KR20140076955A - Network contorl sysyem and method using service type - Google Patents
Network contorl sysyem and method using service type Download PDFInfo
- Publication number
- KR20140076955A KR20140076955A KR1020120145564A KR20120145564A KR20140076955A KR 20140076955 A KR20140076955 A KR 20140076955A KR 1020120145564 A KR1020120145564 A KR 1020120145564A KR 20120145564 A KR20120145564 A KR 20120145564A KR 20140076955 A KR20140076955 A KR 20140076955A
- Authority
- KR
- South Korea
- Prior art keywords
- network
- service
- authentication
- user
- sdn
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A network control method using a service characteristic according to the present invention is a network control method using a service characteristic in a Software Defined Network (SDN) A mapping step of confirming a user subscription service based on a user profile according to a result of the authentication and confirming a service profile to acquire a subscriber request service, A preprocessing step of setting a logical path, and a network defining step of defining a network by combining the logical path information and the user profile information collected in the preprocessing step and setting a policy in the SDN.
Description
The present invention relates to a network control apparatus and method using a service characteristic in a software defined network (SDN).
In the case of network users using the public network infrastructure, in order to provide a quality assurance service, it is necessary to establish a plurality of agent programs related to the service, perform authentication, and reflect the authorization policy to the network The process is repeatedly needed.
For the exchange of terminals or services in heterogeneous networks, users should be able to access network regardless of access network. In order to provide same service at important network level, integrated authentication method for subscribers is required. However, in the public telecommunication network, it is not provided generally.
To this end, Internet service providers are currently applying various authentication technologies (eg, EAP over RADIUS, Diameter-EAP) to control subscriber authentication and policies for subscriber-specific policy control based on subscriber authentication results . As part of this approach, Cross-Authentication policy among providers is proposed as an alternative to provide network scalability.
However, in the current network, the DHCP server allocates the IP address to the subscriber through the user authentication step, and provides only the IP-based network access service in an effort to provide a specific service.
Accordingly, an embodiment of the present invention provides a network control apparatus and method for defining a network suitable for a service to be provided to a user through user authentication.
A network control method using a service characteristic according to an aspect of the present invention is a network control method using a service characteristic in a Software Defined Network (SDN) in a network control system, A mapping step of confirming a user subscription service based on a user profile according to a result of the authentication and confirming a service profile to acquire a subscriber requesting service, And a network defining step of defining a network by combining the logical path information and user profile information collected in the preprocessing step and setting a policy with the SDN.
As described above, according to the embodiment of the present invention, it is possible to define a network suitable for the service to be provided to the user together with the user integrated authentication, and the network bandwidth setting, the network path, the load balancing method, And the like.
Also, the present invention can provide the same level of network service regardless of the connection to any network through the integrated authentication method.
FIG. 1 illustrates a network control system that assures service quality using service characteristics according to an embodiment of the present invention. Referring to FIG.
FIG. 2 is a diagram illustrating a process of performing operations between components of the network control system of FIG. 1. Referring to FIG.
3 is a flow diagram illustrating a flow of a method for controlling a network in accordance with an embodiment of the present invention.
4 is a flowchart illustrating a specific job execution procedure performed by the SDN generation control unit according to FIG.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.
Throughout the specification, a terminal is referred to as a mobile station (MS), a mobile terminal (MT), a subscriber station (SS), a portable subscriber station (PSS) terminal, an AT, a user equipment (UE), or the like, and may include all or some of functions of a terminal, MT, SS, PSS, AT, UE,
In addition, a base station (BS) includes a node B, an evolved node B, an eNodeB, an access point (AP), a radio access station (RAS) a base transceiver station (BTS), a mobile multihop relay (MMR) -BS, or the like, and may include all or some of functions of a Node B, an eNodeB, an AP, a RAS, a BTS, and an MMR-BS.
Throughout the specification, when an element is referred to as "comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise. Also, the terms " part, "" module," " module, "and " block" refer to units that process at least one function or operation, Lt; / RTI >
FIG. 1 illustrates a network control system that assures service quality using service characteristics according to an embodiment of the present invention. Referring to FIG.
The
The
The user profile means 120 describes information such as authentication and authorization of a network subscriber 200.
The service profile means 130 describes guide information for providing a networking service for a specific service request of the user.
The external
The SDN
FIG. 2 is a diagram illustrating a process of performing operations between components of the network control system of FIG. 1. Referring to FIG.
The
At this time, the subscriber-specific policy is applied based on the authentication result notified from the control system. The control system acts as a proxy for performing the requested subscriber authentication from the access system, where the proxy role provides security, administrative level of regulation, and cache service. In addition, the control system performs the function of transmitting accounting information to a related function such as a billing server in the authentication such as cross authentication.
The user profile means 120 is composed of authentication and authorization information required to guarantee or obtain a specific network service of the subscriber. When a network subscriber tries to connect, it extracts information (for example, user ID and password) necessary for authentication and maps the user profile to the user.
The service profile means 130 is a protocol defining a method for providing a networking service for specific service requests of a subscriber. And, the service profile means 130 may be in contrast to the current network protocol, but may have other forms and may not be the same.
The external
The SDN
3 is a flow diagram illustrating a flow of a method for controlling a network in accordance with an embodiment of the present invention.
Referring to FIG. 3, a network control method according to the present invention includes a global authentication step S102, a mapping step S104, a preprocessing step S106, and a network definition step S108.
As shown in FIG. 3, the
The global authentication step is a step in which the
In the mapping step, the user profile means 120 confirms the user subscription service based on the user profile according to the subscriber authentication result, and the service profile means 130 confirms the service profile to obtain the subscriber request service and performs mapping (S104).
Then, the external
In addition, the present invention defines a network by combining the logical path information and user profile information collected in the preprocessing step, and sets a policy to the actual network (SDN) (S108).
The flow of the network control method according to FIG. 3 can be performed by the subscriber unit, the SDN
4 is a flowchart illustrating a specific job execution procedure performed by the SDN generation control unit according to FIG.
Referring to FIG. 4, the
Then, the user profile and the service profile are inquired and the mapping is performed (S204, S206, S208).
If it is determined that the mapping does not match the user profile or the service profile, the new service is registered and the global authentication is performed again (S210).
When the mapping is performed, the SDN network is defined based on QoS (Quality of Service) information, and information is gathered for path setting of the destination service.
Then, the program defined by the SDN
As described above, according to the present invention, it is possible to define a network suitable for a service to be provided to a user together with user integrated authentication, and to provide various forms of network subscribers such as a network bandwidth setting, a network path, a load balancing method, Quality guarantee type communication service can be provided.
The embodiments of the present invention described above are not implemented only by the apparatus and method, but may be implemented through a program for realizing the function corresponding to the configuration of the embodiment of the present invention or a recording medium on which the program is recorded.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.
110: Global Authentication Server 120: User Profile Means
130: service profile means 140: external authentication proxy server
150: mapping unit 160: SDN generation control unit
Claims (1)
A global authentication performing step of performing authentication to approve access of a network subscriber (Subscriber User)
A mapping step of confirming a user subscription service based on a user profile according to a result of the authentication and confirming a service profile to acquire a subscriber requesting service,
A preprocessing step of setting a logical path for providing a target service for the user, and
A network definition step of defining a network by combining the logical path information and the user profile information collected in the preprocessing step and setting a policy with the SDN
Containing
A network control method using service characteristics.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120145564A KR20140076955A (en) | 2012-12-13 | 2012-12-13 | Network contorl sysyem and method using service type |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120145564A KR20140076955A (en) | 2012-12-13 | 2012-12-13 | Network contorl sysyem and method using service type |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20140076955A true KR20140076955A (en) | 2014-06-23 |
Family
ID=51129075
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020120145564A KR20140076955A (en) | 2012-12-13 | 2012-12-13 | Network contorl sysyem and method using service type |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20140076955A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20160002154A (en) | 2014-06-30 | 2016-01-07 | 에스케이텔레콤 주식회사 | Method for generate contents name and routing method based on contents name using sdn networkd, apparatus using the same |
KR20160002155A (en) | 2014-06-30 | 2016-01-07 | 에스케이텔레콤 주식회사 | Method fof transmitting of contents based on sdn network and ccn network |
KR20160039382A (en) | 2014-10-01 | 2016-04-11 | 국방과학연구소 | Protocol dynamic configuration system for reflecting network characteristics in service oriented architecture and Method thereof |
KR20160072002A (en) | 2014-12-12 | 2016-06-22 | 주식회사 케이티 | System and method for optimal path computation on software defined networking |
-
2012
- 2012-12-13 KR KR1020120145564A patent/KR20140076955A/en not_active Application Discontinuation
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20160002154A (en) | 2014-06-30 | 2016-01-07 | 에스케이텔레콤 주식회사 | Method for generate contents name and routing method based on contents name using sdn networkd, apparatus using the same |
KR20160002155A (en) | 2014-06-30 | 2016-01-07 | 에스케이텔레콤 주식회사 | Method fof transmitting of contents based on sdn network and ccn network |
KR20160039382A (en) | 2014-10-01 | 2016-04-11 | 국방과학연구소 | Protocol dynamic configuration system for reflecting network characteristics in service oriented architecture and Method thereof |
KR20160072002A (en) | 2014-12-12 | 2016-06-22 | 주식회사 케이티 | System and method for optimal path computation on software defined networking |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10299128B1 (en) | Securing communications for roaming user equipment (UE) using a native blockchain platform | |
US20190150208A1 (en) | Cloud based access solution for enterprise deployment | |
US10123205B2 (en) | Admission of a session to a virtual network service | |
US9113332B2 (en) | Method and device for managing authentication of a user | |
CN102938890B (en) | User's overview, strategy and PMIP key distribution in cordless communication network | |
US11659621B2 (en) | Selection of IP version | |
EP1881660A1 (en) | A method, apparatus and system for wireless access | |
EP2534889B1 (en) | Method and apparatus for redirecting data traffic | |
CA2789495C (en) | Seamless mobile subscriber identification | |
KR20100028598A (en) | Methods and apparatus for providing pmip key hierarchy in wireless communication networks | |
US9042343B2 (en) | Method, apparatus and system for redirecting data traffic | |
WO2012128876A1 (en) | A flexible system and method to manage digital certificates in a wireless network | |
KR20190017490A (en) | Manual roaming and data usage rights | |
WO2017197596A1 (en) | Communication method, network equipment, and user equipment | |
US9713176B2 (en) | Telecommunication method and telecommunication system | |
US20190223013A1 (en) | Method for establishing public data network connection and related device | |
CN116546491A (en) | Method, device and system for anchor key generation and management for encrypted communication with a service application in a communication network | |
CN101296096B (en) | Method, device and system for implementing policy charging control in radio communication system | |
US10219309B2 (en) | D2D service authorizing method and device and home near field communication server | |
US20220263826A1 (en) | Dynamic allocation of network slice-specific credentials | |
KR20140076955A (en) | Network contorl sysyem and method using service type | |
US8561150B2 (en) | Method and system for supporting mobility security in the next generation network | |
JP2010136375A (en) | Method of authentication, qos control, traffic control and ip mobility control, using network access device | |
CN107006057B (en) | Controlling wireless local area network access | |
EP4240103A1 (en) | Roaming hub 5g interconnect for public line mobile networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |