DE19833969A1 - Method for setting up communication link e.g. between private individuals and firms - Google Patents

Abstract

A method of communicating from a communication terminal in a first switched circuit network (SCN1) to a second switched circuit network (INTERNET) via a network access point (ISP), in which a first authentification procedure of the subscriber is initially carried out. A second subscriber authentification procedure is required, via a connection mode (gate-keeper) (GK), and the first authentification procedure of the subscriber in the network access point (Internet service provider) (ISP) results alone through verification of the data sent by the subscriber via this network access point (Internet service provider).

Description

The invention relates to a method for communicating a communication terminal in a first communication network into a second communication network via a network starting point at which a first authentication procedure of the Participant happens, and via a connection node, at a second authentication procedure of the subscriber necessary is.

In the past few years, the internet has become more and more of a research network into a communication medium for everyone changed. There is a lot of information and communication services offered, such as e-mail, FTP, WWW, chat forums etc. In further developments will even become classic services of the telephone network, like making calls via the In ternet (Voice-over-IP) or the integration of services from the Terminal equipment and services of the network (CTI, computer telephony Integration).

This change from the scientific to the commercial Use also brings profound technical changes networks with itself. In particular, the problems of the Zu gait control and charging were in the original Realizations of the communication protocols (TCP / IP) not considered.

Meanwhile offer network access for private individuals and companies many so-called Internet service providers (Internet Service Provider, ISP) such. B. T-Online from Deutsche Tele kom, AOL, Xlink and many more

In order to be able to use such "private" access, (today come to light i. d. Usually via a dial-up connection of the telephone or ISDN network and communication protocols such as SLIP or PPP) the user must log in there and each time an authen  Go through the certification procedure. This is also for the Service provider necessary, because only then can a correct Ge billing and security are guaranteed.

If the participant wants one after the first authentication Perceive service like "Internet telephony", so after the Dial-up process in the Internet still a second registration process done in this case with an Internet telephony connection starting point (a so-called gateway or gatekeeper). Here at z. B. transmitted an authentication, and also the desired destination number.

One possibility is to use the ITU standard H.323 (Visual telephone systems and equipment for local area networks which provide a non-guaranteed quality of service). Here the transmission is not limited to language, Images or other data can also be transferred. It are also the "shared applications" possible where two editors at different end devices work simultaneously and together with the same data ten.

This second authentication process is not only time-consuming bendable and annoying for the user, he already increases it was also not aimed at security. In addition, the ID of the Internet service provider and that of the Internet Te differ telephony access point so that the user must remember two passwords.

The object of the invention is to quickly build a Ver enable binding and the number of authentication reduce operations.

This task is based on the in the preamble of Pa tent claims 1 defined method by the characteristics of claim 1 specified features solved.  

The network access point enables the caller Access to a second communication network, which is different from the first one the caller comes from. The However, access is not, as previously, through an explicit Authentication procedure checked. For that, however all the data that the caller subsequently calls via this network sends access point in the second communication network, one Subjected to review.

This happens especially if it is the data are so-called data packets, i.e. no data stream but delimited amounts of data, each for transmission carry the necessary additional information with you.

The second necessary authentication will be as before knows at a special network node in the second communication cations network (gatekeeper) carried out the special mecha Use mechanisms for access control and authorization det. This in turn enables access to the service actually requested by the caller.

The same procedure can be used if the second Communication network is used only as a "transit network", and the target participant in a third communication network located. To cope with this second gateway is a special connection node (gateway) is required, which can perform a protocol conversion.

The main advantage that this method has is in that the caller has only one authentication procedure must go through. Therefore, a connection can be made clearly can be set up faster than before. The user has to also do not remember multiple passwords, which is only to be confused would lead.

Advantageous refinements and developments are in the Subclaims specified.  

This is particularly the type of review the data.

One way is to have the data sent to you Check destination address. This is about all the data (or data packets) in the network access point to their destination address checked. Assigns this to a connection node (i.e. a gatekeeper or a gateway) out of network access point is known, the data will be forwarded. Im at their case, for example, they can be "rejected" (i.e. possibly deleted without warning), or the caller is answered sluggish to another authentication procedure with the Network access point.

Another option is to have the data sent to you check their data type. All data can packets containing voice data are let through, all others are not allowed through. The data type results according to the communication protocol used.

These types of verification of the data sent arise from the type of service. The information used are contained in almost all communication protocols, these can therefore be done easily without major changes to the protocols be taken over.

A current commercial application is particularly in the Be to see rich Internet telephony (Voice over IP). Here will be at least part of the voice data to be covered Route sent over a packet data network. This is done uses that the use of the Internet usually always the same amount, regardless of the res used in it sources.

In the following the invention is based on exemplary embodiments play explained. Show  

Fig. 1 shows a flowchart of the call from the terminal part of the contractor to the switching center on the target page according to the ITU standard H.323,

Fig. 2 is a flow diagram of the inventively suggest NEN method using H.323,

Fig. 3 shows a possible network structure (also according to H.323) and

Fig. 4 shows a possible way of a subscriber terminal over a second network (transit NW) via a third network to a destination subscriber.

The flowchart in FIG. 1 represents the dialing process according to ITU standard H.323 as it is currently being carried out. In a first step (dialing in via the telephone network, "call setup"), a connection is established from the "end device at the subscriber" (which may consist of a PC and a modem, for example, or a PC and a plug-in card that provides access to) an ISDN telephone network) from a "switching center" to a network access point (ISP) in a second network.

After a connection has been established ("connect"), this is done the further data exchange with this ISP usually via a special protocol, such as B. SLIP, which in the Usually used for dial-up connections and TCP / IP over serial communication connections supported. This is necessary for the transition between two communication networks, like a connection-oriented network (e.g. the Telephone network) and a packet-oriented network like that Internet.

Before the participant now be the second communication network can use "authentication at the ISP" to lead. Here he can be a user in a procedure Enter the identifier and an additional password.

If the authentication is accepted by the ISP, it says the participant is now using the second communicati  network free. If it is the Internet, it is done communication now via TCP / IP.

The participant now wants a special Internet service use, such as Internet telephony, is so now a second authentication (and login) procedure with a network node specially set up for this (with H.323 Called "gatekeeper").

Because the gatekeeper is usually independent of the network the starting point is this second authentication procedure be independent of the first. This is evident in that the user IDs are different, too the authentication procedures themselves can differ be.

The gatekeeper is primarily responsible for those involved in the service administrative tasks, i.e. checking calculations or the charging of the service. Also need that Gatekeepers will be given more information like that desired destination address.

After successful authentication of the participant at Gatekeeper ("acceptance") can then over another network node ("Gateway") the desired connection to the target page be set up ("call setup", "connect").

Only after both authentication procedures succeed completed, the connection can be established the and the actual communication take place.

Fig. 2 shows a connection between a subscriber terminal and a switching center on the destination side, as well as Fig. 1. This time, however, only one authentication procedure is required according to the inventive method.

In comparison to FIG. 1, dialing in via the telephone network takes place in turn via a dial-up network (switching center) and the ISP to an "H.323 gatekeeper". Since this time no separate authentication procedure is required for the user at the network access point (ISP), the dial-in is transparent for the subscriber (call setup, connect). The ISP is not included in FIG. 2.

So the communication protocol of the two is available to the user communication network (e.g. Internet and TCP / IP) immediately to disposal.

Because of an authentication procedure by the gatekeeper cannot be dispensed with, this is now by the participant as before ("registration", "acceptance").

All data continues to flow via the network access node (ISP), in the example of Internet and TCP / IP in the form of Da packages. The ISP now checks this data after determining it Criteria and filters out such data from the data stream, that do not meet these criteria.

This can be the destination address (the participant has registered with for example for a certain service on a certain Network node "logged on" once, so that it does this service now every time without additional authentication on the network may use gang knots). It can also be deal with the type of data (e.g. all data, the voice formations included), which is e.g. B. as information in Header of a data packet can be located.

Fig. 3 is taken from ITU standard H.323 (page 2). In particular, it shows the structure of an ITU H.323 compliant network, which corresponds to the bus network (LAN) shown in the upper half with connected terminals and Multi point Control Units (MCU), which offer connection options for other terminals. Furthermore, the special network node "gatekeeper" for administrative tasks belongs in the description area of the standard. The "gateway" called network node acts as a link to other communication networks (SCN).

The communication options for different types of communication cation networks are diverse, here are just a few listed as an example.

Here is the conventional circuit-switched telephone network to mention (GSTN), or various digital communica cation networks (N-ISDN, B-ISDN), the transmission of Spra and images and other data.

Fig. 4 shows the schematic minimum configuration for example, for Internet telephony from a circuit-switched telephone network through the Internet to a destination terminal, which is located in a third network (. Eg in a second country with a different network operators) may be located.

In comparison with Fig. 1 and Fig. 2 you can understand the operations already described be.

The terminal at the subscriber (H.323 terminal, i.e. H.323 compliant), is on a first communication network (SCNI), e.g. B. connected by Deutsche Telekom. It can too the network access point (ISP), for example T-ONLINE, of the two th communication network (INTERNET) via this first commu Establish a connection to the network. You can do this Additional devices, such as a modem, may be required.

The network access point (ISP) in turn enables access to this second network (INTERNET, this can be a "network of networks "), which is different from the first communication tion network through the communication protocol used can divorce.

In this second communication network there is now a special network node (GK) that can offer the service desired for the subscriber (such as Internet telephony from VOCALTEC). This network node carries out the remaining authentication procedure as before, compare in particular FIG. 2.

The target terminal is still in this second Communication network (INTERNET), so a connection can now be made directly.

However, the target terminal is in a third Communication network (SCN2) and must have another Data conversion is done, so is another special network node (GW) needs this conversion can perform.

The functionality of the two network nodes (GW, GK) does not have to be carried out by separate network nodes.

Depending on the capacity of the communication networks used different applications are used, for example Video conferencing, file editing (shared application) u. v. a. m.

After the connection has been successfully established, data will flow from the Participants (H.323 Terminal) to the target terminal, so they have to always pass the network access point (ISP). This filters the data and thereby replaces the previously saved Authentication procedure.  

bibliography

H.323
ITU-T Recommendation H.323 (11/96)
Visual telephone systems and equipment for local area networks which provide a non-guaranteed quality of service

List of abbreviations

B-ISDN broadband ISDN
GK Gatekeeper
GSTN General Switched Telephone Network
GW gateway
IP Internet Protocol
ISP Internet Service Provider
ITU International Telecommunication Union
LAN Local Area Network
MCU Multipoint Control Unit
N-ISDN narrow band ISDN
PPP Point to Point Protocol (RFC 1171)
RFC Request for Comments
SCN Switched Circuit Network
SLIP Serial Line Interface Protocol (RFC 1055)
TCP Transmission Control Protocol

Claims (6)

1. Method for communication from a communication terminal in a first communication network (SCNI) into a second communication network (INTERNET) via a network access point (ISP), in which a first authentication procedure of the subscriber is carried out, and
via a connection node (GK), in which a second authentication procedure of the subscriber is necessary, characterized in that
that the subscriber's first authentication procedure in the network access point (ISP) is carried out solely by checking the data sent by the subscriber via this network access point. 2. Method for communication from a communication terminal in a first communication network (SCN1) into a second communication network (INTERNET) via a network access point (ISP), in which a first authentication procedure of the subscriber is carried out, and
via a connection node (GW) between the second (INTERNET) and a third communication network (SCN2), in which a second authentication procedure of the subscriber is necessary and in which the transmission format of the second network is converted into a transmission format of the third network Target terminal in this third communication network (SCN2), characterized in that
that the subscriber's first authentication procedure in the network access point (ISP) is carried out solely by checking the data sent by the subscriber via this network access point. 3. The method according to claim 1 or 2, characterized in that the first authentication based on the verification of the Destination address of the data sent by the participant takes place, the one connection node known to the network access point (GW / GK) must designate. 4. The method according to any one of the preceding claims, characterized in that authentication based on checking the type of sent data takes place. 5. The method according to any one of the preceding claims, characterized in that the end device is an H.323-compliant end device and the connection node is a corresponding one H.323 built gateway or gatekeeper. 6. The method according to any one of the preceding claims, characterized in that the transmitted data is voice data, and that the second communication network is the Internet acts.