JP5309364B2 - API gateway device, API providing method, and API gateway program - Google Patents

Description

  The present invention relates to a technology for providing an API (Application Program Interface) for performing call control and media control for a communication terminal connected to a network managed by a communication carrier from the external network side.

  A communication terminal or system connected to a network (hereinafter referred to as a telecommunications carrier network) managed by a telecommunications carrier that provides a service such as a telephone is connected to an external network (hereinafter referred to as an information network) such as the Internet. An API gateway device that provides an API for control from the application side is used.

  There are various types of APIs provided by the API gateway device. For example, the API gateway device needs to manage the state on the API gateway device when providing the API, such as a call control API and a media control API. There is. Here, call control refers to control such as establishment, disconnection, and reconnection of a session such as a telephone call. Media control refers to control related to media such as voice and video, such as reproduction of guidance voice on a telephone, detection of a DTMF (Dual Tone Multi Frequency) signal, reproduction of a voice synthesis message, and recognition of input voice. .

  As a call control API, Third Party Call of Parlay X Web Services (hereinafter abbreviated as Parlay X) is known (for example, see Non-Patent Document 1). This Third Party Call is a standard API for performing call control upon receiving an API call in a Web service format from an application.

  Also, Parlay X's Audio Call is known as a media control API (see, for example, Non-Patent Document 2). This Audio Call is an API for performing media control in combination with Parlay X call control API such as Third Party Call. For example, Audio Call provides an API for performing media control such as reproduction of a guidance voice to a session participant in a call state generated by Third Party Call or the like.

  A conventional API gateway device that provides a call control API and a media control API has an API providing function that is a function of accepting an API request from an application and providing an API. This API providing function performs call control and media control in accordance with the type of API requested, and the call state and trigger by triggers such as API calls from applications, incoming / outgoing calls from communication terminals, time changes, etc. Create and release media state.

  When providing an API using such an API gateway device, it is necessary to appropriately monitor and prevent access from a malicious user. As a method for monitoring and preventing such access, user authorization is required. Control is important.

  Authorization control for each user when a conventional API gateway device is used is based on a policy represented by PEEM (Policy Evaluation, Enforcement and Management) defined as one of Policy Enforcers in OMA (Open Mobile Alliance). This is performed by the policy control device (see, for example, Non-Patent Document 3).

  In addition, as an access from a malicious user, there is a case where a call for the purpose of disturbance of a communication carrier network called a malicious call is made. Conventionally, for such malicious calls, a network monitoring device having a monitoring function for outgoing calls and a blocking function for restricting outgoing calls from the caller when it is determined as a caller of malicious calls Connected to a user network.

Parlay Group, “Open Service Access (OSA); Parlay X Web Services; Part 2: Third Party Call (Parlay X 3)”, ETSI ES 202 504-2 v0.0.5 Jun. 2007. Parlay Group, “Open Service Access (OSA); Parlay X Web Services; Part 11: Audio Call (Parlay X 3)”, ETSI ES 202 504-11 v0.0.3 Jun. 2007. Open Mobile Alliance, “Policy Evaluation, Enforcement and Management Architecture”, OMA-AD-Policy_Evaluation_Enforcement_Management-V1_0-20080805-C, Aug. 2008.

  The functions that can be managed by the policy control device are within the range that can be described in the policy, and whether there is almost no difference in processing time between the case of management by the API gateway device and the case of management by the policy control device, Or it is limited to the case where it is more efficient to manage with the policy control device. For example, when a certain API user describes the number of APIs that can be called per second in the policy, the number of APIs called in the API gateway device is also counted in the policy control device that passes along the way. In both cases, the performance is the same. Further, for example, there are cases where it is desired to count the number of API calls for a plurality of API gateway devices. In such a case, it is more efficient to count the number of API calls by the policy control device.

  On the other hand, the policy control device has functions that are difficult to manage. For example, it is a function that limits the number of call states. There are two types of call state generation triggers in the API gateway device, one is generation by a call control API, and the other is generation by a call from a communication terminal such as a telephone. As for the call state release trigger, release by a call disconnection command of the call control API, a disconnection request from a communication terminal (for example, placing a telephone handset), and disconnection when some trouble occurs in the API gateway device, etc. There are several opportunities for release.

  Generally, since the policy control apparatus is on an information network where API requests are communicated from applications, policy control is performed when a call state generation trigger and a release trigger occur in a portion other than the information network side. The device cannot detect this. Although it is possible to use a policy control device for request communication on the telecommunications carrier network side, it is still impossible to detect whether or not the API gateway device actually generated the state by this method. .

  Therefore, authorization control that manages various states by the API gateway device and limits the number of the states is difficult to manage by the policy control device and needs to be executed by the API gateway device.

  Further, regarding malicious calls that have been monitored and regulated by a network monitoring device connected to a telecommunications carrier network in the past, the API gateway device can also be called by calling a call command of the call control API from the information network side. There is a problem that a disturbance to the telecommunications carrier network can be performed. If a large number of call control API call commands are called, the policy control device on the call command request transmission path can be dealt with by limiting the number of requests. There is no means to limit the disturbance to the API gateway device and the carrier network due to the repetition of short-term hold calls.

  In addition, even when the number of call states is limited by the number of states controlled by the authorization control function, call states can be generated without reaching the maximum number for malicious calls that always make and disconnect calls as a set.・ Release may be repeated and will not be a countermeasure against malicious calls.

  Therefore, the present invention has been made in view of the above problems, and in order to appropriately monitor and regulate access from API users, it is easy to perform authorization control that manages and restricts the status for each API user. An object of the present invention is to provide an API gateway device, an API providing method, and an API gateway program that can be realized.

  In addition, in order to appropriately monitor and regulate access from an API user, an API gateway device capable of appropriately monitoring and regulating a call according to a call instruction of a call control API from an information network, an API providing method, And an API gateway program.

In order to solve the above problems, the present invention provides means [1]-[6] below.
[1] In an API gateway device that provides a call control API or a media control API in response to an API call request,
Authorization information storage means for storing authorization information including the number of states of each of the generated call state and media state and a predetermined maximum allowable number of states for each API user;
When the API call request is received from one API user, from the stored authorization information, the number of states corresponding to the API call request and the maximum allowable number of states corresponding to the one API user An authorization control means for generating a state when the number of states is less than or equal to the maximum allowable number of states, and
An API gateway device comprising:
[2] In an API gateway device that provides a call control API in response to an API call request,
For each API user, after the call state is generated, the held call number storage means for storing the number of held calls per unit time in the hold state in which the call state is shifted to without being shifted to the call connection state;
When an API call request from one API user is received and the call is put on hold, the stored call count is incremented by one and updated and stored, and the update stored call count is determined in advance. A block flag setting means for setting a block flag corresponding to the one API user when the threshold is larger than the threshold;
Malicious call block processing that permits generation of a call state only when the block flag corresponding to the one API user is not set when generating a call state in response to an API call request from one API user Means,
An API gateway device comprising:
[3] In an API providing method for providing a call control API or a media control API in response to an API call request,
A request accepting step of accepting the API call request from one API user;
The API call request corresponding to the one API user from the authorization information including the number of states of each of the generated call state and media state and the predetermined maximum allowable number of states for each API user An authorization control step of generating a state when the state number is equal to or less than the maximum allowable state number, with reference to the state number and the maximum allowable state number according to
An API providing method characterized by comprising:
[4] In an API providing method for providing a call control API in response to an API call request,
A request accepting step of accepting the API call request from one API user;
A call state generation permission step for permitting generation of a call state only when the block flag corresponding to the one API user is not set;
A call state generation step for generating a call state when call state generation is permitted in the call state generation permission step;
After the call state is generated, when the call state is changed to the call disconnect state without changing to the call connection state, the number of held calls per unit time in the hold state is increased by one and updated. A blocking flag setting step for setting the blocking flag when the updated number of held calls is larger than a predetermined threshold;
An API providing step of providing the call control API to the one API user when the call state is shifted to after the call state is generated in the call state generation step;
An API providing method characterized by comprising:
[5]
Request accepting means for accepting an API call request from one API user;
The API call request corresponding to the one API user from the authorization information including the number of states of each of the generated call state and media state and the predetermined maximum allowable number of states for each API user An authorization control means for generating a state when the state number is equal to or less than the maximum allowable state number, with reference to the state number and the maximum allowable state number according to
API providing means for selecting a call control API or a media control API in response to the API call request when the state is generated in the authorization control means, and providing it to the one API user;
API gateway program to make it function.
[6]
Request accepting means for accepting an API call request from one API user;
Call state generation permission means for permitting generation of a call state only when a block flag corresponding to the one API user is not set;
Call state generation means for generating a call state when call state generation permission means permits the call state generation; and
After the call state is generated, when the call state is changed to the call disconnect state without changing to the call connection state, the number of held calls per unit time in the hold state is increased by one and updated. A block flag setting means for setting the block flag when the updated number of held calls is greater than a predetermined threshold;
An API providing unit for providing a call control API to the one API user when the call state is shifted to after the call state is generated by the call state generating unit;
API gateway program to make it function.

  ADVANTAGE OF THE INVENTION According to this invention, the authorization control which manages a state for every API user and adds a restriction | limiting can be implement | achieved easily. In addition, it is possible to appropriately monitor a call based on a call instruction of the call control API, for example, to restrict a malicious call. Therefore, access from an API user can be appropriately monitored and regulated.

It is a block diagram of the API provision system to which the API gateway apparatus which is embodiment of this invention is applied. It is a functional block diagram of the outline of the API gateway apparatus which is this embodiment. It is a flowchart for demonstrating a process when the opportunity which produces | generates a new state generate | occur | produces in the API gateway apparatus which is this embodiment. 6 is a flowchart for explaining processing when a call instruction for newly generating a call state in the call control API is called in the API gateway device according to the present embodiment.

  Hereinafter, embodiments for carrying out the present invention will be described in detail with reference to the drawings. FIG. 1 shows a configuration diagram of an API providing system to which an API gateway device according to an embodiment of the present invention is applied. In the figure, an API providing system 1 includes application terminals 10-1 to 10-3, a policy control device 20, an API gateway device 40, an API connected to each other via an information network 30 that is an API requesting side. The communication terminals 50-1 to 50-3 are connected to each other via a communication carrier network 60 on the provider side.

  In the API providing system 1, the information network 30 is an IP (Internet Protocol) network such as the Internet. Further, the telecommunications carrier network 60 is a network managed by a telecommunications carrier that provides services such as telephones. For example, the call connection is made by SIP (Session Initiation Protocol) such as NGN (Next Generation Network) or IMS (IP Multimedia Subsystems). It is a network that can perform.

  The authorization control excluding the authorization control executed by the API gateway device 40 is executed by the policy control device 20 provided between the application terminals 10-1 to 10-3 and the API gateway device 40. The policy control device 20 can use a conventional policy control device.

  The API gateway device 40 is provided between the information network 30 and the telecommunications carrier network 60. Upon receiving an API call request from the application terminals 10-1 to 10-3, the API gateway device 40 controls the communication terminals 50-1 to 50-3. When a call control request is received from the communication terminals 50-1 to 50-3, the application terminal 10-1 to 10-3 is notified of a change in the result of receiving the call control request.

  Specifically, the API gateway device 40 provides an API in the form of a network control system web service represented by the Call Control API and Media Control API of Parlay X. In the Third Party Call part that provides the Call Control system API of Parlay X, the API gateway device 40 that has received a call command from the application terminal 10 is instructed by a command requested to the communication carrier network 60. A call is made to the terminal 50 using a call control protocol in the communication carrier network 60. For example, if the telecommunications carrier network 60 is a SIP network, a SIP INVITE request is issued.

  Similarly, a Call Notification part of Parlay X that provides an API for notifying an application of a request from the communication network side (Parlay Group, “Open Service Access (OSA); Parlay X Web Services; Part 3: Call Notification X). ) ", ETSI ES 202 504-3 v0.0.3, Jun. 2007.), the API gateway device 40 that has received a call request (for example, an INVITE request in SIP) from the communication terminal 50 is connected to the application terminal 10. Is notified by sending a request in the Web service format.

  The Audio Call part that provides the Parlay X media control system API designates an existing call state and calls a media control command from the application terminal 10 to the API gateway device 40, thereby transmitting media in the communication carrier network 60. Various media control such as reproduction of guidance voice is performed on the communication terminal 50 using a trust protocol (for example, RTP (Realtime Transport Protocol when the communication carrier network 60 is a SIP network)).

  The API gateway device 40 also has a function of receiving various media inputs (for example, DTMF signals and voice inputs) from the communication terminal 50 and notifying the application terminal 10 by sending a request for a Web service format. Prepare.

  The call state in the present embodiment refers to various pieces of information necessary for continuation of the call (that is, information such as which communication terminal is connected to which communication terminal or what stage the call is currently in) ) And corresponds to Call Session in Parlay X. The media status is generated at the start of media control and holds information such as what stage the control is currently in. Media states in Parlay X include Media Message that holds media playback information, and Media Interaction that performs media playback and accepts various media inputs (DTMF signals, audio inputs, etc.) from a communication terminal.

  FIG. 2 shows a schematic functional block diagram of the API gateway device 40. In the figure, the API gateway device 40 includes an API provision processing unit 410, an API state management unit 420, an authorization control unit 430, an authorization information management unit 440, a malicious call blocking processing unit 450, and the number of short-term calls held. And a management unit 460. The API provision processing unit 410 performs call control and media control according to the type of API requested, and depending on triggers such as API call, incoming / disconnected from the communication terminals 50-1 to 50-3, time change, etc. The API state management unit 420 generates / releases the call state 421 and the media state 422.

  The authorization information management unit 440 holds a set of a state number 441 and a maximum allowable state number (maximum state number) 442 for each state that is a target of the API gateway device 40 in units of API users. In the present embodiment, for each API user, a set of the state number 441 and the maximum state number 442 for the call state 421 and a pair of the state number 441 and the maximum state number 442 for the media state 422 are held.

  Here, the API user in this embodiment is defined. An API user is an entity that can obtain an API provided from the API gateway device 40 when, for example, an ID uniquely identifiable by a contract is issued and the authentication device is authenticated by the ID. . As an example of the difference in the operation of the API gateway device 40 due to the identification of the API user, the API gateway device 40 has a restriction that an operation to a state generated by a certain API user can be performed only by the same API user. May add. This is because when one API user's application allows control from the other API user's application, the behavior of the application that one API user did not expect may appear. Because there is.

  The unit of API user is also used as a unit for authorization control. For example, when a certain application provider has been authorized to use an audio / video processing command for the API gateway device 40 and is newly creating an application that handles only audio, the application provider is authorized to use only the audio processing command. The present invention can be applied to an example in which a new ID is acquired at a lower cost than an authorized one for both audio and video processing instructions.

  The short-time call holding number management unit 460 uses the API as the number of short-time call holdings (the number of call holdings) 461-1 to 461-N as the number of call states disconnected before shifting to the connected state per unit time. Hold by person. When the number of short-term calls 461-i (i ≦ N) exceeds the threshold value 463, the block flag 462-i is set for the corresponding API user (i). The malicious call blocking processing unit 450 blocks the state generation request from the set API user (i).

  The reason why the authorization information management unit 440 holds the maximum number of states 442 for each API user is that even API users accommodated in the same API gateway device 40 can be used depending on the contract form. This is because there may be a difference in the maximum number. The number of states 441 and the maximum number of states 442 are determined for each state. For example, when there is an API user who wants to use many call control APIs without using any media control API, the maximum number of call states is This is because there may be a contract form in which a large number of states are ensured and a maximum number of media states is small.

  In addition, in the short-time call holding number management unit 460, the threshold value 463 is set for each API gateway device 40, and not set for each API user unit, because “the API gateway device 40 and the communication carrier network 60 This is because the threshold value determined as “disturbance” is considered not to depend on the contract of the API user.

  Next, in the API gateway apparatus according to the present embodiment, a flowchart of processing when a trigger for generating a new state occurs is shown in FIG. When a state generation trigger occurs, the authorization information management unit 440 determines the state number 441 of the corresponding API user (j) from among the state numbers 441-1 to 441-M and the maximum state numbers 442-1 to 442-M. The values are compared with reference to −j (j ≦ M) and the maximum number of states 442-j (S31).

  If the number of states 441-j exceeds the maximum number of states 442-j (S31 YES), the authorization information management unit 440 stops the state generation process (S32). Next, the authorization control unit 430 canceled the state generation because the state number 441-j exceeded the maximum state number 442-j by transmitting an error response to the request source that generated the state generation trigger. Notification is made (S33).

  On the other hand, when the state number 441-j is equal to or less than the maximum state number 442-j in the comparison process of step S31 (S31 NO), the authorization information management unit 440 increases the state number 441-j by 1 (S34), State generation processing is performed (S35).

  Next, in the API gateway device according to the present embodiment, a flowchart for processing when a call instruction for newly generating a call state in the call control API is called is shown in FIG. When a call state generation command of the API gateway device 40 is called from the API user (k), the short-time call waiting number management unit 460 blocks the blocking flag 462-k (k ≦ k) for the API user who has called the call state generation command. The state of N) is confirmed (S41).

  When the blocking flag 462-k is not set (S41 OFF), the API gateway device 40 generates a call state (S42). On the other hand, when the blocking flag 462-k is set (S41 ON), the malicious call blocking processing unit 450 indicates that the API user (k) is the API gateway device 40 and the communication carrier network 60 due to the malicious call. It is determined that it is a person who has made a disturbance to this, and the processing for this new call state generation request is stopped and an error response is transmitted (S43).

  After making a call by generating a call state in the processing of step S42, after receiving a response such as picking up the handset on the receiving side, a suspension process (stopping the call or terminating the call by the API) before the call is established When the incoming call rejection by the communication terminal on the side is performed (S44 YES), the API gateway device 40 shifts the corresponding call state to the disconnected state (S45). On the other hand, when the interruption process is not performed in the process of step S44 (S44 NO), the call connection process is performed to establish the call (S46). Here, between the process of step S42 and the process of step S44, the authorization control process based on the number of call states shown in FIG. 3 is actually executed.

  After the corresponding call state is changed to the disconnected state in the process of step S45, the short-time hold call number management unit 460 displays the short-time hold call number 461-k of the API user (k) who has called the call state generation command. Is increased by 1 (S47). Next, the malicious call blocking processing unit 450 determines whether or not the increased number of short-term on-hold calls 461-k exceeds the threshold value 463 set in the short-time on-hold call count management unit 460 (S48).

  When it is determined that it has exceeded (S48 YES), the malicious call blocking processing unit 450 determines that the API user has made a disturbance to the API gateway device 40 and the telecommunications carrier network 60 due to the malicious call. The blocking flag 463 is set (turned on) to the API user (k) who performs (S49). As a result, the call state generation command requested later from the API user (k) is blocked in the process of step S41.

  On the other hand, if it is determined in step S48 that it has not exceeded (NO in S48), at this stage, the API user (k) does not disturb the API gateway device 40 and the communication carrier network 60. Determine and end the process.

  As described above, according to the API gateway device of the present embodiment, authorization control for managing and restricting the call state and the media state for each API user can be easily realized. Further, it is possible to appropriately monitor and regulate a malicious call due to a call instruction of a call control API from the information network side such as the Internet. Therefore, by using the API gateway device according to the present embodiment, it is possible to appropriately monitor and regulate access from API users.

  Note that at least a part of the processing functions of the API gateway device according to the embodiment described above may be realized by a computer. In this case, an API gateway program for realizing the processing function is recorded on a computer-readable recording medium, and the API gateway program recorded on the recording medium is read into the computer system and executed. May be. Here, the “computer system” includes an OS (Operating System) and hardware of peripheral devices. The “computer-readable recording medium” refers to a portable recording medium such as a flexible disk, a magneto-optical disk, an optical disk, and a memory card, and a storage device such as a hard disk built in the computer system. Furthermore, the “computer-readable recording medium” dynamically holds a program for a short time like a communication line when transmitting a program via a network such as the Internet or a communication line such as a telephone line. In this case, a volatile memory in a computer system serving as a server or a client in that case may be included and a program that holds a program for a certain period of time may be included. Further, the above program may be for realizing a part of the functions described above, or may be realized by a combination with the program already recorded in the computer system. .

  As mentioned above, although embodiment of this invention was explained in full detail with reference to drawings, the concrete structure is not restricted to this embodiment, The design etc. of the range which does not deviate from the summary of this invention are included.

DESCRIPTION OF SYMBOLS 1 API provision system 10-1 to 10-3 Application terminal 20 Policy control apparatus 30 Information network 40 API gateway apparatus 50-1 to 50-3 Communication terminal 60 Communication carrier network 410 API provision process part 420 API state management part 421- 1-421-L Call state 422-1 to 422-L Media state 430 Authorization control unit 440 Authorization information management unit 441-1 to 441-M Number of states 442-1 to 442-M Maximum allowed number of states 450 Malicious call blocking processing Unit 460 short-time call holding number management unit 461-1 to 461-N short-time call holding number 462-1 to 462-N blocking flag 463 threshold

Claims (6)

In an API gateway device that provides a call control API or a media control API in response to an API call request,
Authorization information storage means for storing , for each API user, the number of states indicating the number of call states and media states that increase or decrease based on the request of the API user, and a predetermined maximum allowable number of states ;
When receiving said API call request from one API user, corresponding to the previous SL one API user stored in the authorization information storing means, the maximum and the number of states of the state according to the API call request The number of states is compared, and if the number of states is less than or equal to the maximum number of allowed states, the state is generated, and the number of states stored in the authorization information storage unit is increased by 1, and the number of states is An authorization control means for returning an error response if not less than the maximum allowable number of states ;
An API gateway device comprising: In an API gateway device that provides a call control API in response to an API call request,
Each API user, after generating the call state, the held call number storage means for storing the coercive Tomeko number of pending state, in a transition to the call disconnected state without shifting to the call connection state,
When the number of held calls per unit time stored in the held call number storage means is larger than a predetermined threshold when the API call request from one API user is placed in the hold state Blockage flag setting means for setting a blockage flag corresponding to the one API user;
When generating a call state in response to an API call request from the one API user, if the block flag corresponding to the one API user is not set, the generation of the call state is permitted, and the block flag Malicious call blocking processing means for returning an error response when
An API gateway device comprising: In order to provide a call control API or a media control API in response to an API call request, for each API user, a number of states indicating the number of call states and media states that increase or decrease based on the API user request, and a predetermined number are determined. a is the maximum allowed number of states and the API provides a method for API gateway device performs with the authorization information storing means for storing,
When the API call request is received from one API user, the number of states corresponding to the API call request and the maximum allowable value corresponding to the one API user stored in the authorization information storage unit The number of states is compared, and when the number of states is less than or equal to the maximum allowable number of states, the state is generated, and the number of states stored in the authorization information storage unit is increased by 1, and the number of states is API provides a method which is characterized in that when not less than the maximum allowable number of states with the authorization control steps to return an error response. In order to provide a call control API in response to an API call request, for each API user, after the call state is generated, the number of held calls in the hold state that is in the call disconnected state without shifting to the call connection state a API provides methods API gateway apparatus performs comprise held call number storing means for storing,
When the number of held calls per unit time stored in the held call number storage means is larger than a predetermined threshold when the API call request from one API user is placed in the hold state A block flag setting step for setting a block flag corresponding to the one API user ;
When generating a call state in response to an API call request from the one API user, if the block flag corresponding to the one API user is not set, the generation of the call state is permitted, and the block flag And a malicious call blocking processing step of returning an error response when is set . An API gateway program for causing a computer to function as the API gateway device according to claim 1 . An API gateway program for causing a computer to function as the API gateway device according to claim 2 .

Images