1. A system for authenticating users in a telecommunications network in cooperation with an OpenID provider on a public network external to the telecommunications network (external OP), said system comprising:
a private network of said telecommunications network wherein said private network is protected from said public network by a firewall;
a gateway node internal to the private network for authenticating mobile devices, each mobile device having an identifier and a user agent associated therewith;
an Open ID provider internal to the private network (internal OP) that is connected to the gateway node, wherein the internal OP is reachable only from said gateway node over said private network of the telecommunications network; and
wherein when the external OP receives a request from a relying party to validate a request from a user agent of a mobile device,
the user agent is redirected to the internal OP,
the user agent transmits a request including said identifier of said mobile device to the gateway node over said private network,
the gateway node validates the request received from the user agent by validating that the identifier matches the identifier of the mobile device and forwarding the request directly to the internal OP over said private network,
the internal OP validates the user agent using the identifier associated with the mobile device, and
the internal OP responds by providing a response which redirects the user agent to an accepted URI provided by the relying party, whereby the relying party can validate the response from the internal OP with the external OP and authenticate the mobile device.
2. The system of claim 1, wherein the gateway node performs deep packet inspection, wherein the identifier is a Mobile Station International Subscriber Directory Number (MSISDN) encoded into the request to the internal OP and wherein the gateway node validates said request by discarding all requests in which the MSISDN does not match a subscriber of said mobile device.
3. The system of claim 1, wherein the gateway node receives real-time rule updates with specified address and port, wherein the system allocates a port on the internal OP and constructs a rule for said identifier associated with the mobile device in response to a request from the external OP, said rule granting access to said port for said identifier, and wherein said rule is passed to the gateway node.
4. The system of claim 1, wherein the internal OP comprises an online charging server (OCS).
5. The system of claim 1, wherein the gateway node is a Gateway for General Packet Radio Service (GPRS) Support Node (GGSN) that serves as a gateway between a GPRS wireless data network and one or more other networks, and wherein the gateway node further comprises:
a Policy and Charging Enforcement Function (PCEF); and
a Policy Control and Charging Rules Function (PCRF).
6. The system of claim 1, wherein the internal OP renders a page requesting a user name and password, said page further including an option to allow the mobile device to login without a password for subsequent requests.
7. The system of claim 1, wherein the internal OP validates the user agent without requiring a user name and password for requests subsequent to an initial request by a particular relying party.
8. A method for authenticating users in a telecommunications network in cooperation with an OpenID provider on a public network external to the telecommunications network (external OP), said method comprising:
providing a private network of said telecommunications network wherein said private network is protected from said public network by a firewall;
authenticating a mobile device of a subscriber using a gateway node internal to the private network, said mobile device having an identifier and a user agent associated therewith;
providing an Open ID provider internal to the private network (internal OP) wherein the internal OP is reachable only from said gateway node over said private network of the telecommunications network;
redirecting the user agent to said internal OP in response to the external OP receiving a request to validate the subscriber of the mobile device from a relying party;
transmitting a request including said identifier of said mobile device from the user agent to the gateway node over said private network,
validating the request received from the user agent in the gateway node by validating that the identifier matches the identifier of the mobile device and forwarding the request directly to the internal OP over said private network,
sending a response from the internal OP to the user agent using the internal OP;
redirecting the user agent to an accepted uniform resource identifier (URI) provided by the relying party whereby the relying party can validate the response from the internal OP with the external OP and authenticate the mobile device.
9. The method of claim 8, wherein the request to validate the subscriber of the mobile device is initiated when a user agent invokes a service on a relying party and provides said identifier to the relying party.
10. The method of claim 9, wherein the relying party initiates a request to validate the user agent upon having received the invocation of the service from the mobile device and transmits said request to validate the user agent to an external OP.
11. The method of claim 8, wherein the user agent is connected to the gateway node.
12. The method of claim 8, wherein validating the user agent is implemented by a gateway node performing deep packet inspection, wherein the identifier is a Mobile Station International Subscriber Directory Number (MSISDN) associated with the subscriber and encoded into the request to the internal provider and wherein the gateway node validates said request by discarding all requests that do not contain the MSISDN that matches the subscriber of said mobile device.
13. The method of claim 8, wherein the user agent is validated by a gateway node receiving real-time rule updates with specified address and port, said rule granting access to said port for said identifier associated with said mobile device, and wherein said rule is passed to the gateway node.
14. The method of claim 8, wherein the user agent is validated by a gateway node initiating a new charging session in an Online Charging Server (OCS), wherein the OCS updates a profile associated with said subscriber, and wherein the OCS validates the mobile device based on a port allocation.
15. The method of claim 11, wherein the telecommunications network comprises:
a Policy and Charging Enforcement Function (PCEF); and
a Policy Control and Charging Rules Function (PCRF).
16. The method of claim 8, wherein the internal OP renders a page requesting a user name and password, said page further including an option to allow the user agent to login without a password for subsequent requests.
17. The method of claim 8, wherein the internal OP validates the user agent without requiring a user name and password for requests subsequent to an initial request by a particular relying party.
18. The method of claim 8, wherein the user agent is a web browser of the mobile device invoking the relying party service.
19. A non-transitory computer readable storage medium storing a set of instructions executed by one or more processors for authenticating users in a telecommunications network, in cooperation with an OpenID provider on a public network external to the telecommunications network (external OP), which set of instructions, when executed, cause the one or more processors to perform a sequence of steps comprising:
providing a private network of said telecommunications network wherein said private network is protected from said public network by a firewall;
authenticating a mobile device of a subscriber using a gateway node internal to the private network, said mobile device having an identifier and a user agent associated therewith;
providing an Open ID provider internal to the telecommunications network (internal OP) wherein the internal OP is reachable only from said gateway node over said private network of the telecommunications network;
receiving a request to validate a subscriber of a mobile device from a relying party service to an external provider;
redirecting the user agent to the internal OP by the relying party;
transmitting a request including said identifier of said mobile device from the user agent to the gateway node over said private network,
validating the request received from the user agent in the gateway node by validating that the identifier matches the identifier of the mobile device and forwarding the request directly to the internal OP over said private network, and
sending a response from the internal OP to the user agent; and
redirecting the user agent to an accepted uniform resource identifier (URI) provided by the relying party whereby the relying party can validate the response from the internal OP with the external OP and authenticate the mobile device.
20. The non-transitory computer readable storage medium of claim 19, wherein validating the user agent includes the gateway node performing deep packet inspection.
The claims below are in addition to those above.
All refrences to claim(s) which appear below refer to the numbering after this setence.
1. Apparatus for measuring carbon monoxide on a person’s breath, which apparatus comprises measuring means for measuring the carbon monoxide on the person’s breath, and message giving means for giving a message which is in a language and which is appropriate to the amount of the carbon monoxide measured on the person’s breath.
2. Apparatus according to claim 1 in which the message giving means is an audio giving means for giving the message as an audio message.
3. Apparatus according to claim 1 in which the message giving means is a visual message giving means for giving the message as a visual message.
4. Apparatus acording to claim 1 in which the message giving means selects an appropriate message from a plurality of messages contained in the apparatus.
5. Apparatus according to claim 4 in which the plurality of messages are interpretive messages.
6. Apparatus according to claim 5 in which the plurality of interpretive messages are as follows:
(i) Non-smoker\u2014this message being for a measured concentration of carbon monoxide of 0-6 ppm.
(ii) Light-smoker\u2014this message being for a measured concentration of carbon monoxide of 7-10 ppm.
(iii) Heavy-smoker\u2014this message being for a measured concentration of carbon monoxide of 11 or more ppm.
7. Apparatus according to claim 4 in which the plurality of messages are prescriptive messages.
8. Apparatus according to claim 7 in which the plurality of prescriptive messages are as follows:
(i) No therapy required\u2014this message being for a measured concentration of carbon monoxide of 0-6 ppm.
(ii) Low dosage nicotine replacement recommended\u2014this message being for a measured concentration of carbon monoxide of 7-10 ppm.
(iii) High dosage nicotine replacement therapy recommended\u2014this message being for a measured concentration of carbon monoxide of 11 or more ppm.
9. Apparatus according to claim 4 in which the plurality of messages are disincentive messages.
10. Apparatus according to claim 9 in which the plurality of disincentive messages are as follows:
(i) Sweet breath\u2014this message being for a measured concentration of carbon monoxide of 0-6 ppm.
(ii) Breath stinks, recommend you give up smoking\u2014this message being for a measured concentration of carbon monoxide of 7-10 ppm.
(iii) Breath stinks really badly, recommend you give up smoking immediately\u2014this message being for a measured concentration of carbon monoxide of 11 or more ppm.
11. Apparatus according to claim 1 and including result giving means for giving the result of the measured carbon monoxide on the person’s breath, the result giving means being such that it gives the result in a form which is not in a language, and which is in a form which is only as a visual display.
12. Apparatus according to claim 11 in which the result is given in a form which would not normally be understood by the person, and which would normally need to be explained to the person by another person who would be in charge of the measurement.
13. Apparatus according to claim 12 in which the result is given as a measured concentration of carbon monoxide in parts per million.
14. Apparatus according to claim 11 in which the result giving means selects an appropriate result from a plurality of results contained in the apparatus, and lights up one of a plurality of different lights.
15. Apparatus according to claim 14 in which the plurality of results and the plurality of different lights are as follows:
(i) Non-smoker\u2014green light
(ii) Light-smoker\u2014orange light
(iii) Heavy-smoker\u2014red light
16. Apparatus according to claim 1 and including a display panel for displaying visual messages.
17. Apparatus according to claim 1 in which the measuring means is an electrochemical fuel cell.
18. Apparatus according to claim 1 and which is portable.
19. Apparatus according to claim 18 and which is hand holdable.
20. (canceled)