Communication system employing a control layer architecture

Abstract

A communication system employable with an enterprise that provides applications for a user through a communication device, and method of operating the same. In one embodiment, the communication system includes a policy/user database that stores policies across an enterprise related to the user and the communication device for access to the applications within the enterprise. The communication system also includes a security server that authenticates access of the communication device to the applications based on the policies. The communication system also includes a control server that approves and controls access of the communication device to the applications based on authentication from the security server. The communication system still further includes an audit/traceability server that provides a record of transactions for the access by the communication device to the applications and provides an alert in real time when approval is denied.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present invention, and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:

FIG. 1 illustrates a diagram of an enterprise communication network that provides an environment for a communication system constructed according to the principles of the present invention;

FIG. 2 illustrates a diagram of an embodiment of a communication system employable in a communication network constructed according to the principles of the present invention; and

FIGS. 3 and 4 illustrate diagrams of a carrier communication network employable with a communication system constructed according to the principles of the present invention; and

FIG. 5 illustrates a call flow diagram of an embodiment of a method of operating a communication system according to the principles of the present invention.

Claims

1. A communication system employable with an enterprise that provides applications for a user through a communication device, comprising: a policy/user database configured to store policies across an enterprise related to said user and said communication device for access to said applications within said enterprise;a security server configured to authenticate access of said communication device to said applications based on said policies;a control server configured to approve and control access of said communication device to said applications based on authentication from said security server; andan audit/traceability server configured to provide a record of transactions for said access by said communication device to said applications and provide an alert in real time when approval is denied.

2. The communication system as recited in claim 1 wherein said security server is configured to authenticate access of said user of said communication device to said applications based on said policies and said control server is configured to approve and control access of said user of said communication device to said applications based on authentication from said security server.

3. The communication system as recited in claim 1 wherein said enterprise provides services to said user of said communication device, said policy/user database being configured to store policies across an enterprise related to said user and said communication device for access to said services within said enterprise, said security server being configured to authenticate access of said communication device to said services based on said policies, said control server being configured to approve and control access of said communication device to said services based on authentication from said security server, and said an audit/traceability server being configured to provide a record of transactions for said access by said communication device to said services and provide an alert in real time when approval is denied.

4. The communication system as recited in claim 1 wherein said control server is configured to disable said communication device when approval is denied.

5. The communication system as recited in claim 1 policy/user database is configured to store biometric information about said user and said security server is configured to authenticate access of said user to said applications based on said biometric information.

6. The communication system as recited in claim 1 wherein said applications are selected from the group consisting of: enterprise resource planning applications,customer relations management applications, andsupply chain management applications.

7. The communication system as recited in claim 1 wherein said communication device is selected from the group consisting of: a voice over internet protocol phone,a laptop personal computer,a desktop personal computer,a personal digital assistant,a cell phone, andan instant messaging client residing on a communication device.

8. The communication system as recited in claim 1 wherein said control server is configured to employ a session initiation protocol to facilitate a communication session for said communication device in accordance with said applications.

9. The communication system as recited in claim 1 wherein said control server is configured to facilitate a multimedia communication session for said communication device in accordance with said applications.

10. The communication system as recited in claim 1 wherein said control server is coupled to applications servers associated with said enterprise.

11. A method of operating a communication system employable with an enterprise that provides applications for a user through a communication device, comprising: storing policies across an enterprise related to said user and said communication device for access to said applications within said enterprise;authenticating access of said communication device to said applications based on said policies;approving access of said communication device to said applications based on authenticating access of said communication device to said applications;controlling said access of said communication device to said applications based on approving access of said communication device to said applications;providing a record of transactions for said access by said communication device to said applications; andproviding an alert in real time when approval is denied.

12. The method as recited in claim 11, further comprising: authenticating access of said user of said communication device to said applications based on said policies;approving access of said user of said communication device to said applications based on authenticating access of said user of said communication device to said applications; andcontrolling said access of said user of said communication device to said applications based on approving access of said user of said communication device to said applications.

13. The method as recited in claim 11 wherein said enterprise provides services to said user of said communication device, said method, further comprising: storing policies across an enterprise related to said user and said communication device for access to said services within said enterprise;authenticating access of said communication device to said services based on said policies;approving access of said communication device to said services based on authenticating access of said communication device to said services;controlling said access of said communication device to said services based on approving access of said communication device to said services;providing a record of transactions for said access by said communication device to said services; andproviding an alert in real time when approval is denied.

14. The method as recited in claim 11 further comprising disabling said communication device when approval is denied.

15. The method as recited in claim 11 further comprising storing biometric information about said user and authenticating access of said user to said applications based on said biometric information.

16. The method as recited in claim 11 wherein said applications are selected from the group consisting of: enterprise resource planning applications,customer relations management applications, andsupply chain management applications.

17. The method as recited in claim 11 wherein said communication device is selected from the group consisting of: a voice over internet protocol phone,a laptop personal computer,a desktop personal computer,a personal digital assistant,a cell phone, andan instant messaging client residing on a communication device.

18. The method as recited in claim 11 further comprising employing a session initiation protocol to facilitate a communication session for said communication device in accordance with said applications.

19. The method as recited in claim 11 further comprising facilitating a multimedia communication session for said communication device in accordance with said applications.

20. The method as recited in claim 11 wherein said applications reside on applications servers associated with said enterprise.