WO2008034804A1 - Examen de l'intégrité de données dans des systèmes de gestion - Google Patents

Examen de l'intégrité de données dans des systèmes de gestion Download PDF

Info

Publication number
WO2008034804A1
WO2008034804A1 PCT/EP2007/059797 EP2007059797W WO2008034804A1 WO 2008034804 A1 WO2008034804 A1 WO 2008034804A1 EP 2007059797 W EP2007059797 W EP 2007059797W WO 2008034804 A1 WO2008034804 A1 WO 2008034804A1
Authority
WO
WIPO (PCT)
Prior art keywords
manager
agent
data
file
management device
Prior art date
Application number
PCT/EP2007/059797
Other languages
German (de)
English (en)
Inventor
Lucian Hirsch
Original Assignee
Nokia Siemens Networks Gmbh & Co. Kg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Gmbh & Co. Kg filed Critical Nokia Siemens Networks Gmbh & Co. Kg
Publication of WO2008034804A1 publication Critical patent/WO2008034804A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/046Network management architectures or arrangements comprising network management agents or mobile agents therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/052Network management architectures or arrangements using standardised network management architectures, e.g. telecommunication management network [TMN] or unified network management architecture [UNMA]

Definitions

  • the invention relates to methods for operating a management system in which at least one data message containing data is sent from a first management device to a second management device.
  • TMN management network
  • TMN management network
  • management layers for the management of a communication system -
  • each layer except the top and bottom layers having a dual function, namely has a manager and an agent function.
  • each level except the bottom one performs a manager function for the level below.
  • each layer except the top one has an agent function for the next higher layer.
  • Managers start operations for network monitoring and control by sending so-called “requests”, which are executed by agents, and receive corresponding responses from the agents.
  • Elements of the network also referred to as resources, which perform the role of an agent in the hierarchy, detect relevant events, so-called “events”, such as alarms, generate corresponding notifications, and transmit them in the form of event messages so-called “event reports” to managers to enable efficient network management.
  • Network management may include fault management and / or configuration management and / or security management (Security management) and / or that of the billing management (accounting management) and / or the performance management (performance management).
  • Network management should provide appropriate information distribution and management mechanisms so that, when needed, a comprehensive picture of network status is available and the individual resources can be efficiently monitored and configured.
  • the manager-agent communication is via so-called management interfaces or manager-agent interfaces, which in an object-oriented environment through a communication protocol, such as. Common Management Information Protocol (CMIP) according to ITU-T X.711, Common Object Request Broker Architecture (CORBA) or Simple Network Management Protocol (SNMP), and characterized by an object model.
  • CMIP Common Management Information Protocol
  • CORBA Common Object Request Broker Architecture
  • SNMP Simple Network Management Protocol
  • Such interfaces exist between, on the one hand, the Network Element Management Level and, on the other hand, the Network Element Level.
  • An example of network devices of this manager-agent interface are the operation and maintenance centers (OMC) on the side of the network element management level, and on the side of the network element level devices such as base station system base stations (BSS: Base Station System) of a GSM mobile radio network, or base stations of other communication networks, for example NodeB ⁇ s of a UMTS mobile radio network (UMTS: Universal Mobile Telecommunication System), or radio access points of a WLAN system (WLAN: Wi-Fi Local Area Network), for example, according to one of the IEEE 802.11 standards.
  • OMC operation and maintenance centers
  • Manager-agent interfaces also exist on the one hand between the network management level and on the other hand the network element management level.
  • An example of network equipment for this Manager-Agent interface is provided by the Network Management Center (NMC: Network Management Center) and the Network Management Management (OMC) Operation and Maintenance Center (OMC). Level, for example, in the aforementioned GSM or another mobile or telecommunications network.
  • NMC Network Management Center
  • OMC Network Management Management
  • OMC Operation and Maintenance Center
  • Level for example, in the aforementioned GSM or another mobile or telecommunications network.
  • the object of the invention is to disclose efficient and safe methods for operating a management system and management devices for carrying out the method.
  • At least one data message containing data is sent by the first management device to the second management device. Furthermore, a control message controlling the data transmission is sent from the first management device to the second management device.
  • the control message contains an information element which on the receiver side makes it possible to check the received data for identity with the transmitted data.
  • Data is transferred from the first management device to the second management device.
  • the data can be contained in a single message or distributed across multiple messages.
  • the transmission of a control message from the first to the second management device takes place.
  • the control message is used to control the data transmission, ie it refers to the transmission of the data.
  • the data is user information, ie information which the first management device makes available to the second management device, the control message contains no useful information. Rather, the concerns
  • Control message only the transmission process of the payload.
  • An information element is used, which serves to verify the data on the receiving side. Using the information element, the second management device can determine whether the data it receives matches the data that the first management device previously sent.
  • the information element is not transmitted in a common message with the data; rather, the data and information element are transmitted in separate messages. This makes it difficult to manipulate the data after being sent by the first management device and before being received by the second management device.
  • the invention can be applied to a plurality of data records, ie several data records can be transmitted as part of the data transfer.
  • a single control message can be used which contains a plurality of information elements, each information element being assigned to a data record.
  • a plurality of control messages may be used, the control messages each comprising one or more information elements.
  • the at least one data message is sent after the control message. This procedure is particularly suitable in the event that the control message indicates an availability of the data. This indication can be sent unsolicited from the second management device to the first management device, eg if the second management device determines that data is available which can be sent to the first management device. Alternatively, a request to the second management device can first be made by the first management device as to whether data is available for sending.
  • the at least one data message is sent before the control message. This procedure is particularly suitable in the event that the control message indicates a termination of the transmission of the data.
  • the first management device determines the information element using the data before sending the control message.
  • the method for determining the information element is preferably known to the second management device.
  • the second management device receives at least one data message containing data transmitted by the first management device. Furthermore, the second management device receives a control message sent by the first management device and controls the data transmission. In this case, the control message contains an information element, which on the receiver side allows verification of the received data for identity with the transmitted data. While the first method according to the invention corresponds to the view of the first management device, this applies to the second method according to the invention for the second management device. The comments on the first method according to the invention are therefore applicable to the second method according to the invention.
  • the second management device determines another information element using the received data and compares this further information element with the received information element.
  • the further information element is preferably determined by the same algorithm with which the information element was also determined.
  • the second management device may send an error message. This dispatch can e.g. to the first management institution or to a higher-level institution.
  • the information element is a preferred embodiment of the invention according to a checksum.
  • a checksum is a numerical value, which is calculated according to a specific algorithm based on the data. Different data usually results in different checksum values.
  • the first management device can be a manager or an agent
  • the second management device can be an agent or manager assigned to the first management device.
  • the invention is thus applicable both to the transfer of data from a manager to an agent and to the transfer of data from an agent to a manager. It is advantageous if the data transmission according to a first standard and the transmission of the control message according to a second standard. In this way, a standard, eg FTP, can be used for data transmission, as well as a different standard, which regulates the control or at least part of the control of the data transmission.
  • a standard eg FTP
  • the data is a file, i. a dataset with a specific structure.
  • the data transfer in the form of files has the advantage that large amounts of data can be transmitted.
  • the first management device has means for sending at least one data message containing data to a further management device, and means for sending a control message controlling the data transfer to the further management device.
  • the control message contains an information element which on the receiver side makes it possible to check the received data for identity with the transmitted data.
  • means are further provided for determining the information element using the data before sending.
  • the second management device has means for receiving at least one data message containing data from another management device, and means for receiving a control message controlling the data transfer from the further management device.
  • the control message contains an information element which on the receiver side makes it possible to check the received data for identity with the transmitted data.
  • means are further provided for performing the check upon receipt of the control message and the data message.
  • the management devices according to the invention are particularly suitable for carrying out the method according to the invention, and this can also apply to the refinements and developments. For this they may include other suitable means.
  • FIG. 1 shows a detail of a management system
  • FIG. 2 shows a first flow chart for the method sequence
  • FIG. 3 shows a second flowchart for the method sequence
  • Figure 4 a third flowchart of the procedure.
  • the detail of a management system shown in FIG. 1 shows the manager MANAGER and the agent AGENT, which are connected via the communication link NET.
  • the invention is applicable to any types of management systems and communication links.
  • the manager MANAGER and the agent AGENT are part of a mobile communication system according to the UMTS standard.
  • the manager MANAGER is a network management center
  • the agent AGENT is an element manager or a network element such as a base station.
  • the 3GPP standards of the series 32.xxx define a from the point of view of the manager
  • Messages are transmitted between the manager MANAGER and the agent AGENT via the communication connection NET.
  • files or files FILE are transmitted from the agent AGENT to the manager MANAGER and / or from the manager MANAGER to the agent AGENT, which may contain larger amounts of data.
  • standardized file transfer protocols such as FTP or FTAM can be used.
  • the files FILE can contain eg performance management data, inventory management data, log contents, network element software versions, charging data or call trace data.
  • the actual transfer of files FILE is embedded in a control sequence.
  • the 3GPP Standard TS 32.342 File Integration Integration Point (IRP): Information Service (IS)
  • IRP Information Service
  • listAvailableFiles This is an operation that the manager sends MANAGER to the agent AGENT.
  • the manager MANAGER receives from the agent AGENT information about agent AGENT stored files which are provided for file transfer to the manager MANAGER, i. can be transmitted.
  • the operation listAvailableFiles is preferably used after an interruption of the communication between the manager MANAGER and the agent AGENT. In this way, the manager MANAGER can get an overview of the available files, and then request the relevant files for him and received via the file transfer. This control message is used for the later transfer of files in the direction of the agent AGENT to the manager MANAGER.
  • MANAGER notify that one or more files are provided for file transfer to Manager MANAGER are.
  • the agent AGENT can, for example, inform the manager MANAGER periodically every 15 minutes that a file with performance management data is available for transmission.
  • This control digest is used for the later transfer of files in the direction of the agent AGENT to the manager MANAGER.
  • the manager MANAGER informs the agent AGENT that a file transfer from the manager MANAGER to the agent AGENT has been successfully completed. This control message is used for the previously transfer of files in the direction of the manager MANAGER to the agent AGENT.
  • the said control messages each contain a parameter filelnfoList, which comprises various information elements concerning the respective file to be transmitted or transmitted:
  • fileLocation the location of the file, i. where the respective file can be found.
  • fileSize size of the file.
  • fileReadyTime Time of the last modification of the file.
  • fileExpirationTime Validity of the file.
  • Control messages or the parameter filelnfoList the control messages is added another optional information element, which is referred to as fileCheckSum.
  • fileCheckSum This is a data description element that allows the recipient of a file to recognize whether the content of the received file matches the file content present on the sender side prior to shipment.
  • the value of the information element fileCheckSum thus corresponds to a unique "fingerprint" of the file.
  • the information element fileCheckSum is especially suitable for a checksum.
  • H (D) is the hash function.
  • Such a checksum has a fixed length regardless of the size of the file on the basis of which the checksum is calculated.
  • One known and advantageous method for calculating a 128-bit checksum is the MD5 algorithm, described e.g.
  • FIG. 2 shows a method sequence in which a file transfer takes place from the manager MANAGER to the agent AGENT, wherein before the file transfer, a listAvailableFile operation is sent from the manager MANAGER to the agent AGENT.
  • the message listAvailableFile-Request for requesting the operation listAvailableFile contains, at least among other things, the parameter managementDataType, which indicates the type of management data for which the manager MANAGER is interested in the listAvailableFile operation, and the parameter beginTime, which is the earliest time of the Creation of the data for which the manager MANAGER is interested in the operation listAvailableFile, and the parameter endTime, which indicates the latest date of creation of the data for which the manager MANAGER is interested in the operation listAvailableFile.
  • the response message listAvailableFile-Response sent to the message listAvailableFile-Request by the agent AGENT to the manager MANAGER contains, at least among other things, the parameter filelnfoList with the information element fileCheckSum, whose value was previously calculated by the agent AGENT in step CALCULATE, and a status specification Status.
  • the parameter filelnfoList may contain one, several or all of the other information elements explained above.
  • the parameter filelnfoList is contained for each file, which is ready for file transfer and corresponds to the criteria of the message listAvailableFile-Request. If several such files are available for transmission, then several values for the information element fileCheckSum are calculated and sent correspondingly with the response message listAvailableFileResponse to the manager MANAGER.
  • Agent AGENT calculates the value of the information element fileCheckSum in step CALCULATE. This calculation is done before sending the response listAvailableFile-Response, preferably after receiving the message listAvailableFile-Request. Alternatively, however, the calculation can also be performed before the message listAvailableFile-Request is received.
  • the file transfer file transfer from the agent AGENT to the manager MANAGER takes place.
  • the sequence of file transfer can be done according to different protocols; it is not relevant to the understanding of the invention. It is essential that the information element fileCheckSum is not contained in the message containing the respective file, but in a separate message.
  • COMPARE calculates the value of the check sum for each received file based on the content of the received file (s). For this purpose, the same algorithm is used, which the agent AGENT applies to calculate the value of the information element fileCheckSum.
  • the checksum value calculated by the manager MANAGER is then compared with the value of the information element fileCheckSum specified by the agent AGENT in the response message listAvailableFile-Response as the second component of the method step CALCULATE, COMPARE for each received file. If the two values agree, it can be assumed that the content of the file present to the manager MANAGER is identical to the content sent by the agent AGENT. On the other hand, if the two values do not agree, then the manager MANAGER takes a corresponding measure, such as: sending an error message to the agent AGENT, requesting that the respective file be sent again to the agent
  • Agent AGENT sending an error message to a device responsible for the functioning of the communication connection NET.
  • FIGS. 3 and 4 show process sequences in which the information element fileCheckSum is not contained in the response message listAvailableFile-Response. Since some method steps correspond to those of FIG. 1, a detailed explanation of FIGS. 3 and 4 is dispensed with.
  • the message listAvailableFile-Request is not sent by the manager MANAGER to the agent AGENT; rather, the agent AGENT sends the notification notifyFileReady to the manager MANAGER.
  • the notification notifyFileReady contains the information element fileCheckSum, whose value (s) were or were previously calculated in the step CALCULATE by the agent AGENT for each file on whose availability Agent AGENT informs the manager MANAGER with the notification notifyFileReady.
  • the MANAGER Manager After File Transfer File Transfer, the MANAGER Manager performs the CALCULATE, COMPARE step to verify the correctness of the received file (s).
  • file transfer takes place from the manager MANAGER to the agent AGENT.
  • the manager MANAGER calculates the value of the information element fileCheckSum of the file (s) transferred as part of the file transfer file transfer.
  • the manager MANAGER sends to the agent AGENT the message fileDownloadlndication, which contains the parameter filelnfoList with the information element fileCheckSum for each transferred file.
  • the step CALCULATE can take place before, after or during file transfer File Transfer.
  • the agent AGENT Upon receipt of the fileDownloadlndication message, the agent AGENT performs the CALCULATE, COMPARE step to verify the correctness of the received file (s).
  • a corruption of the content of a file after the transmission and before the reception can be done in two ways.
  • an error may occur in the transmission, i. the content of the file is unintentionally changed due to deficiencies of the communication link NET.
  • Such an error can be detected by using the information element fileCheckSum.
  • the information element fileCheckSum contained in the message containing the file.
  • a change in the contents of a file can be done by deliberate intervention. For example, a hacker could attempt to modify charging or charging data. In order to be able to do this unnoticed, the contents of the file as well as the associated value of the file would have to be used
  • Information element fileCheckSum to be edited by the hacker. This is made much more difficult if the information element fileCheckSum is in a different message than the file. Especially in the case that the information element fileCheckSum is sent before the file, such a deliberate manipulation is not possible. Because at the time when a processing of the information mentes fileCheckSum, the contents of the associated file to be transferred later can not be known to the hacker.
  • the invention thus provides an efficient method for verifying the data integrity of data transmitted between two management devices.
  • the method can be applied to a wide variety of data types and in various management systems; it is independent of the protocol used to transmit the data between the management facilities.

Abstract

L'invention concerne un procédé permettant de faire fonctionner un système de gestion comprenant un premier dispositif de gestion (GESTIONNAIRE, AGENT) et un second système de gestion (GESTIONNAIRE, AGENT), procédé dans lequel au moins un message de données contenant des données (FICHIER) est transmis du premier dispositif de gestion (GESTIONNAIRE, AGENT) au second dispositif de gestion (GESTIONNAIRE, AGENT). En outre, un message de commande contrôlant la transmission de données est transmis du premier dispositif de gestion (GESTIONNAIRE, AGENT) au second dispositif de gestion (GESTIONNAIRE, AGENT). Le message de commande renferme un élément d'information permettant que les données reçues (FICHIER) soient examinées, côté réception, quant à leur identité avec les données transmises (FICHIER). L'invention concerne en outre des dispositifs de gestion (GESTIONNAIRE, AGENT) pour la mise en oeuvre de ce procédé.
PCT/EP2007/059797 2006-09-18 2007-09-17 Examen de l'intégrité de données dans des systèmes de gestion WO2008034804A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102006043671A DE102006043671B4 (de) 2006-09-18 2006-09-18 Überprüfung der Datenintegrität in Managementsystemen
DE102006043671.7 2006-09-18

Publications (1)

Publication Number Publication Date
WO2008034804A1 true WO2008034804A1 (fr) 2008-03-27

Family

ID=38920697

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2007/059797 WO2008034804A1 (fr) 2006-09-18 2007-09-17 Examen de l'intégrité de données dans des systèmes de gestion

Country Status (2)

Country Link
DE (1) DE102006043671B4 (fr)
WO (1) WO2008034804A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0459046A1 (fr) * 1990-05-31 1991-12-04 International Business Machines Corporation Protection de logiciels d'ordinateur
WO2002025858A1 (fr) * 2000-09-23 2002-03-28 Internet-Extra Ltd. Systeme d'echange d'informations
WO2004073281A2 (fr) * 2003-02-12 2004-08-26 Saviso Group Ltd Procede et appareil pour la gestion du trafic dans des reseaux d'egal a egal

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5440633A (en) * 1993-08-25 1995-08-08 International Business Machines Corporation Communication network access method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0459046A1 (fr) * 1990-05-31 1991-12-04 International Business Machines Corporation Protection de logiciels d'ordinateur
WO2002025858A1 (fr) * 2000-09-23 2002-03-28 Internet-Extra Ltd. Systeme d'echange d'informations
WO2004073281A2 (fr) * 2003-02-12 2004-08-26 Saviso Group Ltd Procede et appareil pour la gestion du trafic dans des reseaux d'egal a egal

Also Published As

Publication number Publication date
DE102006043671B4 (de) 2008-09-04
DE102006043671A1 (de) 2008-03-27

Similar Documents

Publication Publication Date Title
DE10049568A1 (de) Verfahren und Vorrichtung zur Kommunikation mit verzögerter Bestätigung und Alarmverwaltung
EP1810523B1 (fr) Procede et produits d'alignement d'informations entre un gestionnaire et un agent dans un reseau de gestion
WO2007144300A1 (fr) Modification flexible du domaine de responsabilité d'un opérateur pour la gestion de réseau
EP1668822B1 (fr) Procede de synchronisation d'alarmes dans un systeme de gestion de reseau de communication
EP1730886B1 (fr) Procedes et dispositifs de distribution d'informations de gestion dans un reseau de gestion d'un systeme de communication
EP1742415A1 (fr) Correction automatique de listes d'alarme dans des systémes de gestion
DE102006043671B4 (de) Überprüfung der Datenintegrität in Managementsystemen
DE102006003391B4 (de) Verwendung einer Identifikationsinformation bei Netzwerkmanagement
EP1749369B1 (fr) Procede et dispositifs permettant de faire fonctionner un reseau de gestion en cas de defaillance d'un gestionnaire
EP1802031A1 (fr) Gestion de réseau avec configuration redondante
EP2002601B1 (fr) Detection de relations unidirectionnelles de transfert intercellulaire (handover)
EP1734689A1 (fr) Opération de véto pour un système de gestion avec une configuration multi manager
EP1750391A1 (fr) Surveillance d'un agent dans un système de gestion
EP1703667A1 (fr) Gestion de réseau en utilisant une méthode de type maître-réplique
EP1901478A1 (fr) Traitement de données de performance en fonction de la charge dans un système de gestion de réseau
EP1841131A1 (fr) Gestion de la configuration avec opérations supplémentaires
EP1763937B1 (fr) Procede pour transmettre des donnees de façon securisee dans un systeme de gestion
DE102006036566B4 (de) Vorabinformation von Managern über die Itf-N Schnittstelle
EP1617592A1 (fr) Méthode pour choisir un modèle objet pour la communication entre le gestionnaire et l'agent
EP1701471A1 (fr) Système de gestion pour un système de communication
EP1776801A1 (fr) Procédé de communication dans un réseau de gestion en vue de l'information sur des modifications d'attribut
WO2008019998A2 (fr) Référençage de sous-attributs pour la gestion de réseau
EP1703666A1 (fr) Gestion de réseau avec des transactions distribuées adaptatives

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07820264

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07820264

Country of ref document: EP

Kind code of ref document: A1