Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
  • H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
  • H04L41/508—Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
  • H04L41/5096—Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to distributed or central networked applications
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
  • H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
  • H04L41/5061—Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the interaction between service providers and their network customers, e.g. customer relationship management
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities

Definitions

• the invention relates to a system for controlling the equipment present in a telecommunications network, taking into account in particular the constraints of mobility, security and quality of service of the users connected to the network and taking into account the quality of service requests. which can be expressed dynamically by a user via a signaling protocol.
• the system is particularly intended for the control of the equipment present in a network based on the standards of the Internet protocol or IP for short (Internet Protocol in Anglo-Saxon language) and Ethernet.
• the equipment is for example: o Level 2 switches, o Adaptation functions to the transmission medium, o IP routers, o Firewall systems, o Telephone communication management functions, o Communication functions message transfer, o Content distribution functions.
• the object of the present invention is in particular a system capable of controlling, via interfaces designated IP-S, a whole assembly composed of IP-S components.
• IP-S designates a service-oriented architecture.
• the system control plan thus obtained, takes into account in particular the dynamics present in telecommunications systems linked in particular: o user mobility (authentication and service affiliations), o quality of service requests transmitted by users of the telecommunications, o the availability of system resources.
• the invention relates to a system making it possible to dynamically control equipment present in a communications system taking into account the present dynamicities linked at least to the mobility of users. It is characterized in that it comprises at least one control module comprising at least: o a control block comprising: o an ACS control component adapted to process the authentication of users connected to the network, the dynamic configuration of IP addresses, management of authorizations for user service requests, configuration of network components according to authenticated users, o a LOC control component adapted to process the user affiliation process, server mobility, user location , and the application routing of the services, o a QSM control component adapted to process the management of the quality of service on the network arteries, o a block comprising one or more of the following elements: a component of the different user services, the components networks, a component for connectivity to external entities.
• the system according to the invention has the following advantages in particular: o it makes it possible to control the behavior of telecommunications systems according to the connected users by processing the following functions: authentication and authorization, configuration of the equipment according to the connected users, resource management according to the services requested by users and mobility, o the components specified by the system do not redefine the existing standard interfaces, o the system control plan automatically configures the network equipment according to: connected users, available resources, requests for users in quality of service or QoS and in protection, o the organization of the system control plan according to the invention also allows the development of specific functionalities not present in the standards and in the equipment conforming to these standards, o the control plan system is generic, it allows to control many equipments of the market (COTS) thanks to the implementation of a generic protocol allowing the control of equipments of the network.
• COTS equipments of the market
• FIG. 1 showing the general organization of a component IP-S type
• o Figure 2 a diagram of the different functions of the components in the IP-S organization
• o Figure 3 a diagram showing an example of the IP-S control interfaces
• o Figure 4 a diagram of the authentication steps
• o Figure 5 a diagram of affiliation of a user to the service
• Figure 6 a flow diagram showing the location mechanisms following the affiliation presented in Figure 5, o Figure 7, an example of a user location procedure on a network.
• Figure 1 shows an example of the general organization of an IP-S component.
• the service-oriented or IP-S components according to the invention are composed for example: o of a basic commercial product with interfaces processing the user plane and / or the control plane and having a native management interface, interface forming part integral of the commercial product, o of software, controlled through the IP-S interface which controls the behavior of the product and which constitutes the IP-S added value.
• the latter can be of various types: o control of other components (control of call routing, filtering control, etc.), o interfaces with components processing system control, o additional functionalities not present in the equipment of trade and responding to a need of a given customer, usually designated by the Anglo-Saxon expression add-on (ad hoc routing, specific management, ).
• IP-S architecture by domain comprising the following functionalities: o network module (communication, routing, filtering, adaptation to transport on the arteries, encryption and also adaptation for the transport of messages), o user services module (messaging, data distribution and replication, multimedia communications management, etc.), o interconnection with non-IP-S entities, o interconnection with non-IP-S networks (telephony, messaging), o connection of non-IP-S terminals to an IP-S network (telephone, messaging), o interconnection of non-IP-S networks via an IP-S network (tunneling), o system control (QSM resource management, authentication and ACS authorization, LOC mobility management, system configuration according to connected users).
• o network module communication, routing, filtering, adaptation to transport on the arteries, encryption and also adaptation for the transport of messages
• o user services module messagesaging, data distribution and replication, multimedia communications management, etc.
• o interconnection with non-IP-S entities o interconnection with non-IP-S networks (telephony, messaging), o
• the architecture of the IP-S system according to the invention is based in particular on a breakdown into components each having a precise definition of the functionalities provided and of the interfaces allowing the interconnection of the components together to form a system.
• This architecture comprises for example 4 blocks whose functionalities are detailed further on in the description: o a system control block I comprising the ACS module, the LOC module, the QSM module, o a II block comprising the various user services (IP components -S communication services), o a block III comprising the network components, o a block IV comprising the connectivity to non-IP-S entities.
• the L2P component deals with: switching, QoS level 2 quality of service management, link management protocols known by the Anglo-Saxon designation "Spanning tree”, aggregation of links, transmissions from a transmitter point to a receiver or “unicast” and from one transmitter to several receivers or “broadcast”, authentication protocols, etc.
• the L3P component deals with: Unicast routing and the routing of one or more transmitters to one or more receivers or “Multicast”, management of QoS DiffServ quality of service, address translations, management of IP tunnel, flow redirection, etc.
• the FRW component is used to define secure zones in a network. The FRW component processes filtering at the packet level, at the connection level, and also processes filtering at the application level.
• the TAD component specifies the functional adaptations required for the transport of IP flows over transport subnetworks
• the IPZ component secures the interconnection of classified LANs with the same level of security.
• the MTG component specifies the functional adaptations required for the transport of IP-S messages on a non-IP-S network. This component is mainly used for the transport of messages on constrained networks. The protocols used are those specified for this type of transport. IP-S components communication services
• the CDS component is responsible for the distribution of content via the core networks constrained. These networks are constrained by the available bandwidth, the high transmission latency, the level of security required on these networks, the transmission error rates, etc.
• the MSG component is in charge of the IP-S messaging system. This system is based on IETF standards.
• the LCC component is in charge of controlling multimedia communications, and in particular this component is the application platform for telephony systems with a view to providing advanced telephony services.
• Components for interconnection with non-IP-S systems The GTW component deals with the interconnection of IP-S voice services with voice services of other external networks. The establishment of communications is controlled by the LCC component.
• the MGW component processes interconnection of IP-S messaging services with messaging services of other networks external (ACP127 or Allied Communication Publication Number 127, MMHS, ...)
• the TUN component provides a support service allowing interconnection of non-IP-S network elements via an IP-S infrastructure.
• the IAD component is used to connect conventional telephone terminals to an IP-S telephony system.
• the MAG component is used to connect non-IP-S messaging terminals to an IP-S messaging system. Via the MAG component, these terminals will be able to access a mailbox hosted by the MSG component.
• Control components interact with the components described above, for example, based on logged in and authenticated users, the location of users, and user service requests.
• the control components are:
• the ACS component which processes: authentication of users connected to the network, dynamic configuration of IP addresses, management of authorizations for user service requests, configuration of components according to authenticated users ( QoS quality of service rules, filtering rules, ).
• the ACS component also makes it possible to control the rights of access and / or use to a service, for example, the transmission of a message. This verification can be carried out at the emission source, at reception, etc.
• the ACS component also allows time synchronization of each clock in each terminal, as well as the devices implemented in the network and in data transmission.
• the LOC component which deals with: the user affiliation process, server mobility, user localization, and application routing of services.
• the QSM component which deals with the management of quality of service on the arteries of the constrained core network: by allocation of resources according to the needs expressed by the network users, and by management pre-emption of communications if more important communications must be able to be established.
• the interfaces between the components convey the requests and the responses transmitted in the system control plane.
• IP-S interfaces These are the IP-S interfaces. These interfaces allow the control components to control: o the functioning of the system, namely the configuration of the system according to the connected users (ACS to L2P, L3P, FRW).
• the user database is communicated to ACS via the Management ACS interface. o the use made of the system by connected users, in particular: • controlling the communication rights available to subscribers (via the ACS interfaces to CDS, MSG, LCC), “locating the users and the servers connecting these users ( via LOC interfaces to CDS, MSG, LCC).
• the location of servers and users is done through exchanges carried out on the LOC LOC interface is the use of system resources by users based on the importance of communication (via the QSM and interfaces to L3P.TAD via QSM to QSM and LCC to LCC interfaces).
• IP-S or IP-S management The behavior of the various components is controlled by the interfaces via IP-S.
• the ACS component is controlled by the manager.
• the ACS component then controls all the other components because it knows the components present in the system, the IP-S configuration of each component, the users who are connected to the network or who could be connected to the network.
• Data management is shared in a first step between the network management system and the ACS component which stores the information in a local database.
• the information shared with the network management system concerns the level of service (user profiles, groups of users, ...) the network level (filtering, ...) and also the profiles assigned to the components (device profiles, interface configuration, etc.).
• the information relating to the component level and to the network level is transferred to the components via the IP-S interfaces.
• the ACS component can configure in a third step specific filtering rules (QoS processing, application filtering) associated with the users connected to the network.
• the authentication step can be carried out in several ways, for example by unidirectional authentication between a terminal and a server. It can also use mutual authentication between the user and the server.
• the access control to the network is carried out for example by authentication. This allows in particular to know the terminal on which the user is connected. Identity is verified, for example, upon affiliation, when requesting additional services, or when accessing a mailbox. This is done, for example, by checking the user's identity and password with the one stored in the database. Procedure for affiliating a user to a service offered by the network This procedure is shared between the ACS component and the LOC component.
• the ACS component allows authentication / authorization.
• the LOC component updates the symbolic address of the user, it notifies the other LOCs components of the system of this update and it deletes the old affiliation of the user.
• the LOC function can be used at any level. It allows: o At the physical level, to know where is a connected terminal, where are the terminals used by users, o At the network level, what is the IP address of a terminal, o At the service level, where find a user, how to reach a node. Figures 4 to 7 which follow diagrammatically exchange messages between the various pieces of equipment in the system.
• the device operates, for example, as follows: First, the functions of the devices are registered: o after startup, each device forming part of the system registers its functions with the ACS, o the ACS component verifies the identity of the device, where the ACS component stores the contact point for the device in its database.
• the search for the device thus registered can be carried out using its generic name, or by searching for its identifier.
• Figure 4 represents the diagram of the dynamic exchanges during a procedure of identification of a user 1.
• the user can be an individual or a network or a server which requires an authorization to connect. This example shows that the network can adapt to the user connected to the network, regardless of the position of the access point selected by the user.
• the user requests authentication from TACS.
• FIG. 5 represents an example of the procedure for affiliating a user to a telephony service.
• the user profile describes the specific settings that could be applied when the user is connected to the network. These parameters are made up of: o generic parameters that can be activated when the user is connected to the network (QoS quality of service and firewall filter), VLANs or Virtual Local Area Network), o parameters for each of the services the user can access.
• the user profile specifies the telephone number, the personal code of the user used for affiliation and for the activation of specific telephony services (for example call transfer), the closest user groups, the level of precedence for the subscriber, etc.
• the user can activate his telephone service via the affiliation process. This process requires the user to dial a specific number with their personal code, which is controlled by the system before entering the localization process.
• Figure 6 shows schematically an example of flow exchanges during a telephone call. The following scenario represents the exchanges required for a telephone call. For the sake of simplification, the diagram represents the end of the communication.
• FIG. 7 shows schematically an example of a user location procedure on a network. Two different solutions have been specified in the IP-S system for locating a user, or for locating an application more generally. The information can be replicated to each location server or the information is distributed to the network location servers.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Business, Economics & Management (AREA)
• General Business, Economics & Management (AREA)
• Computer Hardware Design (AREA)
• Computer Security & Cryptography (AREA)
• Computing Systems (AREA)
• General Engineering & Computer Science (AREA)
• Data Exchanges In Wide-Area Networks (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=34946268

Family Applications (1)

Country Status (4)

Families Citing this family (2)

Family Cites Families (17)

• 2004
  • 2004-03-30 FR FR0403297A patent/FR2868645B1/fr not_active Expired - Lifetime
• 2005
  • 2005-03-16 WO PCT/EP2005/051201 patent/WO2005107158A1/fr active Application Filing
  • 2005-03-16 US US10/594,719 patent/US20070195694A1/en not_active Abandoned
  • 2005-03-16 EP EP05717068A patent/EP1738521A1/de not_active Withdrawn

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events