KR20140076955A - Network contorl sysyem and method using service type - Google Patents

Network contorl sysyem and method using service type Download PDF

Info

Publication number
KR20140076955A
KR20140076955A KR1020120145564A KR20120145564A KR20140076955A KR 20140076955 A KR20140076955 A KR 20140076955A KR 1020120145564 A KR1020120145564 A KR 1020120145564A KR 20120145564 A KR20120145564 A KR 20120145564A KR 20140076955 A KR20140076955 A KR 20140076955A
Authority
KR
South Korea
Prior art keywords
network
service
authentication
user
sdn
Prior art date
Application number
KR1020120145564A
Other languages
Korean (ko)
Inventor
박한솔
양선희
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR1020120145564A priority Critical patent/KR20140076955A/en
Publication of KR20140076955A publication Critical patent/KR20140076955A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A network control method using a service characteristic according to the present invention is a network control method using a service characteristic in a Software Defined Network (SDN) A mapping step of confirming a user subscription service based on a user profile according to a result of the authentication and confirming a service profile to acquire a subscriber request service, A preprocessing step of setting a logical path, and a network defining step of defining a network by combining the logical path information and the user profile information collected in the preprocessing step and setting a policy in the SDN.

Description

TECHNICAL FIELD [0001] The present invention relates to a network control system using service characteristics,

The present invention relates to a network control apparatus and method using a service characteristic in a software defined network (SDN).

In the case of network users using the public network infrastructure, in order to provide a quality assurance service, it is necessary to establish a plurality of agent programs related to the service, perform authentication, and reflect the authorization policy to the network The process is repeatedly needed.

For the exchange of terminals or services in heterogeneous networks, users should be able to access network regardless of access network. In order to provide same service at important network level, integrated authentication method for subscribers is required. However, in the public telecommunication network, it is not provided generally.

To this end, Internet service providers are currently applying various authentication technologies (eg, EAP over RADIUS, Diameter-EAP) to control subscriber authentication and policies for subscriber-specific policy control based on subscriber authentication results . As part of this approach, Cross-Authentication policy among providers is proposed as an alternative to provide network scalability.

However, in the current network, the DHCP server allocates the IP address to the subscriber through the user authentication step, and provides only the IP-based network access service in an effort to provide a specific service.

Accordingly, an embodiment of the present invention provides a network control apparatus and method for defining a network suitable for a service to be provided to a user through user authentication.

A network control method using a service characteristic according to an aspect of the present invention is a network control method using a service characteristic in a Software Defined Network (SDN) in a network control system, A mapping step of confirming a user subscription service based on a user profile according to a result of the authentication and confirming a service profile to acquire a subscriber requesting service, And a network defining step of defining a network by combining the logical path information and user profile information collected in the preprocessing step and setting a policy with the SDN.

As described above, according to the embodiment of the present invention, it is possible to define a network suitable for the service to be provided to the user together with the user integrated authentication, and the network bandwidth setting, the network path, the load balancing method, And the like.

Also, the present invention can provide the same level of network service regardless of the connection to any network through the integrated authentication method.

FIG. 1 illustrates a network control system that assures service quality using service characteristics according to an embodiment of the present invention. Referring to FIG.
FIG. 2 is a diagram illustrating a process of performing operations between components of the network control system of FIG. 1. Referring to FIG.
3 is a flow diagram illustrating a flow of a method for controlling a network in accordance with an embodiment of the present invention.
4 is a flowchart illustrating a specific job execution procedure performed by the SDN generation control unit according to FIG.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, a terminal is referred to as a mobile station (MS), a mobile terminal (MT), a subscriber station (SS), a portable subscriber station (PSS) terminal, an AT, a user equipment (UE), or the like, and may include all or some of functions of a terminal, MT, SS, PSS, AT, UE,

In addition, a base station (BS) includes a node B, an evolved node B, an eNodeB, an access point (AP), a radio access station (RAS) a base transceiver station (BTS), a mobile multihop relay (MMR) -BS, or the like, and may include all or some of functions of a Node B, an eNodeB, an AP, a RAS, a BTS, and an MMR-BS.

Throughout the specification, when an element is referred to as "comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise. Also, the terms " part, "" module," " module, "and " block" refer to units that process at least one function or operation, Lt; / RTI >

FIG. 1 illustrates a network control system that assures service quality using service characteristics according to an embodiment of the present invention. Referring to FIG.

The network control system 100 using the service characteristic of the present invention according to the present invention shown in FIG. 1 includes a global authentication server 110, a user profile means 120, a service profile means 130, an external authentication proxy server 140, And a control unit 160.

The global authentication server 110 is a server that performs integrated authentication of a user. Here, the global authentication server 110 may be implemented by a plurality of connection systems (not shown) and a single control system (not shown) according to an embodiment of the present invention.

The user profile means 120 describes information such as authentication and authorization of a network subscriber 200.

The service profile means 130 describes guide information for providing a networking service for a specific service request of the user.

The external authentication proxy server 140 serves as an authentication agent for the external application 300 to perform a role of acquiring a service provided by the application and performs a preprocessing role. Here, the external application 300 includes a virtual private network (VPN), an Internet banking service, a U-Claud, and an IP-TV.

The SDN creation controller 160 can define and set up the SDN network while playing and managing the overall related functions.

FIG. 2 is a diagram illustrating a process of performing operations between components of the network control system of FIG. 1. Referring to FIG.

The global authentication server 110 is composed of a plurality of connection systems and a control system. The access systems extract the subscriber connection authentication information and perform authentication to the control system.

At this time, the subscriber-specific policy is applied based on the authentication result notified from the control system. The control system acts as a proxy for performing the requested subscriber authentication from the access system, where the proxy role provides security, administrative level of regulation, and cache service. In addition, the control system performs the function of transmitting accounting information to a related function such as a billing server in the authentication such as cross authentication.

The user profile means 120 is composed of authentication and authorization information required to guarantee or obtain a specific network service of the subscriber. When a network subscriber tries to connect, it extracts information (for example, user ID and password) necessary for authentication and maps the user profile to the user.

The service profile means 130 is a protocol defining a method for providing a networking service for specific service requests of a subscriber. And, the service profile means 130 may be in contrast to the current network protocol, but may have other forms and may not be the same.

The external authentication proxy server 140 is a function for performing a user service request and acting as an agent for setting a path for authentication, service location confirmation, and network service between services.

The SDN generation control unit 160 is a core function that manages the functions of the global authentication server 110, the user profile means 120, the service profile means 130 and the external authentication proxy server 140, . Then, the SDN generation control unit 160 analyzes the information collected from the respective services and performs a function of programming (for example, planning, scheduling) the SDN network.

3 is a flow diagram illustrating a flow of a method for controlling a network in accordance with an embodiment of the present invention.

Referring to FIG. 3, a network control method according to the present invention includes a global authentication step S102, a mapping step S104, a preprocessing step S106, and a network definition step S108.

As shown in FIG. 3, the network control system 100 receives a user network access request from a network subscriber through a public communication network (S100).

The global authentication step is a step in which the global authentication server 110 performs global authentication for approving subscriber access (S120).

In the mapping step, the user profile means 120 confirms the user subscription service based on the user profile according to the subscriber authentication result, and the service profile means 130 confirms the service profile to obtain the subscriber request service and performs mapping (S104).

Then, the external authentication proxy server 140 performs a preprocessing step of setting a logical path for providing a target service for the user (S106). In the preprocessing step, it is intended to log in to the destination service or secure the service.

In addition, the present invention defines a network by combining the logical path information and user profile information collected in the preprocessing step, and sets a policy to the actual network (SDN) (S108).

The flow of the network control method according to FIG. 3 can be performed by the subscriber unit, the SDN generation control unit 160, and the SDN generation control unit 160 and the SDN network.

4 is a flowchart illustrating a specific job execution procedure performed by the SDN generation control unit according to FIG.

Referring to FIG. 4, the SDN generation controller 160 receives a network access request message from a network subscriber (S200), and performs global authentication for access authorization of the subscriber (S202).

Then, the user profile and the service profile are inquired and the mapping is performed (S204, S206, S208).

If it is determined that the mapping does not match the user profile or the service profile, the new service is registered and the global authentication is performed again (S210).

When the mapping is performed, the SDN network is defined based on QoS (Quality of Service) information, and information is gathered for path setting of the destination service.

Then, the program defined by the SDN generation control unit 160 is applied to the SDN network.

As described above, according to the present invention, it is possible to define a network suitable for a service to be provided to a user together with user integrated authentication, and to provide various forms of network subscribers such as a network bandwidth setting, a network path, a load balancing method, Quality guarantee type communication service can be provided.

The embodiments of the present invention described above are not implemented only by the apparatus and method, but may be implemented through a program for realizing the function corresponding to the configuration of the embodiment of the present invention or a recording medium on which the program is recorded.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.

110: Global Authentication Server 120: User Profile Means
130: service profile means 140: external authentication proxy server
150: mapping unit 160: SDN generation control unit

Claims (1)

A network control method using a service characteristic in a software defined network (SDN)
A global authentication performing step of performing authentication to approve access of a network subscriber (Subscriber User)
A mapping step of confirming a user subscription service based on a user profile according to a result of the authentication and confirming a service profile to acquire a subscriber requesting service,
A preprocessing step of setting a logical path for providing a target service for the user, and
A network definition step of defining a network by combining the logical path information and the user profile information collected in the preprocessing step and setting a policy with the SDN
Containing
A network control method using service characteristics.
KR1020120145564A 2012-12-13 2012-12-13 Network contorl sysyem and method using service type KR20140076955A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020120145564A KR20140076955A (en) 2012-12-13 2012-12-13 Network contorl sysyem and method using service type

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020120145564A KR20140076955A (en) 2012-12-13 2012-12-13 Network contorl sysyem and method using service type

Publications (1)

Publication Number Publication Date
KR20140076955A true KR20140076955A (en) 2014-06-23

Family

ID=51129075

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020120145564A KR20140076955A (en) 2012-12-13 2012-12-13 Network contorl sysyem and method using service type

Country Status (1)

Country Link
KR (1) KR20140076955A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160002155A (en) 2014-06-30 2016-01-07 에스케이텔레콤 주식회사 Method fof transmitting of contents based on sdn network and ccn network
KR20160002154A (en) 2014-06-30 2016-01-07 에스케이텔레콤 주식회사 Method for generate contents name and routing method based on contents name using sdn networkd, apparatus using the same
KR20160039382A (en) 2014-10-01 2016-04-11 국방과학연구소 Protocol dynamic configuration system for reflecting network characteristics in service oriented architecture and Method thereof
KR20160072002A (en) 2014-12-12 2016-06-22 주식회사 케이티 System and method for optimal path computation on software defined networking

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160002155A (en) 2014-06-30 2016-01-07 에스케이텔레콤 주식회사 Method fof transmitting of contents based on sdn network and ccn network
KR20160002154A (en) 2014-06-30 2016-01-07 에스케이텔레콤 주식회사 Method for generate contents name and routing method based on contents name using sdn networkd, apparatus using the same
KR20160039382A (en) 2014-10-01 2016-04-11 국방과학연구소 Protocol dynamic configuration system for reflecting network characteristics in service oriented architecture and Method thereof
KR20160072002A (en) 2014-12-12 2016-06-22 주식회사 케이티 System and method for optimal path computation on software defined networking

Similar Documents

Publication Publication Date Title
US10299128B1 (en) Securing communications for roaming user equipment (UE) using a native blockchain platform
US20190150208A1 (en) Cloud based access solution for enterprise deployment
US10123205B2 (en) Admission of a session to a virtual network service
US9113332B2 (en) Method and device for managing authentication of a user
CN102938890B (en) User's overview, strategy and PMIP key distribution in cordless communication network
US11659621B2 (en) Selection of IP version
EP1881660A1 (en) A method, apparatus and system for wireless access
US20100048161A1 (en) Method, system and apparatuses thereof for realizing emergency communication service
CA2789495C (en) Seamless mobile subscriber identification
KR20100028598A (en) Methods and apparatus for providing pmip key hierarchy in wireless communication networks
EP2534889B1 (en) Method and apparatus for redirecting data traffic
US9042343B2 (en) Method, apparatus and system for redirecting data traffic
WO2012128876A1 (en) A flexible system and method to manage digital certificates in a wireless network
WO2017197596A1 (en) Communication method, network equipment, and user equipment
KR20190017490A (en) Manual roaming and data usage rights
US20170093868A1 (en) Device authentication to capillary gateway
US20190223013A1 (en) Method for establishing public data network connection and related device
US9713176B2 (en) Telecommunication method and telecommunication system
KR20140076955A (en) Network contorl sysyem and method using service type
US10219309B2 (en) D2D service authorizing method and device and home near field communication server
US8561150B2 (en) Method and system for supporting mobility security in the next generation network
JP2010136375A (en) Method of authentication, qos control, traffic control and ip mobility control, using network access device
CN107006057B (en) Controlling wireless local area network access
US20220263826A1 (en) Dynamic allocation of network slice-specific credentials
CN102413452B (en) A kind of method and system obtaining ID

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination