EP2039115A2 - Residential gateway - Google Patents

Residential gateway

Info

Publication number
EP2039115A2
EP2039115A2 EP07803966A EP07803966A EP2039115A2 EP 2039115 A2 EP2039115 A2 EP 2039115A2 EP 07803966 A EP07803966 A EP 07803966A EP 07803966 A EP07803966 A EP 07803966A EP 2039115 A2 EP2039115 A2 EP 2039115A2
Authority
EP
European Patent Office
Prior art keywords
network
data
residential gateway
data stream
transmission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07803966A
Other languages
English (en)
French (fr)
Inventor
Idir Fodil
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
France Telecom SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by France Telecom SA filed Critical France Telecom SA
Publication of EP2039115A2 publication Critical patent/EP2039115A2/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/102Gateways
    • H04L65/1023Media gateways
    • H04L65/1026Media gateways at the edge

Definitions

  • Residential gateway system for connecting a local area network to an external network, data transmission method and computer program.
  • the present invention relates to a residential gateway, a system for connecting a local area network to an external network, a method for transmitting data and a computer program.
  • connection system comprising a residential gateway, for the transmission of multimedia data and the transmission of voice over IP (acronym for "Internet Protocol").
  • the residential gateway is intended to be connected to one or more client terminals in order to provide the client terminals with access to the external network for the transmission of data.
  • the external network is the Internet.
  • the residential gateway is intended to be connected to the Internet through a proxy server (in English: "proxy server").
  • a proxy server is intended to authenticate the client terminal wishing to connect to the Internet network via the gateway and also to control the transmission of data streams from or to the residential gateway, in particular to filter the data flow.
  • the proxy server is also intended to analyze data streams, for example multimedia data streams exchanged between the client terminal and the external network, in order to adapt one or more transmission parameters of the multimedia data streams according to rights of access. access to at least one service of the client terminal.
  • the service is a voice over IP service, a video service, a multimedia service, and so on.
  • the access rights to the service of the client terminal are grouped in a data file stored in a specific equipment connected to the external network.
  • the proxy server when the client terminal wishes to connect to the external network, the proxy server must retrieve the data file containing the access rights to the service in order to verify that the transmission of the multimedia data streams is carried out in accordance with the access rights. at the recovered service.
  • the proxy server is connected to a relatively large number of residential gateways each connected to at least one client terminal of the local network. Consequently, the proxy server must analyze the multimedia data streams of all the residential gateways to which it is connected, this having the effect of overloading the proxy server and this to the detriment of the quality of the filtering of the data streams. There is therefore a need for a technique that limits the overhead of proxy servers.
  • the invention makes it possible to respond to this need by proposing a residential gateway of the aforementioned type for the exchange of a data stream between a client terminal connected to a local data transmission network and an external data transmission network, characterized in that it comprises a module comprising means for recovering access rights from said client terminal to a service, means for analyzing the data flow exchanged between said client terminal and said external network, able to identify at least one signaling message in the data stream and at least one transmission parameter of the data stream to be modified according to said at least one signaling message, authorization means for modifying the parameter according to said access rights and means implementing the authorized modification of said at least one transmission parameter of the data stream.
  • the residential gateway is thus able to modify one or more transmission parameters of the data stream without intervention of the proxy server.
  • a module can be implemented for example in software form.
  • the module has a hardware structure, for example in the form of an electronic circuit.
  • the transmission parameter or parameters can thus be dynamically modified directly at the level of the access of a user to the external network, that is to say at the level of the residential gateway, and no longer at the level of the proxy server.
  • the module is thus able to apply filtering rules, security and quality of service in order to control the exchange of data flows between the local network and the external network.
  • the gateway comprises means for recovering rights of access to a service and the module comprises means for authorizing modification of the parameter by the modifying means as a function of the service access rights recovered.
  • the residential gateway may or may not allow, thanks to the authorization means, the modification of the transmission parameter according to the service access rights recovered.
  • the gateway comprises means for storing the retrieved access rights. Thanks to the storage means, for example comprising recording means, the module can dynamically adapt the security, quality of service and filtering rules, especially in case of subscription to a new service or in the event of modification of the rights of the user. access to the service, without complex reconfiguration of elements of the residential gateway.
  • the transmission parameter belongs to the group comprising a type of bandwidth filter, a type of coding-decoding of the data stream and a type of filtering of the data stream.
  • the signaling message belongs to the group comprising a negotiation message of at least one encoder-decoder, a bandwidth allocation request message, a message of initialization of a multimedia session, a stop message of a multimedia session, a transmission message of access rights to the service.
  • the analysis means analyze the data flow exchanged between the local network and the external network and identify a message request for bandwidth allocation.
  • the modifying means modifies the bandwidth, if this modification is in accordance with the stored video service access rights.
  • the authorization means comprise means for transmitting a notification message for non-compliance of a modification of a parameter to the access rights to the stored service.
  • the authorization means can immediately notify a device of the external network.
  • the signaling message is in accordance with a multimedia protocol belonging to the group comprising a SIP protocol (acronym for Session Initiation Protocol) and an H.323 protocol.
  • a multimedia protocol belonging to the group comprising a SIP protocol (acronym for Session Initiation Protocol) and an H.323 protocol.
  • the invention also relates to a connection system of a local data transmission network with an external data transmission network, comprising a residential gateway and a proxy server for connecting the residential gateway to the external data transmission network.
  • the residential gateway being intended to connect the proxy server to a client terminal of a local data transmission network, characterized in that the residential gateway comprises means for recovering access rights from said client terminal to a service, means for analyzing the data flow exchanged between said client terminal and said external network, able to identify at least one signaling message in the data stream and at least one transmission parameter of the data stream to be modified according to said at least one signaling message, means for authorizing modification of the parameter in function of said access rights of the client terminal and means for implementing the authorized modification of said at least one transmission parameter of the data stream.
  • the invention also relates to a data transmission method between a local data transmission network and an external data transmission network, the networks being interconnected by a connection system comprising a residential gateway for the exchange of data.
  • a data flow between a client terminal of the local network and the external network characterized in that the method comprises the following steps, implemented by said gateway: a step of recovering access rights of said client terminal to a service a step of analyzing the exchanged data flow, intended to identify at least one signaling message in the data stream and at least one transmission parameter of the data stream to be modified as a function of said at least one signaling message; step of authorizing modification of the parameter according to said access rights of the client terminal, and - a step of implementing the authorized modification of said at least one transmission parameter of the data stream.
  • the method according to the invention may further comprise one or more of the following features:
  • the method comprises a step of storing, in the residential gateway, recovered service access rights; data transmission is a multimedia data transmission over IP.
  • the invention also relates to a computer program product downloadable from a communication network and / or stored on a computer readable medium and / or executable by a microprocessor, characterized in that it comprises program code instructions for carrying out the process according to the invention.
  • FIG. 1 is a schematic view of a network infrastructure. data transmission system comprising a connection system according to the invention
  • FIG. 2 is a schematic view of a residential gateway of the connection system of FIG. 1;
  • FIGS. 3 to 6 are diagrammatic representations of data flow exchanges in the network infrastructure of FIG. 1.
  • FIG. 1 shows a data transmission network infrastructure designated by the general reference 10. , adapted for example to the transmission of voice over IP.
  • This network infrastructure 10 comprises a local area network 12 for transmitting data according to a first protocol connecting one or more client terminals. In the illustrated example, there is shown a single client terminal 14.
  • the local network 12 is formed, for example, by at least one conventional telephone line of the ADSL type (acronym for "Asymmetric Digital Subscriber Line”) intended to transmit analog or digital signals.
  • ADSL AdSL type
  • Acronym for "Asymmetric Digital Subscriber Line”
  • the network infrastructure 10 also comprises an external data transmission network 16 according to a second protocol.
  • the external network 16 is able to transmit data in packet mode, in accordance with the Internet communication protocol (acronym "IP" for "Internet Protocol”).
  • the external network 16 for transmitting data is, for example, the Internet network.
  • the client terminal 14 is connected to the Internet network 16 via a system 20 for connecting the local area network 12 to the Internet network 16.
  • the client terminal 14 is connected to the system 20 by a telephone line 18 of the ADSL type of the local network 12.
  • connection system 20 comprises a proxy server 22 for authenticating and filtering the data flows exchanged between the local network 12 and the external network 16 in order to detect suspicious packets to or from the local network 12 .
  • the connection system 20 also comprises a residential gateway 24 for the exchange of a data stream between the external network 16 and the internal network 18.
  • the proxy server 22 is intended to connect the gateway 24 to the external network 16 and the gateway 24 is intended to connect the proxy server 22 to the client terminal 14.
  • the gateway 24 is intended to translate the protocol of one of the networks into the protocol of the other network, for the exchange of a data stream between the local network 12 and the external network 16.
  • the residential gateway 24 comprises means 26 for translating the protocol of one of the protocol networks of the other network.
  • the translation means 26 comprise, for example, a first multimedia protocol translation layer 28 and a second Internet protocol translation layer 30.
  • the residential gateway 24 comprises a module 32 comprising means 34 for analyzing the data flow, intended to identify at least one signaling message in the data stream exchanged between the local network 12 and the Internet network. 16.
  • the module 32 has a software structure. More specifically, a computer program forms the software module 32 of the residential gateway 24.
  • the module 32 has a material structure.
  • an electronic circuit forms the hardware module 32 of the residential gateway 24.
  • the signaling message conforms to a multimedia protocol chosen from, for example, a SIP protocol and an H.323 protocol.
  • the signaling message may be a negotiation message from at least one encoder-decoder, a bandwidth allocation request message, a multimedia session initialization message, a session stopping message multimedia or a message defining access rights to at least one service.
  • the software module 32 also comprises means 36 for modifying at least one transmission parameter of the data stream according to the identified signaling message.
  • the transmission parameter is selected from a type of bandwidth filter, a data stream encoding-decoding type, and a data stream filtering type.
  • the gateway 24 also comprises a conventional application kernel 38 intended to perform tasks essential to the operation of the gateway 24 and in this example also to apply the modifications of the parameters of the gateway 24. transmission controlled by the modifying means 36.
  • the software module 32 also comprises means 40 for recovering access rights to at least one service.
  • the client terminal 14 has rights of access to at least one service, for example access rights to a video service, a multimedia service or a voice over IP transmission service, these access rights defining transmission parameters of the authorized data stream.
  • the gateway 24 further comprises means 42 for storing these access rights to the service.
  • the storage means 42 comprise means 44 for recording a file or a database including the access rights to the service.
  • the software module 32 comprises authorization means 46 for modifying the parameter by the modifying means 36 as a function of the access rights to the stored service.
  • the authorization means 46 comprise means for transmitting a nonconformity notification message of a modification of a parameter with the access rights to the stored service.
  • the method comprises an initialization step 50 for the registration of the client terminal 14 (FIG. 3).
  • This initialization step 50 is performed by the residential gateway 24.
  • This initialization step 50 comprises a substep of recovering rights of access to at least one service of the terminal 14.
  • the terminal 14 has access rights to several services, including a video service, a multimedia service and a voice over IP service, forming a customer contract.
  • the initialization step 50 further comprises a substep of authentication of the client terminal 14.
  • the recovery means 40 of the residential gateway 24 will issue a registration request message 52 to one or more specific equipment 54 connected to the external network 16 (FIG. 1).
  • Such devices 54 may notably include in memory the access rights files of the various client terminals connected to this network 16, including the access rights file of the terminal 14.
  • One of the specific equipment 54 of the external network 16 transmits in the local network 12 a transmission message 56 of the entitlement file of the client terminal 14 and the authentication confirmation of the client terminal 14.
  • the residential gateway 24 then retrieves the service access rights file and the method includes a substep of storage, in the residential gateway 24, access rights to the recovered services.
  • the storage means 42 record the file using the recording means 44 of the file.
  • the registration means 44 can retrieve a file of access rights to the corresponding service. at the wish of the user.
  • the method comprises a step 58 for analyzing the data flow exchanged between the local network 12 and the Internet network 16.
  • the step Analysis of the data stream 58 is performed by the residential gateway 24.
  • the software module 32 of the residential gateway 24 analyzes the data flow exchanged between the local network 12 and the Internet network.
  • the analysis step 58 is intended to identify at least one signaling message in the data stream.
  • the client terminal 14 wishes to launch a multimedia session.
  • This first situation is illustrated in FIG. 4.
  • the client terminal 14 thus sends a control signal in the line 18 of the local network 12 and the translation means 26 of the gateway 24 translate the control signal into a signaling message 60 compliant with FIG. to the multimedia protocol, for example according to the SIP protocol.
  • the signaling message 60 is an initialization message of a multimedia session.
  • the storage means 42 then send back a signaling message defining the access rights to the service 62.
  • the analysis means 36 of the software module 32 identify in the data stream the initialization request message 60 of a multimedia session and the rights definition signaling message 62. access to services.
  • the method also comprises a step of modifying at least one transmission parameter by the modifying means 36 of the software module 32.
  • the method comprises a step of authorizing the modification of the transmission parameter during the modification step as a function of the service access rights stored in the residential gateway 24.
  • the authorization step is performed by the residential gateway 24.
  • the authorization means 46 verify that the transmission parameters of the multimedia session comply with the access rights to the services.
  • the transmission parameters include a type of filtering, a bandwidth, a type of coding-decoding. If the transmission parameters of the multimedia session conform to the access rights to the services, the modification means 36 modify the transmission parameters according to the signaling message 62 and the application kernel 38 of the gateway 24 applies the modifications to the transmission of the data stream. On the other hand, if the transmission parameters are not in accordance with the access rights to the services of the terminal 14, the authorization means 46 issue a noncompliance notification message to a specific equipment connected to the Internet network 16.
  • the software module 32 makes it possible for the application kernel 38 to apply changes to the transmission parameters, these modifications being in accordance with quality of service rules, security rules and filtering rules.
  • the user of the client terminal 14 wishes to access a video service of higher quality than the video service in progress, requiring, for example, an adaptation of the width. bandwidth or a definition of a new bandwidth filter.
  • the client terminal 14 then transmits a control signal corresponding to the request of the user in line 18 to the gateway 24.
  • the gateway 24 translates the signal into a protocol-compliant bandwidth allocation request signaling message 64 SIP.
  • the signaling message 64 is destined for one of the specific devices 54 of the Internet network.
  • the equipment 54 then transmits a message 66 of acceptance or not of bandwidth allocation, for example according to a condition of availability of bandwidth of the Internet network 16.
  • the means 34 of the module 32 analyze the data flows and identify the bandwidth allocation request message 64 and the message 66 of acceptance or not of bandwidth allocation by the equipment 54.
  • the authorization means 44 for modifying the width of the bandwidth or the bandwidth filter will then verify that the modification of the transmission parameter is conform to the video service access rights stored in the storage media
  • the authorization means 44 will allow the modification of the parameter by the modification means 36 and will issue a parameter modification authorization message 66. Otherwise, the authorization means 44 emit a notification message of non-compliance of the modification of the parameter with the rights of access to the video service stored.
  • the authorization means 44 will apply security rules and quality of service rules so as to establish a correspondence between the filtering rules of the exchanged data flows and the quality of service rules.
  • the software module 32 will apply to the kernel 38 a modification of the type of filtering to restrict the data flows to only data flows authorized by the access rights.
  • VoIP voice over IP
  • the user of the terminal 12 wishes in particular to have a voice service of higher quality than the current quality of the voice service of multimedia data transmission such as voice over IP transmission.
  • the user of the terminal 12 wishes to modify the type of coder-decoder in the residential gateway 24.
  • the client terminal 12 then transmits an analog command signal corresponding to the request of the user, in the line 18 to the residential gateway 24, the gateway then translates the control signal into a negotiation signaling message 68.
  • a type of encoder-decoder a type of encoder-decoder.
  • the analysis means 34 identify the negotiation messages of the coder-decoder 68 exchanged between the two terminals 14 and TA via the external network 16.
  • the authorization means 44 will verify that the modification of the coding-decoding type of the data transmission as well as the bandwidth filter adapted to this new type of coding-decoding are in accordance with the rights of access to the voice over IP transmission service stored in the storage means 42.
  • the residential gateway 24 sends a signaling message to one of the equipment 54 of the Internet network 16 in order to signal to this equipment 54 that an attempt has been made to commit an offense.
  • the transmission parameter can be a type of filtering.
  • the filtering may for example consist in prohibiting the transmission of certain signaling messages to the proxy server 22, for example signaling messages in accordance with the H.323 protocol.
  • the analysis means 34 will identify in the data stream a request message for modifying the type of filtering.
  • the authorization means 44 will then verify that the modification of the type of filtering is in accordance with the access rights to the services of the client terminal 14.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
EP07803966A 2006-06-30 2007-06-28 Residential gateway Withdrawn EP2039115A2 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0652756 2006-06-30
PCT/FR2007/051557 WO2008001018A2 (fr) 2006-06-30 2007-06-28 Passarelle residentielle

Publications (1)

Publication Number Publication Date
EP2039115A2 true EP2039115A2 (de) 2009-03-25

Family

ID=37770816

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07803966A Withdrawn EP2039115A2 (de) 2006-06-30 2007-06-28 Residential gateway

Country Status (2)

Country Link
EP (1) EP2039115A2 (de)
WO (1) WO2008001018A2 (de)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7227865B2 (en) * 2001-08-16 2007-06-05 Interdigital Technology Corporation Utilizing session initiation protocol for identifying user equipment resource reservation setup protocol capabilities
US6798755B2 (en) * 2002-12-31 2004-09-28 Motorola, Inc. Apparatus and method for controlling and managing individual directed sessions in a communications system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2008001018A3 *

Also Published As

Publication number Publication date
WO2008001018A2 (fr) 2008-01-03
WO2008001018A3 (fr) 2008-04-10

Similar Documents

Publication Publication Date Title
EP1891790A1 (de) Verfahren zur verwaltung der ausführung durch einen server einer anwendung zur bereitstellung mindestens eines interaktiven multimedia-dienstes für mindestens ein endgerät, entsprechendes computerprogrammprodukt und server
EP2249543B1 (de) Verfahren zum Autorisieren einer Verbindung zwischen einem IT-Endgerät und einem Ursprungsserver
EP2215801A2 (de) Verfahren zur sicherung eines bidirektionalen kommunikationskanals und vorrichtung zur umsetzung dieses verfahrens
WO2015097369A1 (fr) Technique de contrôle du routage d'une requête relative a un service
FR2924241A1 (fr) Serveur de telechargement a deux ports et procede associe
FR3070564A1 (fr) Procede de taxation de donnees d'une application acheminees sur une tranche d'un reseau de communication
FR3034608A1 (fr) Procede de priorisation de flux medias dans un reseau de communications
EP3216189A1 (de) Delegierung der vermittlung bei einem austausch verschlüsselter daten
EP3370394A1 (de) Zugangsvorrichtung mit mehrfachadressierung
EP1983722A2 (de) Verfahren und System zur Internetzugangssicherung bei Mobiltelefonen sowie entsprechendes Mobiltelefon und Endgerät
EP1964359B1 (de) Verfahren und system zum aktualisieren der telekommunikationsnetz-dienstzugangsbedingungen einer telekommunikationseinrichtung
EP3732849B1 (de) Verfahren und system zur identifizierung eines benutzerendgeräts zum empfangen von streaming-geschützten multimedia-inhalten
EP2039115A2 (de) Residential gateway
EP2446360A1 (de) Verfahren zur bestimmung einer mit einem dienst assoziierten reihe an grundfunktionen
EP2064855B1 (de) Verfahren zur kommunikation zwischen mehreren endgeräten
FR2940695A1 (fr) Serveur passerelle a micronoyau
WO2015145079A1 (fr) Procede de mise en cache d'un contenu dans un reseau de distribution de contenus
EP1995930B1 (de) Verfahren zur Transkodierung von Sitzungen vom Typ SIP
EP2294787A1 (de) Übertragung eines elements von multimediainhalt über ein netzwerk zu einem telekommunikationsendgerät
EP2100430B1 (de) Telekommunikationsverfahren und System mit Zugang zum selben Informationssatz für mindestens zwei verschiedene Benutzer
FR3019429A1 (fr) Procede et dispositif de controle d'un telechargement de contenus multimedia
EP2957104B1 (de) Verfahren zur auswahl der darstellung von segmenten eines über ein kommunikationsnetzwerk übertragenen multimediainhalts
EP1610538B1 (de) Verfahren und Vorrichtung zur Standorterfassung eines Festnetzteilnehmers
FR2961995A1 (fr) Procede d'identification d'un reseau local identifie par une adresse ip publique
WO2006051197A1 (fr) Procédé d'autorisation d'accès d'un terminal client d'un réseau nominal à un réseau de communication différent du réseau nominal, système, serveur d'authentification et programme informatique correspondants

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090115

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

17Q First examination report despatched

Effective date: 20090422

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20091103