Method and system for allowing multiple service providers to serve users via a common access network
First Claim
Patent Images
1. A method comprising:
- receiving from a subscriber station on an access network an authentication request, the authentication request identifying the subscriber station and identifying a designated service provider from among a plurality of service providers;
sending the authentication request to the designated service provider;
receiving from the designated service provider an authentication response indicating successful authentication of the subscriber station by the designated service provider, wherein the authentication response includes a service qualification that indicates at least one of (i) one or more types of services authorized for the subscriber station and (ii) one or more extents of service authorized for the subscriber station, wherein the service qualification specifies one or more types of communication and, for each specified type of communication, specifies whether the subscriber station is allowed to engage in the specified type of communication;
responsive to the authentication response, assigning the subscriber station to operate in a designated layer of the access network set aside for subscribers that have been authenticated by the designated service provider and to operate according to the service qualification, wherein the access network is an IP network and the designated layer is an IP subnet, and wherein assigning the subscriber station to operate in the designated layer comprises assigning to the subscriber station an IP address in the IP subnet; and
serving the subscriber station in the designated layer of the access network and pursuant to the service qualification indicated in the authentication response,wherein serving the subscriber station in the designated layer comprises handling communications with the subscriber station according to a logic set established for the designated layer,wherein handling communications with the subscriber station according to the logic set established for the designated layer comprises (i) detecting a packet bearing the IP address assigned to the subscriber station, and (ii) responsively applying the logic set to restrict transmission of the packet,wherein handling communications with the subscriber station according to the logic set established for the designated layer comprises disallowing at least a predetermined type of communication from passing from the subscriber station to outside of the access network, andwherein serving the subscriber station pursuant to the service qualification indicated in the authentication response comprises, for each type of communication specified in the service qualification, allowing or disallowing the type of communication by the subscriber station as specified by the service qualification.
6 Assignments
0 Petitions
Accused Products
Abstract
A method for allowing multiple service providers to provide services via a common access network. The access network is arranged with multiple logical network layers, each specific to a respective service provider. Upon successful authentication of a subscriber by a given service provider, the access network assigns that subscriber to the logical layer specific to the authenticating service provider. The access network then handles communication traffic in that logic layer in a manner specific to the service provider.
88 Citations
16 Claims
-
1. A method comprising:
-
receiving from a subscriber station on an access network an authentication request, the authentication request identifying the subscriber station and identifying a designated service provider from among a plurality of service providers; sending the authentication request to the designated service provider; receiving from the designated service provider an authentication response indicating successful authentication of the subscriber station by the designated service provider, wherein the authentication response includes a service qualification that indicates at least one of (i) one or more types of services authorized for the subscriber station and (ii) one or more extents of service authorized for the subscriber station, wherein the service qualification specifies one or more types of communication and, for each specified type of communication, specifies whether the subscriber station is allowed to engage in the specified type of communication; responsive to the authentication response, assigning the subscriber station to operate in a designated layer of the access network set aside for subscribers that have been authenticated by the designated service provider and to operate according to the service qualification, wherein the access network is an IP network and the designated layer is an IP subnet, and wherein assigning the subscriber station to operate in the designated layer comprises assigning to the subscriber station an IP address in the IP subnet; and serving the subscriber station in the designated layer of the access network and pursuant to the service qualification indicated in the authentication response, wherein serving the subscriber station in the designated layer comprises handling communications with the subscriber station according to a logic set established for the designated layer, wherein handling communications with the subscriber station according to the logic set established for the designated layer comprises (i) detecting a packet bearing the IP address assigned to the subscriber station, and (ii) responsively applying the logic set to restrict transmission of the packet, wherein handling communications with the subscriber station according to the logic set established for the designated layer comprises disallowing at least a predetermined type of communication from passing from the subscriber station to outside of the access network, and wherein serving the subscriber station pursuant to the service qualification indicated in the authentication response comprises, for each type of communication specified in the service qualification, allowing or disallowing the type of communication by the subscriber station as specified by the service qualification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method carried out by an access network, the method comprising:
-
prompting a first client station to select a service provider from among a plurality of service providers, and receiving a signal from the first client station, indicating a first selected service provider; sending a first authentication request message for the first client station to the first selected service provider, the first authentication request message indicating authentication information for the first client station; receiving a first authentication response message from the first selected service provider, the first authentication response message indicating that first client station is authenticated by the first selected service provider, wherein the first authentication response includes a first service qualification that indicates at least one of (i) one or more types of services authorized for the first client station and (ii) one or more extents of service authorized for the first client station, wherein the first service qualification specifies one or more types of communication and, for each specified type of communication, specifies whether the first client station is allowed to engage in the specified type of communication; and in response to the first authentication response message, restricting the first client station to communications in a first logical layer of the access network associated with the first selected service provider and according to the first service qualification, wherein restricting the first client station to communications in the first logical layer of the access network associated with the first selected service provider comprises handling communications with the first client station according to a logic set established for the first logical layer, wherein handling communications with the first client station according to the logic set established for the first logical layer comprises disallowing at least a predetermined type of communication from passing from the first client station to outside of the access network, and wherein restricting the first client station to communications according to the first service qualification comprises, for each type of communication specified in the first service qualification, allowing or disallowing the type of communication by the first client station as specified by the first service qualification. - View Dependent Claims (12, 13)
-
-
14. A communication system comprising:
-
means for prompting a first client station to select a service provider from among a plurality of service providers, and for receiving a signal from the first client station, indicating a first selected service provider; means for sending a first authentication request message for the first client station to the first selected service provider, the first authentication request message indicating authentication information for the first client station; means for receiving a first authentication response message from the first selected service provider, the first authentication response message indicating that first client station is authenticated by the first selected service provider, wherein the first authentication response includes a first service qualification that indicates at least one of (i) one or more types of services authorized for the first client station and (ii) one or more extents of service authorized for the first client station, wherein the first service qualification specifies one or more types of communication and, for each specified type of communication, specifies whether the first client station is allowed to engage in the specified type of communication; and means for responding to the first authentication response message by restricting the first client station to communications in a first logical layer of the access network associated with the first selected service provider and according to the first service qualification, wherein restricting the first client station to communications in the first logical layer of the access network associated with the first selected service provider comprises handling communications with the first client station according to a logic set established for the first logical layer, and wherein handling communications with the first client station according to the logic set established for the first logical layer comprises disallowing at least a predetermined type of communication from passing from the first client station to outside of the access network, and wherein restricting the first client station to communications according to the first service qualification comprises, for each type of communication specified in the first service qualification, allowing or disallowing the type of communication by the first client station as specified by the first service qualification. - View Dependent Claims (15, 16)
-
Specification