SE524173C2 - Device and method for routing units to the correct resource on a service platform - Google Patents

Abstract

The present invention concerns an arrangement (10) for a wired communication system (12) to direct geographically dispersed units (141,..., 14n) to the correct resource on a service platform. The arrangement (10) comprises a group server (16), an IP access node (18) connected to the group server (16)that is connected via the communication system (12) to the units (141, ..., 14n), whereby the IP access node (18) comprises information about the units (141, ..., 14n), which information is collected regularly by the group server (16), whereby the group server (16), based on a request for resources received from a unit (14x), and based on the said information, directs the unit (14x) to the correct service platform arranged on the group server (16).

Description

o canon 10 15 20 25 »->. .- 524 173 2 identify the source, e.g. MAC address, username, user ID, password, VLAN tag or location. If users are identified as the source, several users may have different permissions, even though they are using the same computer. If the computer is identified as the source, permissions associated with the MAC address are granted. Authentication and authentication of the source is done using “source profiles” that are stored in a database in a gateway. The source profile also contains account information. When a source has passed authentication and access control, a redirection to a special portal page can be done.

The document WO-A2-O1 / 31886 is related to the document WO-A2-O1 / 31843 and describes redirection to a special portal page based on a number of attributes. The connection procedure with authentication and authentication and redirection is handled by a gateway.

Document WO-A2-01 / 33808 is related to the documents described above and shows identification based on location or MAC address.

Document WO-A1-01 / 76294 discloses a method and a system for creating individual service platforms. A service platform is created for each so-called client structure has at least one user. A user can be connected to your client structures. The user can give other users varying permissions to their own client structure. A local gateway detects when a local node is installed and notifies the access provider that presents different services for the new node.

Local nodes can, for example, communicate with LonWorks.

Document US-6,075,776 describes a control system for VLANs. A "VLAN management server" and a "remote access server" are connected to a VLAN. Both have a table that indicates the location of terminals. The table makes it possible for the terminals to connect to the home network in whatever network they are in. The terminals are identified by MAC address.

None of the solutions shown above show a flexible solution to the problem of verifying your platform access securely. 10 15 20 25 Q n »a s» 524 173 3 Summary of the Invention It is an object of the present invention to solve the above-mentioned problems.

According to the present invention, according to a first aspect, a device is provided in a wired communication system for directing geographically dispersed units to a correct resource on a service platform. The device comprises a group server, an IP access node connected to the group server which is connected to said units via the communication system. The IP access node includes information about said devices, which information is regularly retrieved by the group server. The group server directs the unit to a correct service platform arranged on said group server based on a received resource request from the unit and based on said information. This device provides a highly flexible solution to the problem of verifying platform access securely.

According to another embodiment of the present invention, a device is provided in a wired communication system for directing geographically dispersed units to a correct resource on a service platform. The device comprises an IP access node which is connected via the communication system to said units and a group server included in the IP access node. The IP access node includes information about said devices, which information is regularly retrieved by the group server. The group server directs the unit to a correct service platform arranged on said group server based on a resource request received from the unit and based on said information. This device provides a highly flexible solution to the problem of verifying platform access securely.

An advantage in this context is obtained if the group server comprises a server comprising said service platforms, as well as a means connected to the server which handles resource requests received from the units. In this context, an advantage is obtained if the device further comprises a memory means in which said information is stored in the form of tables. : coca oense 10 15 20 25> - - ».-. . -. - - -; . .- 524 173 4 An advantage in this context is obtained if the tables include information on which combination of VLAN / IP number, MAC address / IP number and user account / IP number has access to which platform. In this context, an advantage is obtained if the units consist of terminals, users or devices or a combination of these.

An advantage in this context is obtained if said information is regularly synchronized between the group server and the IP access node.

In this context, an advantage is obtained if the IP access node includes an authorization system for deciding whether a device is authorized, and a router connected to the authorization system.

An advantage in this context is obtained if the authorization system comprises a AAA server connected to said router and a database connected to the AAA server comprising the identity of the devices. In this context, an advantage is obtained if the IP access node also includes a policy server connected to the database and said router, which configures said routing in accordance with the policy for the specified account.

According to the present invention, according to a second aspect, a method is provided in a wired communication system for directing geographically dispersed units to a correct resource on a service platform by means of a device.

The method comprises the steps of: - that when a device is switched on, it receives an IP token address; - to present an account and a password regarding the device; - to determine if the device is authorized; - that a group server included in the device regularly retrieves information about the devices from an IP access node which is connected to said devices via the communication system; - that the group server receives a resource request from the device; and - that the group server, based on the resource request and based on said information, directs the unit to a correct service platform arranged on the group server. won onan- 10 15 20 25 ~. ~. . . . . . .. 524 173 5 This method provides a very flexible solution to the problem of verifying platform access securely.

An advantage in this context is obtained if the step of presenting an account and a password regarding the device is performed by the IP access node automatically identifying and authorizing the device when it is connected by the devices' identities being registered in a database included in the IP access node.

According to another embodiment, an advantage is obtained if the step of presenting an account and a password regarding the device is performed by a user of the device entering said account and said password. In this context, an advantage is obtained if said information is stored in the form of a table in a memory means included in the device.

An advantage in this context is obtained if the tables include information on which combination of VLAN / IP number, MAC address / IP number and user account / IP number has access to which platform.

In this context, an advantage is obtained if the method further comprises the step of: - that the device receives a useful IP address.

An advantage in this context is obtained if the units consist of terminals, users or devices or a combination of these.

In this context, an advantage is obtained if the method further comprises the step of: - regularly synchronizing said information between the group server and the IP access node.

An advantage in this context is obtained if the IP access node comprises a router and a policy server connected to said router, the method further comprising the step of: - that the policy server configures said routing in accordance with the policy for the specified account. According to a third aspect, according to a third aspect, at least one computer program product is provided directly loadable in the internal memory of at least one digital computer. The computer program product (s) comprises software code portions for performing the steps of the method when said at least one product is run on said at least one computer. With this at least one computer software product, a very flexible solution to the problem of verifying platform access in a secure way is obtained.

It should be noted that when the term "includes / includes" is used in this application, it shall be deemed to indicate the presence of specified properties, steps or components, but does not exclude the presence of one or andra your other properties, parts, steps, components or groups thereof.

Embodiments of the invention will now be described with reference to the accompanying directions, in which: Brief Description of the Drawings Figure 1 is a block diagram showing a first embodiment of the device according to the present invention; Figure 2 shows a logical description of the architecture comprising the device shown in Fig. 1; Figure 3 shows a more detailed view of the network architecture shown in Figure 2; Figure 4 shows a fate diagram of a method of a wired communication system for directing geographically dispersed units to a correct resource on a service platform according to the present invention by means of a device; and Figure 5 shows a schematic view of some computer program products according to the present invention.

Detailed Description of Embodiments Fig. 1 shows a block diagram of a first embodiment of a device (10) according to the present invention. As can be seen from Fig. 1, the device (10) is connected via a wired communication system (12) to n st. geographically øa-uø 10 15 20 25 n u o ~ n.. -. - u. e .. .'- 524 173 7 scattered units (141, 14.1). The wired communication system (12) is shown only schematically in Fig. 1. The device (10) comprises a group server (16) and an IP access node (18) connected to the group server (16) which is connected via the communication system (12) to the units (141, 14.1). The different units (141, 14.1) can, for example, be located in different apartments with different households. The IP access node (18) comprises information about said devices (141, 14,1), which information is regularly retrieved by the group server (16). When the group server (16) receives a resource request from a unit 14x, where 15x5n, it directs the unit 14x to a correct service platform arranged on said group server (16) based on the resource request and based on said information in another embodiment not shown of the device (10) includes the group server (16) in the IP access node (18). otherwise, this device (10) functions in the same way as the device (10) shown in Fig. 1. As further shown in Fig. 1, the group server (16) comprises a server (22) comprising said service platforms, and a means (20) connected to the server (22) which handles resource requests received from the units (141, 14,1).

The block diagram shown in Fig. 1 rather refers to the logical architecture.

For example, the household is not connected to the IP access node (18) with a separate cable, in the physical architecture. But Fig. 1 shows how the household will perceive the situation. This also applies to the three different cables that connect the IP access node (18) to the group server (16). From a household perspective, there are three different cables, but there is only one in the physical architecture.

The IP access node (18) consists of an authorization system and a router (compare, for example, Fig. 2). All information about households (VLAN), users (ACCOUNT), devices (MAC address) and IP addresses can be found here.

Table 1 gives an example of the information contained in the IP access node (18).

This table contains four different accounts, each with a different IP address, MAC address, and a VLAN character string. vanan 10 15 u »a .. 524 17š Account VLAN IP address MAC address Stefan @ mandeln 1 131 .131 .131 .10 00-A0-C9-E8-5F-64 Nic | as @ mande | n 2 131.131. 131.20 00-A0-C9-E8-5F-65 Uurban @ mande | n 2 131.131 .131 .21 OO-A0-C9-E8-5F-66 Nisse @ mandeln 3 131.131.131.30 OO-AO-C9-E8-5F -67 Table 1 Table 1 shows, for example, that a user from VLAN 1 (unit 141) has logged in to the account Stefan @ almond. The device that the user has logged in with (probably his / her PC), has MAC address: OO-A0-C9-E8-5F-64, and was given the following IP address: 131.131.131.10.

When a user wishes to access any of the platforms, he / she can choose to be identified by account / IP address, MAC address / IP address or by VLAN / IP address. By selecting one of these three URLs (Uniform Resource Locator), this is accomplished. www.myhome.telia.com <--> 192.168.30.31 (Account / IP Address) www.myportal.telia.com <--> 192.168.30.32 (MAC Address / IP Address) wvvw.mydevice.telia. com + -> 192.168.30.33 (VLAN / IP address) If the user writes "www.myhome.telia.com" in their browser, this request will then be sent to the IP address 192.168.30.31. this request will be identified against the Account / IP Address table The server (22) in the group server (16) will identify all incoming requests on the IP address 192.168.30.31 with the Account / IP Address table. > Q »a .a 524 17% If the user selects 192.168.30.32 this request is mapped to the MAC address / IP address table, the last selection" wvvw.mydevice.telia.com "will be made against the VLAN / IP table -address.

The architecture shown in Fig. 1 is not only for apartments, but also a house or a shop is possible. Each apartment has been assigned a unique VLAN number.

Use this number to verify from which of the apartments the traffic is generated. It also use to label traffic that will be sent to a specific household.

All accounts will receive their IP address from the same subnet, which in Fig. 1 is 131.131.131.10-200.

The various routing tables are described below.

Account / IP address This table will be used if the request is sent to IP number 192.168.30.31. The different "User Account" and "Routed to Platform IP" will be statically configured, only the IP address of this account will be dynamic, as users will not receive the same IP address when logging in.

Anv. account IP address Directed to flat- Owner form Static Dynamic Static Stefan @ mandeln 131 .131.131 .10 192.168.10.1 Stefan Niclas @ mandeIn 131.131.131.2O 192.168.10.2 Niclas Uurban @ mandeln 131.131.131.21 192.168.10.3 Urban Nísse @ mandeln 131.131 .131.3O 192.168.10.4 Nisse Table 2 true: coca 10 15 ~ ~. . .- e. u ~ o. . ~ -. a n. 524 173% Table 2 shows an example of the account / IP address table. In this case, the user account Stefan @ almond with IP address 131 .131.131 .10 will be routed to the platform 192.168.10.1.

Device / IP Address This table will be used if the request is sent to IP number 192.168.30.32. The different "MAC Address" and "Routed to Platform IP" will be static, only "IP Address" will be dynamic, as users will not always receive the same IP address when logging in.

MAC Address IP Address Directed to Owner Platform Static Dynamic Static 00-A0-C9-E8-5F-64 131.131.131.10 192.168.11.1 00-A0-C9-E8-5F-64 (stefan) 00-A0-C9- E8-5F-65 131.131.131.20 192.168.1 1.2 OO-A0-C9-E8-5F-65 (niclas) OO-AO-C9-E8-5F-66 131.131.131.21 192.168.11.3 OO-A0-C9-E8 -5F-66 (urban) 00-A0-C9-E8-5F-67 131.131.131.3O 192.168.11.4 00-AO-C9-E8-5F-67 (pixie) Table / I3 Table 3 shows that the MAC address 00 -AO-C9-E8-5F-64 and the IP address 131.131.131.1O will be routed to the apartment 1 (unit 141) platform.

Household / IP address This table will be used if the request is sent to IP number 192.168.30.33. Everything will be statically configured in this table, since another nun-c 10 it is predetermined which platform a household with its subnet is allowed to access. As long as the request comes with the correct VLAN character string and source IP 524 173 11. - a. -. . - n a. is within this VLANs subnet, routing of this request is possible.

VLAN IP address Directed to Owner platform Static Dynamic Static 1 (stefan) 131.131.131.10 192.168.11.1 Apartment1 2 (niclas) 131.131.131.20 192.168.11.2 Apartment 2 2 (urban) 131.131.131.21 192.168.11.3 Apartment2 3 (nisse) 131.13 .131.3O 192.168.11.4 Apartment3 Table 4 Table 4 shows that only VLAN1 will be routed to the apartment 1 platform.

The group server (16) is installed with fl your platforms. Each of these platforms has only one owner. In this example, there are three households, and one of these households has two accounts. The other two households have only one account each.

The following platforms have been configured on the group server (16), see Table 5. -. . > .- 52 4 173 12 Platform - IP Platform - Owner 192.168.10.1 Stefan 192.168.10.2 Niclas 192.168.10.3 Urban 192.168.10.4 Nisse 192.168.1 1.1 00-A0-C9-E8-5F-64 192.168.1 1.2 00- AO-C9-E8-5F-65 192.168.1 1.3 00-AO-C9-E8-5F-66 192.168.1 1.4 OO-A0-C9-E8-5F-67 192.168.12.1 Platform for apartment 1 192.168.12.2 Platform for apartment 2 192.168.12.3 Platform for apartment 3 Table 5 In the IP access node (18) (compare Fig. 2) there is a domain name server (DNS) that will translate a name into an IP number and vice versa. This' fw 5 will allow users to use names instead of IP numbers when choosing the identification of their request. www.myhome.telia.com <--> 192.168.30.31 wvvw.myporta | .te | ia.com <--> 192.168.30.32 www.mydevice.te | ia.com <- + 192.168.30.33 oroas 10 15 20 25 - - - Q .-. - -. . . . . ø n; 5 2 4 1 7 3 13 The following are some illustrative examples: Apartment 1. User: Stefan Account: Stefan @ mandeln MAC address for PC: 00-A0-C9-E8-5F-64 VLANI 1 IP address: 131.131.131.1 OI User: Niclas Account: Nic | as @ mande | n MAC address for PC: OO-AO-C9-E8-5F-65 VLAN: 2 IP address: 131.131.131.2O Apartment 2.

The installed platforms are shown in Table 5. Each user has access to their own home, their personal area and the common area.

Example 1: PC login from your own home.

User Stefan logs in to the account Stefan @ almond and his PC receives the IP address131.131.131.10.

He wants to gain access to his Apartment platform and therefore uses URL: http: //myhome.telía.com, in his browser. The router in the IP access node (18) will send this request to the server (22) in the group server (16), where this request will be checked against the table "VLAN / IP address". This table (table 4) will direct this request to the apartment 1 platform, since this request is marked with VLAN id 1 and has the IP address 131 .131.131.10.

Example 2: PC login from your own home.

User Stefan logs in to Stefan @ almond and his PC receives the IP address131.131.131.10.

He wants to gain access to his device platform and therefore uses URL: http: //mydevice.telia.com, in his browser. The router in the IP access node (18) will send his request to the server (22) in the group server (16), where his request will be checked against the table "Device / IP address" This table (Table 3) other øoooo 10 15 20 25 524 173 14........., Will direct this request to the platform of O0-A0-C9-E8-5F-64, since this request has this MAC address and the IP address 131 .131.131 _10.

Example 3: PC login from your own home.

User Nclas logs in to the account Niclas @ mande | n and his PC receives the IP address 131.131.131.20.

He wants to gain access to his account platform and therefore uses URL: http: //myportal.telia.com, in his browser. The router in the IP access node (18) will send this request to the server (22) in the group server (16), where this request will be checked against the table "Account / IP address". This table (Table 2) will direct this request to Nicla's platform, as this request has the IP number 131.131.131.20.

The present invention uses the information contained in the LP access node (18). Examples of such information are given in Table 1. This information is used to create tables, whereby these tables will be the basis for directing platform requests to the correct platform. The invention makes the following things possible. o A way for households to gain access to the various platforms. o A way for the operator to ensure that only authorized requests will be routed to a specific platform.

Fig. 2 shows a logical description of the architecture comprising the device (10) shown in Fig. 1. Similar components Fig. 1 and Fig. 2 have received the same reference numerals. Fig. 2 shows that the IP access node (18) comprises an authorization system for deciding whether a unit 141, ..., 14n is authorized, and a router (24) connected to the authorization system. The authorization system includes an AAA server (26) (Authentication, Authorization and Accounting services.

This is a system for a service provider to handle these customer related functions.) Connected to said router (24) and a database (28) connected to the AAA server (26) comprising the identity of the units 141, ..., 14n. The IP access node (18) further comprises a policy server (30) connected to the database (28) and said router (24) which configures said router (24) in accordance with policy for another con »- 10 15 20 25 30. . . . .- 524 173 15 u. N. Specified account. An important thing worth pointing out here is that VLAN is used to prevent unauthorized communication between households. Fig. 2 shows a local area network, LAN, (Ethernet) for a single-family house and two houses connected by ADSL.

Fig. 3 shows a more detailed view of the network architecture shown in Fig. 2.

This figure has been provided with corresponding reference numerals as in Fig. 2 for similar components. Otherwise, reference is made to the description of Fig. 1 and Fig. 2 when the function is the same. Fig. 4 shows a fate diagram of a method in a wired communication system for directing geographically dispersed units to a correct resource on a service platform according to the present invention by means of a device (compare, for example, Fig. 1). The procedure starts at the block (70). The procedure then continues at block (72) with the step: that when a device 14x, where 15x5n, is switched on, it receives an IP token address. Then the procedure continues, at block (74) with the step: to present an account and a password regarding the device 14x. The procedure then continues at block (76) by asking if the device is authorized 14x? If the answer to this question is no, the unit is denied 14x access to the platform and the steps according to blocks (72) - (76) may be repeated in a new attempt. If, on the other hand, the answer is yes, the procedure continues, at block (78) with the step: that a group server (16) included in the device (10) regularly retrieves information about the units 141, ..., 14n from an IP access node (18), which we the communication system (12) is connected to the units 141, ..., 14n. Then, the process continues, at block (80), with the step: that the group server (16) receives a resource request from a device 14x.

The procedure then continues, at block (82), with the step: that the group server (16), based on the resource request and based on said information, directs the unit 14x to a correct service platform arranged on the group server (16). The procedure then ends at the block (84).

According to one embodiment, the step of presenting a password regarding the unit 14x is performed by the I-access node (18) automatically identifying and authorizing the unit 14x when it is switched on by the identities of the units 141, ..., 14n being registered in a database (28 ) included in the IP access node (18). This is useful when no person is nearby and the device, e.g. an IP telephone adapter, can not itself accomplish the authorization process. 10 15 20. - »- .- 524 173 16 .- i ...

If a person is available, this process takes place by a user of the device 14x entering said account and said password.

According to a preferred embodiment, the method further comprises the step: that the unit 14x receives a useful IP address.

According to a preferred embodiment, the method further comprises the step of: regularly synchronizing the information between the group server (16) and the IP access node (18).

According to a preferred embodiment, the IP access node (18) comprises a router (24) and a policy server (30) connected to said router (24), the method further comprising the step of: the policy server (30) configuring said router (24) in accordance with policy for specified account.

Fig. 5 shows a schematic view of some computer program products according to the present invention. Fig. 7 shows n different digital computers 1001, ..., 100 ,. and n various computer software products 1021,. . 102n, directly rechargeable in the internal memory of said computers 1001, ..., 100, .. Each 1021, ..., 1O2 ,, comprises software code portions for performing some or all of the steps of Fig. 4 when the product (s) 1021, ..., 102 ,, run on the computer / computers 1001, ..., 100 ,,. Computer software products 1021 ,. .., 102 ,. may, for example, be in the form of diskettes, RAM disks, magnetic tapes, optomagnetic disks or some other suitable products.

The invention is not limited to the embodiments described above.

It will be apparent that many different modifications are possible within the scope of the appended claims.

Claims (20)

: soon aan; - 10 15 20 25 30. c - - n »1524 173 .. s .. 17 PATENTKRAV A device (10) in a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform, characterized in that the device (10) comprises a group server ( 16), an IP access node (18) connected to the group server (16) which is connected via the communication system (12) to said units (141, 14,1), the IP access node (18) comprising information about said units ( 141, 14,1), which information is regularly retrieved by the group server (16) based on a received resource request from a unit (141,) and based on said information directs the unit (141,) to a correct, on said group server (161). 16) arranged service platform. A device (10) in a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform, characterized in that the device (10) comprises IP access node (18) which is connected via the communication system (12) to said units (141, 14,1) and a group server (16) included in the IP access node (18), the IP access node (18) comprising information about said units (141, 14,1), which information is regularly retrieved by the group server (16), the group server (16) based on a received resource request from a unit (141,) and based on said information directing the unit (141, ) to a correct service platform arranged on said group server (16). A device (10) in a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform according to claim 1 or claim 2, characterized in that group The server (16) comprises a server (22) comprising said service platforms and a means (20) connected to the server (22) which handles resource requests received from the units (141, 14,1). A device (10) in a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform according to any one of claims 1 - 3, characterized in that the device (10) 10 15 20 25 30 524 173 '' '' "n» ~. .- 18 further comprises a memory means in which said information is stored in the form of tables. A device (10) in a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform according to claim 4, characterized in that the tables comprise information about which combination of VLAN / IP number, MAC address / IP number has access to which platform. A device (10) in a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform according to any one of claims 1-5, characterized in that the units (141, 14,1) consist of terminals, users or apparatus or a combination of these. A device (10) in a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform according to any one of claims 1-6, characterized in that said information is regularly synchronized between the group server (16) and the IP access node (18). A device (10) in a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform according to any one of claims 1 - 7, characterized in that IP the access node (18) comprises an authorization system for deciding whether a device (141, 1411) is authorized, and a router (24) connected to the authorization system. A device (10) in a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform according to claim 8, characterized in that the authorization system comprises a AAA server (26) connected to said router (24) and a database (28) connected to the AAA server (26) comprising the identity of the devices (141, 14,1). A device (10) in a wired communication system (12) for directing geographically dispersed units (141, 1411) to a correct resource on a service unit 10 15 20 25 30 524 173. . . ; Platform according to claim 9, characterized in that the IP access node (18) further comprises a polling server (30) connected to the database (28) and said router (24) which configures said router (24) in accordance with the policy for the specified account. . A method of a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform by means of a device (10), the method comprising the steps of: - reaching a unit (141 ,), where 1 sxsn, is connected, it receives an IP token address; - to present an account and a password regarding the device (14 ,,); - determining whether the device (141,) is authorized; - that a group server (16) included in the device (10) regularly retrieves information about the devices (141, 14,1) from an IP access node (18) which is connected to said devices (141) via the communication system (12). , 1411); - that the group server (16) receives a resource request from the device (141,); and - that the group server (16), based on the resource request and based on said information, directs the unit (141,) to a correct service platform arranged on the group server (16). A method of a wired communication system (12) for directing by means of a device (10) geographically dispersed units (141, 14,1) to a correct resource on a service platform according to claim 11, characterized in that the step of presenting an account and a password regarding the device (141,) is performed by the IP access node (18) automatically identifying and authorizing the device (141,) when it is switched on by the identities of the devices (141, 14,1) being registered in a database (28) included in the IP access node (18). A method of a wired communication system (12) for directing by means of a device (10) geographically dispersed units (141, 14,1) to a correct resource on a service platform according to claim 11, characterized in that the step of presenting an account and a password regarding the device (141,) is performed by a user of the device (141,) entering said account and said password. nosa- una-n 10 15 20 25 30 524 173 20 A method of a wired communication system (12) for directing by means of a device (10) geographically dispersed units (141, 14,1) to a correct resource on a service platform according to any one of claims 11 - 13, characterized in that said information stored in the form of tables in a memory device included in the device (10). A method of a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform according to claim 14 by means of a device (10), characterized in that the tables comprise information about which combination of VLAN / IP number, MAC address / IP number that has access to which platform. A method in a wired communication system (12) for directing by means of a device (10) geographically dispersed units (141, 14,1) to a correct resource on a service platform according to any one of claims 11 - 15, characterized in that the method further the step comprises: - that the device (141,) receives a useful IP address. A method of a wired communication system (12) for directing by means of a device (10) geographically dispersed units (141, 14,1) to a correct resource on a service platform according to any one of claims 11 - 16, characterized in that the units ( 141, 14.1) consist of terminals, users or apparatus or a combination of these. A method in a wired communication system (12) for directing by means of a device (10) geographically dispersed units (141, 14,1) to a correct resource on a service platform according to any one of claims 11 - 17, characterized in that the method further the step comprises: - regularly synchronizing said information between the group server (16) and the IP access node (18). A method of a wired communication system (12) for directing geographically dispersed units (141, 14,1) to a correct resource on a service platform according to any one of claims 11 - 18, characterized by a device (10), characterized 5 1024 173. - -. aa 21 in that the IP access node 818) comprises a router (24) and a policy server (30) connected to said router (24), the method further comprising the step of: - the policy server (30) configuring said router (24) in accordance with policy for specified account. At least one computer program product (1021, 102,1) directly loaded into the internal memory of at least one digital computer (1001, 100m), comprising software code portions for performing the steps of claim 11 when said at least one product (1021, 102m) is run on said at least one computer (1001, ...,