the message if the first determination determines that the first entity is not permitted to request performance of the service, the second determination determines that the argument is not permitted to be provided by the first entity, or the third determination determines that the argument is not permitted to be requested for the service.
  - 10. The system of claim 1, where the second interface module is configured to request performance of the service when the first determination determines that the first entity is permitted to request performance of the service, the second determination determines that the argument is permitted to be provided by the first entity, and the third determination determines that the argument is permitted to be requested for the service.

11. A wholesaler system that provides services to subscribers associated with a plurality of retailer systems, the wholesaler system comprising:
- a service activation component to provide the services to the subscribers; and
  
  a service gateway to act as a single point of contact between the retailer systems and the service activation component, the service gateway providing controlled access, by the retailer systems, to the services provided by the service activation component, the service gateway permitting each of the retailer systems access to a subset of the services provided by the service activation component via the controlled access, the service gateway comprising;
  
  a first interface module to receive, from one of the retailer systems, a message requesting performance of one of the services by the service activation component, the message including at least one argument that includes data used to perform the one service,an access control module to;
  
  make a first determination of whether the one retailer system is permitted to request performance of the one service,make a second determination of whether the at least one argument is permissible for the one retailer system, andmake a third determination of whether the at least one argument is valid for the one service, anda second interface module to selectively interact with the service activation component based, at least in part, on the first, second, and third determinations of the access control module.
- View Dependent Claims (12, 13, 14)
- - 12. The wholesaler system of claim 11, where the services provided by the service activation component include network services.
  - 13. The wholesaler system of claim 11, where the services provided by the service activation component include an extensible set of services.
  - 14. The wholesaler system of claim 11, where the service gateway and the service activation component in combination provide a common interface via which the retailer systems request one or more of the services provided by the service activation component, the combination exposing subsets of the common interface to each of the retailer systems by controlling access to the services by the retailer systems.

15. A method performed by a service gateway in communication with a first entity and a second entity, the method comprising:
- receiving, from the first entity, a message requesting performance of a network service of an extensible set of network services offered by the second entity, the message including a service name that corresponds to the network service and an argument that includes data used to perform the network service;
  
  generating a first result based, at least in part, on a determination of whether the first entity is permitted to request performance of the network service corresponding to the service name;
  
  generating a second result based, at least in part, on a determination of whether the first entity is permitted to provide the argument;
  
  generating a third result based, at least in part, on a determination of whether the argument is permissible for the network service corresponding to the service name; and
  
  selectively requesting performance of the network service by the second entity based, at least in part, on the first, second, and third results.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, further comprising:
    - rejecting the message if the first result indicates that the first entity is not permitted to request performance of the network service, the second result indicates that the first entity is not permitted to provide the argument, or the third result indicates that the argument is not permissible for the network service.
  - 17. The method of claim 15, further comprising:
    - configuring a router to deliver the network service to a subscriber.
  - 18. The method of claim 15, further comprising:
    - authenticating the first entity based, at least in part, on information included in the message.
  - 19. The method of claim 15, where the message includes a subscriber identifier that identifies a subscriber on whose behalf the requested service is being requested;
    - andwhere the method further comprises identifying the second entity from a plurality of second entities based, at least in part, on the subscriber identifier included in the message.
  - 20. The method of claim 15, where the extensible set of network services includes network services associated with communication on the Internet.
  - 21. The method of claim 15, where selectively requesting performance of the network service includes:
    - requesting performance of the network service when the first result indicates that the first entity is permitted to request performance of the network service, the second result indicates that the first entity is permitted to provide the argument, and the third result indicates that the argument is permissible for the network service.

22. A device, comprising:
- means for receiving, from a requester, a message requesting performance of one of a plurality of network services offered by a server, the message including an argument that includes data used to perform the one network service;
  
  means for performing a first determination of whether the requestor is permitted to request performance of the one network service;
  
  means for performing a second determination of whether the requestor is permitted to provide the argument;
  
  means for performing a third determination of whether the argument is permissible for the one network service; and
  
  means for requesting performance of the one network service by the server based, at least in part, on the first, second, and third determinations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Stewart, Hugh, Sidebottom, Gregory
Primary Examiner(s)
Patel; Jayanti K
Assistant Examiner(s)
SOL, ANTHONY M

Application Number

US10/751,539
Time in Patent Office

2,345 Days
Field of Search

None
US Class Current

370/401
CPC Class Codes

H04L 63/102 Entity profiles

Systems and methods for exposing functionality with strict access controls

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for exposing functionality with strict access controls

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links