Claims
- 1. A system, comprising:
at least one port component through which an end user needs to be authenticated and authorized in order to access a network resource via a network provider's network, the port component being able to enforce an access policy and to apply rules of a service provider of the end user during the end user's use of the network provider's network; at least one first director component communicatively coupled to the port component to provide the access policy to be used in connection with the network provider's grant of access to its network; at least one second director component communicatively coupled to the first director component to provide the access policy to the first director component in connection with the service provider's request for access to the network provider's network on behalf of its end user and in connection with authentication and authorization of the end user; and a home provider register (HPR) component communicatively coupled to the first director component to be used by the first director component in connection with determination of a service provider of the end user.
- 2. The system of claim 1, further comprising a business support system (BSS) component communicatively coupled to the director component, from which the Director component obtains data associated with the access policy.
- 3. The system of claim 1 wherein different director components are associated with the network provider and with the service provider, the director components of these providers being able to communicate with each other to provide the access policy to the port component to allow the user to access the network resource via the network provider's network.
- 4. The system of claim 1 wherein the network provider and the service provider have no existing network share agreement between them.
- 5. The system of claim 4 wherein, if the end user is authenticated and authorized to access the network resource via the network provider's network, the network share agreement is established between the network provider and service provider for the duration of the end user's access of the network provider's network.
- 6. The system of claim 1 wherein the network provider and the service provider have an existing network share agreement between them.
- 7. The system of claim 1, further comprising a provider revocation list communicatively coupled to the director components, and usable to verify whether there is a denial of service for either the service provider and the network provider.
- 8. The system of claim 1 wherein alternatively or additionally to the HPR, the director component is able to determine the service provider of the end user based on at least one of token information, multiple tokens corresponding to multiple providers, identification information on a device being used by the end user, email address of the end user, an open search interface technique, a RADIUS technique, and user-input data provided by the end user.
- 9. The system of claim 8 wherein the director component is able to determine the service provider of the end user without requiring additional hardware and software on the device used by the end user.
- 10. The system of claim 1 wherein if the service provider is unavailable or if an agreement between the service provider and network providers cannot be made, the network provider through the director component can associate the end user with a preferred service provider.
- 11. The system of claim 1 wherein the port component is further able to track accounting data for each end user and to shape service metrics according to a service plan of the service provider.
- 12. The system of claim 1 wherein the port component is further able to use a heartbeat process to monitor activity of the end user, if authenticated, for purposes of billing and to verify that no end user sessions are left open.
- 13. The system of claim 1 wherein at least one of the director components is able to securely perform at least one of:
determine a network-share agreement between the network provider and the service provider, if any; import brand information of the service provider to the port component to deliver to the user; communicate authentication credentials of the end user to the service provider; communicate, to the port component, whether to allow or deny access to the end user and impose the restrictions from the service provider, if any; and communicate accounting information to the network provider and to the service provider as part of a network share arrangement.
- 14. The system of claim 1, further comprising at least one of the following network sharing components:
a PartnerAccept component that identifies pre-negotiated cross-license terms between the network provider and the service provider; a billing component wherein end-user usage metrics collected by the port component are transmitted to the network provider and the service provider for accounting purposes; a Clearinghouse component to coordinate and ensure payment to the network provider from the service provider as a result of allowing access to the end user; an AutoAccept component to determine a minimum compensation that a network provider will accept to allow access to its network by end users of the service provider; an AutoPay component to determine a maximum compensation that a service provider will pay to allow its users to access a network provider's network; a first AutoRefuse component to specify service providers whose end users are banned from accessing a network provider's network; and a second AutoRefuse component to specify network providers whose networks are banned from use by a service provider's end users.
- 15. The system of claim 14, further comprising an All Access Pass component in which the end user is allowed access to any network provider's network by agreeing to network provider's payment metrics, provided no AutoRefuse component exists for either the network provider or the service provider.
- 16. The system of claim 1 wherein the service provider, through the port component, is able to enforce its rules on its end user while accessing the network provider's network that is not owned by the service provider.
- 17. The system of claim 1 wherein a plurality of port components are associated with a corresponding plurality of different pricing metrics.
- 18. The system of claim 1 wherein the system allows the end user to roam amongst different network providers' networks.
- 19. The system of claim 1 wherein at least one of port components, network resources, service provider rules, management operations, and geographic locations are organized based on group containers.
- 20. The system of claim 19 wherein at least one of the group containers is used in connection with authorization.
- 21. The system of claim 1 wherein the director component is communicatively coupled to a legacy system.
- 22. The system of claim 1 wherein at least some of the director components and the port component are distributed.
- 23. The system of claim 1 wherein at least some of the director components, port component, and HLR component are scalable to accommodate additional end users, network providers, or service providers.
- 24. A system, comprising:
a means for allowing an end user, associated with a service provider, to use a network provider's network that is not managed by the service provider; a means for determining the service provider of the end user of the network provider's network; and a means for automatically and dynamically facilitating network sharing agreements between the network provider and the service provider, including a means for applying the service provider's rules to the end user while the end user uses the network provider's network.
- 25. The system of claim 24, further comprising means for authorizing and authenticating the end user to the network provider's network.
- 26. The system of claim 24, further comprising a means for using a preferred provider if the service provider of the end user is unavailable or if a network share agreement between the network provider and the service provider cannot be implemented.
- 27. The system of claim 24 wherein the means for allowing the end user to use the network provider's network includes:
at least one first component means for accessing the network provider's network; at least one second component means for managing the end user's use of the network provider's network; and at least another second component means for restricting usage to only end user's whose service provider is willing to agree to network sharing terms
- 28. The system of claim 27 wherein the at least one first component means includes means for applying different pricing policies to different first component means.
- 29. The system of claim 24, further comprising a heartbeat means for monitoring activity of the user for purposes of billing and to verify that no user sessions are left open.
- 30. The system of claim 24, further comprising a plurality of different payment means for implementing billing associated with servicing the user.
- 31. The system of claim 30 wherein one of the payment means includes an All Access Pass means for allowing the end user to access any network provider's network subject to payment policies of these network providers and provided that another billing component of either the network provider and the service provider do not preclude access.
- 32. The system of claim 24, further comprising container means for defining access and network use privileges.
- 33. The system of claim 24, further comprising means for allowing access to and use of legacy systems.
- 34. The system of claim 24, further comprising a means for importing a brand or content of the service provider to the network provider's network during use by the end user.
- 35. The system of claim 24, further comprising device means for accessing the network provider's network, and network means within the network provider's network for supporting the device means' access and use of the network provider's network.
- 36. The system of claim 24, further comprising a means for using multiple tokens in different classes to represent different service provider states.
- 37. The system of claim 24, further comprising means for distributing and scaling to accommodate additional network providers, service providers, or users.
- 38. A method, comprising:
authenticating and authorizing a user to access a network resource via a network provider's network; providing an access policy to be used in connection with the authenticating and authorizing; determining a service provider of the user, the service provider not being substantially involved in managing use of the network provider's network; and enforcing the access policy and applying rules of the service provider during the user's use of the network provider's network.
- 39. The method of claim 38 wherein providing the access policy includes providing the access policy based on data from a business support system.
- 40. The method of claim 38, further comprising communicating between different director components to obtain service provider rules and access policies.
- 41. The method of claim 38, further comprising implementing either a new or existing network share agreement between the network provider and the service provider.
- 42. The method of claim 41 wherein implementing the new network share agreement including implementing terms of the new network share agreement only for the duration of the end user's use of the network provider's network.
- 43. The method of claim 38 wherein if the service provider is unavailable or if an agreement between the service provider and network provider cannot be made, the method includes associating the end user with a preferred service provider.
- 44. The method of claim 38, further comprising using a heartbeat process to monitor activity of the end user for purposes of billing and to verify that no end user sessions are left open.
- 45. The method of claim 38, further comprising implementing at least one of the following service payment components:
a PartnerAccept component that identifies pre-negotiated cross-license terms between network providers and service providers; a billing component that distributes accounting information to the service provider and the network provider as a result of allowing access to the end user a clearinghouse component to coordinate and attempt to ensure payment to the network provider from the service provider as a result of allowing access to the end user; an AutoAccept component to determine a minimum compensation that a network provider will accept to allow access to its network by a service provider's end users; an AutoPay component to determine a maximum compensation that a service provider will pay to allow its end users to access a network provider's network; a first AutoRefuse component to specify service providers whose end users are banned from accessing a network provider's network; and a second AutoRefuse component to specify network providers whose networks are banned for use by a service provider's end users.
- 46. The method of claim 45, further comprising implementing an all access pass to allow the end user to access any network provider's network subject to billing policies of these network providers, provided that at least one of the AutoRefuse components does not negate a network share between the network provider and the service provider.
- 47. The method of claim 38, further comprising managing access and use of network resources based on group container definitions.
- 48. The method of claim 38, further comprising disabling capability to access a network resource based on provider revocation settings.
- 49. The method of claim 38, further comprising importing brand and content information of the service provider to the network provider's network during use of that network by the end user.
- 50. The method of claim 38, further comprising implementing network authorization, access, and use in conjunction with legacy systems.
- 51. The method of claim 38, further comprising implementing different pricing policies for different port components that can be used by the end user to access the network provider's network.
- 52. The method of claim 38 wherein determining the service provider of the end user includes determining the service provider without requiring additional hardware and software on a device used by the end user.
- 53. An article of manufacture, comprising:
a machine-readable medium having instructions stored thereon to: authenticate and authorize an end user to access a network resource via a network provider's network; provide an access policy to be used in connection with the authenticating and authorizing; determine a service provider of the end user, the service provider not being substantially involved in managing use of the network provider's network; and initiate enforcement of the access policy and application of rules of the service provider during the end user's use of the network provider's network.
- 54. The article of manufacture of claim 53 wherein the machine-readable medium further includes instructions stored thereon to initiate implementation of either a new or existing network share agreement between the network provider and the service provider.
- 55. The article of manufacture of claim 53 wherein the machine-readable medium includes at least one of instructions stored thereon to:
determine a network-share agreement between the network provider and the service provider, if any; import brand and content information of the service provider to be delivered to the end user; communicate authentication credentials of the end user to the service provider; communicate whether to allow or deny access to the end user and impose the restrictions from the service provider, if any; and communicate accounting information to the network provider and to the service provider as part of a network share arrangement.
- 56. The article of manufacture of claim 53 wherein the machine-readable medium further includes instructions stored thereon to monitor use of the network provider's network by the end user.
- 57. The article of manufacture of claim 53 wherein the machine-readable medium further includes instructions stored thereon to disable capability to access a network resource based on provider revocation settings.
CROSS-REFERENCE TO RELATED APPLICATION
[0001] This application claims the benefit under 35 U.S.C. §119(e) of U.S. Provisional Patent Serial Application No. 60/443,295, entitled “SYSTEM AND METHOD FOR UBIQUITOUS NETWORK ACCESS,” filed Jan. 28, 2003, where this provisional application is incorporated herein by reference in its entirety.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60443295 |
Jan 2003 |
US |