EP2577943A1 - Verfahren zur bestimmung eines profils für ein nutzer/dienst-paar einer anwendung für den zugriff auf daten im zusammenhang mit dem betrieb eines kommunikationsnetzes - Google Patents

Verfahren zur bestimmung eines profils für ein nutzer/dienst-paar einer anwendung für den zugriff auf daten im zusammenhang mit dem betrieb eines kommunikationsnetzes

Info

Publication number
EP2577943A1
EP2577943A1 EP11728329.1A EP11728329A EP2577943A1 EP 2577943 A1 EP2577943 A1 EP 2577943A1 EP 11728329 A EP11728329 A EP 11728329A EP 2577943 A1 EP2577943 A1 EP 2577943A1
Authority
EP
European Patent Office
Prior art keywords
application service
access
operating data
user
access profile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP11728329.1A
Other languages
English (en)
French (fr)
Inventor
Lounes Baleh
Lucian Suciu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
France Telecom SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by France Telecom SA filed Critical France Telecom SA
Publication of EP2577943A1 publication Critical patent/EP2577943A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • G06F15/163Interprocessor communication
    • G06F15/173Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star, snowflake
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles

Definitions

  • the invention lies in the field of telecommunications, and more particularly the field of application services implemented by a communication device.
  • Such application services are implemented at the level of an application layer of the communication device.
  • the OSI (Open System Interconnection) model standardized by the ISO (International Organization for Standardization), defines the management of data transfer by means of seven superimposed protocol layers: the physical layer (layer 1), the data link layer ( layer 2), the network layer (layer 3), the transport layer (layer 4), the session layer (layer 5), the presentation layer (layer 6) and the application layer (layer 7).
  • API Application Programming Interface
  • Such an interface includes a library of functions, procedures, and so on. allowing the implementation of application services. Examples of API application programming interfaces are defined in the series of documents published by ETSI ES 204 915.
  • a communication device When a communication device implements an application service, it sends a request to the communication equipment through the API application programming interface in order to access network operating data and to control functionalities of the network. network.
  • the operator and the application service providers define for different categories of application services a an access profile comprising a set of communication equipment to which the application services can access and a set of network functionalities that the application services can command through the API after being authenticated.
  • an access profile is common to all the application services belonging to the same category of application services or to sub-categories of these defined application services.
  • Such a solution lacks flexibility and does not allow the operator of the communication network to adapt its offer to changing demand and manage its communication network in an optimal manner.
  • One of the aims of the invention is to overcome disadvantages of the state of the art.
  • the invention proposes a method for determining an access profile of a user / application service pair to data relating to the operation of a communication network, or operating data, necessary for the implementation of application service at an application layer of a communication device, the method comprising:
  • a step of determining the access profile from information relating to a level of service associated with the user / application service pair, and information relating to an access policy associated with the operating data required by the application service; ,
  • Such a solution enables the development of these application services and improves, for example, the quality of QoE experience of the users of the application services (Quality of Experience in English), by allowing access to certain data of the communication networks. third-party application service providers.
  • the access of the application services to the operating data is based on information relating to an access policy associated with the operating data required by the application service.
  • information consists of security rules, filtering, mapping or policies set by the operator of the communication network prior to the deployment of an application service.
  • the determination of an access profile for each new user / application service pair makes it possible to ensure the security of the communication network by giving access only to the operating data necessary for the implementation of the application service.
  • Such operating data are, for example, metrics related to the quality of service (throughput, delay, packet loss), metrics related to the performance of mobility protocols, metrics related to caches / storage in the communication network, metrics related to the processing capabilities (CPU) in the communication network, metrics related to transcoding functions / adaptations, etc.
  • the same application service may be associated with a different operating data access profile depending on the user associated with it.
  • the level of service associated with user / application service pair is defined between the application service provider, the user and the communication network manager.
  • Such a method of determining an access profile makes it possible to offer an application service access to the operating data of the communication network in a personalized manner and enables the network operator to adapt its offer to the evolution of the network. demand and market gradually, and manage its network in an optimal way.
  • the latter comprises, prior to the step of generating the access profile, a step of updating information relating to an access policy.
  • the determination method thus makes it possible to offer more flexibility in the operation and deployment of application services by allowing the addition of new policies and new filters.
  • the determination method comprises a step of authenticating the user / application service pair prior to determining the access profile of the user / application service pair.
  • the invention also relates to a method for accessing an application service to data relating to the operation of a communication network, or operating data, necessary for the implementation of the application service at an application layer.
  • a communication device the method comprising:
  • a first database interrogation step comprising an operating data access profile associated with a user / application service pair, the access profile of the application service being generated from information relating to a level of service associated with the user / application service pair, information relating to an access policy associated with the operating data required by the application service,
  • the invention also relates to equipment belonging to a communication network comprising a module able to determine an access profile of a user / application service pair to data relating to the operation of the communication network, or operating data, necessary for the implementation of the application service at the level of an application layer of a communication device, the module comprising:
  • the latter also comprises an access module from the application service to the operating data, the access module comprising:
  • the invention also relates to computer programs comprising program code instructions for implementing the steps, determination and access methods described above, when these programs are executed by a computer. .
  • Each of the computer programs described above can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form , or in any other desirable form.
  • the invention also relates to a recording medium readable by a computer on which is recorded a computer program as described above.
  • the information carrier may be any entity or device capable of storing the program.
  • the medium may comprise a storage means, such as a ROM (for "Read Only Memory"), for example a CD ROM or a microelectronic circuit ROM, or a magnetic recording means, for example a floppy disk or a hard disk.
  • ROM Read Only Memory
  • magnetic recording means for example a floppy disk or a hard disk.
  • the information medium may be a transmissible medium such as an electrical or optical signal, which may be conveyed via an electrical or optical cable, by radio or by other means.
  • the program according to the invention can be downloaded in particular on an Internet type network.
  • the information carrier may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question.
  • FIG. 1 represents a communication equipment belonging to a communication network and comprising a module able to determine an access profile of a user / service application pair to data relating to the operation of the communication network, necessary for the implementation of implementation of the application service and an access module from the application service to the operating data,
  • FIG. 2 represents the steps of a method for determining the access profile of the application service to the operating data
  • FIG. 3 represents the steps of a method of access to the operating data necessary for the implementation of the application service
  • FIG. 4 represents a communication equipment belonging to a communication network and comprising a module able to determine a profile. access of a user / application service pair to data relating to the operation of the communication network, necessary for the implementation of the application service and an access module of the application service to the operating data according to a particular embodiment of the invention
  • FIG. 5 represents the steps of the determination method when this is implemented in the communication equipment of FIG. 4
  • FIG. 6 represents the steps of the access method when it is implemented in the communication equipment of Figure 4.
  • FIG. 1 shows a communication equipment 1 belonging to a communication network allowing an application service associated with a user to access data relating to the operation of the communication network, or operating data, necessary for the implementation of the application service at an application layer of a user-managed communication device not shown in FIG.
  • Such communication equipment 1 comprises authentication means 10 of the user / application service pair.
  • authentication means 10 are, for example, authentication, authorization and accounting (AAA) means such as a RADIUS server associated with a database comprising information relating to a level of service associated with the service. user / application service pair.
  • AAA authentication, authorization and accounting
  • Such authentication means 1 0 are connected to the input of generation means 1 1 of an access profile of a user / service pair application.
  • the generation means 1 1 generate an access profile from information relating to a service level associated with the user / application service pair as well as information relating to an access policy associated with the operating data required by the service. application.
  • the access policy information is stored in a database 12.
  • An access profile includes a list of access rights to communication network operation data such as quality of service metrics. (debit, delay, loss of packets), metrics related to the performance of mobility protocols, metrics related to caches / storage in the communication network, metrics related to the processing capabilities (CPU) in the communication network, metrics related to transcoding functions / adaptations etc.
  • quality of service metrics debit, delay, loss of packets
  • Such an access profile of a user / application service pair may vary over time. It may, for example, be different depending on the time of day.
  • the access profile thus obtained is stored in memory means 14 connected to the generation means 1 1.
  • the communication equipment 1 also includes an access module 200 from the application service to the operating data.
  • Such an access module 200 comprises first interrogation means 13 of the storage means 14 in order to have access to the access profile of the user / application service pair
  • the first interrogation means 13 are connected to second interrogation means 20 of equipment (not shown in the figure) belonging to the communication network.
  • the second interrogation means 20 interrogate the network equipment in order to access the operating data of the network.
  • the second interrogation means 20 interrogate the equipment of the network having knowledge of the operating data for which the application service has access rights as defined in the access profile of the user / application service pair.
  • the first interrogation means 13 are also connected to means 21 for transmitting the operating data to the communication device.
  • the transmission means 21 may in an embodiment of the invention be connected to the authentication means 10.
  • the communication equipment 1 comprises means 30 for updating the database 12.
  • FIG. 2 represents the steps of a method for determining an access profile of a user / application service pair to data relating to the operation of a communication network. The steps of this determination method are implemented by the communication equipment 1.
  • an application service associated with a user who needs to access data relating to the operation of the communication network authenticates with the authentication means 10 of the communication equipment 1.
  • the generation means 11 1 interrogates the database 12 in a step E2 in order to obtain information relating to a level of service associated with the pair.
  • the generation means 1 1 generate during a step E3 an access profile for the user / application service pair.
  • the access profile thus obtained is stored during a step E4 in the storage means 14.
  • Such a method of determining an access profile enables the deployment of new application services implemented in communication networks.
  • Application services access to operating data is based on information relating to an access policy associated with the operating data required by the application service, such as security rules, filtering rules or policies set by the service. operator managing the communication network prior to the deployment of an application service.
  • the database 12 may also include billing information to be applied to the application service provider or the user. The determination of an access profile for each new user / application service pair makes it possible to ensure the security of the communication network.
  • the updating means 30 update the information included in the database 12.
  • the steps E2 to E4 are then again implemented in order to take into account the changes made in the determination of the access profile of the user / application service pair.
  • FIG. 3 represents the steps of an access method of an application service to data relating to the operation of a communication network. The steps of this access method are implemented by the communication equipment 1.
  • an application service associated with a user seeking to access data relating to the operation of the communication network is authenticated to the authentication means 10 of the communication equipment 1.
  • the first interrogation means 13 interrogate the storage means 14 during a step F2.
  • the result of this query is the operating data access profile associated with the user / application service pair.
  • the transmission means 21 are related to the application service.
  • a connection consists, for example, in establishing a secure connection such as a Virtual Private Network (VPN) connection between the communication device and the communication equipment 1.
  • VPN Virtual Private Network
  • the second interrogation means 20 interrogate in a step F4 the equipment of the network.
  • the transmission means 21 transmit the operating data obtained during step F4 to the communication device during a step F5.
  • Figure 4 shows a communication equipment 110 according to a particular embodiment of the invention.
  • Such communication equipment 1 10 comprises authentication means 10 of the user / application service pair.
  • Such authentication means 10 comprise means 101 for processing an authentication request sent by an application service associated with a user, such as an AAA server.
  • the processing means 101 verify the identity of the user associated with the application service by querying a database 102 comprising information relating to the user / service application pair such as a service level.
  • the user is the application service provider.
  • the processing means 101 can also check the access rights of the user / application service pair to the operating data.
  • the processing means 101 transmit the access request to the generation means 1 1 to which the authentication means 10 are connected.
  • the generation means 1 1 comprise the database 12 in which are stored filters, billing rules and policies to be applied to each user / application service pair.
  • a filter specifies the operating data to which the user / application service pair is entitled to access.
  • a precise policy for example the access technology with which an application service can be deployed.
  • the generation means 1 1 comprise, connected to the database 102, and to the database 12, coordination means 120 of the information included in these two databases.
  • the coordination means 120 generate the access profile of the user / application service pair.
  • the coordination means 120 take into consideration the policies set by the operator managing the communication network, the information relating to billing, as well as the filters to be used for the application service to generate the access profile.
  • the generation means 11 inform the authentication means 10 that the application service can access the operating data through transmission means 21. and interrogation 20.
  • the access profile thus obtained is stored in memory means 14 connected to the generation means 1 1.
  • the communication equipment 1 comprises first interrogation means 13 of the storage means 14 in order to have access to the access profile of the user / service pair application
  • the first interrogation means 13 are connected to second interrogation means 20 of equipment (not shown in the figure) belonging to the communication network.
  • the second interrogation means 20 interrogate the network equipment in order to access the operating data of the network.
  • the second interrogation means 20 interrogate the equipment of the network having knowledge of the operating data for which the application service has access rights as defined in the access profile of the user / application service pair.
  • the first interrogation means 13 are also connected to means 21 for transmitting the operating data to the communication device.
  • the transmission means 21 are responsible for exchanges with the application service when it is implemented through an API interface.
  • the communication equipment 1 comprises means for updating the databases 102 and 12.
  • FIG. 5 represents the steps of the determination method when this is implemented in communication equipment 1 10.
  • An application service S wishing to have access to operating data of the network issues an access request to the processing means 101 during a step M1.
  • the processing means 101 transmit an interrogation message during a step M2 to the database 102 to verify the identity of the user associated with the application service.
  • This information is transmitted to the processing means 101 in a step M3.
  • the processing means 101 transmit the access request to the coordination means 120 during a step M4.
  • the coordination means 120 interrogate the database 12 in which are stored filters and policies to be applied to each user / application service pair, and where appropriate information relating to billing. This information is transmitted to the coordination means 120 during a step M6.
  • the coordination means 120 query the database
  • This information is transmitted to the coordination means 120 during a step M8.
  • the coordination means 120 take into consideration the different information received during the steps M6 and M8 to generate the access profile of the user / application service pair. During a step M9, the access profile thus generated is stored in the storage means 14.
  • FIG. 6 represents the steps of the access method when it is implemented in the communication equipment 1 10.
  • an application service S seeking to access operating data of the communication network transmits a request for access to the transmission means 21 of the communication equipment 1 10.
  • Such a request is transmitted to the first interrogation means 13 during a step N2.
  • the first interrogation means 13 interrogate the storage means 14 during a step N3.
  • the storage means 14 transmit the access profile to the operating data associated with the application service to the first interrogation means 13.
  • the first interrogation means 13 process the request transmitted during the step N1 according to the access profile obtained during the step N4 and transmit the result to the second interrogation means 20 during a step N5.
  • the second interrogation means 20 interrogate, during a step N6, the equipment of the network N having knowledge of the operating data for which the application service has access rights as defined in the access profile of the user / user pair. application service.
  • the equipment of the network N concerned transmits the required operating data to the second interrogation means 20 during a step N7.
  • the second interrogation means 20 in turn transmit the operating data recovered to the first interrogation means 13, during a step N8.
  • the first interrogation means 13 then apply the filters defined by the access profile.
  • the first interrogation means 13 then transmit to the transmission means 21, during a step N9, the operating data thus processed.
  • the second interrogation means 20 may also require the network equipment to execute certain commands requested by the application service.
  • the transmission means 21 transmit the operating data to the communication device during a step N10 and receive the commands from the application service.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
EP11728329.1A 2010-06-03 2011-05-31 Verfahren zur bestimmung eines profils für ein nutzer/dienst-paar einer anwendung für den zugriff auf daten im zusammenhang mit dem betrieb eines kommunikationsnetzes Withdrawn EP2577943A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1054356 2010-06-03
PCT/FR2011/051236 WO2011151589A1 (fr) 2010-06-03 2011-05-31 Procede de determination d'un profil d'acces d'un couple utilisateur/service applicatif a des donnees relatives au fonctionnement d'un reseau de communication

Publications (1)

Publication Number Publication Date
EP2577943A1 true EP2577943A1 (de) 2013-04-10

Family

ID=43357170

Family Applications (1)

Application Number Title Priority Date Filing Date
EP11728329.1A Withdrawn EP2577943A1 (de) 2010-06-03 2011-05-31 Verfahren zur bestimmung eines profils für ein nutzer/dienst-paar einer anwendung für den zugriff auf daten im zusammenhang mit dem betrieb eines kommunikationsnetzes

Country Status (4)

Country Link
US (1) US20130091265A1 (de)
EP (1) EP2577943A1 (de)
CN (1) CN103039058A (de)
WO (1) WO2011151589A1 (de)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9569604B2 (en) * 2013-04-15 2017-02-14 International Business Machines Corporation User access control to a secured application

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ATE300143T1 (de) * 1999-07-20 2005-08-15 Texas Instruments Inc Benutzerzugangsüberwachung in internet
US7047417B2 (en) * 2001-03-20 2006-05-16 Leskuski Walter J Systems and methods for accessing reporting services
US7254588B2 (en) * 2004-04-26 2007-08-07 Taiwan Semiconductor Manufacturing Company, Ltd. Document management and access control by document's attributes for document query system
US8199654B2 (en) * 2005-06-21 2012-06-12 Alcatel Lucent Method and apparatus for providing end-to-end high quality services based on performance characterizations of network conditions
US8340697B1 (en) * 2006-01-26 2012-12-25 Nextel Communications Inc. Method and computer-readable medium for dynamically adjusting a multimedia data resolution in a wireless environment
US8407765B2 (en) * 2006-08-22 2013-03-26 Centurylink Intellectual Property Llc System and method for restricting access to network performance information tables
US9331928B2 (en) * 2006-10-16 2016-05-03 Qualcomm Incorporated Diagnostic agent in device that retrieves key performance indicators
WO2009000276A1 (en) * 2007-06-22 2008-12-31 Omada A/S An identity management system for assigning end-users with access rights to systems coupled to a central server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2011151589A1 *

Also Published As

Publication number Publication date
WO2011151589A1 (fr) 2011-12-08
US20130091265A1 (en) 2013-04-11
CN103039058A (zh) 2013-04-10

Similar Documents

Publication Publication Date Title
EP2819052B1 (de) Verfahren und Server zur Bearbeitung einer Zugriffsanfrage von einem Endgerät auf eine IT-Ressource
EP3008872B1 (de) Verfahren zur authentifizierung eines endgeräts durch ein gateway eines internen netzes mit schutz durch eine einheit zur bereitstellung von sicherem zugang
EP1683388A2 (de) Verfahren zur verwaltung der sicherheit von anwendungen in einem sicherheitsmodul
FR2985130A1 (fr) Procede de partage d'un contenu multimedia entre au moins un premier utilisateur et un second utilisateur sur un reseau de telecommunications
EP3238378B1 (de) System zur erzeugung einer virtualisierten netzwerkfunktion
WO2013093314A1 (fr) Procede d'acces par un terminal de telecommunication a une base de donnees hebergee par une plateforme de services accessible via un reseau de telecommunications
EP2372626A1 (de) Verfahren zur Bilderverarbeitung mit dynamische Anonymisierung
EP1983722A2 (de) Verfahren und System zur Internetzugangssicherung bei Mobiltelefonen sowie entsprechendes Mobiltelefon und Endgerät
WO2011151589A1 (fr) Procede de determination d'un profil d'acces d'un couple utilisateur/service applicatif a des donnees relatives au fonctionnement d'un reseau de communication
EP2446360B1 (de) Verfahren zur bestimmung einer mit einem dienst assoziierten reihe an grundfunktionen
WO2003071760A1 (fr) Dispositif et procede d'intermediation entre fournisseurs de services et leur utilisateurs
FR3076143A1 (fr) Procede de configuration dynamique d'entites d'un reseau de communications pour l'acheminement de donnees d'un terminal visiteur
EP4193569A1 (de) Verfahren zur verarbeitung eines datentransportdienstes
FR3007605A1 (fr) Architecture reseau cooperative
WO2023217638A1 (fr) Procédé, dispositif et système de certification d'une ressource
WO2023217639A1 (fr) Procédé, dispositif et système d'élaboration dynamique d'une infrastructure de données
WO2024047128A1 (fr) Procédé, dispositif et système de contrôle de la validité d'un message
FR3114714A1 (fr) Procédé d’accès à un ensemble de données d’un utilisateur.
FR3131157A1 (fr) Procédé de traitement d’un paquet de données dans un réseau de communications, procédé de traitement d’une demande de changement de niveau de qualité de service d’une connexion, procédé de demande de changement de niveau de qualité de service d’une connexion, procédé de gestion d’une qualité de service, dispositifs, système et programmes d’ordinateur correspondants.
WO2008087331A2 (fr) Procede et dispositif d'adaptation au contexte physique d'une application mettant en oeuvre des mecanismes de securite reconfigurables
EP4335144A1 (de) Konfiguration eines endgeräts
FR3091767A1 (fr) Autorisation du chargement d’une application dans un élément de sécurité.
US9805412B1 (en) Systems and methods for strategic customer order capture
FR3093882A1 (fr) Procédé de configuration d’un objet communicant dans un réseau de communication, terminal utilisateur, procédé de connexion d’un objet communicant au réseau, équipement d’accès et programmes d’ordinateur correspondants.
Koskela LICENSE NEGOTIATION SYSTEM FOR MOBILE P2P ENVIRONMENT

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20121207

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ORANGE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20171201