Provision of services over a common delivery platform such as a mobile telephony network
First Claim
1. A system for providing services to subscribers of a network, wherein the system supports the provision of a plurality of different services to multiple subscribers, and comprises:
- a first processing unit in a service delivery system of a network operator of the network and which provides a first execution environment for a first set of software applications for providing respective services over the network from service units external to the service delivery system to subscribers;
a second processing unit in the service delivery system of the network operator and which provides a second execution environment for a second set of software applications for providing respective services from service units to subscribers;
a data structure for storing data associated with a plurality of subscribers, wherein data associated with each of said plurality of subscribers comprises a plurality of sets of data, each set of data for a subscriber relating to a respective different authentication process and to a respective level of authentication; and
a trust model comprising a set of relationships between the sets of data, wherein the trust model determines the access rights of subscribers to different services hosted by the different processing units in dependence on the data set which has been used to authenticate the subscriber in a given subscriber session, wherein the trust model defines progressively increasing levels of trust wherein authentication of a subscriber using one of the sets of data at a first level of trust authorizes the subscriber to access services which require the first level of trust or lower to be met during authentication;
wherein the first set of software applications are each associated with a first service binding or first set of service bindings, the second set of software applications are each associated with a different second service binding or second set of service bindings, and wherein the system further comprises a second data structure containing data identifying the first and second sets of software applications or software application components of the first and second sets of software applications, and further identifies the service binding or bindings associated with each application or application component.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of a system for providing services to subscribers of a network supports the provision of a plurality of different services to multiple subscribers. A processor arrangement is provided for hosting the different services. A data structure is provided for storing data associated with subscribers of the system, wherein data associated with subscribers of the system comprises a plurality of sets of data, each set of data relating to a respective level of authentication. A trust model comprises a set of relationships between the sets of data, and the trust model determines the access rights of subscribers to different services in dependence on the data set which has been used to authenticate the subscriber in a given subscriber session. The use of this trust model enables services and other access rights to be provided to a subscribed which match the level of authentication which has been applied to the subscriber during any particular session.
85 Citations
19 Claims
-
1. A system for providing services to subscribers of a network, wherein the system supports the provision of a plurality of different services to multiple subscribers, and comprises:
-
a first processing unit in a service delivery system of a network operator of the network and which provides a first execution environment for a first set of software applications for providing respective services over the network from service units external to the service delivery system to subscribers; a second processing unit in the service delivery system of the network operator and which provides a second execution environment for a second set of software applications for providing respective services from service units to subscribers; a data structure for storing data associated with a plurality of subscribers, wherein data associated with each of said plurality of subscribers comprises a plurality of sets of data, each set of data for a subscriber relating to a respective different authentication process and to a respective level of authentication; and a trust model comprising a set of relationships between the sets of data, wherein the trust model determines the access rights of subscribers to different services hosted by the different processing units in dependence on the data set which has been used to authenticate the subscriber in a given subscriber session, wherein the trust model defines progressively increasing levels of trust wherein authentication of a subscriber using one of the sets of data at a first level of trust authorizes the subscriber to access services which require the first level of trust or lower to be met during authentication; wherein the first set of software applications are each associated with a first service binding or first set of service bindings, the second set of software applications are each associated with a different second service binding or second set of service bindings, and wherein the system further comprises a second data structure containing data identifying the first and second sets of software applications or software application components of the first and second sets of software applications, and further identifies the service binding or bindings associated with each application or application component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of controlling access to services provided by a network operator, the network operator using a system which supports the provision of a plurality of different services to multiple subscribers, the method comprising:
-
receiving a service request from a subscriber for services hosted by a first processing unit or a second processing unit, wherein the first processing unit is of a service delivery system of the network operator and provides a first execution environment for a first set of software applications for providing respective services over the network from service units distinct from the service delivery system to subscribers, and the second processing unit is of the service delivery system of the network operator and provides a second execution environment for a second set of software applications for providing respective services, wherein the first set of software applications are each associated with a first service binding or first set of service bindings, and the second set of software applications are each associated with a different second service binding or second set of service bindings; interrogating a data structure which stores data associated with a plurality of subscribers, the data associated with each of said plurality of subscribers comprising a plurality of sets of data, each set of data within the plurality of sets of data for a subscriber relating to a respective different authentication process and to a respective level of authentication; interrogating a second data structure containing data identifying the first and second sets of software applications or software application components of the first and second sets of software applications, and further identifies the service binding or bindings associated with each application or application component; using a trust model comprising a set of relationships between the sets of data to determine access rights of the subscriber to the service requested; and permitting or prohibiting access to the service requested based on the trust model and on the data set which has been used to authenticate the subscriber in the subscriber session, wherein the trust model defines progressively increasing levels of trust wherein authentication of a subscriber using one of the sets of data at a first level of trust authorizes the subscriber to access services which require the first level of trust or lower to be met during authentication. - View Dependent Claims (16, 17, 18)
-
-
19. A non-transitory computer readable medium comprising machine-readable instructions that, when executed, to direct a system to:
-
receive a service request from a subscriber for services hosted by a first processing unit or a second processing unit, wherein the first processing unit provides a first execution environment for a first set of software applications for providing respective services and the second processing unit provides a second execution environment for a second set of software applications for providing respective services, and wherein the first processing unit and the second processing unit are both disposed in a same delivery system of the network operator, and wherein the first set of software applications are each associated with a first service binding or first set of service bindings, and the second set of software applications are each associated with a different second service binding or second set of service bindings; interrogate a data structure that stores data associated with a plurality of subscribers of the system, wherein data associated with each of said plurality of subscribers of the system comprises a plurality of sets of data, each set of data for a subscriber containing user information associated with a respective different authentication process, and each set of data relating to a respective level of authentication; interrogate a second data structure containing data identifying the first and second sets of software applications or software application components of the first and second sets of software applications to identify the service binding or bindings associated with each application or application component; use a trust model comprising a set of relationships between the sets of data to determine access rights of subscribers to different services hosted by different processing units in dependence on the data set which has been used to authenticate the subscriber in a given subscriber session; wherein the trust model defines progressively increasing levels of trust wherein authentication of a subscriber using one of the sets of data at a first level of trust authorizes the subscriber to access services which require the first level of trust or lower to be met during authentication.
-
Specification