GROUP ACCESS MANAGEMENT SYSTEM
A system for limiting group access is provided. A representative system includes a group access management system operable to store a plurality of resource lists, the resource lists comprising at least one contact and at least one group comprising at least one member and further comprising a group class of service marker associated with the at least one group. The system further comprises a network service router coupled to the group access management system and being operable to route a service request, if the service request includes an adequate class of service marker with respect to the group class of service marker. Methods and other systems for limiting group access are also provided.
Latest AT&T Patents:
- FORWARD COMPATIBLE NEW RADIO SIDELINK SLOT FORMAT SIGNALLING
- HOMOGLYPH ATTACK DETECTION
- METHODS, SYSTEMS, AND DEVICES FOR MASKING CONTENT TO OBFUSCATE AN IDENTITY OF A USER OF A MOBILE DEVICE
- CUSTOMIZABLE AND LOW-LATENCY ARCHITECTURE FOR CELLULAR CORE NETWORKS
- LOCATION AWARE ASSIGNMENT OF RESOURCES FOR PUSH TO TRANSFER (PTT) COMMUNICATION SYSTEMS IN A FIFTH GENERATION (5G) NETWORK OR OTHER NEXT GENERATION WIRELESS COMMUNICATION SYSTEM
This application is a continuation of U.S. patent application entitled, “GROUP ACCESS MANAGEMENT SYSTEM,” which is entirely incorporated herein by reference, having Ser. No. 10/217,916, filed Aug. 13, 2002, which claims priority to copending U.S. provisional application entitled, “INTEGRATION OF INSTANT MESSAGING AND COMPUTER OPERATING SYSTEMS,” having Ser. No. 60/382,106, filed May 21, 2002, which are entirely incorporated herein by reference.
FIELD OF THE INVENTIONThe present invention is generally related to telecommunications and more particularly to services provided to clients via instant messaging applications.
DESCRIPTION OF THE RELATED ARTThe development of the internet has driven vast technological developments, particularly in the areas of networking hardware and software. Networking hardware developments have enabled networks to transfer large files in fractions of a second. Software developments, such as the world-wide-web (web) and e-mail, have facilitated communications over these networks that have allowed users to remain in almost constant contact with work. These types of communications have become of utmost importance in the business setting, where response time has become a key survival factor for many companies. Other networking software has allowed users to access and run applications from remote locations, thus enabling a businessperson to remain more productive, even on a business trip.
Moreover, the internet has changed the way people communicate. E-mail has become the dominant means of communications in many settings, being preferred over traditional mail, and even telephones in some cases. Almost instantaneous communication with little charge has driven much of the popularity of e-mail. Once used only in university and military settings, e-mail has gained widespread public acceptance.
In a world economy based largely upon communication, the relative speed of e-mail in comparison to traditional mail is often not fast enough or as effective. Demand for faster access to more information has resulted in the development of a number of instant messaging (IM) services. IM brings presence information into the communications arena, and it allows users to have real-time chat sessions with other users who are present on the system. The real-time nature of IM has led to quick acceptance by many in the business community of IM as an invaluable tool for communication. However, current IM systems often have administration and management problems.
Therefore, there is a need for systems and method that address these and/or other perceived shortcomings of the prior art.
SUMMARY OF THE INVENTIONOne embodiment, among others, of the present invention provides systems and methods for a limiting group access. A representative system includes a group access management system operable to store a plurality of resource lists, the resource lists comprising at least one contact and at least one group comprising at least one member and further comprising a group class of service marker associated with the at least one group. The system further comprises a service router coupled to the group access management system and being operable to route a service request, if the service request includes an adequate class of service marker with respect to the group class of service marker.
A method, among others, for managing group access includes: creating a group comprising at least one member; storing the group in a group access management system; and assigning a class of service level to the group.
A method, among others, for adding a group to a user resource list includes: sending a request to add a group to a user resource list; providing a class of service marker; and adding the group to the user resource list if the class of service marker allows the group to be added.
Other systems, methods, features, and advantages of the present invention will be or become apparent to one with skill in the art upon examination of the following drawings and detailed description. It is intended that all such additional systems, methods, features, and advantages included within this description and within the scope of the present invention.
The invention can be better understood with reference to the following drawings. The components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present invention. Moreover, in the drawings, like reference numerals designate corresponding parts throughout the several views.
The preferred embodiments of the present invention now will be described more fully with reference to the accompanying drawings. The invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are intended to convey the scope of the invention to those skilled in the art. Furthermore, all “examples” given herein are intended to be non-limiting.
Referring now to
Referring now to
The ISP 120a contains a local IM server 150a, and is connected to the universal server 130sa. The local IM server 150a provides the standard IM function for the ISP 140a. The universal server 130a provides the universal function that allows the first user 160a, who is registered with the first ISP 120a, to communicate with a second user 160b registered with the second ISP 140. The first ISP 120a provides connections to a plurality of clients 170a, 170b on computers 100a, 100b, which allows users 160a, 160b to access the proprietary IM and universal functions of the ISP 120a. The first ISP 120a is “bimodal,” in that it uses both a proprietary and universal format to provide a proprietary IM function that only allows the users who are registered with the ISP 120a to send and receive instant messages. For example, if only one user has registered with the universal server 130a, then the local IM server 150a will transfer instant messages between the first and second users 160a, 160b using the proprietary protocol. However, if both the first and second users 160a, 160b are registered with the universal server 130a, then the first ISP 120a can transfer instant messages between them using the universal protocol. By supporting both formats at the first ISP 120a, users can migrate to the universal format over time. When all users 160a, 160b have migrated the proprietary format can be discontinued.
The universal server 130a removes the restrictions associated with proprietary IM functions associated with the ISP 120a. The universal server 130a uses a universal format, such as XML, or any other suitable format, that allows users 160a, 160b registered with an ISP 140a, such as BellSouth DotNet, to send and receive instant messages from other users 160c, 160d registered with another ISP 140b, such as America Online (AOL).
The user 160a accesses the local IM server 150a of the ISP 120a through the IM client 170a located on the user's computer 100a. The IM client 170a typically includes a proprietary software program that is capable of opening communications sockets that allow the IM client 170a to communicate with the local IM server 150a using either the proprietary or universal protocols. The software program is capable of formatting an instant message sent from the IM client 170a to the appropriate format used by the IM function of the ISP 120a. In this manner, the user 170a is capable of communicating with any other user 160b registered with the ISP 120a. However, the local IM server 150a on a first ISP 120a is also connected to a first universal server 130a. The first universal server 130a is in turn, connected to a second universal server 130b on the second ISP 140b via a distributed network, such as the internet 110. This allows the user 160a to communicate not only with the user 160b who is registered with the first ISP 120a, but also with users 160c who are registered with the second ISP 140 that uses a different proprietary IM protocol to send and receive instant messages within the network of the second ISP 140.
In order for the first user 160a to be able to send and receive messages with a third user 160c on the second ISP 140, the IM client 170a must be able to identify the IP address and presence information associated with the third user 160c. The presence information for the third user 160c is stored on the universal server 130a connected to the first ISP 120a. The universal server 130a on the first ISP 120a stores the IP address and presence information for the third user 160c. Therefore, the first user 160a, who is registered with the universal server 130a on the first ISP 120a has access to the IP address and presence information of the third user 160c.
One skilled in the art will recognize the difference between the first local ISP 120a and the second ISP 140. The second local ISP 140 is an alternative embodiment that includes within the ISP 140 both the universal server 130c and a local IM server 150b. Here, the local IM server 150b does not communicate with the universal server 130c. Thus, the first user 160a will not be able to communicate with a fourth user 160d if the fourth user 160d is not registered with the universal server 130b, but instead is only registered with a local IM server 150b. As a result, the fourth user 160d is able to send and receive instant messages using only the proprietary format over local IM server 150b. Therefore, the user 160d is limited to communicating via instant messages with users of the second ISP 140b, such as the third user 160c.
An advantageous feature of the universal architecture is that it is designed to be easily integrated within existing ISPs 120a, 140, such as AOL and Microsoft Network (MSN) without disrupting the current IM function of these ISPs 120a, 140. Each ISP 120a, 140 that adopts the universal architecture requires only a slight modification to the existing network. The ISP 120a, 140 either adds a universal server 130a between the local IM server 150a and the internet 110, or adds an additional server to function as the universal server 130b and can install a universal application program on the local IM server 150a, 150b and each IM client 170a-d attached to the network. The universal application program that is installed at each ISP 120a, 140 converts the ISP 120a, 140 to function as “bimodal.” That is, the ISP 120a, 140 is capable of using the proprietary IM protocol of the local IM server 150a, 150b and the universal protocol of the universal architecture. The bimodal nature of the universal architecture allows the universal server 130a, 130b to be implemented into existing ISPs 120a, 140 such as AOL and MSN without disrupting the current proprietary IM functions of those services. This allows the current users 160a-d to continue using the proprietary IM function of their particular ISP 120a, 140 until every user 160a-d can be converted to the universal protocol.
Referring now to
Preferably, there are three basic layers to the instant messaging service. The first layer is the communications manager (CCM) 220. The communications manager 220 manages the connections between the client communications manager 215 and the universal server 130. In one embodiment, among others, of the universal server 130, communications between the client service layer 215 and the universal server 130 communications manager 220 occur in extensible markup language (XML). Further, the communications may be secure socket layer (SSL) encrypted for security. Moreover, the communications can be compressed by a compression/decompression algorithm implemented on a compression-decompression module, more commonly referred to as a CODEC, to provide faster data transfer.
The communications manager 220 includes a number of connection sockets between the communications manager 220 and a plurality of users. The communications manager 220 can further include a load balancer (not shown) to balance the connections over a number of different communications managers. The load balancer can maintain a connection to the same connection socket during the period while the user is logged on and connected to an operable communications manager 220, and can automatically connect the user to an alternate connection socket when a communications manager might fail. Thus, a continuous connection can be maintained during an active session despite hardware failures. The load balancer can also protect the server against denial of service attacks, which have become increasingly prevalent on the internet.
A standard communications manager 220 will typically attempt to recover and reallocate a connection socket after a period of time with no activity from the client 170. In this situation the communications manager 220 assumes that the client is no longer present on the system. However, because presence is an important piece of the instant messaging architecture, the communications layer 215 on the client-side sends a signal to the universal server 130 to keep the connection socket active on the communications manager 220.
The second layer is the service router 225, with one example known as a JabberD in the Jabber architecture, such as that available from Jabber, Inc. of Denver, Colo., which performs a similar function to the message router 210 on the client side of the network. A number of different service managers 230 can be coupled to the service router 225, each of which can provide a different service to the client 170 over the internet. Thus when a service is requested, the service router 225 routes the request to the requested service manager 230. In the instant messaging architecture the service manager 230 is a Jabber service manager (JSM) which allows text communication between parties. The JSM 230 also keeps track of presence and roster information 235, 240, respectively, for a particular user on the network who has logged into the instant messaging system. Presence 235 typically refers to the user's status on the network, while roster 240 typically refers to the status on the network of those on the user's resource list.
Similarly to the communications manager 220, the service router 225 can utilize a self-similar architecture using the CODEC (not shown) and load balancer (not shown) to optimize the connection between the communications manager 220 and the service router 225. Use of the CODEC enables high speed data transmission between the communications manager 220 and the service router 225. The load balancer provides a robustness that allows the client to maintain contact with a selected service manager 230 during a session.
In one embodiment, among others, of the universal server 130, the database containing the non-persistent data, such as presence and roster information 235, 240, can be severed from the service manager 230. The presence information 235 typically includes a list of all users who are registered with the universal server 130, while the roster list includes a non-persistent list of those resource which are present on the network. Thus, the non-persistent data can be maintained and updated at a single database, and the plurality of service routers 225 can connect to the same presence information 235. After severing this database from the service manager 230 the service manager 230 can be equipped, as described above, with a CODEC (not shown) and load balancer (not shown), again utilizing a self-similar architecture to provide quality of service and communication efficiencies.
The service router 225 is further coupled, in one embodiment, among others, to an XML database (XDB) library 245. The XDB library 245 is used as a translator such that the service router 225 can communicate with a database system 250 that includes persistent data relating to a plurality of clients. The database system 250 which contains most of the persistent data for the services on the network, such as resource lists, preferences, etc. In one embodiment, among others, of the universal server 130 the database system 250 can be an Oracle 9i database. The XDB library 245 can be further coupled to an authentication server, such as a username and password database 255. Thus a username and password can be required before the user is authenticated and allowed to access the database system 250 for any profile information.
After registering with the database system 250, the user is provided with a resource list. The client 170 can then contact the service manager 230 to find out which of the resources on the resource list is present and/or available on the network. Typically, presence refers to the registration state of a client 170. If a client 170 is logged-in to the network, the client 170 is present on the network. Typically, availability refers to the status of a user at the client computer. A user can be made unavailable by the network if there has been no activity on the client computer 170 for a period of time. Otherwise, a client 170 can be made unavailable by user choice, if the user does not wish to be disturbed. One skilled in the art will recognize that these are merely definitions of various states that can be defined according to any specific implementation of the presence and roster databases 235, 240. Furthermore, these databases 235, 240 that contain non-persistent information could keep track of any other states that might be defined by the specific implementation of the service manager 230.
Typically with respect to other instant messaging systems, the resource list only comprises a list of other users for which the client 170 wishes to know the status. However, the resource list of some embodiments of the present invention could include access to a plurality of applications, and there could be multiple service managers that include managers for the plurality of applications coupled to the service router 225. These service managers could provide access to a multitude of different applications and resources, such as Microsoft Word and/or Visio, provided by Microsoft Corp. of Redmond, Wash., and/or billing entry applications, etc. Moreover, the Jabber service manager 230 could keep track of the presence of these other applications and other resources on the network. For example, if a client wished to access an e-mail account from a remote location and the system was down, the Jabber service manager 230 could alert the user that the server was down. Thus the client 170 would not waste resources searching and waiting for e-mail from a server that is off-line.
Thus, the Jabber instant messenger can be used similarly to an operating system. When a resource server 260 is present on the network, the resource(s) associated with that resource server can be displayed as an icon on the client computer display, and when a resource server is down, the resource(s) can be removed from the client computer 170 display. Thus, icons, for example, could appear and disappear from a client computer 170 display as they become present and available, and not present or unavailable. Selecting the icon while it is displayed will cause a routing request to be sent to the service router 225. Upon receiving the routing request, the service router 225 will determine the correct routing of the routing request and deliver the proper service to the client computer 170.
Referring now to
The administrator creating the group 305 would be allowed to set extra field markers such as attribute 310 or class of service 320 that allow only members 330 of the group 305 or members of a certain class of service level to access the group. Thus when a user that is not included on the list of members 330 and does not have a class of service marker 320 that allows the user to add the group 305, the user will have to wait for authorization before the group 305 is posted to the user's resource list.
Further, the administrator can designate certain groups to be public groups according to the attribute field. When a group is designated a public group, all users of the system will be allowed to view the public group and add a number of these public groups to their resource list, regardless of the user's respective class of service level. Using this attribute field, a user could request that the universal server 130 provide a list of all public groups. The universal server 130 could then mask off all of the private group lists (filtering out all of the private groups), such that the user would be allowed to view only the public groups. Moreover, a user could search all groups and be allowed to view the public groups in addition to those groups to which the user's class of service level allows access.
One skilled in the art will recognize that this administrative application tool can override the class of service accessibility discussed in the provisional application above with respect to the service router 225. Thus, an administrator can mask a group 305 from a user who may technically have access to two different service center groups by providing that only one of the service center groups be available to that user.
Referring now to
However, in the present invention, a group contact 430 may be added to the resource list. The group contact 430 can in one embodiment, among others, contain a link to a public or private group 430, that may be created centrally by a database 250″ administrator, or an individual user. In turn the database 250, in one embodiment, among others, could store the group 450 centrally, without requiring each user to separately store the group list 450. Referring back to the user's resource list, the phone service group listing 430 could further include a rule 440 for the group. The rule could be used to indicate presence of the group 430 when a particular member 460 or subset of the group is present and available. The rule could be set by the user, but could also be set automatically by the universal server 130 upon addition of the group 430 to the resource list 410.
Now referring back to the centralized group list 450, the group list 450 can include a plurality of users 460, such as, for example, but not limited to, operators. Each of the individual users 460 would be linked to a unique identifier, which would allow two users to use the same “handle,” being differentiated by a unique identifier. Further, the group list 450 could include other fields such as, for example, but not limited to, attributes 470, class of service 480, and rules 490.
The attributes field 470 could consist of a marker which indicates the viewability of the group 450 with respect to the users of the universal server 130. The attributes 470 can be set such that every user of the universal server 130 can view the group 450, or so that it is not viewable to every user. This field 470 can be useful in creating private groups, such that only certain users or that no users may view the group 450.
The class of service field 480 can be used to create a group 450 which cannot be added to the resource list 410 of users without the required class of service marker. Thus, for example, if the group 450 is classified as class of service 1, and the user has class of service 2, the user would not be able to add the group 450 to the user's resource list 410. This class of service marker 480 provides a tool by which the database 250″ administrator can control access of the user to any particular group 450. Alternatively, the universal server 130 in one embodiment, among others, may prompt the user to upgrade the user's respective class of service marker to add the group 450 to their resource list 410. In one embodiment, among others, this upgrade may be facilitated by a charge to the user's account.
Finally, the rules field 490 may be used to provide an alternative way to control access to the group list 450. The database 250″ administrator may use this field to add various users of the universal server 130 to a list of those permitted to access the group list 450. Moreover, it can be used to further defined other fields of the group list 450. For example, a rule may be written whereby one of the attributes of the group could be to show the group to a certain subgroup of users.
Referring now to
If the class of service marker is insufficient to add the group 430 to the resource list 410 of the user, the next step 550 can be to send a request to the database 250 administrator to request that the user be allowed to add the group 430 to their resource list 410. The administrator may, in the next step 560, add the user to the rules 490 allowing the user to add the group 430 to their resource list 410. Alternatively, the administrator may decline the user, in which case the user is refused permission, according to step 570, to allow the group 430 to their resource list 410.
Process and function descriptions and blocks in flow charts can be understood as representing, in some embodiments, modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps in the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention. In addition, such functional elements can be implemented as logic embodied in hardware, software, firmware, or a combination thereof, among others. In some embodiments involving software implementations, such software comprises an ordered listing of executable instructions for implementing logical functions and can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. In the context of this document, a computer-readable medium can be any means that can contain, store, communicate, propagate, or transport the software for use by or in connection with the instruction execution system, apparatus, or device.
It should be emphasized that the above-described embodiments of the present invention are merely possible examples of implementations set forth for a clear understanding of the principles of the invention. Many variations and modifications may be made to the above-described embodiment(s) of the invention without departing substantially from the principles of the invention. All such modifications and variations are intended to be included herein within the scope of this disclosure and the present invention and protected by the following claims.
Claims
1. A system for limiting group access, comprising:
- a group access management system operable to store a plurality of resource lists, the resource lists comprising at least one contact and at least one group comprising at least one member, said at least one group further comprising a group class of service marker associated with said at least one group;
- a network service router coupled to the group access management system and being operable to route a service request, if the service request includes an adequate class of service marker with respect to the group class of service marker.
2. The system of claim 1, wherein said at least one group further comprises a rule.
3. The system of claim 2, further comprising:
- a service manager coupled to the network service router and operable to retrieve said at least one group from the group access management system and execute the rule, showing said at least one group as accessible in response to the rule.
4. The system of claim 2, wherein the rule comprises indicating the group is accessible in response to a particular subset of said at least one member of said at least one group being accessible.
5. The system of claim 2, wherein the rule comprises indicating the group is accessible in response to all members of said at least one group being accessible.
6. The system of claim 2, wherein the rule comprises indicating the group is accessible in response to any member of said at least one group being accessible.
7. The system of claim 1, wherein the group further comprises a show group status.
8. The system of claim 1, wherein said at least one group further comprises a group attribute associated with said at least one group.
9. The system of claim 8, wherein said group attribute comprises a mask to prevent the group from being viewable by other network users.
10. The system of claim 8, wherein said group attribute allows every user to view said at least one group.
11. A method for managing group access, comprising:
- creating a group comprising at least one member;
- storing the group in a group access management system on a network; and
- assigning a class of service level to the group.
12. The method of claim 11, further comprising:
- receiving a request from a user to add the group to a profile associated with the user and stored in the group access management system.
13. The method of claim 12, further comprising:
- checking a class of service marker associated with the user; and
- adding the group to the profile in response to the class of service marker.
14. The method of claim 12, further comprising:
- receiving a permission from an administrator of the group access management system; and
- adding the group to the profile upon receiving permission from the administrator.
15. The method of claim 12, further comprising:
- denying addition of the group to the profile without a permission from an administrator of the group access management system.
16. The method of claim 11, further comprising:
- assigning a rule to the group.
17. The method of claim 16, further comprising:
- receiving a request for a status with respect to the group;
- executing the rule; and
- updating the status base upon a result of executing the rule.
18. The method of claim 16, wherein the rule comprises:
- waiting for a subset of members of the group to be accessible before indicating a status of accessible for the group.
19. The method of claim 18, wherein the subset comprises a particular subset of members of the group.
20. The method of claim 11, further comprising:
- assigning an attribute to the group; and
- using the attribute to mask the group from a plurality of non-member users.
Type: Application
Filed: Mar 18, 2008
Publication Date: Jul 10, 2008
Applicant: AT&T Delaware Intellectual Property, Inc., formerly known as BellSouth Intl. Prop. Corp. (Willmington, DE)
Inventor: Dale W. Malik (Dunwoody, GA)
Application Number: 12/050,673