WO1999028805A2 - Method and device in a data network for supplying services - Google Patents
Method and device in a data network for supplying services Download PDFInfo
- Publication number
- WO1999028805A2 WO1999028805A2 PCT/SE1998/002181 SE9802181W WO9928805A2 WO 1999028805 A2 WO1999028805 A2 WO 1999028805A2 SE 9802181 W SE9802181 W SE 9802181W WO 9928805 A2 WO9928805 A2 WO 9928805A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- service
- client
- node
- service node
- services
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Definitions
- the present invention relates to data networks and in particular to a method and a device for being able to make services and/or information accessible by many users with retained security.
- the Internet has become an extremely common channel for spreading information and services, for example the distribution of programs.
- Intranets to which, for example, only members or employers have access.
- Intranets Such a solution is however relatively expensive, in particular for small companies, and, even if the access to the net is limited, it does not solve the problem with payment.
- a further object of the invention is to be able to charge the users based upon their use of the services in the network.
- a device in a data communication network in which services and/or information are supplied to the clients from service nodes in the network, which device is arranged to: - receive the request for a service from a client;
- a client sends a request for a service to a mediating means; - the mediating means verifies that the client is authorized to use the service, acknowledges this and allotes the service node from which the service can be obtained;
- the client starts the service locally on his computer and in the alloted service node.
- the confirmation of the service reservation is sent to the client and/or to the alloted service node.
- the mediating means can have several different types of service nodes with different types of services from several different suppliers connected. In this way even small service supplies can offer their services without having to construct their own networks.
- the solution according to the invention is also scalable because it is easy to add new service nodes.
- the device can also allocate the service node which is closest to the client, investigate if the selected service node has the capacity to supply the service to the client and in other cases select another service node and/or reserve capacity in the network for the transfer of data between the service node and the client.
- the solution according to the invention gives a redundancy on the network level which reduces the requirement for redundancy in each node.
- the device and method in accordance with the invention also permit the debiting of services through events connected with the costs for the use of a service being registered, for example when somebody begins and finishes the use of the service.
- the invention results in the following advantages: according to the invention the development and distribution of commercial services by Internet Protocol (IP) as a transport system is permitted.
- IP Internet Protocol
- the solution according to the invention includes services for the provision of applications, for subscriptions, debiting, security, and resource management.
- the supplier of services obtains a platform to build on and can reduce his operating and maintainance costs.
- Fig. 1 shows the constituent units in the public intranet in accordance with the invention.
- Fig. 2 is a flow diagram of how a user activates a service in the network according to the invention.
- Fig. 3 shows the functional parts and interfaces in the public intranet according to the invention.
- Fig. 4 shows the principle for access to the information which is stored in the host nodes.
- Fig. 1 shows the nodes which are comprised in a public intranet according to the invention.
- a number of local networks (Local Area Networks - LAN) 1, 3, 5 based on the Internet Protocol (IP) are connected to a large service network 7.
- the service network 7 can be logically divided in three levels: a first level comprising a number of switches 9, for example Asynchronous Transfer Mode (ATM) switches, to which the local networks 1, 3, 5 are connected and through which the traffic in the network is contolled.
- ATM Asynchronous Transfer Mode
- the local networks 1, 3, 5 are connected to the service networks 7 in some known manner.
- the third level comprises at least one procurement node ("broker") 13, a service managing node 15 and one or more service nodes 17.
- the service managing node 15 comprises a user data base containing information on the users who are allowed to use certain or all of the services available on the service node 17.
- the service managing node 15 comprises also the interface to the external system such as subscriber data bases and debiting nodes, and even debiting information based on the users' use of services.
- the procurement node 13 comprises functions for being able to identify the user and his authorizations and for procuring services which lie on the service nodes 17 for the users in the local networks 1, 3, 5. In order that a service shall be able to be used by a user in the local net the service must therefore be registered in the procurement node 13.
- Fig. 1 makes it possible for, for example, small companies to put out services on the Internet with limited accessability and retaining security without needing to construct their own internal network.
- a network operator supplies procurement nodes 13, the data base 15 and the service nodes 17.
- Those who wish to put out their services or other programs on the Internet without having to be available to everyone or who will ensure that they are paid for the use of the program can "rent" space on the service node for the program.
- Information on who is authorized to use the program, what it shall cost, etc., is then stored in the data base in, or in connection to, the service managing node.
- the design of the network with ATM switches and routers is only one example of several possible which are known for the skilled person.
- the solution according to the invention is applicable in all types of IP network.
- Fig. 2 shows, in the form of a flow diagram, the steps which are taken when a user in a local network 1, 3, 5 wants to use a service which is in a service node 17.
- Step SI The user contacts the procurement node 13.
- Step S2 The procurement node identifies the user and fetches information on the user's authorization from the service managing node.
- Step S3 The user orders the desired service.
- Step S4 The procurement node verifies that the user is authorized to order the service and sends a "ticket" to the user with a confirmation that the service is ordered and information on which service node the service can be fetched from.
- Step S5 The user sends the ticket further to the stated service node.
- Step S6 The service node supplies the service to the user.
- Step S7 When the service is activated, the normal transmission of debiting information to a data base in, or in connection to, the service management node is begun.
- the debiting information can be transmitted for events which take place while the service is being run and/or when the service is activated and deactivated.
- the procurement node in step S4, decides which service node which shall supply the service depending on the current load on the service nodes which have the service, or depending on which service node geographically lies closest to the user or a combination of these and/or other parameters.
- the procurement node ensures that the selected service node has empty capacity before the ticket is sent to the user and possibly reserves the capacity which is required.
- the reservation is in this case suitably valid for a limited period of time.
- the procurement node also sends the ticket to the service node as a further confirmation that the order is approved.
- the identity of a user can be verified in a number of known ways depending on which security level is required.
- a smart card can be used in combination with a user identity and password.
- a so-called soft card a file which can be saved for example on hard disk or on a diskette, can be used instead of the smart card.
- Fig. 3 is a logical representation of a service platform 101 for an intranet in accordance with the invention.
- a number of service programs 103, 105 are constructed on the platform.
- the platform 101 supplies support for the choice of the service program and for contiolling the running of the program.
- the platform 101 comprises functions for managing security 107, managing resources 109, procuring services 111, debiting 103 and service management 115.
- the functions are made available for the service programs 103, 105 through an application interface (Application Program Interface - API) 117.
- Existing service programs 103 can be added through adding a surrounding program (wrapper code) 110, which supplies the debiting, security and resource managing functions which are required.
- a surrounding program wrapped in or around the surrounding program 119
- Other service programs 105 can be developed especially for the API 117 and can themselves include the debiting, security and resource managing functions which are required for communication with the corresponding functions in the platform.
- These functions comprise the regulating of who may run a certain program, information on what it costs to run the program and registering of information on when a user can begin to run the program, when the program finishes and, possibly, events while the program is running which have significance for the cost. For example, the management of certain information or the use of a certain function in the program can be registered separately. Events which lead to some form of discount can also be registered. If the program is for example a game a certain number of points can give the right to a free game. Debiting takes place according to the principle chent-server as the client supplies an API for the applications. The applications which are to be debited are run on a service node (server). A special application produces event-based entries with the help of the debiting API. Before the debiting information is sent to a debiting node it is coded by the debiting unit in the service node.
- the debiting information can be sent individually when they are produced or stored in a file for later delivery.
- the debiting unit in the service node monitors the connection to the debiting node and reestablishes the connection if it is broken. During disconnection the debiting information is written to a local data base.
- the debiting node monitors the connection to an external debiting system in the same way.
- Entries from several clients are stored in the debiting node. These are sent to the external debiting system for processing in accordance with the formats and protocols which the external system requires.
- An application uses the ticket (see Fig. 2, step S4) from the procurement node in order to connect a unique user identity to the use of a service.
- a service managing program 121 makes it possible for the network operator to manage the subscribers, the supply of programs, and others.
- the hierarchical definition of the service managing function permits distributed management so that the individual subscriber can manage his own customers.
- Fig. 4 shows the principle for communications between the user and a service node in accordance with the invention.
- a terminal at a final user is connected to a service node 203 via the IP network 205.
- the terminal 201 are certain procurement functions 207 for managing the interface to the user identification which is used, for example the smart card, and in order to display available applications.
- the service node there are functions 209 for verifying the user identity and controlling the access to the different services.
- the service node also contains certain parts of the platform shown in Fig. 3 and supplies the API to the applications.
- the services are stored on one or more host nodes 211 which can contain film sequences or whole films, HTLM pages, other types of files, electronic post, news services or others.
- the communication takes place through a so-called secure tunnel, that is to say some form of secure information transfer according to known techniques, for example Secure Socket Layer (SSL).
- SSL Secure Socket Layer
- the number of service nodes can be adapted to the requirement in the network in the form of the number of services, the number of users, etc.
- the procurement node ensures that a selected service node has vacant resources and possible reserves resources when an order is made.
- the service node is monitored with respect to its load, the number of users and the bandwidth used. This information is used in order to determine if the node can take more users. In this way the service node is protected against overloading so that the users can be guaranteed a certain quality.
- the number of simultaneous users from one and the same user group is monitored and compared with the maximum number of users from this group. If the limit is reached further users are refused access. This ensures that the active users are guaranteed the quality which the network can offer on the user's side.
- the procurement node can also contain functions for ensuring that a connection with a necessary bandwidth and quality can be established between the terminal of the user and the service node and also, in accordance with one embodiment, reserve the resources in the network which are necessary for the connection. Suitably the resources are reserved for a distinct period of time.
- the monitoring and the reservation of resources in the network depend on how the IP network and the underlying transport network are realized.
- the functionality in routers and the ATM network influence the realization of resource management.
- the security in the network is based upon known solutions and can be applied at different levels depending on for example the type of services, the amounts etc.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU15807/99A AU1580799A (en) | 1997-12-02 | 1998-11-30 | Data communication network in which services are supplied to clients from service nodes in the network |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SE9704481A SE9704481D0 (en) | 1997-12-02 | 1997-12-02 | System Architecture |
SE9704481-2 | 1997-12-02 | ||
SE9801364A SE513538C2 (en) | 1997-12-02 | 1998-04-20 | Method and apparatus of a data communication network in which services are provided |
SE9801364-2 | 1998-04-20 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO1999028805A2 true WO1999028805A2 (en) | 1999-06-10 |
WO1999028805A3 WO1999028805A3 (en) | 1999-10-21 |
Family
ID=26663143
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SE1998/002181 WO1999028805A2 (en) | 1997-12-02 | 1998-11-30 | Method and device in a data network for supplying services |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU1580799A (en) |
SE (1) | SE513538C2 (en) |
WO (1) | WO1999028805A2 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6324522B2 (en) * | 1997-09-15 | 2001-11-27 | Mro Software, Inc. | Electronic information network for inventory control and transfer |
WO2002051076A1 (en) * | 2000-12-21 | 2002-06-27 | E. Bengtsson Ingenjörsfirma | Service management server |
WO2002054674A1 (en) * | 2000-12-21 | 2002-07-11 | Blokks Ab | Network service management system |
WO2002067131A1 (en) * | 2001-02-19 | 2002-08-29 | Telia Ab (Publ) | Network interface for access to or control of objects |
WO2003026245A2 (en) * | 2001-09-18 | 2003-03-27 | Qualcomm Incorporated | Method and apparatus for service authorization in a communication system |
WO2006092513A1 (en) * | 2005-03-04 | 2006-09-08 | France Telecom | Method for controlling access to a service, system and devices adapted therefor |
EP1755313A1 (en) * | 2005-08-17 | 2007-02-21 | Alcatel | Control device for enabling functions of a service equipment within an internet communication network |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0456386A2 (en) * | 1990-05-11 | 1991-11-13 | International Computers Limited | Access control in a distributed computer system |
EP0561509A1 (en) * | 1992-03-17 | 1993-09-22 | International Computers Limited | Computer system security |
US5815574A (en) * | 1994-12-15 | 1998-09-29 | International Business Machines Corporation | Provision of secure access to external resources from a distributed computing environment |
-
1998
- 1998-04-20 SE SE9801364A patent/SE513538C2/en not_active IP Right Cessation
- 1998-11-30 WO PCT/SE1998/002181 patent/WO1999028805A2/en active Application Filing
- 1998-11-30 AU AU15807/99A patent/AU1580799A/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0456386A2 (en) * | 1990-05-11 | 1991-11-13 | International Computers Limited | Access control in a distributed computer system |
EP0561509A1 (en) * | 1992-03-17 | 1993-09-22 | International Computers Limited | Computer system security |
US5815574A (en) * | 1994-12-15 | 1998-09-29 | International Business Machines Corporation | Provision of secure access to external resources from a distributed computing environment |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6324522B2 (en) * | 1997-09-15 | 2001-11-27 | Mro Software, Inc. | Electronic information network for inventory control and transfer |
WO2002051076A1 (en) * | 2000-12-21 | 2002-06-27 | E. Bengtsson Ingenjörsfirma | Service management server |
WO2002054674A1 (en) * | 2000-12-21 | 2002-07-11 | Blokks Ab | Network service management system |
WO2002067131A1 (en) * | 2001-02-19 | 2002-08-29 | Telia Ab (Publ) | Network interface for access to or control of objects |
WO2003026245A2 (en) * | 2001-09-18 | 2003-03-27 | Qualcomm Incorporated | Method and apparatus for service authorization in a communication system |
WO2003026245A3 (en) * | 2001-09-18 | 2004-03-04 | Qualcomm Inc | Method and apparatus for service authorization in a communication system |
US6850983B2 (en) | 2001-09-18 | 2005-02-01 | Qualcomm Incorporated | Method and apparatus for service authorization in a communication system |
WO2006092513A1 (en) * | 2005-03-04 | 2006-09-08 | France Telecom | Method for controlling access to a service, system and devices adapted therefor |
EP1755313A1 (en) * | 2005-08-17 | 2007-02-21 | Alcatel | Control device for enabling functions of a service equipment within an internet communication network |
WO2007020360A1 (en) * | 2005-08-17 | 2007-02-22 | Alcatel Lucent | Device for controlling the implementation of functions in a service device belonging to an internet communication network core |
FR2889899A1 (en) * | 2005-08-17 | 2007-02-23 | Alcatel Sa | DEVICE FOR CONTROLLING THE IMPLEMENTATION OF FUNCTION (S) IN A SERVICE EQUIPMENT OF A HEART OF INTERNET COMMUNICATION NETWORK |
US9503553B2 (en) | 2005-08-17 | 2016-11-22 | Alcatel Lucent | Device for controlling the implementation of functions in a service device belonging to an internet communication network core |
Also Published As
Publication number | Publication date |
---|---|
WO1999028805A3 (en) | 1999-10-21 |
SE513538C2 (en) | 2000-09-25 |
AU1580799A (en) | 1999-06-16 |
SE9801364L (en) | 1999-06-03 |
SE9801364D0 (en) | 1998-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2313185C2 (en) | Method, system and device for controlling and managing transmission of data in communication networks | |
US7640246B2 (en) | Method and system for providing content | |
US7136996B2 (en) | One-time logon method for distributed computing systems | |
US8737954B2 (en) | Managing recurring payments from mobile terminals | |
US6189101B1 (en) | Secure network architecture method and apparatus | |
US8051491B1 (en) | Controlling use of computing-related resources by multiple independent parties | |
US8738741B2 (en) | Brokering network resources | |
US7024697B2 (en) | Access right managing system, portable terminal, gateway and contents server | |
US7721339B2 (en) | Method for controlling access to digital content and streaming media | |
US5696902A (en) | System for management of the usage of data consultations in a telecommunication network | |
US20020161676A1 (en) | Prepaid fixed quantity access to web services | |
US20020116338A1 (en) | Prepaid access to internet protocol (IP) networks | |
US20020049675A1 (en) | System and user interface for managing users and services over a wireless communications network | |
CN102904870B (en) | Server unit and information processing method | |
CN1826766A (en) | Method and apparatus for controlling credit based access (prepaid) to a wireless network | |
US8737958B2 (en) | Managing recurring payments from mobile terminals | |
US6772191B1 (en) | System and method for limiting services at a plurality of levels and controlling image orientation via a network | |
KR20010068478A (en) | Method for Providing the Internet Service Based upon Decentralized Individual Content Providers | |
WO1999028805A2 (en) | Method and device in a data network for supplying services | |
JP2002304667A (en) | System and method for managing electronic locker, information processor, electronic locker device and program | |
EA005838B1 (en) | System and method for distributing data | |
KR100391952B1 (en) | Using server-side application direct file execution method on AIP system | |
US20040014455A1 (en) | Method and device for co-ordinating telecommunications services | |
US20020087675A1 (en) | Media-distribution-resource management apparatus and storage medium | |
JP3860021B2 (en) | RESOURCE MANAGEMENT SYSTEM, METHOD, AND APPARATUS HAVING MECHANISM FOR THE SAME |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase in: |
Ref country code: KR |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase in: |
Ref country code: CA |