DESC:
FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003

COMPLETE SPECIFICATION
(See section 10 and rule 13)
1. TITLE OF THE INVENTION
METHOD AND SYSTEM FOR OBTAINING A SERVICE ACCESS CONTROL POLICY

2. APPLICANT(S)
NAME NATIONALITY ADDRESS
JIO PLATFORMS LIMITED INDIAN OFFICE-101, SAFFRON, NR. CENTRE POINT, PANCHWATI 5 RASTA, AMBAWADI, AHMEDABAD 380006, GUJARAT, INDIA
3.PREAMBLE TO THE DESCRIPTION

THE FOLLOWING SPECIFICATION PARTICULARLY DESCRIBES THE NATURE OF THIS INVENTION AND THE MANNER IN WHICH IT IS TO BE PERFORMED.

FIELD OF THE INVENTION
[0001] The present invention relates to networking, more particularly relates to a system and a method to obtain a service Application Programming Interface (API) access control policy.
BACKGROUND OF THE INVENTION
[0002] A service access control policy is a rule that applies on every API call initiated by an API consumer. The service access control policy is well defined in the 3rd Generation Partnership Project (3GPP) but that has some limitation. For example, various parameters such as, but not limited to, end date, number of requests per day, week or month, and number of participants in the API call or the like are not defined in the service access control policy.
[0003] Therefore there is a need for systems and methods for obtaining a service access policy that overcomes the above-mentioned drawback.
SUMMARY OF THE INVENTION
[0004] One or more embodiments of the present disclosure provide a system and a method of obtaining a service access control policy.
[0005] In one aspect of the present invention, a method of obtaining a service access control policy is disclosed. The method includes receiving, by one or more processors, a message for retrieval of the service access control policy from an Application Programming Interface (API) Exposing Function (AEF) by using an API invoker identifier. The API invoker identifier is used for retrieving the service access control policy of an API invoker. Further, the method includes determining, by the one or more processors, whether the AEF is authorized to obtain the service access control policy. The AEF is authorized based on the API invoker identifier. Further, the method includes obtaining, by the one or more processors, the service access control policy from a Common Application Programming Interface Framework (CAPIF) core function module, when the AEF is determined to be authorized.
[0006] In an embodiment, the service access control policy is associated with a service Application Programming Interface (API).
[0007] In an embodiment, the message for the retrieval of the service access control policy further includes the API invoker identifier of the service API.
[0008] In an embodiment, the service access control policy is configured as per a user requirement.
[0009] In an embodiment, the service access control policy includes a plurality of configurable parameters.
[0010] In an embodiment, the plurality of configurable parameters includes a number of requests per day, a number of request per week, a number of requests per month, an expiry date, an activation date and a plan validity.
[0011] In an embodiment, the method includes transmitting, by the one or more processors, a response indicating a failure in authentication to the API invoker, when the AEF is determined to be unauthorized.
[0012] In another embodiment, the method includes transmitting, by the one or more processors, information associated with the service access control policy to the API invoker, when the AEF is determined to be authorized.
[0013] In another aspect of the present invention, a system for obtaining a service access control policy is provided. The system includes a CAPIF API configured to receive a message for retrieval of the service access control policy from an AEF. The message includes an API invoker identifier. Further, the system includes a CAPIF module core function configured to determine whether the AEF is authorized to obtain the service access control policy. The AEF is authorized based on the API invoker identifier. Further, the CAPIF core function module is configured to obtain the service access control policy from a CAPIF core function, when the AEF is determined to be authorized.
[0014] In another aspect of the present invention, a non-transitory computer-readable medium having stored thereon computer-readable instructions that, when executed by a processor, cause the processor to receive a message for retrieval of the service access control policy from an AEF, wherein the API invoker identifier is used for retrieving the service access control policy of an API invoker; determine whether the AEF is authorized to obtain the service access control policy, wherein the AEF is authorized based on the API invoker identifier; and obtain the service access control policy from a CAPIF core function, when the AEF is determined to be authorized.
[0015] Other features and aspects of this invention will be apparent from the following description and the accompanying drawings. The features and advantages described in this summary and in the following detailed description are not all-inclusive, and particularly, many additional features and advantages will be apparent to one of ordinary skill in the relevant art, in view of the drawings, specification, and claims hereof. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes and may not have been selected to delineate or circumscribe the inventive subject matter, resort to the claims being necessary to determine such inventive subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS
[0016] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components, electronic components or circuitry commonly used to implement such components.
[0017] FIG. 1 is an exemplary block diagram of an environment for obtaining a service access control policy, according to various embodiments of the present disclosure.
[0018] FIG. 2 is a block diagram of a system of FIG. 1, according to various embodiments of the present disclosure.
[0019] FIG. 3 is an example schematic representation of the system of FIG. 1 in which various entities operations are explained, according to various embodiments of the present system.
[0020] FIG. 4 illustrates an example diagram depicting a CAPIF architecture, according to various embodiments of the present disclosure.
[0021] FIG. 5 illustrates an example sequence diagram depicting a communication between an AEF and a CAPIF core function module, according to various embodiments of the present disclosure.
[0022] FIG. 6 illustrates an example operational flow diagram depicting a process for obtaining the service access control policy, according to various embodiments of the present disclosure.
[0023] FIG. 7 shows a sequence flow diagram illustrating a method of obtaining the service access control policy, according to various embodiments of the present disclosure.
[0024] Further, skilled artisans will appreciate that elements in the drawings are illustrated for simplicity and may not have been necessarily been drawn to scale. For example, the flow charts illustrate the method in terms of the most prominent steps involved to help to improve understanding of aspects of the present invention. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the drawings by conventional symbols, and the drawings may show only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the drawings with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein.
[0025] The foregoing shall be more apparent from the following detailed description of the invention.

DETAILED DESCRIPTION OF THE INVENTION
[0026] Some embodiments of the present disclosure, illustrating all its features, will now be discussed in detail. It must also be noted that as used herein and in the appended claims, the singular forms "a", "an" and "the" include plural references unless the context clearly dictates otherwise.
[0027] Various modifications to the embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. However, one of ordinary skill in the art will readily recognize that the present disclosure including the definitions listed here below are not intended to be limited to the embodiments illustrated but is to be accorded the widest scope consistent with the principles and features described herein.
[0028] A person of ordinary skill in the art will readily ascertain that the illustrated steps detailed in the figures and here below are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0029] Various embodiments of the invention provide a method of obtaining a service access control policy. The method includes receiving, by one or more processors, a message for retrieval of the service access control policy from an AEF by using an API invoker identifier. The API invoker identifier is used for retrieving the service access control policy of an API invoker. Further, the method includes determining, by the one or more processors, whether the AEF is authorized to obtain the service access control policy. The AEF is authorized based on the API invoker identifier. Further, the method includes obtaining, by the one or more processors, the service access control policy from a Common Application Programming Interface Framework (CAPIF) core function module, when the AEF is determined to be authorized.
[0030] Various embodiments of the invention provide a method and a system to obtain the access control policy. The access control policy may be obtained by the AEF from the CAPIF core function module. The access control policy may interchangeably be referred as a custom access control policy. The custom access control policy may be defined as per a requirement and may be used while an API call. The custom access control policy may be configurable during run time and may be defined from a Command-line Interface (CLI) and an interface (e.g., User Interface (UI) or the like).
[0031] In an example embodiment, the present invention discloses an AEF transmitting a GET message including an API invoker identifier (ID), an AEF identifier and an API identification to a CAPIF core function module. The CAPIF core function module verifies an identity of the AEF and determines whether the AEF is authorized to obtain the access control policy corresponding to the API identification or not. If it is determined that the API exposing function is authorized to obtain the access control policy, the CAPIF core function module responds with the access control policy information corresponding to the API identification and API invoker ID (if present) in the GET message
[0032] FIG. 1 illustrates an exemplary block diagram of an environment (100) for for obtaining a service access control policy, according to various embodiments of the present disclosure. The environment (100) comprises a plurality of user equipment’s (UEs) 102-1, 102-2, ……,102-n. The at least one UE (102-n) from the plurality of the UEs (102-1, 102-2, ……102-n) is configured to connect to a system (108) via the communication network (106). Hereafter, label for the plurality of UEs or one or more UEs is 102.
[0033] In accordance with yet another aspect of the exemplary embodiment, the plurality of UEs (102) may be a wireless device or a communication device that may be a part of the system (108). The wireless device or the UE (102) may include, but are not limited to, a handheld wireless communication device (e.g., a mobile phone, a smart phone, a phablet device, and so on), a wearable computer device (e.g., a head-mounted display computer device, a head-mounted camera device, a wristwatch computer device, and so on), a laptop computer, a tablet computer, or another type of portable computer, a media playing device, a portable gaming system, and/or any other type of computer device with wireless communication or VoIP capabilities. In an embodiment, the UEs may include, but are not limited to, any electrical, electronic, electro-mechanical or an equipment or a combination of one or more of the above devices such as virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other computing device, wherein the computing device may include one or more in-built or externally coupled accessories including, but not limited to, a visual aid device such as camera, audio aid, a microphone, a keyboard, input devices (or input unit) for receiving input from a user such as touch pad, touch enabled screen, electronic pen and the like. It may be appreciated that the UEs may not be restricted to the mentioned devices and various other devices may be used. A person skilled in the art will appreciate that the plurality of UEs (102) may include a fixed landline, a landline with assigned extension within the communication network (106).
[0034] The plurality of UEs (102) may comprise a memory such as a volatile memory (e.g., RAM), a non-volatile memory (e.g., disk memory, FLASH memory, EPROMs, etc.), an unalterable memory, and/or other types of memory. In one implementation, the memory might be configured or designed to store data. The data may pertain to attributes and access rights specifically defined for the plurality of UEs (102). The UE (102) may be accessed by the user, to receive requests related to the system (108). The communication network (106), may use one or more communication interfaces/protocols such as, for example, Voice Over Internet Protocol (VoIP), 802.11 (Wi-Fi), 802.15 (including Bluetooth™), 802.16 (Wi-Max), 802.22, Cellular standards such as Code Division Multiple Access (CDMA), CDMA2000, Wideband CDMA (WCDMA), Radio Frequency Identification (e.g., RFID), Infrared, laser, Near Field Magnetics, etc.
[0035] The system (108) is communicatively coupled to a server (104) via the communication network (106). The server (104) can be, for example, but not limited to a standalone server, a server blade, a server rack, an application server, a bank of servers, a business telephony application server (BTAS), a server farm, a cloud server, an edge server, home server, a virtualized server, one or more processors executing code to function as a server, or the like. In an implementation, the server (104) may operate at various entities or a single entity (include, but is not limited to, a vendor side, a service provider side, a network operator side, a company side, an organization side, a university side, a lab facility side, a business enterprise side, a defence facility side, or any other facility) that provides service.
[0036] The communication network (106) includes, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, or some combination thereof. The communication network (106) may include, but is not limited to, a Third Generation (3G), a Fourth Generation (4G), a Fifth Generation (5G), a Sixth Generation (6G), a New Radio (NR), a Narrow Band Internet of Things (NB-IoT), an Open Radio Access Network (O-RAN), and the like.
[0037] The communication network (106) may also include, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc. one or more messages, packets, signals, waves, voltage or current levels, some combination thereof, or so forth. The communication network (106) may also include, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, a VOIP or some combination thereof.
[0038] One or more network elements can be, for example, but not limited to a base station that is located in the fixed or stationary part of the communication network (106). The base station may correspond to a remote radio head, a transmission point, an access point or access node, a macro cell, a small cell, a micro cell, a femto cell, a metro cell. The base station enables transmission of radio signals to the UE or mobile transceiver. Such a radio signal may comply with radio signals as, for example, standardized by a 3GPP or, generally, in line with one or more of the above listed systems. Thus, a base station may correspond to a NodeB, an eNodeB, a Base Transceiver Station (BTS), an access point, a remote radio head, a transmission point, which may be further divided into a remote unit and a central unit.
[0039] 3GPP: The term “3GPP” is a 3rd Generation Partnership Project and is a collaborative project between a group of telecommunications associations with the initial goal of developing globally applicable specifications for Third Generation (3G) mobile systems. The 3GPP specifications cover cellular telecommunications technologies, including radio access, core network, and service capabilities, which provide a complete system description for mobile telecommunications. The 3GPP specifications also provide hooks for non-radio access to the core network, and for networking with non-3GPP networks.
[0040] The system (108) may include one or more processors (202) coupled with a memory (204), wherein the memory (204) may store instructions which when executed by the one or more processors (202) may cause the system (108) executing requests in the communication network (106) or the server (104). An exemplary representation of the system (108) for such purpose, in accordance with embodiments of the present disclosure, is shown in FIG. 2 as system (108). In an embodiment, the system (108) may include one or more processor(s) (202). The one or more processor(s) (202) may be implemented as one or more microprocessors, microcomputers, microcontrollers, edge or fog microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that process data based on operational instructions. Among other capabilities, the one or more processor(s) (202) may be configured to fetch and execute computer-readable instructions stored in the memory (204) of the system (108). The memory (204) may be configured to store one or more computer-readable instructions or routines in a non-transitory computer readable storage medium, which may be fetched and executed to create or share data packets over a network service.
[0041] The environment (100) further includes the system (108) communicably coupled to the remote server (104) and each UE of the plurality of UEs (102) via the communication network (106). The remote server (104) is configured to execute the requests in the communication network (106).
[0042] The system (108) is adapted to be embedded within the remote server (104) or is embedded as the individual entity. The system (108) is designed to provide a centralized and unified view of data and facilitate efficient business operations. The system (108) is authorized to access to update/create/delete one or more parameters of their relationship between the requests for a workflow associated with a service access control policy, which gets reflected in real-time independent of the complexity of network.
[0043] In another embodiment, the system (108) may include an enterprise provisioning server (for example), which may connect with the remote server (104). The enterprise provisioning server provides flexibility for enterprises, ecommerce entities, and finance entities, etc. to update/create/delete information related to the requests in real time as per their business needs or the user requirements. A user with administrator rights can access and retrieve the requests for the workflow and perform real-time analysis in the system (108).
[0044] The system (108) may include, by way of example but not limitation, one or more of a standalone server, a server blade, a server rack, a bank of servers, a business telephony application server (BTAS), a server farm, hardware supporting a part of a cloud service or system, a home server, hardware running a virtualized server, one or more processors executing code to function as a server, one or more machines performing server-side functionality as described herein, at least a portion of any of the above, some combination thereof. In an implementation, system (108) may operate at various entities or single entity (for example include, but is not limited to, a vendor side, service provider side, a network operator side, a company side, an organization side, a university side, a lab facility side, a business enterprise side, ecommerce side, finance side, a defence facility side, or any other facility) that provides service.
[0045] However, for the purpose of description, the system (108) is described as an integral part of the remote server (104), without deviating from the scope of the present disclosure. Operational and construction features of the system (108) will be explained in detail with respect to the following figures.
[0046] FIG. 2 illustrates a block diagram of the system (108) provided for obtaining a service access control policy, according to one or more embodiments of the present invention. As per the illustrated embodiment, the system (108) includes the one or more processors (202), the memory (204), an interface (206), a display (208), an input unit (210), and a centralized database (or database) (214). Further the system (108) may comprise one or more processors (202). The one or more processors (202), hereinafter referred to as the processor (202) may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, single board computers, and/or any devices that manipulate signals based on operational instructions. As per the illustrated embodiment, the system (108) includes one processor. However, it is to be noted that the system (108) may include multiple processors as per the requirement and without deviating from the scope of the present disclosure.
[0047] The information related to the request may be provided or stored in the memory (204) of the system (108). Among other capabilities, the processor (202) is configured to fetch and execute computer-readable instructions stored in the memory (204). The memory (204) may be configured to store one or more computer-readable instructions or routines in a non-transitory computer-readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory (204) may include any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as disk memory, EPROMs, FLASH memory, unalterable memory, and the like.
[0048] The memory (204) may comprise any non-transitory storage device including, for example, volatile memory such as Random-Access Memory (RAM), or non-volatile memory such as Electrically Erasable Programmable Read-only Memory (EPROM), flash memory, and the like. In an embodiment, the system (108) may include an interface(s). The interface(s) may comprise a variety of interfaces, for example, interfaces for data input and output devices, referred to as input/output (I/O) devices, storage devices, and the like. The interface(s) may facilitate communication for the system. The interface(s) may also provide a communication pathway for one or more components of the system. Examples of such components include, but are not limited to, processing unit/engine(s) and a database. The processing unit/engine(s) may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processing engine(s).
[0049] The information related to the requests may further be configured to render on the interface (206). The interface (206) may include functionality similar to at least a portion of functionality implemented by one or more computer system interfaces such as those described herein and/or generally known to one having ordinary skill in the art. The interface (206) may be rendered on the display (208), implemented using Liquid Crystal Display (LCD) display technology, Organic Light-Emitting Diode (OLED) display technology, and/or other types of conventional display technology. The display (208) may be integrated within the system (108) or connected externally. Further the input unit (210) may include, but not limited to, keyboard, buttons, scroll wheels, cursors, touchscreen sensors, audio command interfaces, magnetic strip reader, optical scanner, etc.
[0050] The centralized database (214) may be communicably connected to the processor (202) and the memory (204). The centralized database (214) may be configured to store and retrieve the request pertaining to features, or services or workflow of the system (108), access rights, attributes, approved list, and authentication data provided by an administrator. Further the remote server (104) may allow the system (108) to update/create/delete one or more parameters of their information related to the request, which provides flexibility to roll out multiple variants of the request as per business needs or the user requirements. In another embodiment, the centralized database (214) may be outside the system (108) and communicated through a wired medium and wireless medium.
[0051] Further, the processor (202), in an embodiment, may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor (202). In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processor (202) may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processor (202) may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the memory (204) may store instructions that, when executed by the processing resource, implement the processor (202). In such examples, the system (108) may comprise the memory (204) storing the instructions and the processing resource to execute the instructions, or the memory (204) may be separate but accessible to the system (108) and the processing resource. In other examples, the processor (202) may be implemented by an electronic circuitry.
[0052] In order for the system (108) to obtain the service access control policy, the processor (202) includes a CAPIF API (216) and a CAPIF core function module (218). The CAPIF API (216) and the CAPIF core function module (218) may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor (202). In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processor (202) may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processor (202) may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the memory (204) may store instructions that, when executed by the processing resource, implement the processor. In such examples, the system (108) may comprise the memory (204) storing the instructions and the processing resource to execute the instructions, or the memory (204) may be separate but accessible to the system (108) and the processing resource. In other examples, the processor (202) may be implemented by the electronic circuitry.
[0053] In order for the system (108) to obtain the service access control policy, the CAPIF API (216) and the CAPIF core function module (218) are communicably coupled to each other. In an example embodiment, the CAPIF core function module (218) receives a message for retrieval of the service access control policy from an AEF (502) (as shown in FIG. 5), where the message includes an API invoker identifier. In an embodiment, the service access control policy is associated with a service API. The message for the retrieval of the service access control policy further includes the API invoker identifier of the service API. The service access control policy is configured as per a user requirement. In an embodiment, the service access control policy includes a plurality of configurable parameters. The plurality of configurable parameters includes a number of requests per day, a number of requests per week, a number of requests per month, an expiry date, an activation date and a plan validity. The request can be, for example, but not limited to, an API information handling request, an authentication and authorization request, a logging request, a monitoring request, an error handling request, a data rate limiting request, a traffic management request or the like.
[0054] The CAPIF core function module (218) determines whether the AEF (502) (as shown in FIG. 4) is authorized to obtain the service access control policy, wherein the AEF (502) is authorized based on the API invoker identifier. In an example, the CAPIF core function module (218) first authenticates the AEF (502) making the request. This involves verifying the identity of the AEF (502), often through credentials such as API keys, Auth tokens, or other authentication mechanisms. Once authenticated, the CAPIF core function module (218) performs an authorization check to determine whether the AEF (502) has the necessary permissions to access the service access control policy. This authorization check is typically based on roles, permissions, or policies associated with the AEF (502). After the AEF (502) is authorized, the CAPIF core function module (218) retrieves the service access control policy. Further, the CAPIF core function module (218) obtains the service access control policy from the CAPIF core function module (218), when the AEF (502) is determined to be authorized.
[0055] In an embodiment, the CAPIF core function module (218) transmits the response indicating the failure in authentication to the API invoker (404, 406), when the AEF (502) is determined to be unauthorized. In another embodiment, the CAPIF core function module (218) transmits information associated with the service access control policy to the authorized API invoker (404, 406), when the AEF (502) is determined to be authorized.
[0056] FIG. 3 is an example schematic representation of the system (300) of FIG. 1 in which various entities operations are explained, according to various embodiments of the present system. It is to be noted that the embodiment with respect to FIG. 3 will be explained with respect to the first UE (102-1) and the system (108) for the purpose of description and illustration and should nowhere be construed as limited to the scope of the present disclosure.
[0057] As mentioned earlier, the first UE (102-1) includes one or more primary processors (305) communicably coupled to the one or more processors (202) of the system (108). The one or more primary processors (305) are coupled with a memory (310) storing instructions which are executed by the one or more primary processors (305). Execution of the stored instructions by the one or more primary processors (305) enables the UE (102-1). The execution of the stored instructions by the one or more primary processors (305) further enables the UE (102-1) to execute the requests in the communication network (106).
[0058] As mentioned earlier, the one or more processors (202) are configured to transmit a response content related to the request to the UE (102-1). More specifically, the one or more processors (202) of the system (108) is configured to transmit the response content to at least one of the UE (102-1). A kernel (315) is a core component serving as the primary interface between hardware components of the UE (102-1) and the system (108). The kernel (315) is configured to provide the plurality of response contents hosted on the system (108) to access resources available in the communication network (106). The resources include one of a Central Processing Unit (CPU), memory components such as Random Access Memory (RAM) and Read Only Memory (ROM).
[0059] As per the illustrated embodiment, the system (108) includes the one or more processors (202), the memory (204), the interface (206), the display (208), and the input unit (210). The operations and functions of the one or more processors (202), the memory (204), the interface (206), the display (208), and the input unit (210) are already explained in FIG. 2. For the sake of brevity, we are not explaining the same operations (or repeated information) in the patent disclosure. Further, the processor (202) includes the CAPIF API (216) and the CAPIF core function module (218). The operations and functions of the CAPIF API (216) and the CAPIF core function module (218) are already explained in FIG. 2. For the sake of brevity, we are not explaining the same operations (or repeated information) in the patent disclosure.
[0060] FIG. 4 illustrates a diagram depicting a CAPIF architecture (400), according to various embodiments of the present disclosure. The CAPIF architecture (400) may include the API invoker (404, 406), a service API (410), an API exposing function module (412), an API Publishing Function (APF) module (414), API Management Function (AMF) module (416), and the CAPIF core function module (218). The API invoker (406) may be within a PLMN trust domain (402) and the API invoker (404) may be outside the PLMN trust domain (402).
[0061] The API invoker (406) discovers the service API (410). The API invoker (404) discovers the service API (410). The API invoker (406) communicates with the service API (410). The API invoker (404) communicates with the service API (410). The API invoker (406) and the API invoker (404) initiate a use for access and policy related control for service APIs (410). The API publishing function module (414) may be used for publishing service API information. The API management function module (416) may be configured for management of the service API and API invoker function.
[0062] The API invoker (406) and the API invoker (404) may be provided by a third party application provider having a service agreement with a PLMN operator. The CAPIF core function module (218) may authenticate the API invoker and may provide the authorization information and a service API discovery. The AEF (502) may be a provider of the service APIs (410) and may also be a service communication entry point of the service API (410). The APF module (414) may enable the API provider to publish the service APIs information. The AMF module (416) may enable the API provider to perform administration of the service APIs
[0063] FIG. 5 illustrates an example sequence diagram (500) depicting a communication between the AEF (502) and the CAPIF core function module (218), according to various embodiments of the present disclosure. The communication may be initiated by the AEF (502) for obtaining the service access control policy related to the service API (410).
[0064] In accordance with an embodiment of the present subject matter, At step 1, the AEF (502) transmits an obtain access control policy request to the CAPIF core function module (218). The obtain access control policy request may include the GET message including an API invoker ID, an AEF identifier and an API identification (for example).
[0065] At step 2, upon receiving the GET message, the CAPIF core function module (218) may be configured to verify an identity of the AEF (502) and determine whether the AEF (502) is authorized to obtain the access control policy corresponding to the API identification or not.
[0066] At step 3, if it is determined that the AEF (502) is authorized to obtain the access control policy, the CAPIF core function module (218) may respond with the access control policy information corresponding to the API identification and API invoker ID (if present) in the GET message. In an embodiment, if it is determined that the authorization check is not successful, the AEF (502) may be provided with a failure indication via an obtain access control policy response by the CAPIF core function module (218).
[0067] FIG. 6 illustrates an operational flow diagram (600) depicting a process for obtaining the service access control policy, according to various embodiments of the present disclosure. The service access control policy may be obtained by the AEF (502) from the CAPIF core function module (218). The service access control policy may be associated with the service API (410). In accordance with an embodiment of the present subject matter, the service control policy may be configured as per the user requirement. The service access control policy may include the number of configurable parameters. Examples of the number of configurable parameters may include, but are not limited to, requestPerDay, requestPerWeek, requestPerMonth, expryDate, activationDate, and, planValidity.
[0068] At step 602, the process may include transmitting the GET message by the AEF (502) to the CAPIF core function module (218) with the AEF identifier and an API identification. Moving forward, the GET message may include the API invoker ID for retrieving the access control policy of the requested API invoker (404, 406).
[0069] At step 604, the process may include verifying, by the CAPIF core function module (218), the identity of the AEF (502) and checking whether the AEF (502) is authorized to obtain the access control policy corresponding to the API identification. In an embodiment, where it is determined that the AEF (502) is authorized, the process may proceed towards step 606. In an embodiment, where it is determined that the AEF is not authorized, the process may proceed towards step 608.
[0070] At step 606, the process may include transmitting by the CAPIF core function module (218), access control policy information corresponding to the API identification and the API invoker ID (if present) in the GET message to the AEF (502).
[0071] At step 608, the process may include transmitting by the CAPIF core function module (218) the access control policy response to the AEF (502) indicating the failure.
[0072] FIG. 7 is a flow chart (500) illustrating a method of obtaining the service access control policy, according to various embodiments of the present system.
[0073] At step 702, the method includes receiving the message for retrieval of the service access control policy from the AEF (502) by using the API invoker identifier. The API invoker identifier is used for retrieving the service access control policy of the API invoker (404, 406). At step 704, the method includes determining whether the AEF (502) is authorized to obtain the service access control policy. The AEF (502) is authorized based on the API invoker identifier. At 706, the method includes obtaining the service access control policy from the CAPIF core function module (218), when the AEF (502) is determined to be authorized.
[0074] A person of ordinary skill in the art will readily ascertain that the illustrated embodiments and steps in description and drawings (FIGS. 1-7) are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0075] Method steps: A person of ordinary skill in the art will readily ascertain that the illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0076] The present invention offers multiple advantages over the prior art and the above listed are a few examples to emphasize on some of the advantageous features. The listed advantages are to be read in a non-limiting manner.

REFERENCE NUMERALS
[0077] Environment - 100
[0078] UEs– 102, 102-1-102-n
[0079] Server - 104
[0080] Communication network – 106
[0081] System – 108
[0082] Processor – 202
[0083] Memory – 204
[0084] Interface – 206
[0085] Display – 208
[0086] Input unit – 210
[0087] Centralized Database – 214
[0088] CAPIF API– 216
[0089] CAPIF core function module - 218
[0090] System - 300
[0091] Primary processors -305
[0092] Memory– 310
[0093] Kernel– 315
[0094] CAPIF architecture- 400
[0095] PLMN trust domain – 402
[0096] API invoker – 404, 406
[0097] API provider domain – 408
[0098] Service API – 410
[0099] API exposing function module – 412
[00100] API publishing function module – 414
[00101] API management function module – 416
[00102] AEF – 502

,CLAIMS:CLAIMS
We Claim:
1. A method of obtaining a service access control policy, the method comprising the steps of:
receiving, by one or more processors (202), a message for retrieval of the service access control policy from an Application Programming Interface (API) Exposing Function (AEF) (502) by using an API invoker identifier, and wherein the API invoker identifier is used for retrieving the service access control policy of an API invoker (404, 406);
determining, by the one or more processors (202), whether the AEF (502) is authorized to obtain the service access control policy, wherein the AEF (502) is authorized based on the API invoker identifier; and
obtaining, by the one or more processors (202), the service access control policy from a Common Application Programming Interface Framework (CAPIF) core function module (218), when the AEF (502)is determined to be authorized.

2. The method as claimed in claim 1, wherein the service access control policy is associated with a service Application Programming Interface (API).

3. The method as claimed in claim 2, wherein the message for the retrieval of the service access control policy further includes the API invoker identifier of the service API.

4. The method as claimed in claim 1, wherein the service access control policy is configured as per a user requirement.

5. The method as claimed in claim 1, wherein the service access control policy comprises a plurality of configurable parameters.

6. The method as claimed in claim 5, wherein the plurality of configurable parameters comprises a number of requests per day, a number of requests per week, a number of requests per month, an expiry date, an activation date and a plan validity.

7. The method as claimed in claim 1, further comprising transmitting, by the one or more processors (202), a response indicating a failure in authentication to the API invoker (404, 406), when the AEF (502)is determined to be unauthorized.

8. The method as claimed in claim 1, further comprising transmitting, by the one or more processors (202), information associated with the service access control policy to the API invoker (404, 406), when the AEF (502)is determined to be authorized.

9. A system (108) for obtaining a service access control policy, wherein the system (108) comprises:
a Common Application Programming Interface Framework (CAPIF) Application Programming Interface (API) (216) configured to:
receive a message for retrieval of the service access control policy from an API Exposing Function (AEF) (502), wherein the message includes an API invoker identifier; and
a Common Application Programming Interface Framework (CAPIF) core function module (218) configured to:
determine whether the AEF (502)is authorized to obtain the service access control policy, wherein the AEF (502)is authorized based on the API invoker identifier; and
obtain the service access control policy from the CAPIF core function module (218), when the AEF (502)is determined to be authorized.

10. The system (108) as claimed in claim 9, wherein the service access control policy is associated with a service Application Programming Interface (API).

11. The system (108) as claimed in claim 10, wherein the message for the retrieval of the service access control policy further includes the API invoker identifier of the service API.

12. The system (108) as claimed in claim 9, wherein the service access control policy is configured as per a user requirement.

13. The system (108) as claimed in claim 9, wherein the service access control policy comprises a plurality of configurable parameters.

14. The system (108) as claimed in claim 13, wherein the plurality of configurable parameters comprises a number of requests per day, a number of request per week, a number of requests per month, an expiry date, an activation date and a plan validity.

15. The system (108) as claimed in claim 9, wherein the CAPIF core function module (218) is further configured to transmit a response indicating a failure in authentication to the API invoker (404, 406), when the AEF (502)is determined to be unauthorized.

16. The system (108) as claimed in claim 9, wherein the CAPIF core function module (218) is further configured to transmit information associated with the service access control policy to the authorized API invoker (404, 406), when the AEF (502)is determined to be authorized

17. A User Equipment (UE) (102-1), comprising:
one or more primary processors (305) communicatively coupled to one or more processors (202) of a system (108), the one or more primary processors (305) coupled with a memory (310), wherein said memory (310) stores instructions which when executed by the one or more primary processors (305) causes the UE (102-1) to:
transmit a message the one or more processers (202);
wherein the one or more processors (202) is configured to perform the steps as claimed in claim 1.