Means and method for controlling service progression between different domains
First Claim
1. An Application Gateway Module suitable for use in a telecommunication system wherein a service network authenticates a user and authorizes the user for accessing a service offered by a service provider, the Application Gateway Module arranged for intercepting application messages between the user and the service and for identifying said user and said service, and including:
- means for obtaining an authorization decision on whether the user is allowed to access the service;
the Application Gateway Module comprising;
means for assigning a service session identifier intended to identify those application messages exchanged between the user and the service and that belong to a same service delivery authorized for said user;
means for configuring a first finite-state machine with a number of statuses intended to identify specific events in service delivery, the first finite state machine configured to control service progressionmeans for initiating a specific instance of the first finite-state machine, said specific instance being identified by the assigned service session identifier; and
means for activating service policies applicable to said specific events and resulting in a state transition in the specific instance identified by the assigned service session identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
At present, the existing mechanisms for authorizing a user of a service network operator to access a service provided by a third party service provider are valid for most of the existing services based on a request and an answer, but for transactional services, those where a service delivery implies several transactions, the existing techniques present serious limitations for the operators to fully control the progression of services. To overcome this limitation, the invention provides means and methods to control the progression of a service, service which requires a plurality of transactions, at a first domain where the service has been authorized while the user is using said service provided by a second domain, as well as a verification mechanism for verifying the use of the service between the service network operator and the service provider.
-
Citations
28 Claims
-
1. An Application Gateway Module suitable for use in a telecommunication system wherein a service network authenticates a user and authorizes the user for accessing a service offered by a service provider, the Application Gateway Module arranged for intercepting application messages between the user and the service and for identifying said user and said service, and including:
-
means for obtaining an authorization decision on whether the user is allowed to access the service; the Application Gateway Module comprising; means for assigning a service session identifier intended to identify those application messages exchanged between the user and the service and that belong to a same service delivery authorized for said user; means for configuring a first finite-state machine with a number of statuses intended to identify specific events in service delivery, the first finite state machine configured to control service progression means for initiating a specific instance of the first finite-state machine, said specific instance being identified by the assigned service session identifier; and means for activating service policies applicable to said specific events and resulting in a state transition in the specific instance identified by the assigned service session identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An Authorization Module suitable for use in a telecommunication system wherein a service network authenticates a user and authorizes the user for accessing a service offered by a service provider, the Authorization Module arranged for deciding whether a user is allowed to access a service and having:
-
means for receiving a service authorization request from an Application Gateway Module; and means for returning to the Application Gateway Module a response on whether the user is granted access to the requested service; the Authorization Module comprising; means for generating a service session identifier intended to correlate those application messages exchanged between the user and the service and that belong to a same service delivery authorized for said user; means for configuring a second finite-state machine with a number of statuses intended to identify specific events in service progression, the second finite-state machine usable by the Authorization Module to act over the Application Gateway Module to control the service progression; means for initiating a specific instance of the second finite-state machine, said specific instance being identified by said service session identifier; and means for determining service policies applicable to said specific events and resulting in a state transition in the specific instance identified by the assigned service session identifier. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for authorizing a user of a service network to access a service offered by a service server of a service provider, the user already authenticated by the service network, the server arranged to deliver a service that comprises a plurality of transactions by exchanging a plurality of application messages with the user, the method comprising the steps of:
-
obtaining a first authorization decision on whether the user is allowed to access the service; generating and assigning a service session identifier intended to identify those application messages exchanged between the user and the service and that belong to a same service delivery authorized for said user; configuring at least one finite-state machine with a number of statuses intended to identify specific events in service delivery, the finite-state machine usable for controlling service progression initiating a specific instance of the at least one finite-state machine, said specific instance being identified by the assigned service session identifier; and activating service policies applicable to said specific events and resulting in a state transition in the specific instance identified by the assigned service session identifier. - View Dependent Claims (24, 25, 26, 27)
-
-
28. An Application Gateway Module suitable for use in a telecommunication system wherein a service network authenticates a user and authorizes the user for accessing a service offered by a service provider, the Application Gateway Module arranged for intercepting application messages between the user and the service and for identifying said user and said service, the Application Gateway Module comprising:
-
means for obtaining an authorization decision on whether the user is allowed to access the service; means for assigning a service session identifier intended to identify those application messages exchanged between the user and the service and that belong to a same service delivery authorized for said user; means for configuring a first finite-state machine with a number of statuses intended to identify specific events in service delivery, the first finite state machine configured to control service progression from a null state, a service authorization state, an active service state, and a disconnect service state; and means for activating service policies applicable to said specific events and resulting in a state transition in the first finite-state machine, the activating means further comprising; means for statically arming at least one of the service policies before arrival of a first message to invoke the service; and means for dynamically arming at least one of the service policies during the progression of the service.
-
Specification