Not applicable
Not applicable
1. Field of the Invention
The invention is related to the field of communication networks, and in particular, to an access communication system that provides access to multiple service provider systems. More particularly, this invention relates to a system that authorizes access to use the access communication system.
2. Description of the Prior Art
Communication networks have seen dramatic development over the past several years so that today, there are multiple diverse communication networks providing services. The current technical challenge is to develop interfaces between the networks to provide seamless service across multiple networks. Unfortunately, today""s interfaces lack the ability to offer the user with easy access to services from multiple systems. These interfaces do not customize operations for the user.
FIG. 1 illustrates the conventional public telephone network. User telephones and computers are connected to local switches. The local switches are coupled to a local database. The user places calls through the local switch. The local switch processes the called number to provide an end-point connection or access to other networks. The local switch may connect the call to another telephone in the local calling area. In a Local Number Portability (LNP) situation, the local switch exchanges information with the local database to obtain the appropriate routing number for a ported call. The local switch may also connect the call to an Internet Service Provider. If a Digital Subscriber Line (DSL) is used, DSL equipment may be used to bypass the local switch. The local switch may also connect the call to a long distance switch. To provide access to the long distance switch, the local switch first exchanges information with the local database. The local database identifies the long distance network for either the user or the dialed number.
The long distance switch processes the called number to route the call to another system or network. Prior to routing, the long distance switch validates the call by checking the caller""s number. The long distance switch may also exchange information with the long distance database to provide special call-handling. One example is a calling card call, where the long distance database validates an account number for billing the call. Another example is a toll-free call, where the long distance database processes external information customized by the called party to route the call. Toll-free routing information includes items such as time and date, caller location, and call center status. Many long distance calls are simply routed through the long distance network to another local network for call completion. Other calls are routed from the long distance network to a call center. Call centers offer a concentration of call-handling capabilities for operations, such as order entry, customer service, and promotions. Call centers include automatic call distribution equipment to route calls to the appropriate destination within the call center.
Both local and long distance networks exchange calls with mobile switches. The mobile switches are connected to base stations that communicate over the air with wireless telephones. When a mobile user places a call, the mobile switches exchanges information with a mobile database to validate the mobile caller. The call is then routed to another mobile caller, the telephone network, or to an ISP. When a mobile caller moves around, their wireless phone logs-in with the physically proximate mobile network, and that mobile network updates the mobile user""s location in the mobile databases. When a call is placed to that mobile user, their home mobile switch obtains a routing number from the mobile databases to route the call to the mobile network currently in communication with the mobile user.
FIG. 2 illustrates a conventional data network that transfers packets of user data to a destination based on address information carried in the packets. Users are connected to Local Area Networks (LANs) that are connected to Wide Area Networks (WANs). A common LAN is an Ethernet system. A common WAN is an intranet. WANs are inter-connected by data networks, such as IP, TI, frame relay, or Asynchronous Transfer Mode (ATM). WANs are connected to the Internet through ISPs. WANs are connected to the public telephone network through telephony gateways. A common telephony gateway is a Private Branch Exchange (PBX).
FIG. 3 illustrates a conventional ISP. The public telephone network is coupled to a telephony interface that converts between telephony analog and digital protocols and the Internet Protocol (IP). Some telephony interfaces also handle DSL traffic that may already use IP. The telephony interface transfers IP traffic through an access server and firewall to a router. Some ISPs combine the firewall and the access server into one system. Also, the position of the firewall may vary, and traffic shapers may be present. The router exchanges IP traffic with the Internet.
In operation, the user calls the ISP over the telephone network and logs-in at the access server. The access server collects and forwards the user name and password to the ISP database. The ISP database validates the user name and password and returns an IP address to the access server. The IP address is for the user""s terminal connection. Using the IP address, the user may communicate through the firewall to the router for transmissions to an IP address. The user now has Internet access through the router and exchanges packets with various Internet servers.
IP addresses are referred to as network addresses and include a network ID and a host ID. Network IDs are unique across the Internet and host IDs are unique within a given network. IP addresses are lengthy numerical codes, so to simplify things for the user, service addresses are available that are easier to remember. The service addresses are often the name of the business followed by xe2x80x9c.comxe2x80x9d. Domain Name Service (DNS) is hosted by servers on the Internet and translate between service addresses and network addresses. The browser in the user computer accesses the DNS to obtain the desired network address.
FIG. 4 illusrates conventional network access. A current proposal for communication network access is provided by the Telecommunication Information Network Architecture Consortium (TINA-C). TINA-C proposes the use of agents in the user domain and the service provider domain. The service provider domain could be a telephone network, data network, or ISP. The agents negotiate access service rights. Once the service is negotiated, the user receives the service from the service provider network during a service session. Unfortunately, the access session occurs between the user domain and a particular service provider domain. At present, the service provider domain provides limited access capability beyond simply handing off communications to another network based on a called number or network address. As a result, the ability to customize services for a particular user across multiple service providers is inadequate.
The inventions solve the above problems by providing access between a user system and a plurality of communication networks. The plurality of communication networks provide services to a user in the user system. An access communication system includes a database system and an access server that is connected to the user system and the plurality of communication networks.
In one aspect of the inventions for user access profile inheritance, the database system receives an update request from the access server to update a user access profile through inheritance. The database system then processes the update request to inherit user profile information from a user profile data structure. The database system updates the user access profile with the user profile information.
In another aspect of the inventions for network shells, the access server receives an alias selection from a user for a network shell that includes alias selections associated with actions. The access server then processes the alias selection to execute an action associated with the alias selection.
In another aspect of the inventions for service based directory, the access server transmits a list of services to a user system. The access server then receives a selection from the list of services. The access server processes the selection to generate an instruction to provide the service related to the selection.
In another aspect of the inventions for user access profile mobility, the database system receives user information. The database system then processes the user information to determine if a user access profile is local within a local database system. The database system generates and transmits a request to retrieve a user access profile from a second database system external to the local database system in response to the determination that the user access profile is not local.
In another aspect of the inventions for service, user, and device sessions, the access communication system establishes a connection between a network device and the access server. The access communication system then generates a device session including a device session ID based on the network device. The access communication system generates and transmits a logon query for the network device. The access communication system receives and processes a logon reply from the network device to generate a user session including a user session ID based on the user. The access communication system receives and processes a request for the service to generate a service session including a service session ID based on the service. The service may generate and transmit a logon query for the user. The access communication system links the device session, user session, and the service session using the device session ID, the user session ID, and the service session ID.
In another aspect of the inventions for service capability firewall, the access server receives information including a named function request for a service provider. The access server processes the information to check if the named function request is valid for the service provider and the service. If valid, the access server determines if a private destination address exists for the named function request. The access server replaces the named function request with the private destination address in response to the determination that the private destination address exists for the named function request. The access server then transmits the information with the private destination address to the service provider.
In another aspect of the inventions for prepaid access and bank card access, the database system receives information identifying a billing code for a user. The database system then processes the billing code to determine if the user is allowed to use the access system. The database system provides access to the access system in response to the determination that the user is allowed to use the access system.
In another aspect of the inventions for global authentication and access card, the database system receives a user logon. The database system then processes the user logon to determine if the user is allowed access to the access communication system based on a local database system. The database system then provides access to the access communication system to the user in response to the determination that the user is allowed access based on the local database system. The database system then generates an authorization query for a second database system external to the local database system in response to the determination that the user is not allowed access based on the local database system. The database system receives and processes an authorization response indicating whether the user is allowed to use the access system from the second database system. The database system then provides access to the access communication system to the user in response to the authorization response that allows the user to use the access communication system.
In another aspect of the inventions for user based proxy and subscriber based proxy, the database system includes a user proxy. The user proxy receives a request for the service from the user system. The user proxy then transmits the request for the service to a service provider. The user proxy exchanges user information between the user system and the service provider.
In another aspect of the inventions for dynamic proxy, the database system includes a proxy. The proxy receives a service/protocol request for a new service or protocol. The proxy processes the service/protocol request to generate a handler request to obtain a handler for the new service or protocol. The proxy then receives and executes the handler for the new service or protocol.
In another aspect of the inventions for access execution environment, the database system receives and processes a logon reply into an access execution environment for a user. The database system retrieves programs for the user into the access execution environment. The database system executes the programs for the user in the access execution environment.
In another aspect of the inventions for domain name scoping and inband domain name service lookup, the access server receives information including an alias from the user system. The access server determines if the alias exists in a cache including aliases and alias translations for the user. The access server changes the information based on the cached alias translation.
In another aspect of the inventions for inline access service triggering, the access server receives information. The access server then processes the information to determine if the information is allowed to pass. The access server changes access logic based on the information in response to the determination that the information is not allowed to pass. The access server changes the filters of the access server based on the information in response to the determination that the information is not allowed to pass.
In another aspect of the inventions for access service triggering, the access server receives information. The access server processes the information to determine if the information is allowed to pass. The access server then generates a request from a database system in response to the determination that the information is not allowed to pass. The access server receives a reply including access logic from the database system. The access server changes filters of the access server based on the access logic.
In another aspect of the inventions for personal URL, the database system receives information including a user alias. The database system processes the information to determine if a user alias translation including a current network address for the user alias exists. The database system then modifies the information with the current network address using the user alias translation.
In another aspect of the inventions for predictive caching, the access server receives a request for data. The access server then determines if the data exists in a user cache wherein the user cache contains cached data based on the user""s predictive patterns. The access server retrieves the data from the user cache in response to the determination that the data exists in the user cache. The access server transmits the request for data for the service provider in response to the determination that the data does not exist in the user cache.
In another aspect of the inventions for user controlled caching, the access server receives a request for data. The access server determines if the data exists in a user cache wherein the user cache contains cached data based on a user""s script of commands. The access server retrieves the data from the user cache in response to the determination that the data exists in the user cache. The access server then transmits the request for data for the service provider in response to the determination that the data does not exist in the user cache.
In another aspect of the inventions for service usage audit, the access server receives an audit message into a database system. The access server processes the audit message to store the audit message in the database system.
In another aspect of the inventions for switching access by a user, switching access by a service provider, and dynamic access control, the database system receives a request. The database system processes the request to determine if the switching of the access is allowed. The database system then generates an instruction to switch access in response to the determination that the switching is allowed.
In another aspect of the inventions for network failover, network busy forwarding, time-out, busy flag, forwarding, and network endpoint availability management, the access server receives information for a destination network device. The access server determines if the destination network device is available. The access server performs an action in response to the determination that the destination network device is unavailable.
In another aspect of the inventions for scheduled alias translation, the access server receives information including an alias. The access server processes the information to determine whether an alias translation exists based on an alias translation schedule. The access server then modifies the information based on the alias translation in response to the determination the alias translation exists.
In another aspect of the inventions for service capability monitor, the database system receives information from an access server during a service session. The database system determines a current state of the service session based on the information. The database system determines a state transition based on the current state and a map of state transitions of the service. The database system determines whether the state transition is valid for the service session.