GB2499363A - Providing access and transmitting notifications - Google Patents

Providing access and transmitting notifications Download PDF

Info

Publication number
GB2499363A
GB2499363A GB1120636.4A GB201120636A GB2499363A GB 2499363 A GB2499363 A GB 2499363A GB 201120636 A GB201120636 A GB 201120636A GB 2499363 A GB2499363 A GB 2499363A
Authority
GB
United Kingdom
Prior art keywords
server component
user
client terminal
authentication status
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1120636.4A
Other versions
GB201120636D0 (en
GB2499363B (en
Inventor
Peter Louis White
Michael Jeffrey Evans
John Alexander Tucker
Andrew Guest
Steven Edward Orbell
Edward David William Hibbert
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Metaswitch Networks Ltd
Original Assignee
Metaswitch Networks Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Metaswitch Networks Ltd filed Critical Metaswitch Networks Ltd
Priority to GB1120636.4A priority Critical patent/GB2499363B/en
Publication of GB201120636D0 publication Critical patent/GB201120636D0/en
Publication of GB2499363A publication Critical patent/GB2499363A/en
Application granted granted Critical
Publication of GB2499363B publication Critical patent/GB2499363B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/224Monitoring or handling of messages providing notification on incoming messages, e.g. pushed notifications of received messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1045Proxies, e.g. for session initiation protocol [SIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/50Centralised arrangements for answering calls; Centralised arrangements for recording messages for absent or busy subscribers ; Centralised arrangements for recording messages
    • H04M3/53Centralised arrangements for recording incoming messages, i.e. mailbox systems
    • H04M3/537Arrangements for indicating the presence of a recorded message, whereby the presence information might include a preview or summary of the message

Abstract

A first set of credentials from a client terminal 101 is received at a first server component 103. A user of the client terminal is authenticated on the basis of the first set of credentials using the first server component. First server component authentication status is maintained for the user on the basis of the authentication conducted using the first server component. Access is provided to service data 105 from the first server component dependent on the first server component authentication status. A second set of credentials from the client terminal is received at a second server component 107. A correspondence between at least the second set of credentials and the first server component authentication status for the user is identified. One or more notifications 109 relating to service events for the service are transmitted from the second server component dependent on at least the first server component authentication status for the user. The first server component may be a web server component and the second server component may be a notification or polling server component. A proxy server component may also be used (713, Figure 7). The arrangement described provides one server component that handles all of the authentication and session management on behalf of the two or more server components to reduce the burden on (or streamline) the polling/notification server component. The system may be an Internet Protocol Multimedia Subsystem (IMS) providing access to telephony-related service data (billing, configuration, service upgrades etc.) and providing call/voice-mail notifications etc.

Description

*.• INTELLECTUAL
• nnnncDTV nccirc
PROPERTY OFFICE
• • • •
Application No. GB1120636.4
RTM
Date :26 March 2012
The following terms are registered trademarks and should be read as such wherever they occur in this document:
Apache
Apple
Android
Intellectual Property Office is an operating name of the Patent Office www.ipo.gov.uk
1
Providing Access and Transmitting Notifications
Technical Field
The present invention relates to providing access to service data and 5 transmitting notifications relating to service events in a communications system.
Background
There are certain situations in which a client in a communications system wishes to be notified by a server whenever a certain event in the communications 10 system happens. The communications system may for example comprise an Internet protocol multimedia subsystem (IMS) communications system which includes an Enhanced Application Server (EAS).
In some EAS implementations, a desktop client application using Hypertext Transfer Protocol (HTTP) may have a requirement to be notified by a server 15 whenever a call arrives or a message is deposited for a particular subscriber so that it can present a pop-up. The server cannot usually issue connection requests to the client upon the occurrence of the event, because such connection requests would not traverse most firewalls. Furthermore, it is generally undesirable for the client application to poll the server for changes in state regularly, because the client 20 application would either have to poll frequently - putting a considerable load on the server - or would have to accept that there would be a lag before it noticed changes in state.
One solution to this problem is to use the COMET Asynchronous JavaScript and XML (COMET AJAX) model. In the COMET AJAX model, the client 25 application issues a HTTP polling request, which returns only when a relevant event occurs, or after a predetermined timeout, which is typically tens of seconds to several minutes. Since the client application normally reissues polling requests whenever a previous polling request times out, there is generally one active polling request at the server for every active client; in EAS, one for every subscriber. Whenever a poll 30 response is received by the client application that indicates a change of state at the server, the client application activates and downloads the current state from the server.
2
However, this introduces a problem in terms of scalability where there are considerable numbers of clients, since servers usually handle small numbers of polling requests in series, and perform particularly badly when presented with large numbers of simultaneous outstanding polling requests.
5 It would therefore be desirable to improve the provision of access to service data and the transmission of notifications relating to service events.
Summary
According to a first aspect of the invention, there is provided a method of 10 providing access to service data and transmitting notifications relating to service events in a communications system, the communications system comprising:
a first server component configured to conduct communications with a client terminal to provide access to service data for a service, the service being provided to a user of the client terminal; and 15 a second server component configured to conduct communications with the client terminal to transmit notifications relating to service events for the service provided to the user of the client terminal,
wherein the method comprises:
receiving a first set of one or more credentials from the client terminal at the 20 first server component;
authenticating the user of the client terminal on the basis of at least the first set of credentials using the first server component;
maintaining first server component authentication status for the user on the basis of at least the authentication conducted using the first server component; 25 providing access to the service data from the first server component dependent on at least the first server component authentication status;
receiving a second set of one or more credentials from the client terminal at the second server component;
identifying a correspondence between at least the second set of one or more 30 credentials and the first server component authentication status for the user; and
3
transmitting one or more notifications relating to service events for the service from the second server component dependent on at least the first server component authentication status for the user.
Scalability may thereby be improved by authenticating the user of the client 5 terminal using the first server component, maintaining first server component authentication status for the user and transmitting one or more notifications relating to service events for the service from the second server component dependent on at least the first server component authentication status for the user. In some embodiments, the second server component may be lightweight and optimised for notifications by 10 delegating responsibility for authentication to the first server component.
Some embodiments comprise transmitting a message requesting identification of the first server component authentication status for the user from the second server component. Some embodiments comprise receiving a message requesting identification of the first server component authentication status for the user at the 15 first server component. Some embodiments comprise transmitting a message identifying the first server component authentication status for the user from the first server component. Some embodiments comprise receiving a message identifying the first server component authentication status for the user at the second server component. Such embodiments may improve security in the communications system 20 and facilitate identifying the correspondence between at least the second set of one or more credentials and the first server component authentication status for the user. By identifying the first server component authentication status to the second server component, the second server component is aware of the authentication status of the user with respect to the first server component. On this basis, the second server 25 component may determine whether and how to handle notification requests from and/or for the client terminal. For example, if the second server component determines that the first server component authentication status for the user is not valid, or in other words that the user is not authenticated with respect to the first server component, it may determine not to transmit the one or more notifications or 30 may transmit one or more authentication error messages or notifications.
Some embodiments comprise transmitting at least some of the second set of one or more credentials to the first server component. Some embodiments comprise
4
receiving at least some of the second set of one or more credentials at the first server component. Such embodiments may allow the first server component to identify the correspondence between at least the second set of one or more credentials and the first server component authentication status for the user. In some embodiments, the 5 second server component can be particularly lightweight if the identification is performed at the first server component.
Some embodiments comprise transmitting at least some of the first set of one or more credentials to the second server component. Some embodiments comprise receiving at least some of the first set of one or more credentials at the second server 10 component. Such embodiments may allow the second server component to identify the correspondence between at least the second set of one or more credentials and the first server component authentication status for the user.
Some embodiments comprise transmitting a message to the first server component requesting identification of the first server component authentication 15 status for the user, in response to the occurrence of one or more predetermined events. Some embodiments comprise transmitting a message to the first server component requesting identification of the first server component authentication status for the user, in response to receiving the second set of one or more credentials from the client terminal at the second server component. Some embodiments comprise transmitting a 20 message to the first server component requesting identification of the first server component authentication status for the user, in response determining the occurrence of one or more service events. Such embodiments may improve security in the communications system by requesting identification of the first server component authentication status for the user in response to changes in state in the 25 communications system that may trigger the transmission of the one or more notifications.
Some embodiments comprise detecting a change in the first server component authentication status for the user, and transmitting a message indicating the change to the second server component. Such embodiments may improve security in the 30 communications system by providing am up-to-date first server component authentication status to the second server component.
5
Some embodiments comprise intermittently transmitting authentication maintenance messages from the second server component to maintain the first server component authentication status for the user. Some embodiments comprise intermittently receiving authentication maintenance messages at the first server 5 component to maintain the first server component authentication status for the user, and using at least the authentication maintenance messages to determine the first server component authentication status for the user. Such embodiments may facilitate maintaining the first server component authentication status for the user based on user activity in the communications system. For example, the first server component may 10 be configured to invalidate the first server component authentication status if there is no user activity in relation to the first server component during a predetermined time period. The authentication maintenance messages may indicate user activity in relation to the second server component, based on which the first server component may maintain the first server component authentication status for the user. For 15 example, the first server component may maintain the validity of the first server component authentication status for the user if there is user activity in relation to the second server component even if there is no user activity in relation to the first server component.
Some embodiments comprise transmitting the one or more notifications 20 relating to service events for the service from the second server component dependent on the first server component authentication status for the user being valid for a predetermined time period prior to said transmitting the one or more notifications. Such embodiments may improve security in the communications system by requiring that the first server component authentication status for the user be valid prior to 25 transmitting the one or more notifications, so that notifications are not transmitted to the client terminal if the first authentication status for the user is not valid.
In some embodiments, the communications system comprises a third server component configured to conduct communications with the client terminal, the first server component and the second server component, and the method comprises some 30 or all of the following steps:
receiving the first set of one or more credentials from the client terminal at the third server component;
6
transmitting the first set of one or more credentials from the third to the first server component;
providing access to the service data via the third server component;
receiving a second set of one or more credentials from the client terminal at 5 the third server component; and transmitting the second set of one or more credentials from the third server component to the second server component.
Such embodiments may facilitate access to service data and transmitting notifications relating to service events in the communication system by enabling the 10 client terminal to establish a connection with the third server component and the third server component to establish respective connections with the first and second server components. This reduces the number of connections the client terminal makes to access the service data and receive the notifications.
In some embodiments, the third server component comprises a proxy server 15 component. In some embodiments, the first server component comprises a web server component. In some embodiments, the second server component comprises a notification server component. In some embodiments, the second server component comprises a polling server component.
According to a second aspect of the invention, there is provided a 20 communications system for providing access to service data and transmitting notifications relating to service events, the communications system comprising:
a first server component configured to conduct communications with a client terminal to provide access to service data for a service, the service being provided to a user of the client terminal; and 25 a second server component configured to conduct communications with the client terminal to transmit notifications relating to service events for the service provided to the user of the client terminal,
wherein the communications system is configured to:
receive a first set of one or more credentials from the client terminal at the first 30 server component;
authenticate the user of the client terminal on the basis of at least the first set of credentials using the first server component;
7
maintain first server component authentication status for the user on the basis of at least the authentication conducted using the first server component;
provide access to the service data from the first server component dependent on at least the first server component authentication status;
5 receive a second set of one or more credentials from the client terminal at the second server component;
identify a correspondence between at least the second set of one or more credentials and the first server component authentication status for the user; and transmit one or more notifications relating to service events for the service 10 from the second server component dependent on at least the first server component authentication status for the user.
In some embodiments, the communications system is configured to transmit a message to the first server component requesting identification of the first server component authentication status for the user, in response to the occurrence of one or 15 more predetermined events.
In some embodiments, the communications system is configured to transmit a message to the first server component requesting identification of the first server component authentication status for the user, in response to receiving the second set of one or more credentials from the client terminal at the second server component. 20 In some embodiments, the communications system is configured to transmit a message to the first server component requesting identification of the first server component authentication status for the user, in response determining the occurrence of one or more service events.
In some embodiments, the communications system is configured to detect a 25 change in the first server component authentication status for the user, and to transmit a message indicating the change to the second server component.
In some embodiments, the communications system is configured to transmit intermittently authentication maintenance messages from the second server component to maintain the first server component authentication status for the user. 30 In some embodiments, the communications system comprises a third server component configured to conduct communications with the client terminal, the first
8
server component and the second server component, and the communications system is configured to perform some or all of the following:
receive the first set of one or more credentials from the client terminal at the third server component;
5 transmit the first set of one or more credentials from the third to the first server component;
provide access to the service data via the third server component;
receive a second set of one or more credentials from the client terminal at the third server component; and 10 transmit the second set of one or more credentials from the third server component to the second server component.
In some embodiments, the first server component comprises a web server component. In some embodiments, the second server component comprises a notification server component. In some embodiments, the second server component 15 comprises a polling server component.
According to a third aspect of the invention, there is provided a computer program comprising computer-readable instructions which, when executed, cause a data processing apparatus to perform a method of providing access to service data and transmitting notifications relating to service events in a communications system, the 20 communications system comprising:
a first server component configured to conduct communications with a client terminal to provide access to service data for a service, the service being provided to a user of the client terminal; and a second server component configured to conduct communications with the 25 client terminal to transmit notifications relating to service events for the service provided to the user of the client terminal,
wherein the method comprises:
receiving a first set of one or more credentials from the client terminal at the first server component;
30 authenticating the user of the client terminal on the basis of at least the first set of credentials using the first server component;
9
maintaining first server component authentication status for the user on the basis of at least the authentication conducted using the first server component;
providing access to the service data from the first server component dependent on at least the first server component authentication status;
5 receiving a second set of one or more credentials from the client terminal at the second server component;
identifying a correspondence between at least the second set of one or more credentials and the first server component authentication status for the user; and transmitting one or more notifications relating to service events for the service 10 from the second server component dependent on at least the first server component authentication status for the user.
According to a fourth aspect of the invention, there is provided a first server component configured to conduct communications with a client terminal to provide access to service data for a service, the service being provided to a user of the client 15 terminal, the first server component being configured to:
receive a first set of one or more credentials from the client terminal; authenticate the user of the client terminal on the basis of at least the first set of credentials;
maintain first server component authentication status for the user on the basis 20 of at least the authentication conducted using the first server component;
provide access to the service data from the first server component dependent on at least the first server component authentication status;
receive a message requesting identification of the first server component authentication status for the user from a second server component, the second server 25 component being configured to conduct communications with the client terminal to transmit notifications relating to service events for the service provided to the user of the client terminal; and transmit a message identifying the first server component authentication status for the user to the second server component to facilitate identification of a 30 correspondence between at least the second set of one or more credentials and the first server component authentication status for the user, whereby one or more notifications relating to service events for the service are transmitted from the second
10
server component dependent on at least the first server component authentication status for the user.
In some embodiments, the first server component is configured to:
transmit a message identifying the first server component authentication status 5 for the user to the second server component.
In some embodiments, the first server component is configured to:
transmit at least some of the first set of one or more credentials to the second server component.
In some embodiments, the first server component is configured to: 10 transmit a message indicating a change in the first server component authentication status for the user to the second server component in response to detecting said change.
In some embodiments, the first server component is configured to:
receive intermittently authentication maintenance messages to maintain the 15 first server component authentication status for the user; and use at least the authentication maintenance messages to determine the first server component authentication status for the user.
In some embodiments, the first server component comprises a web server component.
20 According to a fifth aspect of the invention, there is provided a second server component configured to conduct communications with a client terminal to transmit notifications relating to service events for a service provided to the user of the client terminal, the first server component being configured to:
receive a second set of one or more credentials from the client terminal; 25 transmit a message requesting identification of a first server component authentication status for the user to a first server component that is configured to conduct communications with the client terminal to provide access to service data for a service, the first server component authentication status for the user being maintained on the basis of at least an authentication conducted using the first server 30 component;
receive a message identifying the first server component authentication status for the user from the first server component;
11
identify a correspondence between at least the second set of one or more credentials and the first server component authentication status for the user; and transmit one or more notifications relating to service events for the service from the second server component dependent on at least the first server component 5 authentication status for the user.
In some embodiments, the second server component is configured to:
transmit a message requesting identification of the first server component authentication status for the user to the first server component.
In some embodiments, the second server component is configured to: 10 transmit at least some of the second set of one or more credentials to the first server component.
In some embodiments, the second server component is configured to:
transmit a message to the first server component requesting identification of the first server component authentication status for the user, in response to the 15 occurrence of one or more predetermined events.
In some embodiments, the second server component is configured to:
transmit a message to the first server component requesting identification of the first server component authentication status for the user, in response to receiving the second set of one or more credentials from the client terminal at the second server 20 component.
In some embodiments, the second server component is configured to:
transmit a message to the first server component requesting identification of the first server component authentication status for the user, in response determining the occurrence of one or more service events.
25 In some embodiments, the second server component is configured to:
transmit intermittently authentication maintenance messages to the first server component to maintain the first server component authentication status for the user. In some embodiments, the second server component is configured to:
transmit the one or more notifications relating to service events for the service 30 dependent on the first server component authentication status for the user being valid for a predetermined time period prior to transmitting the one or more notifications.
12
In some embodiments, the second server component comprises a notification server component.
In some embodiments, the second server component comprises a polling server component.
5 According to a sixth aspect of the invention, there is provided a computer program product comprising a non-transitory computer-readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method of providing access to service data and transmitting 10 notifications relating to service events in a communications system, the communications system comprising:
a first server component configured to conduct communications with a client terminal to provide access to service data for a service, the service being provided to a user of the client terminal; and 15 a second server component configured to conduct communications with the client terminal to transmit notifications relating to service events for the service provided to the user of the client terminal,
wherein the method comprises:
receiving a first set of one or more credentials from the client terminal at the 20 first server component;
authenticating the user of the client terminal on the basis of at least the first set of credentials using the first server component;
maintaining first server component authentication status for the user on the basis of at least the authentication conducted using the first server component; 25 providing access to the service data from the first server component dependent on at least the first server component authentication status;
receiving a second set of one or more credentials from the client terminal at the second server component;
identifying a correspondence between at least the second set of one or more 30 credentials and the first server component authentication status for the user; and
13
transmitting one or more notifications relating to service events for the service from the second server component dependent on at least the first server component authentication status for the user.
Further features and advantages of the invention will become apparent from 5 the following description of preferred embodiments of the invention, given by way of example only, which is made with reference to the accompanying drawings.
Brief Description of the Drawings
Figure 1 is a schematic representation of a communications system according 10 to some embodiments.
Figure 2 is a process flow diagram showing a method according to some embodiments.
Figure 3 is a process flow diagram showing a method according to some embodiments.
15 Figure 4 is a process flow diagram showing a method according to some embodiments.
Figure 5 is a process flow diagram showing a method according to some embodiments.
Figure 6 is a process flow diagram showing a method according to some 20 embodiments.
Figure 7 is a schematic representation of a communications system according to some embodiments.
Figure 8 is a process flow diagram showing a method according to some embodiments.
25
Detailed Description
Figure 1 is a schematic representation of a communications system 100 according to some embodiments.
The communications system 100 provides access to service data and transmits 30 notifications relating to service events.
In some embodiments, the service is a telephony service and the communications system 100 is an Internet protocol multimedia subsystem (IMS)
14
communications system which provides access to telephony-related service data, such as billing information, telephony service configuration options, telephony service upgrades or the like. In some embodiments, the communications system 100 transmits notifications relating to telephony events, such as notifications relating to an 5 incoming call, a new voicemail message or the like. In such embodiments, users of the communications system 100 may be subscribers to the telephony service.
The communications system 100 includes a client terminal 101 associated with a service user. In some embodiments, the client terminal 101 is a Personal Computer (PC) that has data communication, display and input capabilities. The 10 client terminal 101 runs a client application 102. In some embodiments, the client application 102 is a desktop client application.
The communications system 100 also includes a first server component 103. The first server component 103 is configured to conduct communications with the client terminal 101 via an appropriate connection 104 to provide access to service data 15 for the service that is provided to the user of the client terminal 101. The service data may be stored in a service data store 105 to which the first server component 103 has access via an appropriate connection 106.
The communications system 100 also includes a second server component 107. The second server component 107 is configured to conduct communications 20 with the client terminal 101 via an appropriate connection 108 to transmit notifications relating to service events for the service that is provided to the user of the client terminal 101. The notifications may be stored in a notifications data store 109 to which the second server component 107 has access via an appropriate connection 110. In some embodiments, the second server component 107 subscribes to the 25 notification data store 107 for a particular user and for a set of one or more service events associated with the particular user, so as to be alerted to service events associated with the user.
The first server component 103 and the second server component 107 may each be implemented using one server, a plurality of servers in a server cluster, a 30 plurality of distributed servers, using one or more modules running on one or more such servers or in another way. The first server component 103 and the second server component 107 may be implemented using the same hardware device or devices or
15
may be implemented using different hardware devices that are located in the same or different geographic locations.
In some embodiments, the connection 104 between the client terminal 101 and the first server component 103, and the connection 108 between the client terminal 5 101 and the second server component 107 are Secure Sockets Layer (SSL) connections. In such embodiments, the client terminal 101 may communicate with the first server component 103 and the second server component 107 using Hypertext Transfer Protocol Secure (HTTPS). Accordingly, in such embodiments, the client terminal 101 establishes two separate SSL connections; one to communicate with the 10 first server component 103 and another to communicate with the second server component 107.
In some embodiments, a communications session, such as an HTTP session, is established between the client terminal 101 and the first server component 103. The session may be established in the form of a client-server relationship in which the 15 client terminal 101 is the client and the first server component 103 is the server. The first server component 103 may generate a session token or identifier for the session, such as an HTTP cookie, which it transmits to the client terminal 101. The client terminal 101 may include the session identifier in future messages to the first server component 103 so that the first server component 103 can identify the session to 20 which the messages relate.
In some embodiments, the first server component 103 and second server component 107 are communicatively coupled to each other via an interface 111. In some embodiments, the interface 111 between the first server component 103 and the second server component 107 is an HTTP interface.
25 In some embodiments, the first server component 103 is a web server based on
Apache Tomcat of The Apache Software Foundation, 1901 Munsey Drive, Forest Hill, MD, 21050-2747, U.S.A. In some such embodiments, the first server component 103 is responsible for authentication and session management, as well as providing access to service data stored in the service data store 105.
30 In some embodiments, the second server component 107 is a highly optimised notification server that delegates responsibility for authentication and session management to the first server component 103. In such embodiments, the first server
16
component 103 conducts authentication and session management on behalf of the second server component 107.
In some embodiments, all session management is delegated to the first server component 103. The first server component 103 may close inactive sessions with the 5 client terminal 101 and invalidate credentials, such as HTTP cookies, as necessary, for example in the event of a timeout based on lack of activity of the user in relation to the first server component 103 and/or the second server component 107. The first server component may keep a session alive on the basis of communications received from the second server component. For example, when a client terminal 101 sends 10 credentials to the second server component 107, the second server component 107 may send the credentials to the first server component 103 to conduct an authentication check. The first server component 103 may, on the basis of the authentication check carried out by the second server component in relation to the client's credentials, refresh the timeout in order to keep the session alive, even if no 15 connection remains established between the client 101 and the first server component 103.
In some embodiments, the second server component 107 is a polling server that receives polling requests from the client terminal 101 and responds to the polling requests with polling response messages. In some embodiments, the second server 20 component 107 handles COMET polling requests, which may be used to notify the client terminal 101 of service events in a highly responsive manner. The client terminal 101 may open a connection to the second server component 107 and issue a COMET polling request to the second server component 107 via the connection, to which the second server component 107 responds in response to the occurrence of a 25 given service event or upon expiry of a predetermined time period. By issuing COMET polling requests from the client terminal 101, the second server component 107 need not attempt to establish a connection with the client terminal 101, which may not be possible through some firewalls. COMET polling may, however, create wasteful open connections between the client terminal 101 and the second server 30 component 107.
In some embodiments, the client terminal 101 is configured to transmit a first set of one or more credentials to the first server component 103 via the connection
17
104. In some embodiments, the client terminal 101 transmits the first set of one or more credentials in response to the launching of the client application 102 at the client terminal 101, for example if the first set of one or more credentials is stored in a credential management system at the client terminal 101. In other embodiments, the 5 user of the client terminal 101 may be prompted to provide the first set of one or more credentials to the client terminal 101 via a data input mechanism such as a keyboard, a touch-screen interface or the like.
In some embodiments, the first set of one or more credentials includes login information for the user, such as a user identifier and password. Other types of 10 credential are envisaged, such as biometric information, a Personal Identification Number (PIN), a geographic location identifier, a source Internet Protocol (IP) address, an authentication token or the like.
In some embodiments, the first server component 103 is configured to authenticate the user of the client terminal 101 on the basis of at least the first set of 15 one or more credentials. In some embodiments, authentication comprises comparing at least some of the first set of one or more credentials with previously stored credential data for users of the communications system 100 and authenticating the user if the received first set of one or more credentials matches the previously stored credentials.
20 In some embodiments, the first server component 103 is configured to authenticate the user of the client terminal 101 on the basis of one or more further parameters, such as the time of day, the day or the week or the like. Thus, for example, although the user may provide a user identifier and password that match previously stored credential data, the user may further only be allowed to access the 25 service data during certain times of the day and/or certain days of the week.
In some embodiments, the first server component 103 is configured to transmit an authentication token to the client terminal 101 via the connection 104 upon authenticating the user. In some embodiments, the client terminal 101 includes the authentication token in future service requests to the first server component 103. In 30 such embodiments, first server component 103 may use the authentication token to authenticate the user, rather than requiring the user to, for example, transmit their user identifier and password with every request to the first server component 103.
18
In some embodiments, the first server component 103 is configured to maintain first server component authentication status for the user on the basis of at least the authentication it has conducted. In some embodiments, the first server component authentication status for the user is a real-time authentication status that 5 indicates either that the user is currently authenticated with respect to the first server component 103 or that the user is not currently authenticated with respect to the first server component 103. In other embodiments, the maintaining of the first server component authentication status for the user on the basis of at least the authentication conducted using the first server component 103 may be performed by another entity in 10 the communications system 100.
In some embodiments, the first server component 103 is configured to provide access to the service data, which may be stored in the service data store 105, dependent on the first server component authentication status. In some embodiments, the first server component 103 only provides access to the service data if the first 15 server component authentication status indicates that the user is currently authenticated with respect of the first server component 103. Providing access to the service data may include providing access to billing information, service configuration options, service upgrades or the like.
In some embodiments, the client terminal 101 is configured to transmit a 20 second set of one or more credentials to the second server component 107 via the connection 108. In some embodiments, the second set of one or more credentials includes login information for the user, such as a user identifier and password associated with a user of the client terminal 101. Other types of credential are envisaged, such as biometric information, a Personal Identification Number (PIN), a 25 geographic location identifier, a source Internet Protocol (IP) address, a session identifier, an authentication token or the like.
The first set of one or more credentials may be the same as, as subset of, or a superset of the second set of one or more credentials, or may be different from the second set of one or more credentials.
30 In some embodiments, the second set of one or more credentials may be included as part of, or with, a notification request message from the client terminal 101. For example, the notification request message may request that the client
19
terminal 101 be informed of the occurrence of any service events associated with the user. In other embodiments, the second set of one or more credentials may be sent from the client terminal 101 separately from the notification request message.
In some embodiments, the second server component 107 is configured to 5 identify a correspondence between the second set of one or more credentials and the first server component authentication status for the user.
In some such embodiments, the first server component 103 informs the second server component 107 of the first server component authentication status for the user in such a way that the second server component 107 can perform the identification. 10 For example, the first server component 103 may be configured to transmit at least some of the first set of one or more credentials with an indication of the first server component authentication status for the user to the second server component 107. If the second server component 107 can correlate the at least some of the first set of one or more credentials with the second set of one or more credentials, the second server 15 component 107 may be able to identify the correspondence between the second set of one or more credentials and the first server component authentication status for the user.
In other such embodiments, the second server component 107 transmits a message to the first server component 103 requesting identification of the first server 20 component authentication status for the user in such a way that the first server component 103 can perform the identification. For example, the second server component 107 may be configured to transmit at least some of the second set of one or more credentials to the first server component 103. If the first server component 103 can correlate the at least some of the second set of one or more credentials with 25 the first set of one or more credentials, the first server component 103 may be able to identify the correspondence between the second set of one or more credentials and the first server component authentication status for the user.
In some embodiments, the second server component 107 is configured to transmit one or more notifications relating to service events for the service dependent 30 on at least the first server component authentication status for the user.
In some embodiments, the second server component 107 is configured to transmit the one or more notifications to the client terminal 101 via the connection
20
108. In other embodiments, the second server component 107 is configured to transmit the one or more notifications to the client terminal 101 via one or more intermediate nodes and/or connections, for example via a push notification server 112 such as an Apple Push Notification service (APNs) server or an Android Cloud to 5 Device Messaging (C2DM) server, which then transmits the notification to the client application 102 at the client terminal 101.
In some embodiments in which the service is a telephony service, the notifications are telephony notifications relating to telephony service events, such as a notification of an incoming telephone call or new voicemail message for the user. 10 In some embodiments, the second server component 107 only transmits the one or more notifications if the first server component authentication status for the user indicates that the user is authenticated with respect to the first server component 103. In some embodiments, the second server component 107 transmits one or more notifications indicating an authentication error if the first server component 15 authentication status for the user indicates that the user is not authenticated with respect to the first server component 103.
In some embodiments, the second server component 107 transmits a message to the first server component 103 requesting identification of the first server component authentication status for the user whenever it receives a notification 20 request message from the client terminal 101 that includes a session identifier that it has not previously seen. The first server component 103 may respond to such a message by indicating the first server component authentication status for the user and also identifying the user associated with the session identifier to the second server component 107. Identifying the user to the second server component 107 in this way 25 may enable the second server component 107 to identify the user to which the notification request message relates, based on the session identifier, in the event that the initial notification request message does not enable the second server component 107 to identify the user.
In some embodiments, the second server component 107 transmits a message 30 requesting identification of the first server component authentication status for the user whenever it is about to return a response to a notification request message from the client terminal 103. Such a response may be because the notification request has
21
timed out or because of the occurrence of one or more service events. Transmitting the message to the first server component 103 before transmitting the one or more notifications to the client terminal 101 may provide improved security in the communications system 100, since the first server component authentication status for 5 the user could have been invalidated during the period between receiving the notification request message from the client terminal 101 and transmitting the one or more notifications for the user. Such invalidation of the first server component authentication status for the user may be initiated by the user, for example by logging out of the service at the first server component 103, or may be as a result of inactivity. 10 In some embodiments, the second server component 107 maintains some session information, but this may amount only to a list of valid session identifiers with corresponding user identifiers. In such cases, the second server component 107 may receive messages from the client terminal 101 comprising a session identifier, determine whether there is a user associated with the session identifier and then 15 transmit a message to the first server component 103 requesting identification of the first server component authentication status of the user having the corresponding user identifier.
In some embodiments, the second server component 107 may maintain such session information only while a notification request is outstanding and for a short 20 period, for example under a minute, after transmitting the one or more notifications for the user. Maintaining the session information for the short period after transmitting the one or more notifications may be useful in situations in which the client application 102 is configured to transmit a new notification request message immediately after receiving a notification response message from the second server 25 component 107. This may be in contrast to the first server component 103 which may be configured to maintain session information for much longer inactivity timeout periods.
Figure 2 is a process flow diagram showing a method of providing access to service data and transmitting notifications relating to service events according to some 30 embodiments. The method may be implemented in a communications system such as the communications system 100 shown in Figure 1.
22
Processing begins at step 2a, when the first server component 103 receives a first set of one or more credentials from the client terminal 101. In some embodiments, the first set of one or more credentials includes login credentials, such as a user identifier and a password, although as explained above, other credentials are 5 envisaged.
At step 2b, the first server component 103 authenticates the user of the client terminal 101 on the basis of at least the first set of one or more credentials. In some embodiments, authentication comprises comparing the received first set of one or more credentials, such as the user identifier and password, with previously stored 10 credential data, such as user identifiers and corresponding passwords, and authenticating the user of the client terminal 101 only if there is a match. The first server component 103 maintains a first server component authentication status for the user on the basis of at least the authentication.
At step 2c, the first server component 103 provides access to the service data 15 dependent on at least the first server component authentication status. In some embodiments, the first server component 103 provides access to the service data only if the first server component authentication status indicates that the user of the client terminal 101 is currently authenticated with respect to the first server component 103.
At step 2d, the second server component 107 receives a second set of one or 20 more credentials from the client terminal 101. In some embodiments, the second set of one or more credentials includes at least some of the same credentials that are in the first set of one or more credentials transmitted to the first server component 103 at step 2a.
At step 2e, a correspondence is identified between the second set of one or 25 more credentials and the first server component authentication status for the user.
At step 2f, the second server component 107 transmits one or more notifications relating to service events for the service dependent on at least the first server component authentication status for the user. In some embodiments, the second server component 107 transmits the one or more notifications relating to 30 service events for the service only if the first server component authentication status for the user indicates that the user is currently authenticated with respect to the first server component 103.
23
Figure 3 is a process flow diagram showing a method of providing access to service data and transmitting notifications relating to service events according to some embodiments. The method may be implemented in a communications system such as the communications system 100 shown in Figure 1.
Processing begins at step 3 a, when the first server component 103 receives a first set of one or more credentials from the client terminal 101.
At step 3b, the first server component 103 authenticates the user of the client terminal 101 on the basis of the first set of credentials. The first server component 103 maintains a first server component authentication status for the user on the basis of at least the authentication it conducted.
At step 3 c, the first server component 103 provides access to the service data dependent on at least the first server component authentication status.
At step 3d, the first server component 103 transmits a message to the second server component 107 identifying the first server component authentication status for the user.
In some embodiments, the first server component 103 proactively pushes the message to the second sever component 107 without needing to receive a request from the second server component 107 for the identification of the first server component authentication status for the user. In some embodiments, the first server component 103 is configured to transmit a message in this way upon initial authentication of the user. In some embodiments, the first server component 103 is configured to transmit a message in this way every time the first server component authentication status for the user changes. In other embodiments, the transmission of the message to the second server component 107 is in response to receiving a request for identification of the first server component authentication status for the user from the second server component 107.
At step 3e, the second server component 107 may acknowledge receipt of the messages from the first server component 103.
At step 3f, the second server component 107 receives a second set of one or more credentials from the client terminal 101.
At step 3g, a correspondence is identified between the second set of one or more credentials and the first server component authentication status for the user.
24
At step 3h, the second server component 107 transmits one or more notifications relating to service events for the service dependent on at least the first server component authentication status for the user.
Although Figure 3 shows steps 3d and 3e occurring before step 3f, it will be 5 appreciated that one or both of steps 3d and 3e could occur after step 3f.
Figure 4 is a process flow diagram showing a method of providing access to service data and transmitting notifications relating to service events according to some embodiments. The method may be implemented in a communications system such as the communications system 100 shown in Figure 1.
10 Processing begins at step 4a, when the first server component 103 receives a first set of one or more credentials from the client terminal 101.
At step 4b, the first server component 103 authenticates the user of the client terminal 101 on the basis of at least the first set of credentials. The first server component 103 maintains a first server component authentication status for the user 15 on the basis of at least the authentication it conducted.
At step 4c, the first server component 103 provides access to the service data dependent on at least the first server component authentication status.
At step 4d, the second server component 107 receives a second set of one or more credentials from the client terminal 101.
20 At step 4e, the second server component 107 transmits a message to the first server component 103 requesting identification of the first server component authentication status for the user.
In some embodiments, the second server component 107 transmits the message requesting identification of the first server component authentication status 25 for the user to the first server component 103, in response to the occurrence of one or more predetermined events. In some embodiments, the second sever component 107 may transmit the message in response to receiving the second set of one or more credentials from the client terminal at the second server component. In some embodiments, the second sever component 107 may transmit the message in response 30 determining the availability of the one or more notifications relating to service events for the service.
25
At step 4f, the first server component 103 transmits a message to the second server component 107 identifying the first server component authentication status for the user.
At step 4g, a correspondence is identified between the second set of one or 5 more credentials and the first server component authentication status for the user. In this embodiment, the server component 107 checks a notification state (from notification data store 109, not shown here) after having received the credentials response in step 4f.
At step 4h, if the checked notification state indicates that a notification is to be 10 transmitted, the second server component 107 transmits one or more notifications relating to service events for the service dependent on at least the first server component authentication status for the user.
Figure 5 is a process flow diagram showing a method of providing access to service data and transmitting notifications relating to service events according to some 15 embodiments. The method may be implemented in a communications system such as the communications system 100 shown in Figure 1.
Processing begins at step 5a, where the first server component 103 receives a first set of one or more credentials from the client terminal 101.
At step 5b, the first server component 103 authenticates the user of the client 20 terminal 101 on the basis of at least the first set of credentials. The first server component 103 maintains a first server component authentication status for the user on the basis of at least the authentication it conducted.
At step 5 c, the first server component 103 provides access to the service data dependent on at least the first server component authentication status. 25 At step 5d, the second server component 107 receives a second set of one or more credentials from the client terminal 101.
At step 5e, the second server component 107 transmits a message to the first server component 103 requesting identification of the first server component authentication status for the user.
30 At step 5f, the first server component 103 transmits a message to the second server component 107 identifying the first server component authentication status for the user.
26
At steps 5g and 5h, and as indicated by an ellipsis in Figure 5, the second server component 107 intermittently transmits authentication maintenance messages to the first server component 103 to maintain the first server component authentication status for the user.
5 In some embodiments, the first server component 103 may invalidate the first server component authentication status for the user if there is no user activity in relation to the first server component 103 during a predetermined time period. In such embodiments, the authentication maintenance messages indicate user activity in relation to the second server component 107. The first server component 103 may 10 then use at least the authentication maintenance messages to determine the first server component authentication status for the user. For example, the first server component 103 may maintain the first server component authentication status for the user as valid if it receives the authentication maintenance messages from the second server component 107 even if there is no user activity in relation to the first server 15 component 103. In some such embodiments, the second server component 107 may be configured to transmit the authentication maintenance messages intermittently at intervals less than the predetermined time period for user activity in relation to the first server component 103, so that the first server component authentication status can be maintained while there is user activity in relation to the second server 20 component 107.
At step 5i, one or more predetermined events occur.
At step 5j, in response to the occurrence of the one or more predetermined events, the second server component 107 transmits a message to the first server component 103 requesting identification of the first server component authentication 25 status for the user.
At step 5k, the first server component 103 transmits a message to the second server component 107 identifying the first server component authentication status for the user.
At step 51, a correspondence is identified between the second set of one or 30 more credentials and the first server component authentication status for the user.
27
At step 5m, the second server component 107 transmits one or more notifications relating to service events for the service dependent on at least the first server component authentication status for the user.
In the above, the client terminal 101 may issue a data request to the first server 5 component 103 to log in, then issue repeated requests to the second server component 107 polling for data - i.e. the client terminal 101 reissues the poll repeatedly after any of one or more predetermined events or after a timeout, without further logins or connections to the first server component 103. The receipt of the poll from the client terminal 101 may trigger the transmission of the authentication maintenance messages 10 in step 5g.
It should be noted in relation to the above that it is not necessary for the second server component 107 to repeatedly transmit authentication maintenance messages to the first server component 103 to maintain the first server component authentication status for the user the server 107. Steps 5g and 5h may be omitted. 15 Figure 6 is a process flow diagram showing a method of providing access to service data and transmitting notifications relating to service events according to some embodiments. The method may be implemented in a communications system such as the communications system 100 shown in Figure 1.
Processing begins at step 6a, where the first server component 103 receives a 20 first set of one or more credentials from the client terminal 101.
At step 6b, the first server component 103 authenticates the user of the client terminal 101 on the basis of the first set of credentials. The first server component 103 maintains a first server component authentication status for the user on the basis of at least the authentication it conducted.
25 At step 6c, the first server component 103 provides access to the service data dependent on at least the first server component authentication status.
At step 6d, the second server component 107 receives a second set of one or more credentials from the client terminal 101.
At step 6e, the second server component 107 transmits a message to the first 30 server component 103 requesting identification of the first server component authentication status for the user.
28
At step 6f, the first server component 103 transmits a message to the second server component 107 identifying the first server component authentication status for the user.
At step 6g, the user transmits a message to the first server component 103 5 indicating that it no longer requires access to the service data. For example, if the client terminal 101 transmitted one or more login credentials for the user at step 6a, the message of step 6g may correspond to a logout message.
At step 6h, the first server component 103 transmits an appropriate acknowledgement message to the client terminal 101.
10 At step 6i, the first server component 103 determines whether to change the first server authentication status.
At step 6j, in the event that the first server component 103 determines a change in the first server component authentication status for the user, the first server component 103 transmits a message indicating the change to the second server 15 component 107. Such a message may simply indicate that first server component authentication status for the user has changed and/or may indicate the changed first server component authentication status for the user.
At step 6k, the second server component 107 may transmit an acknowledgement message to the first server component 103.
20 In one embodiment, if at this point the second server component 107 knows that the authentication has been invalidated, it can send a rejection response to the client terminal 101. Alternatively, the process may proceed as described below.
At step 61, one or more predetermined event occurs.
At step 6m, in response to the occurrence of the one or more predetermined 25 events, the second server component 107 transmits a message to the first server component 103 requesting identification of the first server component authentication status for the user.
At step 6n, the first server component 103 transmits a message to the second server component 107 identifying the first server component authentication status for 30 the user. In some embodiments, the message of step 6n identifies the first server component authentication status for the user as being invalid with respect to the first server component 103.
29
At step 60, a correspondence is identified between the second set of one or more credentials and the first server component authentication status for the user.
At step 6p, the second server component 107 transmits one or more notifications relating to service events for the service dependent on at least the first 5 server component authentication status for the user. In embodiments in which the message of step 6n identifies the first server component authentication status for the user as being invalid with respect to the first server component 103, the one or more notifications of step 6p may notify the client terminal 101 that the first server component authentication status for the user is invalid with respect to the first server 10 component 103, for example so that the user can be informed accordingly. In such cases, the one or more notifications may comprise authentication error messages.
Figure 7 is a schematic representation of a communications system 700 according to some embodiments. The communications system 700 shown in Figure 7 includes some of the same or similar elements as the communications system 100 15 shown in Figure 1. Corresponding elements are shown using the same reference numerals, but incremented by 600 in Figure 7.
The communications system 700 shown in Figure 7, includes a client terminal 701 that runs a client application 702, a first server component 703 that communicates with a service data store 705 via a connection 706 and a second server component 707 20 that communicates with a notification data store 709 via a connection 710. The first server component 703 and the second sever component 707 are communicatively coupled via an interface 711.
In addition, the communications system 700 shown in Figure 7, includes a third server component 713. The third server component 713 is configured to conduct 25 communications with the client terminal 701 via a connection 714, the first server component 703 via a connection 715 and the second server component 707 via a connection 716.
In some embodiments, the third server component 713 serves as a proxy to split traffic from the client terminal 701 between the first server component 703 and 30 the second server component 707. In some embodiments, the third server component 713 proxies certain requests from the client terminal 701, such as service login and logout requests and service data requests, to the first server component 703 via the
30
connection 715 and certain other requests, such as notification requests, to the second server component 707 via the connection 716.
In some embodiments, the third server component 707 is implemented using an nginx™ web server.
5 In some embodiments, the third server component 713 identifies whether requests should be proxied to the first server component 703 or to the second server component 707 on the basis of one or more parameters in the requests. For example, the request may include a Uniform Resource Locator (URL) in the form '* /event', from which the third server component 713 may identify that the request is a 10 notification request and should, therefore, be proxied to the second server component 707. As such, requests that are proxied to the first server component 703 may be interspersed with the requests that are proxied to the second server component 707 throughout the session.
In some embodiments, the client terminal 701 establishes a Secure Sockets 15 Layer (SSL) connection 714 with the third server component 713 and communicates with the third server component 713 using Hypertext Transfer Protocol Secure (HTTPS). In some such embodiments, the third server component 713 communicates with the first server component 703 and the second server component 707 via connections 715, 716 using Hypertext Transfer Protocol (HTTP). In such 20 embodiments, the client terminal 701 establishes one SSL connection and need only handle one SSL domain; as opposed to establishing one SSL connection with the first server component 703 and another SSL connection with the second server component 707. In such embodiments, the client terminal 701 sends a mixture of traffic for the first server component 703 and the second server component 707 over the SSL 25 connection with the third server component 713.
Figure 8 is a process flow diagram showing a method of providing access to service data and transmitting notifications relating to service events according to some embodiments. The method may be implemented in a communications system such as the communications system 700 shown in Figure 7.
30 Processing begins at step 8a, where the third server component 713 receives a first set of one or more credentials from the client terminal 701.
31
At step 8b, the third server component 713 transmits the first set of one or more credentials to the first server component 703.
At step 8c, the first server component 703 is used to authenticate the user of the client terminal 701 on the basis of the first set of credentials. The first server 5 component 703 maintains a first server component authentication status for the user on the basis of at least the authentication it conducted.
At steps 8d and 8e, the first server component 703 provides access to the service data via the third server component 713 dependent on the first server component authentication status.
10 At step 8f, the client terminal 701 transmits a second set of one or more credentials to the third server component 713.
At step 8g, the third server component 713 transmits the second set of one or more credentials to the second server component 707.
At step 8h, a correspondence is identified between the second set of one or 15 more credentials and the first server component authentication status for the user. The second server component 707 may validate the credentials by sending a request to the first server component 703 to validate the credentials set up in step 8b.
At step 8i, the second server component 707 transmits one or more notifications relating to service events for the service dependent on at least the first 20 server component authentication status for the user to the third server component 713.
At step 8j, the third server component 713 transmits the one or more notifications relating to service events for the service to the client terminal 701.
The above embodiments are to be understood as illustrative examples of the invention. Further embodiments of the invention are envisaged. 25 For example, in some embodiments, the client terminal 101, 701 may be a PC.
However, the client terminal 101, 701 could be another device or combination of devices with corresponding data processing, display and data input capabilities, for example: a television, a smart television, a general purpose desktop computer terminal, a general purpose laptop computer terminal, a general purpose tablet 30 computer terminal, an in-car computing and communications system a satellite navigation system, games console, mobile telephone or any combination thereof.
32
In some embodiments, the client terminal 101 runs a desktop client application 102. However, in other embodiments, the client terminal may run one or more additional or alternative client applications, such as a web browser application.
In some embodiments, the second server component 107, 707 transmits a 5 message requesting identification of the first server component authentication status for the user to the first server component 103, 703 in response to the occurrence of a one or more predetermined events, such as receiving the second set of one or more credentials from the client terminal 101, 701. In some such embodiments, the second server component 107, 707 may be configured to transmit the message only if it does 10 not recognise the second set of one or more credentials. If the second server component 107, 707 recognises the second set of one or more credentials, for example if they are stored in a cache, the second server component 107, 707 may not need to transmit the message immediately to the first server component 103, 703. This is because the second server component 107, 707 may assume that the first server 15 component authentication status for the user is likely to be valid. This may be acceptable if no notifications are being transmitted to the client terminal 101, 701. However, the second server component 107, 707 may still transmit the message to the first server component 103, 703 before transmitting any notifications or other types of data to the client terminal 101, 701.
20 In some embodiments, the first server component authentication status for the user may change from being valid (or authenticated) with respect to the first server component 103,703 to being invalid (or unauthenticated) with respect to the first server component 103, 703, for example if the user logs out of the service provided in the communications system 100, 700. In some embodiments, the second server 25 component 107, 707 may be unaware of the change in the first server component authentication status for the user unless and until it transmits a message requesting identification of the first server component authentication status for the user to the first server component 103, 703 and receives a corresponding response, which can introduce a delay into processing. In some cases, such a delay may be acceptable. 30 For example, the second server component 107, 707 may receive a notification request message from the client terminal 101, 701 in error, in which case the first server component authentication status for the user may indicate that the user is not
33
authenticated with respect to the first server component 103, 703. In such cases, the second server component 107, 707 may either transmit no response to the notification request message or may transmit an error message to the client terminal 101, 701 upon expiry of the notification request, from which the client terminal 101, 701 may 5 be able to recover. In another example the notification request message may be a malicious notification request message for which there is an invalid (or no valid) authentication. In such other examples, delaying transmission of the one or more notifications is likely to reduce the load on the communications system 100, 700.
In some embodiments, an inactivity time period after which the first server 10 component 103, 703 may change the first server component authentication status to invalid for lack of activity is longer than a notification request message validity time period. The second server component 107, 707 may transmit authentication maintenance messages or authentication request messages at a rate less than the inactivity time period in relation to the first server component 103, 703. For example, 15 if the inactivity time period in relation to the first server component 103, 703 were five minutes, the second server component 107, 707 could be configured to transmit the authentication maintenance messages or authentication request messages every four minutes so as to indicate activity in relation to the second server component 107, 707.
20 In some embodiments, the first server component 103, 703 maintains sessions and session-related information in memory while the user is active in relation to the first server component 103, 703, for example by requesting and receiving service data from the service data store 105, 705. In some embodiments, if the only activity is that the first server component 103, 703 receives authentication maintenance messages or 25 messages requesting the first server component authentication status for the user from the second server component 107, 707, the first server component 103, 703 may remove any cached information about the session to free up memory, except for a minimal amount of session-related information for maintaining the first server component authentication status for the user. In such cases, other session-related 30 information may be reconstructed if necessary.
In some embodiments, the first server component 103, 703 transmits a message to the second server component 107, 707 identifying the first server
34
component authentication status for the user in which the message identifies the user. In some embodiments, such messages may include further information and there may be further interactions between the first server component 103, 703 and the second server component 107, 707. For example, it may be desirable for the first server 5 component 103, 703 to log error information by recording some or all user or client terminal interactions in detail for a particular subset of users.
In some embodiments, a user may activate error logging, for example by modifying service settings stored in the service data store 105, 705. In such cases, the first server component 103, 703 may inform the second server component 107, 707 10 accordingly, for example in a response to a message requesting identification of the first server component authentication status for the user or in another message. The second server component 107, 707 may then reports to the first server component 103, 703 every time it receives a notification request message from, or transmits one or more notifications to, the client terminal 101, 701, for example using an HTTP POST 15 interface. This may allow the first server component 103, 703 to log the complete content of all communications with the user for debugging purposes, even on live production systems.
It is to be understood that any feature described in relation to any one embodiment may be used alone, or in combination with other features described, and 20 may also be used in combination with one or more features of any other of the embodiments, or any combination of any other of the embodiments. Furthermore, equivalents and modifications not described above may also be employed without departing from the scope of the invention, which is defined in the accompanying claims.
25
35

Claims (1)

  1. Claims
    1. A method of providing access to service data and transmitting notifications relating to service events in a communications system, the 5 communications system comprising:
    a first server component configured to conduct communications with a client terminal to provide access to service data for a service, the service being provided to a user of the client terminal; and a second server component configured to conduct communications with the 10 client terminal to transmit notifications relating to service events for the service provided to the user of the client terminal,
    wherein the method comprises:
    receiving a first set of one or more credentials from the client terminal at the first server component;
    15 authenticating the user of the client terminal on the basis of at least the first set of credentials using the first server component;
    maintaining first server component authentication status for the user on the basis of at least the authentication conducted using the first server component;
    providing access to the service data from the first server component dependent 20 on at least the first server component authentication status;
    receiving a second set of one or more credentials from the client terminal at the second server component;
    identifying a correspondence between at least the second set of one or more credentials and the first server component authentication status for the user; and 25 transmitting one or more notifications relating to service events for the service from the second server component dependent on at least the first server component authentication status for the user.
    30
    2. A method according to claim 1, comprising:
    transmitting a message requesting identification of the first server component authentication status for the user from the second server component.
    36
    3. A method according to claim 1 or 2, comprising:
    receiving a message requesting identification of the first server component authentication status for the user at the first server component.
    5
    4. A method according to any preceding claim, comprising:
    transmitting a message identifying the first server component authentication status for the user from the first server component.
    10 5. A method according to any preceding clam, comprising:
    receiving a message identifying the first server component authentication status for the user at the second server component.
    6. A method according to any preceding claim, comprising:
    15 transmitting at least some of the second set of one or more credentials to the first server component.
    7. A method according to any preceding claim, comprising:
    receiving at least some of the second set of one or more credentials at the first 20 server component.
    8. A method according to any preceding claim, comprising:
    transmitting at least some of the first set of one or more credentials to the second server component.
    25
    9. A method according to any preceding claim, comprising:
    receiving at least some of the first set of one or more credentials at the second server component.
    30
    10.
    A method according to any preceding claim, comprising:
    37
    transmitting a message to the first server component requesting identification of the first server component authentication status for the user, in response to the occurrence of one or more predetermined events.
    5 11. A method according to any preceding claim, comprising:
    transmitting a message to the first server component requesting identification of the first server component authentication status for the user, in response to receiving the second set of one or more credentials from the client terminal at the second server component.
    10
    12. A method according to any preceding claim, comprising:
    transmitting a message to the first server component requesting identification of the first server component authentication status for the user, in response determining the occurrence of one or more service events.
    15
    13. A method according to any preceding claim, comprising:
    transmitting a message indicating a change in the first server component authentication status for the user to the second server component, in response to detecting said change.
    20
    14. A method according to any preceding claim comprising:
    intermittently transmitting authentication maintenance messages from the second server component to maintain the first server component authentication status for the user.
    25
    15. A method according to any preceding claim comprising:
    intermittently receiving authentication maintenance messages at the first server component to maintain the first server component authentication status for the user; and
    30 using at least the authentication maintenance messages to determine the first server component authentication status for the user.
    38
    16. A method according to any preceding claim, comprising:
    transmitting the one or more notifications relating to service events for the service from the second server component dependent on the first server component authentication status for the user being valid for a predetermined time period prior to 5 transmitting the one or more notifications.
    17. A method according to any preceding claim, wherein the communications system comprises a third server component configured to conduct communications with the client terminal, the first server component and the second
    10 server component, and wherein the method comprises some or all of the following steps:
    receiving the first set of one or more credentials from the client terminal at the third server component;
    transmitting the first set of one or more credentials from the third to the first
    15 server component;
    providing access to the service data via the third server component;
    receiving a second set of one or more credentials from the client terminal at the third server component; and transmitting the second set of one or more credentials from the third server
    20 component to the second server component.
    18. A method according to claim 17, wherein the third server component comprises a proxy server component.
    25 19. A method according to any preceding claim, wherein the first server component comprises a web server component.
    20. A method according to any preceding claim, wherein the second server component comprises a notification server component.
    30
    21. A method according to any preceding claim, wherein the second server component comprises a polling server component.
    39
    22. A communications system for providing access to service data and transmitting notifications relating to service events, the communications system comprising:
    5 a first server component configured to conduct communications with a client terminal to provide access to service data for a service, the service being provided to a user of the client terminal; and a second server component configured to conduct communications with the client terminal to transmit notifications relating to service events for the service 10 provided to the user of the client terminal,
    wherein the communications system is configured to:
    receive a first set of one or more credentials from the client terminal at the first server component;
    authenticate the user of the client terminal on the basis of at least the first set 15 of credentials using the first server component;
    maintain first server component authentication status for the user on the basis of at least the authentication conducted using the first server component;
    provide access to the service data from the first server component dependent on at least the first server component authentication status;
    20 receive a second set of one or more credentials from the client terminal at the second server component;
    identify a correspondence between at least the second set of one or more credentials and the first server component authentication status for the user; and transmit one or more notifications relating to service events for the service 25 from the second server component dependent on at least the first server component authentication status for the user.
    23. A communications system according to claim 22, wherein the communications system is configured to:
    30 transmit a message to the first server component requesting identification of the first server component authentication status for the user, in response to the occurrence of one or more predetermined events.
    40
    24. A communications system according to claim 22 or 23, wherein the communications system is configured to:
    transmit a message to the first server component requesting identification of 5 the first server component authentication status for the user, in response to receiving the second set of one or more credentials from the client terminal at the second server component.
    25. A communications system according to any of claims 22 to 24,
    10 wherein the communications system is configured to:
    transmit a message to the first server component requesting identification of the first server component authentication status for the user, in response determining the occurrence of one or more service events.
    15 26. A communications system according to any of claims 22 to 25,
    wherein the communications system is configured to:
    transmit a message indicating a change in the first server component authentication status for the user to the second server component in response to detecting said change.
    20
    27. A communications system according to any of claims 22 to 26, wherein the communications system is configured to:
    transmit intermittently authentication maintenance messages from the second server component to maintain the first server component authentication status for the
    25 user.
    28. A communications system according to any of claims 22 to 27, comprising a third server component configured to conduct communications with the client terminal, the first server component and the second server component, and
    30 wherein the communications system is configured to perform some or all of the following:
    41
    receive the first set of one or more credentials from the client terminal at the third server component;
    transmit the first set of one or more credentials from the third to the first server component;
    5 provide access to the service data via the third server component;
    receive a second set of one or more credentials from the client terminal at the third server component; and transmit the second set of one or more credentials from the third server component to the second server component.
    10
    29. A method according to any of claims 22 to 28, wherein the first server component comprises a web server component.
    30. A method according to any of claims 22 to 29, wherein the second 15 server component comprises a notification server component.
    31. A method according to any of claims 22 to 30, wherein the second server component comprises a polling server component.
    20 32. A computer program comprising computer-readable instructions which, when executed, cause a data processing apparatus to perform a method of providing access to service data and transmitting notifications relating to service events in a communications system, the communications system comprising:
    a first server component configured to conduct communications with a client 25 terminal to provide access to service data for a service, the service being provided to a user of the client terminal; and a second server component configured to conduct communications with the client terminal to transmit notifications relating to service events for the service provided to the user of the client terminal,
    30 wherein the method comprises:
    receiving a first set of one or more credentials from the client terminal at the first server component;
    42
    authenticating the user of the client terminal on the basis of at least the first set of credentials using the first server component;
    maintaining first server component authentication status for the user on the basis of at least the authentication conducted using the first server component;
    5 providing access to the service data from the first server component dependent on at least the first server component authentication status;
    receiving a second set of one or more credentials from the client terminal at the second server component;
    identifying a correspondence between at least the second set of one or more 10 credentials and the first server component authentication status for the user; and transmitting one or more notifications relating to service events for the service from the second server component dependent on at least the first server component authentication status for the user.
    15 33. A first server component configured to conduct communications with a client terminal to provide access to service data for a service, the service being provided to a user of the client terminal, the first server component being configured to:
    receive a first set of one or more credentials from the client terminal; 20 authenticate the user of the client terminal on the basis of at least the first set of credentials;
    maintain first server component authentication status for the user on the basis of at least the authentication conducted using the first server component;
    provide access to the service data from the first server component dependent 25 on at least the first server component authentication status;
    receive a message requesting identification of the first server component authentication status for the user from a second server component, the second server component being configured to conduct communications with the client terminal to transmit notifications relating to service events for the service provided to the user of 30 the client terminal; and transmit a message identifying the first server component authentication status for the user to the second server component to facilitate identification of a
    43
    correspondence between at least the second set of one or more credentials and the first server component authentication status for the user, whereby one or more notifications relating to service events for the service are transmitted from the second server component dependent on at least the first server component authentication 5 status for the user.
    34. A first server component according to claim 33, wherein the first server component is configured to:
    transmit a message identifying the first server component authentication status 10 for the user to the second server component.
    35. A first server component according to any claim 33 or 34, wherein the first server component is configured to:
    transmit at least some of the first set of one or more credentials to the second 15 server component.
    36. A first server component according to any of claims 33 to 35, wherein the first server component is configured to:
    transmit a message indicating a change in the first server component 20 authentication status for the user to the second server component in response to detecting said change.
    37. A first server component according to any of claims 33 to 36, wherein the first server component is configured to:
    25 receive intermittently authentication maintenance messages to maintain the first server component authentication status for the user; and use at least the authentication maintenance messages to determine the first server component authentication status for the user.
    30 38. A first server component according to any of claims 33 to 37, wherein the first server component comprises a web server component.
    44
    39. A second server component configured to conduct communications with a client terminal to transmit notifications relating to service events for a service provided to the user of the client terminal, the first server component being configured to:
    5 receive a second set of one or more credentials from the client terminal;
    transmit a message requesting identification of a first server component authentication status for the user to a first server component that is configured to conduct communications with the client terminal to provide access to service data for a service, the first server component authentication status for the user being
    10 maintained on the basis of at least an authentication conducted using the first server component;
    receive a message identifying the first server component authentication status for the user from the first server component;
    identify a correspondence between at least the second set of one or more
    15 credentials and the first server component authentication status for the user; and transmit one or more notifications relating to service events for the service from the second server component dependent on at least the first server component authentication status for the user.
    20 40. A second server component according to claim 39, wherein the second server component is configured to:
    transmit a message requesting identification of the first server component authentication status for the user to the first server component.
    25 41. A second server component according to claim 39 or 40, wherein the second server component is configured to:
    transmit at least some of the second set of one or more credentials to the first server component.
    30 42. A second server component according to any of claims 39 to 41,
    wherein the second server component is configured to:
    45
    transmit a message to the first server component requesting identification of the first server component authentication status for the user, in response to the occurrence of one or more predetermined events.
    5 43. A second server component according to any of claims 39 to 42,
    wherein the second server component is configured to:
    transmit a message to the first server component requesting identification of the first server component authentication status for the user, in response to receiving the second set of one or more credentials from the client terminal at the second server 10 component.
    44. A second server component according to any of claims 39 to 43, wherein the second server component is configured to:
    transmit a message to the first server component requesting identification of 15 the first server component authentication status for the user, in response determining the occurrence of one or more service events.
    45. A second server component according to any of claims 39 to 44, wherein the second server component is configured to:
    20 transmit intermittently authentication maintenance messages to the first server component to maintain the first server component authentication status for the user.
    46. A second server component according to any of claims 39 to 45, wherein the second server component is configured to:
    25 transmit the one or more notifications relating to service events for the service dependent on the first server component authentication status for the user being valid for a predetermined time period prior to transmitting the one or more notifications.
    47. A second server component according to any of claims 39 to 46, 30 wherein the second server component comprises a notification server component.
    46
    48. A second server component according to any of claims 39 to 47, wherein the second server component comprises a polling server component.
GB1120636.4A 2011-11-30 2011-11-30 Providing access and transmitting notifications Active GB2499363B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1120636.4A GB2499363B (en) 2011-11-30 2011-11-30 Providing access and transmitting notifications

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1120636.4A GB2499363B (en) 2011-11-30 2011-11-30 Providing access and transmitting notifications

Publications (3)

Publication Number Publication Date
GB201120636D0 GB201120636D0 (en) 2012-01-11
GB2499363A true GB2499363A (en) 2013-08-21
GB2499363B GB2499363B (en) 2018-06-27

Family

ID=45508970

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1120636.4A Active GB2499363B (en) 2011-11-30 2011-11-30 Providing access and transmitting notifications

Country Status (1)

Country Link
GB (1) GB2499363B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980399A (en) * 2014-04-08 2015-10-14 腾讯科技(深圳)有限公司 File transfer method, client and proxy server

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004133824A (en) * 2002-10-15 2004-04-30 Nippon Telegr & Teleph Corp <Ntt> Service provision system based on remote access authentication
US20050138362A1 (en) * 2003-12-23 2005-06-23 Wachovia Corporation Authentication system for networked computer applications
US20070050630A1 (en) * 2005-08-24 2007-03-01 Samsung Electronics Co., Ltd. Authentication method and system for asynchronous eventing over the internet
US20080162637A1 (en) * 2006-11-03 2008-07-03 At&T Bls Intellectual Property, Inc. Application services infrastructure for next generation networks including a notification capability and related methods and computer program products

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004133824A (en) * 2002-10-15 2004-04-30 Nippon Telegr & Teleph Corp <Ntt> Service provision system based on remote access authentication
US20050138362A1 (en) * 2003-12-23 2005-06-23 Wachovia Corporation Authentication system for networked computer applications
US20070050630A1 (en) * 2005-08-24 2007-03-01 Samsung Electronics Co., Ltd. Authentication method and system for asynchronous eventing over the internet
US20080162637A1 (en) * 2006-11-03 2008-07-03 At&T Bls Intellectual Property, Inc. Application services infrastructure for next generation networks including a notification capability and related methods and computer program products

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980399A (en) * 2014-04-08 2015-10-14 腾讯科技(深圳)有限公司 File transfer method, client and proxy server
CN104980399B (en) * 2014-04-08 2020-04-21 腾讯科技(深圳)有限公司 File transmission method, client and proxy server

Also Published As

Publication number Publication date
GB201120636D0 (en) 2012-01-11
GB2499363B (en) 2018-06-27

Similar Documents

Publication Publication Date Title
EP3251324B1 (en) Secure access to cloud-based services
EP3675451B1 (en) Method, computer readable storage medium and apparatus for seamless single sign-on (sso) for native mobile-application initiated open-id connect (oidc) and security assertion markup language (saml) flows
US11218473B2 (en) Systems and methods for identifying suspicious logins
US8966594B2 (en) Proxy authentication
US8769291B2 (en) Certificate generation for a network appliance
US8832787B1 (en) Implementing single sign-on across a heterogeneous collection of client/server and web-based applications
US8275892B2 (en) Low-level remote sharing of local devices in a remote access session across a computer network
US8132239B2 (en) System and method for validating requests in an identity metasystem
US8448233B2 (en) Dealing with web attacks using cryptographically signed HTTP cookies
US7954152B2 (en) Session management by analysis of requests and responses
US20060277596A1 (en) Method and system for multi-instance session support in a load-balanced environment
US20170374017A1 (en) Verification of server name in a proxy device for connection requests made using domain names
EP3028437B1 (en) Messaging api over http protocol to establish context for data exchange
EP3863261B1 (en) System and method for cloud-based data validation
US20200412708A1 (en) Link protocol agents for inter-application communications
JP2015526776A (en) Communication session transfer between devices
US8191122B2 (en) Provisioning a network appliance
CN109040072B (en) Method, system, server and storage medium for client to authorize login of webpage
CN114902612A (en) Edge network based account protection service
US11374945B1 (en) Content delivery network (CDN) edge server-based bot detection with session cookie support handling
US11019036B2 (en) Method for privacy protection
WO2014152076A1 (en) Retry and snapshot enabled cross-platform synchronized communication queue
US10791119B1 (en) Methods for temporal password injection and devices thereof
US8453229B2 (en) Push type communications system
CN112968963A (en) WebSocket-based method for user forced real-time offline