Provision of services over a common delivery platform such as a mobile telephony network

US 8,291,077 B2
Filed: 01/13/2006
Issued: 10/16/2012
Est. Priority Date: 01/14/2005
Status: Active Grant

First Claim

Patent Images

1. A system for providing services to subscribers of a network, wherein the system supports the provision of a plurality of different services to multiple subscribers, and comprises:

a first processing unit in a service delivery system of a network operator of the network and which provides a first execution environment for a first set of software applications for providing respective services over the network from service units external to the service delivery system to subscribers;

a second processing unit in the service delivery system of the network operator and which provides a second execution environment for a second set of software applications for providing respective services from service units to subscribers;

a data structure for storing data associated with a plurality of subscribers, wherein data associated with each of said plurality of subscribers comprises a plurality of sets of data, each set of data for a subscriber relating to a respective different authentication process and to a respective level of authentication; and

a trust model comprising a set of relationships between the sets of data, wherein the trust model determines the access rights of subscribers to different services hosted by the different processing units in dependence on the data set which has been used to authenticate the subscriber in a given subscriber session, wherein the trust model defines progressively increasing levels of trust wherein authentication of a subscriber using one of the sets of data at a first level of trust authorizes the subscriber to access services which require the first level of trust or lower to be met during authentication;

wherein the first set of software applications are each associated with a first service binding or first set of service bindings, the second set of software applications are each associated with a different second service binding or second set of service bindings, and wherein the system further comprises a second data structure containing data identifying the first and second sets of software applications or software application components of the first and second sets of software applications, and further identifies the service binding or bindings associated with each application or application component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of a system for providing services to subscribers of a network supports the provision of a plurality of different services to multiple subscribers. A processor arrangement is provided for hosting the different services. A data structure is provided for storing data associated with subscribers of the system, wherein data associated with subscribers of the system comprises a plurality of sets of data, each set of data relating to a respective level of authentication. A trust model comprises a set of relationships between the sets of data, and the trust model determines the access rights of subscribers to different services in dependence on the data set which has been used to authenticate the subscriber in a given subscriber session. The use of this trust model enables services and other access rights to be provided to a subscribed which match the level of authentication which has been applied to the subscriber during any particular session.

85 Citations

View as Search Results

19 Claims

1. A system for providing services to subscribers of a network, wherein the system supports the provision of a plurality of different services to multiple subscribers, and comprises:
- a first processing unit in a service delivery system of a network operator of the network and which provides a first execution environment for a first set of software applications for providing respective services over the network from service units external to the service delivery system to subscribers;
  
  a second processing unit in the service delivery system of the network operator and which provides a second execution environment for a second set of software applications for providing respective services from service units to subscribers;
  
  a data structure for storing data associated with a plurality of subscribers, wherein data associated with each of said plurality of subscribers comprises a plurality of sets of data, each set of data for a subscriber relating to a respective different authentication process and to a respective level of authentication; and
  
  a trust model comprising a set of relationships between the sets of data, wherein the trust model determines the access rights of subscribers to different services hosted by the different processing units in dependence on the data set which has been used to authenticate the subscriber in a given subscriber session, wherein the trust model defines progressively increasing levels of trust wherein authentication of a subscriber using one of the sets of data at a first level of trust authorizes the subscriber to access services which require the first level of trust or lower to be met during authentication;
  
  wherein the first set of software applications are each associated with a first service binding or first set of service bindings, the second set of software applications are each associated with a different second service binding or second set of service bindings, and wherein the system further comprises a second data structure containing data identifying the first and second sets of software applications or software application components of the first and second sets of software applications, and further identifies the service binding or bindings associated with each application or application component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system as claimed in claim 1, wherein the data structure provides a common identity for association with a subscriber.
  - 3. The system as claimed in claim 2, wherein the common identity is recognized by all processing units of the system.
  - 4. The system as claimed in claim 2, wherein the data structure stores all data associated with each subscriber from each processing unit.
  - 5. The system as claimed in claim 2, wherein the system comprises a plurality of access control points, and wherein each access control point is provided with a traffic interceptor for appending the common identity of a subscriber to a service request from the subscriber.
  - 6. The system as claimed in claim 5, wherein the system further comprises a plurality of gateways between the processing units, for controlling the passage of data between respective pairs of processing units, and wherein each gateway is provided with an access control point.
  - 7. The system as claimed in claim 1, wherein the network comprises a mobile telephony network.
  - 8. The system as claimed in claim 7, wherein the mobile telephone network comprises a plurality of base stations connected to the system for communicating with multiple subscribers over a wireless connection.
  - 9. The system as claimed in claim 1, further comprising a third processing unit which provides a third execution environment for a third set of software applications, each associated with a different third service binding or third set of service bindings, and wherein the second data structure contains data identifying the third set of software applications or software application components of the third set, and further identifies the service binding or bindings associated with each application or application component of the third set.
  - 10. The system as claimed in claim 9, wherein different developers are provided with different access rights to the data in the second data structure.
  - 11. The system as claimed in claim 10, wherein the access rights are dependent on the trust levels associated with the developers.
  - 12. The system as claimed in claim 11, further comprising a read interface for enabling a developer to access the data in the second data structure, and wherein the read interface comprises a plurality of interface units, each associated with a specific software development environment.
  - 13. The system as claimed in claim 12, wherein each interface unit provides information for updating the software development environment to provide a listing of the data available based on the access rights associated with the software development environment.
  - 14. The system as claimed in claim 1, wherein the trust model further determines access rights to data in the data structure.

15. A method of controlling access to services provided by a network operator, the network operator using a system which supports the provision of a plurality of different services to multiple subscribers, the method comprising:
- receiving a service request from a subscriber for services hosted by a first processing unit or a second processing unit, wherein the first processing unit is of a service delivery system of the network operator and provides a first execution environment for a first set of software applications for providing respective services over the network from service units distinct from the service delivery system to subscribers, and the second processing unit is of the service delivery system of the network operator and provides a second execution environment for a second set of software applications for providing respective services, wherein the first set of software applications are each associated with a first service binding or first set of service bindings, and the second set of software applications are each associated with a different second service binding or second set of service bindings;
  
  interrogating a data structure which stores data associated with a plurality of subscribers, the data associated with each of said plurality of subscribers comprising a plurality of sets of data, each set of data within the plurality of sets of data for a subscriber relating to a respective different authentication process and to a respective level of authentication;
  
  interrogating a second data structure containing data identifying the first and second sets of software applications or software application components of the first and second sets of software applications, and further identifies the service binding or bindings associated with each application or application component;
  
  using a trust model comprising a set of relationships between the sets of data to determine access rights of the subscriber to the service requested; and
  
  permitting or prohibiting access to the service requested based on the trust model and on the data set which has been used to authenticate the subscriber in the subscriber session, wherein the trust model defines progressively increasing levels of trust wherein authentication of a subscriber using one of the sets of data at a first level of trust authorizes the subscriber to access services which require the first level of trust or lower to be met during authentication.
- View Dependent Claims (16, 17, 18)
- - 16. The method as claimed in claim 15, wherein receiving a service request from a subscriber comprises receiving the request at a gateway within the system, the request using first identification information for the subscriber.
  - 17. The method as claimed in claim 16, wherein the data structure provides a common identity for association with a subscriber which is recognized by all processing units of the system, and wherein the method further comprises, at the gateway, associating the common identity with the request and forwarding the request to the processing unit associated with the request.
  - 18. The method as claimed in claim 17, wherein the system comprises a plurality of access control points, and wherein the method further comprises, at any access control point at which the request from the subscriber is initially received, appending the common identity of the subscriber to the request.

19. A non-transitory computer readable medium comprising machine-readable instructions that, when executed, to direct a system to:
- receive a service request from a subscriber for services hosted by a first processing unit or a second processing unit, wherein the first processing unit provides a first execution environment for a first set of software applications for providing respective services and the second processing unit provides a second execution environment for a second set of software applications for providing respective services, and wherein the first processing unit and the second processing unit are both disposed in a same delivery system of the network operator, and wherein the first set of software applications are each associated with a first service binding or first set of service bindings, and the second set of software applications are each associated with a different second service binding or second set of service bindings;
  
  interrogate a data structure that stores data associated with a plurality of subscribers of the system, wherein data associated with each of said plurality of subscribers of the system comprises a plurality of sets of data, each set of data for a subscriber containing user information associated with a respective different authentication process, and each set of data relating to a respective level of authentication;
  
  interrogate a second data structure containing data identifying the first and second sets of software applications or software application components of the first and second sets of software applications to identify the service binding or bindings associated with each application or application component;
  
  use a trust model comprising a set of relationships between the sets of data to determine access rights of subscribers to different services hosted by different processing units in dependence on the data set which has been used to authenticate the subscriber in a given subscriber session;
  
  wherein the trust model defines progressively increasing levels of trust wherein authentication of a subscriber using one of the sets of data at a first level of trust authorizes the subscriber to access services which require the first level of trust or lower to be met during authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
I'Anson, Colin
Primary Examiner(s)
Nawaz, Asad
Assistant Examiner(s)
CHANG, KAI J

Application Number

US11/331,858
Publication Number

US 20060161991A1
Time in Patent Office

2,468 Days
Field of Search

709217-226, 370/229, 370/254, 455/411, 455/426.2, 455/524, 455/525, 455/410, 726 2- 8
US Class Current

709/225
CPC Class Codes

H04M 3/38   Graded-service arrangements...

H04M 3/42   Systems providing special s...

H04Q 3/0054   Service creation techniques

H04Q 3/0095   Specification, development ...

Provision of services over a common delivery platform such as a mobile telephony network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Provision of services over a common delivery platform such as a mobile telephony network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others