US20150026769A1 - System And Method For Managing A Broadband Network - Google Patents

System And Method For Managing A Broadband Network Download PDF

Info

Publication number
US20150026769A1
US20150026769A1 US14/282,763 US201414282763A US2015026769A1 US 20150026769 A1 US20150026769 A1 US 20150026769A1 US 201414282763 A US201414282763 A US 201414282763A US 2015026769 A1 US2015026769 A1 US 2015026769A1
Authority
US
United States
Prior art keywords
network
usage
subscriber
control system
event
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/282,763
Inventor
Richard M. Woundy
John Leddy
Richard Hertz
David I. Casti
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Comcast Cable Communications LLC
Original Assignee
Comcast Cable Communications LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Comcast Cable Communications LLC filed Critical Comcast Cable Communications LLC
Priority to US14/282,763 priority Critical patent/US20150026769A1/en
Assigned to COMCAST CABLE COMMUNICATIONS, LLC reassignment COMCAST CABLE COMMUNICATIONS, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HERTZ, RICHARD, LEDDY, JOHN, WOUNDY, RICHARD M., CASTI, DAVID I
Publication of US20150026769A1 publication Critical patent/US20150026769A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0241Advertisements
    • G06Q30/0251Targeted advertisements
    • G06Q30/0255Targeted advertisements based on user history
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0896Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5029Service quality level-based billing, e.g. dependent on measured service level customer is charged more or less
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0882Utilisation of link capacity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L67/22
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/144Detection or countermeasures against botnets

Definitions

  • the present invention relates generally to a system and method for managing bandwidth on a broadband network, and, more specifically, to a system and method for optimizing network configuration and subscriber usage based on subscriber usage patterns.
  • subscribers share a common network infrastructure, but subscribers consume network bandwidth at significantly differing rates. For example, the top 1% of subscribers may consume 15% attic total consumed network bandwidth per month, the top 5% may consume 35%, and the top 12% may consume 50%. Therefore, during peak traffic loads, a relatively small percentage of subscribers may generate network traffic that negatively impacts all subscribers served by the same network infrastructure.
  • the present invention provides a system and process that integrates existing administrative, security management and network configuration functionality of a broadband network, while monitoring subscriber usage using existing data gathering components to optimize network configuration and to moderate usage, thereby improving network performance not only for the subscribers at large, but also for the relatively few high-usage subscribers.
  • network configuration e.g., billing/provisioning
  • security management e.g., billing/provisioning
  • network capacity management leverages projections of numerical subscriber growth as well as network traffic growth in order to anticipate the requirements for broadband network expansion.
  • Individual subscribers are typically provisioned without direct coordination with network capacity projections.
  • security management detects that a subscriber computer has been compromised by malware, there is minimal coordination with provisioning—except perhaps for manual processes to block outbound SMTP traffic or to take the subscriber offline. In the situations mentioned above, the network configuration tends to be managed independently.
  • the present invention provides for the automated coordination of network functions such as network configuration, administrative, and security management through an architecture, referred to herein as the “Network Control System.”
  • the network control system also uses various—and preferable existing—sources of network usage information to collect data on subscriber usage. By coordinating these functions while monitoring subscriber usage, the network control system can moderate usage by charging subscribers premiums for high usage and promoting off peak service.
  • the network control system can also signal the network and/or related administrative systems, such as billing/provisioning, to modify the network's configuration, to enable accounting for exceptional subscriber network usage, or to modify the subscriber's network usage for security and/or overall network performance.
  • the present invention provides for a number of innovative broadband services that leverage the analysis and processing capabilities of the network control system. For example, high-usage subscribers may receive offers for short-term upgrades in network speed, dependent on their recent usage patterns and on the current available capacity of the broadband access network. To this end, the network control system may also allocate additional network capacity (e.g. new DOCSIS service flows or additional QAMs) for “premium” subscribers with heavy network traffic.
  • additional network capacity e.g. new DOCSIS service flows or additional QAMs
  • some subscribers may receive incentives to concentrate most of their network consumption during non-peak traffic times.
  • the service provider is motivated to provide incentives to this group of subscribers because their non-peak time network consumption minimizes the incremental capital spending on network infrastructure.
  • the capital spending tends to be driven by the capacity required for peak time network consumption.
  • the network control system may recognize that a subscriber suffers from an infected computer participating as a “zombie” in a “botnet” by detecting abnormal network traffic via Intrusion Detection Systems.
  • the network control system may re-provision the subscriber's broadband access into a “quarantine” state, which enables (perhaps limited) subscriber Internet access while the computer security issue is remedied.
  • one aspect of the present invention is a process for optimizing network configuration and moderating usage on a broadband network by integrating network configuration, administrative and security functions while monitoring usage.
  • the process comprises: (a) monitoring a subscriber's broadband usage; (b) determining if the usage rises to a noteworthy level indicative of an event; (c) determining if the event is consistent with heavy usage or with a security incident; (d) if the event is consistent with heavy usage, offering the subscriber at least one of a plan for an upgraded subscription, or an incentive to concentrate usage nonpeak time; and (c) if the event is consistent with a security incident, exercising security measures to minimize unintended usage.
  • the network control system comprises: (a) a monitoring component configured for capturing network usage data and analyzing the data to identify events and trends; (b) a controller component configured for receiving an event generated from the monitoring component, processing the event according to the trends, business rules and subscriber information, and generating a response; and (c) a communication component configured to facilitate inter-component communication including reacting to the response by signaling a network configuration system, an administrative system, or a security system, to effect at least one of offering the subscriber an upgraded subscription, offering the subscriber an incentive to concentrate usage in nonpeak time, or exercising security measures to minimize unintended usage of the subscriber.
  • Yet another aspect of the invention is a network comprising the network control system described above.
  • FIG. 1 is a system diagram of one embodiment of the present invention
  • FIG. 2 is a flow chart illustrating one embodiment of the present invention
  • FIG. 3 is a conceptual diagram of the network control system integrated with a broadband network
  • FIG. 4 is a schematic of one example of Data Analysis and Event Generation within the network control system.
  • the system 100 comprises a monitoring component 101 , a communication component 102 , and a controller component 103 .
  • the monitoring component interfaces with at least one usage data gathering system 104 associated with the network 105 .
  • the monitoring component is configured to receive and analyze data from the data gathering system 104 to determine if the data is consistent with an event of high usage and, if so, to transmit an event signal to the controller component 103 via the communication component 102 .
  • the controller component is configured to receive the event signal and determine if such an event indicates a need to initiate at least one of the following responses: modify the subscriber's bandwidth, offer the subscriber an upgraded service plan, incentivize the subscriber to concentrate usage in nonpeak times, or determine if the subscriber's terminal is infected.
  • the controller component interfaces with a network configuration system 106 , an administrative system 107 and a security management system 108 via the communication component 102 .
  • the network configuration component 106 is configured to modify the network to increase or decrease available bandwidth to a subscriber in response to a signal from the controller component 103 via the communication component 102 .
  • the administrative system 107 is configured to offer the subscriber associated with the event incentives to change subscription plans for increased bandwidth or to concentrate use to non-peak times in response to a signal from the controller component 103 .
  • the security management system 108 is configured to execute protective measures in response to a signal from the controller component 103 . This protective measures may involve, for example, quarantining the subscriber from the network, restricting usage, and/or heightened monitoring of usage.
  • FIG. 1 The different embodiments and the components of the system 100 are discussed in detail below with respect to the schematic of FIG. 1 . It should be understood, however, that this schematic is provided for illustrative purposes only, and the system and process of the present invention may be practiced in ways not specifically shown in FIG. 1 . For example, although certain components and systems are depicted as single entities, this is done for illustrative purposes only. Their functionality may be distributed among multiple components or consolidated in just one. For example, the monitoring component may be integrated with the controller component, likewise the controller component may be distributed among different computers/components.
  • the various components and systems described herein may comprise any known or later-developed discrete or networked computer(s) having one or more processors, memory, and an input/output functionality, and being particularly configured to execute the function(s) for which it is intended to perform.
  • the various components shown in FIG. 1 are not necessarily housed in a common area or even operated by a common entity—i.e., the various components may be operated by different companies and interfaced together. Therefore, the schematic of system 100 should not be used to limit the structure of the system more narrowly than the claims.
  • step 201 subscriber usage is monitored using, for example, the data gathering system 104 mentioned with respect to FIG. 1 .
  • the monitoring component detects unusual activity across a plurality of subscribers, and then the process proceeds to the controller component in which a determination is made whether a single subscriber's activity is unusual.
  • step 204 a determination is made whether the subscriber service plan is optimized to its usage. If so, the inquiry ends in step 209 . If the service plan is not optimized, then the process proceeds to step 205 in which the controller component 103 interfaces with the administrative system 107 (via the communication component 102 ) to offer the subscriber an enhanced subscription plan for higher usage, or an incentive to concentrate usage during off-peak times. Depending on whether the offer is accepted, the controller component 103 may instruct the network configuration system 106 to curtail or expand the subscriber's bandwidth or access to the network in step 211 . Alternatively, the controller component may determine that an optimized service plan is not available (e.g., the network lacks the necessary capacity), and proceed directly to step 211 .
  • an optimized service plan is not available (e.g., the network lacks the necessary capacity), and proceed directly to step 211 .
  • step 203 if the event is not consistent with normal high usage or historical usage, security measures are implemented.
  • the implementation of the security measures can vary.
  • the process proceeds to step 206 , in which a determination is made by the controller component 103 whether the usage is indicative of a problem such as a virus. If so, the process proceeds to step 210 in which the controller component signals the security management system 108 via the communication component 102 to quarantine the subscriber in step 210 .
  • This quarantine may involve, for example, limiting bandwidth (or otherwise limiting access to the internet), or it may involve isolating the subscriber completely.
  • step 207 in which an investigation into the anomaly is conducted.
  • This investigation may include, for example, automated network protocol analysis using a security management system 108 , or a telephone call to the subscriber. If the results of this investigation indicate that the event is indicative of misuse the process proceeds to step 210 , as described above. If, however, the investigation results show no impropriety the inquiry is terminated in step 209 .
  • the present invention is described in terms of a cable based broadband service provider network. It should be understood, however, that the present invention is not limited to a cable-based networks and can be practiced with fiber-optic, telephony (e.g. DSL), or other broadband networks.
  • the following acronyms are used to describe the system components and methods:
  • the core components in the network control system process, analyze, and act on sources of information about network usage.
  • the system comprises a monitoring component, which, in this embodiment, is a Data Reduction and Analysis component 301 . It accepts network usage information from the data sources 302 , normalizes the network usage information as appropriate (e.g.
  • bandwidth consumption may be obtained from various data sources 302 such as IPDR 303 or SNMP 304 , messaging volume from Radius 307 or Diameter 308 , and malicious activities may be reported by IDS devices 305 or Syslog 306 ), captures the network usage information in storage, and analyzes the network usage information for immediate network events, as well as short-term and long-term trends.
  • One exemplary immediate event may be that a broadband subscriber device is attempting to attack a critical network server.
  • an exemplary long-term trend may be an estimate of time duration of the “peak traffic” period for a particular broadband access network.
  • Control System Orchestration component 312 processes the events received from the Data Reduction and Analysis component 301 according to configured business rules and subscriber information.
  • the Control System Orchestration component 312 may be realized as an orchestration server or a BPM (Business Process Management) server.
  • the Control System Orchestration may obtain subscriber information from the Subscriber Datastore component 313 , including the association of cable moderns to subscribers, the subscriber email address and instant messaging identity, and the broadband services purchased by the subscriber.
  • the business rules may direct the Control System Orchestration to do any one or more of the following: to ignore the incoming event; to notify the subscriber of unusual network usage; to change the subscriber's provisioned bandwidth; to bill the subscriber based on incremental network consumption; or to modify the network to provide additional capacity.
  • the communication component which, in the embodiment of FIG. 3 , is the Enterprise Service Bus (ESB) component 314 .
  • ESD Enterprise Service Bus
  • MOM message-oriented middleware
  • New components can be easily added to the Enterprise Service Bus using web services APIs or the Java Connector Architecture (JCA).
  • JCA Java Connector Architecture
  • Messages can be multicast to multiple components on the ESB.
  • an Administrative Subscriber Interface 315 may track and display all inbound events from the Data Reduction and Analysis component 301 , as well as all actions taken by the network control system Orchestration component 312 , if that feature is desired.
  • the PCMM Application Management component 323 may be used by an end user or a network management system to request QoS-based services from the PCMM Policy Server component 321 .
  • the QoS-based service request may flow from the PCMM Application Management component 323 to the PCMM Policy Server component 321 through the Enterprise Service Bus component 314 .
  • This enables the network control system 100 , particularly the Control System Orchestration component 312 , to have visibility into subscriber requests for QoS-based services, and perhaps to allow or disallow said requests based on the current usage of the subscriber and on any current security incidents.
  • the network control system 100 may use various components (as well as others via the ESB 314 to act on the business rules configured in the Control System Orchestration component 312 .
  • a Messaging/Presence component 316 may be used to inform the subscriber of unusual network usage activity and any subsequent account modification, via email, instant messaging, voicemail, etc.
  • the presence functionality may be used to determine whether a subscriber is currently online or available by phone, so that a customer care agent may contact the subscriber in person.
  • a Billing component 317 may be used in a variety of ways, such as to upgrade the subscriber account to a higher bandwidth consumption tier, to post charges for exceeding a monthly consumption limit, or to suspend or close a subscriber account (e.g. because of intentionally malicious subscriber network behavior).
  • a Provisioning component 318 may be used in a variety of ways, such as to reprovision network service to a different bandwidth tier or to block outbound SMTP traffic (e.g. via the DOCSIS configuration file).
  • a QoS Policy Propagation via BGP (QPPB) component 319 may be used to signal routers 324 , 326 , 327 , and 329 about special handling of subscriber traffic.
  • QPPB component 319 may be used for router-based rate limiting of subscriber traffic targeted to a known infected computer, and for the redirection of subscriber network traffic to a security appliance to screen out inbound “botnet” command and control traffic.
  • a PCMM (PacketCableTM MultiMedia) Policy Server component 321 may be used to signal an edge router 329 (e.g. a DOCSIS CMTS) to create a subscriber service flow with specific bandwidth management characteristics.
  • an edge router 329 e.g. a DOCSIS CMTS
  • the service flow may be configured to impact all subscriber traffic, or only a portion of subscriber traffic (based on, for example, IP addresses and TCP/UDP ports).
  • An ERM (Edge Resource Manager) component 321 may be used for the management of downstream QAM channels on a Universal Edge QAM device, as part of a Modular CMTS architecture.
  • the Universal Edge QAM device enables the delivery of DOCSIS data and MPEG video over the cable Hybrid Fiber Coax (HFC) network.
  • the ERM may be used to enable the allocation of additional DOCSIS QAM channels in the HFC network in the presence of heavy Internet traffic.
  • DOCSIS CMTS 329 supplies IPDR records 303 to the data sources 302 , enabling SNMP 304 to collect bandwidth and subscriber network usage information for the network control system.
  • the security appliances 328 , 325 capture unusual subscriber network usage information (e.g. participation as a “zombie” in a “botnet”), as another potential source of data for the network control system 300 .
  • These various sources of data are processed by the Data Reduction and Analysis component 301 , which generates a notice of network usage events transmitted over the Enterprise Service Bus component 314 for the Control System Orchestration component 312 .
  • the Control System Orchestration component 312 applies business rules to the notice of network usage events; and leverages the QPPB 319 , PCMM Policy Server and ERM components 321 to affect the subscriber network experience.
  • QPPB 319 may be used for router-based traffic shaping, and for the redirection of inbound subscriber traffic from a backbone router 324 or regional router 327 to a security appliance 325 or 328 , respectively, for malware mitigation, instead of forwarding that traffic to the next router 326 or 329 , respectively.
  • PCMM component 321 may be used to increase or decrease the effective DOCSIS network bandwidth for the subscriber (without the reset of the DOCSIS cable modem), or change the traffic priority.
  • the ERM may be used to allocate additional DOCSIS QAM channels as required for optimal network performance.
  • the network control system of the present invention facilitates a number of functions including, for example, (1) dynamic bandwidth reallocation, (2) service plan optimization, (3) optimization of subscriber usage, and (4) enhanced security.
  • the broadband service provider needs to supply a pool of ‘spare’ QAM channels from which to allocate. This is likely to be a serious business challenge, since there are many alternative uses for QAM channels such as broadcast linear video (analog and digital), narrowcast video (e.g. video on demand and switched digital), and potentially video multiplexes for targeted advertising.
  • QAM channels such as broadcast linear video (analog and digital), narrowcast video (e.g. video on demand and switched digital), and potentially video multiplexes for targeted advertising.
  • the competition for QAM channels may be simplified in the future as broadcast linear video and targeted advertising video streams eventually transition to unicast switched digital video streams; at least this narrows the QAM channel conflict between DOCSIS and narrowcast video.
  • the other consideration is in the largely “passive” role of the Edge Resource Manager (ERM) in the Modular CMTS (M-CMTS) architecture, according to the interfaces defined in CableLabs, “Edge Resource Manager Interface Specification, CM-SP-ERMI-103-0811 07”, 2008.
  • the Edge QAMs register their resources with the ERM, and the M-CMTS core initiates the resource transactions with the ERM to request or release a QAM channel.
  • the ERM can detect an Edge QAM failure, and the ERM responds to M-CMTS resource requests with Edge QAM channel resources (possibly leveraging operator-dependent policies in the selection process). Therefore, with the current M-CMTS architecture, it appears that the M-CMTS core may actively participate in the DOCSIS QAM channel augmentation process.
  • new ERMI messages might be defined to signal the availability of additional DOCSIS QAM channel resources to the M-CMTS core since the last M-CMTS core resource request.
  • Some “premium” broadband subscribers such as commercial organizations or certain residential subscribers, may express interest in receiving offers for short-term upgrades of additional network bandwidth.
  • An offer may include the proposed bandwidth augmentation and pricing, and may be communicated through instant messaging or email (via the Messaging/Presence component 316 of the network control system). If these premium subscribers accept the offer, the broadband access network is re-provisioned (dynamically via PCMM 321 ) for higher network bandwidth for a period of time, and the subscriber is billed according to the terms of the offer. Otherwise, the offer can be ignored or rejected with no penalty, although this may be interpreted as a lack of interest for the particular offer. The customer may have access to past offers that were accepted or rejected, as well as the ability to view any incremental charges.
  • Control System Orchestration component 312 is responsible for determining whether any bandwidth augmentation offers are made, and if so, which subset of premium subscribers may receive offers at this time (depending on the amount of available broadband access capacity).
  • the network control system should consider several factors. First, it should consider the amount of available capacity in the broadband access network. The broadband service provider may want to avoid making such offers if the broadband access network is currently congested. Second, it should consider the amount of recent network traffic generated by the premium subscriber. If the subscriber has been generating network traffic close to the maximum bandwidth limit, then the subscriber is much more likely to benefit from bandwidth augmentation. Third, it should anticipate interest in the offer by the premium subscriber. The subscriber may explicitly communicate interest to the broadband service provider, or interest may be inferred by the subscriber's reaction to past broadband augmentation offers.
  • the network control system may rely on the following data sources to support this service:
  • the Data Reduction and Analysis component 301 may generate events to the Control System Orchestration component 312 based on sustained bandwidth usage by premium subscribers, as well as events based on significant changes to the available capacity of the broadband access network (e.g. a transition from uncongested to congested network, or vice versa).
  • a subset of potential broadband subscribers may receive incentives from the broadband service provider (e.g. a reduced price and/or additional packaged services) to choose a broadband access service in which they consume most of their traffic volume during non-peak traffic times.
  • the “incentive subscribers” may enjoy the “flagship” bandwidth rate, but the subscriber bandwidth may be restricted during peak traffic times. Notice that this is envisioned to be a voluntary service (hence the need for subscriber incentives); depending on the lower bandwidth during peak traffic times, this service may or may not be appropriate for best effort VoIP services.
  • the incentive subscriber may be notified about bandwidth changes for non-peak-to peak transitions (if desired), and the subscriber may be offered an upgrade to a premium subscriber service if the bandwidth usage during peak traffic times is consistently at the bandwidth maximum.
  • yield management This term is used to describe techniques for the allocation of limited resources among a variety of customers, in a manner that optimizes the total revenue or “yield.”
  • the travel industry uses yield management in the allocation of airplane seats and hotel rooms to business travelers and leisure travels.
  • Other examples of yield management include time of use electric metering, and mobile phone calling plans with night and weekend rates.
  • CMTS complementary metal-oxide-semiconductor
  • peak e.g. 8 pm local time
  • non-peak traffic times e.g. 4 am local time
  • the network control system may rely on the following data sources to support this service:
  • the Data Reduction and Analysis component 301 may generate events to the Orchestration component 312 based on sustained bandwidth usage by incentive subscribers during peak traffic time periods, as well as events based on significant aggregate network traffic changes in the broadband access network (e.g. a transition from peak traffic to non-peak traffic, or vice versa).
  • the Orchestration component 312 may be responsible for determining when to transition incentive subscribers from non-peak to peak bandwidth rates, and vice versa. The Orchestration component may also determine whether to send subsidiary upgrade offers to incentive subscribers who may benefit from the subsidiary bandwidth rate during peak traffic periods.
  • the “quarantine service” is designed for the broadband subscriber with security issues caused by involuntary means, such as a subscriber with an infected computer participating as a “zombie” in a “botnet.” While no subscriber may “volunteer” to have a computer infected with malware, it may be a fairly commonplace occurrence; some security experts suggest that between 10% and 25% of all broadband subscriber computers are infected with mai ware or a virus. Symantec estimates that 10% of all “spam zombies” in the world are located in the United States. (See, e.g., Symantec, “Internet Security Threat Report Trends for January-June 07, Volume XII”, 2007.) The goal of this service is to enable (perhaps limited) subscriber Internet access while the computer security issue is remedied.
  • the network control system may detect subscriber computer infections automatically, through information from the broadband service provider's own Intrusion Detection Systems (IDS), information obtained from security appliances 325 and 328 , or through the analysis of “signature” network patterns (such as unusual coordinated traffic patterns by groups of computers organized in a single “botnet”).
  • IDS Intrusion Detection Systems
  • security appliances 325 and 328 or through the analysis of “signature” network patterns (such as unusual coordinated traffic patterns by groups of computers organized in a single “botnet”).
  • the network control system may also be manually notified of computer infections reported by external entities such as law enforcement agencies.
  • QPPB 319 may be used for the redirection of inbound subscriber traffic to a security appliance (similar to the operation of an IDS) for malware network mitigation; QPPB 319 may also be used for router-based traffic shaping, in order to control the aggregate amount of traffic directed to the security appliance. Provisioning of a new DOCSIS configuration file may be used to redirect outbound subscriber traffic to a security appliance, to restrict upstream traffic directed to the security appliance, and/or to block outbound SMTP traffic (for a “spam zombie” infection).
  • the network control system may rely on the following data sources to support this service:
  • the Control System Orchestration component 312 may be responsible for identifying infected computers and applying appropriate mitigation measures (e.g. redirection of subscriber traffic to a security appliance, and/or blocking of outbound SMTP traffic), as well as restoring subscriber service after a computer infection has been remedied.
  • appropriate mitigation measures e.g. redirection of subscriber traffic to a security appliance, and/or blocking of outbound SMTP traffic
  • a core component of the network control system 300 is the Data Reduction and Analysis component 301 , which may detect significant network usage events for processing by the Control System Orchestration component 312 .
  • the Data Reduction and Analysis component 301 should avoid overwhelming the Control System Orchestration component 312 or Enterprise Service Bus 314 with unnecessary messages. Therefore, a key concept for the network control system 300 is to distinguish the rules for determining a network usage event, from the rules for processing and reacting to a network usage event.
  • the rules for the determining a usage event by the Data Reduction and Analysis component 301 are based on engineering/IT constraints. Specifically, data analysts 408 review the raw network usage data 409 from a data repository 407 and the baseline business-requirements 410 , and use these inputs to build event generation rules 411 for Data Reduction and Analysis in step 404 . Ideally, these rules limit the maximum number of a notice of network usage events to the capacity of the Enterprise Service Bus and Control System Orchestration components.
  • the baseline business requirements 410 help the data analysts 408 ensure that “potentially interesting” network usage events are generated, although some such events will be subsequently ignored by the Control System Orchestration component 312 .
  • Control System Orchestration business rules 412 by the business owners 419 may be changed independently of the network usage event rules by the analysts 408 .
  • the baseline business requirement 410 may require the generation of an event for each premium subscriber reaching a certain network consumption threshold in a week, in order to identify potential candidates for offers to upgrade their network bandwidth.
  • the Control System Orchestration component 312 may implement business rules 412 that process these events, and determine the feasibility and prioritization of such offers in particular portions of the broadband access network.
  • event generation rules 411 are preferably, although not necessarily, programmed as state-of-the-art software (e.g. Java or C++), whereas the business rules 412 are likely, although not necessarily, to be configured as Business Process Execution Language (BPEL) logic using off-the-shelf graphical tools.
  • BPEL Business Process Execution Language
  • the diagram of FIG. 4 shows one possible instantiation of the core components of the network control system architecture.
  • the network usage control system data sources e.g., IPDR 303 , IDS 305 , etc.
  • the network usage control system data sources transmit data to the network control system 300 .
  • data extraction occurs, using a data extraction/formatting/storage software 403 , for example, “VIVID” developed for Comcast.
  • VIVID is a real-time, high-volume, general data collection and management system, with data analysis and archival storage 407 capabilities.
  • the data extraction/formatting/storage software 403 feeds the Data Analysis and Event Generation component in step 404 , which uses data analyst-developed event generation rules 411 to generate network usage events described previously.
  • an event signal is transmitted using the enterprise service bus function in step 405 for control system orchestration in step 406 .
  • the Control System Orchestration component uses the business rules 412 to determine a response to the event.
  • the network configuration is optimized while subscribers usage is moderated, thereby decreasing latency in the network and reducing the frequency for costly increases in network capacity.

Abstract

A process for managing usage on a broadband network, said process comprising: (a) monitoring a subscriber's broadband usage; (b) determining if said usage rises to a level indicative of an event; (c) determining if said event is consistent with heavy usage or with a security incident; (d) if said event is consistent with heavy usage, offering said subscriber at least one of a plan for an upgraded subscription, or an incentive to concentrate usage in nonpeak time; and (e) if said event is consistent with a security incident, exercising security measures to minimize unintended usage.

Description

    FIELD OF INVENTION
  • The present invention relates generally to a system and method for managing bandwidth on a broadband network, and, more specifically, to a system and method for optimizing network configuration and subscriber usage based on subscriber usage patterns.
    • BACKGROUND OF INVENTION
  • In a broadband service provider network, subscribers share a common network infrastructure, but subscribers consume network bandwidth at significantly differing rates. For example, the top 1% of subscribers may consume 15% attic total consumed network bandwidth per month, the top 5% may consume 35%, and the top 12% may consume 50%. Therefore, during peak traffic loads, a relatively small percentage of subscribers may generate network traffic that negatively impacts all subscribers served by the same network infrastructure.
  • One solution to this problem is to measure subscriber network consumption and curtail subscribers using exceptional traffic volume. Such an approach, however, has significant shortcomings. For example, some heavy network consumers may be willing to “pay for the privilege” of exceptional traffic volume, perhaps through a higher monthly recurring charge or through variable usage charges based on monthly consumption. Alternatively, some heavy network consumers might be willing to consume most of their bandwidth during non-peak traffic times in which their higher usage would have little impact.
  • While some subscribers consume bandwidth willingly, others do so unknowingly as a result of their terminal being “infected” with a virus or malware. The conventional solution for an infected terminal transmitting a large volume of emails or consuming inordinate bandwidth is to prevent the subscriber from accessing the network. Again, this solution tends to be heavy handed. This solution makes it difficult to remediate the computer or even periodically check on it to see if the problem has been rectified. This leaves the subscriber on his own to remedy the situation, typically without the use of the Internet or other online help.
  • Therefore, a need exists to more effectively manage bandwidth not only to provide reliable service for the subscribers at large, but also to meet the needs of the relatively few high-usage subscribers. The present invention fulfills this need among others.
    • SUMMARY OF INVENTION
  • The present invention provides a system and process that integrates existing administrative, security management and network configuration functionality of a broadband network, while monitoring subscriber usage using existing data gathering components to optimize network configuration and to moderate usage, thereby improving network performance not only for the subscribers at large, but also for the relatively few high-usage subscribers.
  • By way of background, applicants have identified that the network configuration, administration (e,g., billing/provisioning), and security management functions have been typically viewed as independent systems in a broadband service provider network. For example, network capacity management leverages projections of numerical subscriber growth as well as network traffic growth in order to anticipate the requirements for broadband network expansion. Individual subscribers are typically provisioned without direct coordination with network capacity projections. Additionally, when security management detects that a subscriber computer has been compromised by malware, there is minimal coordination with provisioning—except perhaps for manual processes to block outbound SMTP traffic or to take the subscriber offline. In the situations mentioned above, the network configuration tends to be managed independently.
  • In contrast, the present invention provides for the automated coordination of network functions such as network configuration, administrative, and security management through an architecture, referred to herein as the “Network Control System.” The network control system also uses various—and preferable existing—sources of network usage information to collect data on subscriber usage. By coordinating these functions while monitoring subscriber usage, the network control system can moderate usage by charging subscribers premiums for high usage and promoting off peak service. The network control system can also signal the network and/or related administrative systems, such as billing/provisioning, to modify the network's configuration, to enable accounting for exceptional subscriber network usage, or to modify the subscriber's network usage for security and/or overall network performance.
  • The present invention provides for a number of innovative broadband services that leverage the analysis and processing capabilities of the network control system. For example, high-usage subscribers may receive offers for short-term upgrades in network speed, dependent on their recent usage patterns and on the current available capacity of the broadband access network. To this end, the network control system may also allocate additional network capacity (e.g. new DOCSIS service flows or additional QAMs) for “premium” subscribers with heavy network traffic.
  • Furthermore, some subscribers may receive incentives to concentrate most of their network consumption during non-peak traffic times. The service provider is motivated to provide incentives to this group of subscribers because their non-peak time network consumption minimizes the incremental capital spending on network infrastructure. The capital spending tends to be driven by the capacity required for peak time network consumption.
  • Additionally, the network control system may recognize that a subscriber suffers from an infected computer participating as a “zombie” in a “botnet” by detecting abnormal network traffic via Intrusion Detection Systems. In response, the network control system may re-provision the subscriber's broadband access into a “quarantine” state, which enables (perhaps limited) subscriber Internet access while the computer security issue is remedied.
  • Accordingly, one aspect of the present invention is a process for optimizing network configuration and moderating usage on a broadband network by integrating network configuration, administrative and security functions while monitoring usage. In one embodiment, the process comprises: (a) monitoring a subscriber's broadband usage; (b) determining if the usage rises to a noteworthy level indicative of an event; (c) determining if the event is consistent with heavy usage or with a security incident; (d) if the event is consistent with heavy usage, offering the subscriber at least one of a plan for an upgraded subscription, or an incentive to concentrate usage nonpeak time; and (c) if the event is consistent with a security incident, exercising security measures to minimize unintended usage.
  • Another aspect of the present invention is a network control system for optimizing network configuration and moderating usage on a broadband network by integrating the network configuration, administrative, and security management functions. In one embodiment, the network control system comprises: (a) a monitoring component configured for capturing network usage data and analyzing the data to identify events and trends; (b) a controller component configured for receiving an event generated from the monitoring component, processing the event according to the trends, business rules and subscriber information, and generating a response; and (c) a communication component configured to facilitate inter-component communication including reacting to the response by signaling a network configuration system, an administrative system, or a security system, to effect at least one of offering the subscriber an upgraded subscription, offering the subscriber an incentive to concentrate usage in nonpeak time, or exercising security measures to minimize unintended usage of the subscriber.
  • Yet another aspect of the invention is a network comprising the network control system described above.
    • BRIEF DESCRIPTION OF DRAWINGS
  • FIG. 1 is a system diagram of one embodiment of the present invention;
  • FIG. 2 is a flow chart illustrating one embodiment of the present invention;
  • FIG. 3 is a conceptual diagram of the network control system integrated with a broadband network; and
  • FIG. 4 is a schematic of one example of Data Analysis and Event Generation within the network control system.
    •  DETAILED DESCRIPTION
  • Referring to FIG. 1, an embodiment of a control system 100 of the present invention is shown. The system 100 comprises a monitoring component 101, a communication component 102, and a controller component 103. Specifically, the monitoring component interfaces with at least one usage data gathering system 104 associated with the network 105. The monitoring component is configured to receive and analyze data from the data gathering system 104 to determine if the data is consistent with an event of high usage and, if so, to transmit an event signal to the controller component 103 via the communication component 102. The controller component is configured to receive the event signal and determine if such an event indicates a need to initiate at least one of the following responses: modify the subscriber's bandwidth, offer the subscriber an upgraded service plan, incentivize the subscriber to concentrate usage in nonpeak times, or determine if the subscriber's terminal is infected. To this end, the controller component interfaces with a network configuration system 106, an administrative system 107 and a security management system 108 via the communication component 102. The network configuration component 106 is configured to modify the network to increase or decrease available bandwidth to a subscriber in response to a signal from the controller component 103 via the communication component 102. The administrative system 107 is configured to offer the subscriber associated with the event incentives to change subscription plans for increased bandwidth or to concentrate use to non-peak times in response to a signal from the controller component 103. The security management system 108 is configured to execute protective measures in response to a signal from the controller component 103. This protective measures may involve, for example, quarantining the subscriber from the network, restricting usage, and/or heightened monitoring of usage.
  • The different embodiments and the components of the system 100 are discussed in detail below with respect to the schematic of FIG. 1. It should be understood, however, that this schematic is provided for illustrative purposes only, and the system and process of the present invention may be practiced in ways not specifically shown in FIG. 1. For example, although certain components and systems are depicted as single entities, this is done for illustrative purposes only. Their functionality may be distributed among multiple components or consolidated in just one. For example, the monitoring component may be integrated with the controller component, likewise the controller component may be distributed among different computers/components. Furthermore, the various components and systems described herein may comprise any known or later-developed discrete or networked computer(s) having one or more processors, memory, and an input/output functionality, and being particularly configured to execute the function(s) for which it is intended to perform. Additionally, it should be understood that the various components shown in FIG. 1 are not necessarily housed in a common area or even operated by a common entity—i.e., the various components may be operated by different companies and interfaced together. Therefore, the schematic of system 100 should not be used to limit the structure of the system more narrowly than the claims.
  • The operation of the network control system 100 is described with reference to the flow chart 200 disclosed in FIG. 2. In step 201, subscriber usage is monitored using, for example, the data gathering system 104 mentioned with respect to FIG. 1. In step 202, a determination is made by the monitoring component 101 that the usage is indicative of an event such as an inordinate amount of downloading, uploading, or email transmission activity. If an event is detected, a signal is transmitted to the controller component 103 in step 203, which determines if the event is consistent with typical heavy subscriber network usage. To this end, in one embodiment, the monitoring component detects unusual activity across a plurality of subscribers, and then the process proceeds to the controller component in which a determination is made whether a single subscriber's activity is unusual. If the activity of a subscriber is determined to be unusual, the process proceeds to step 204, in which a determination is made whether the subscriber service plan is optimized to its usage. If so, the inquiry ends in step 209. If the service plan is not optimized, then the process proceeds to step 205 in which the controller component 103 interfaces with the administrative system 107 (via the communication component 102) to offer the subscriber an enhanced subscription plan for higher usage, or an incentive to concentrate usage during off-peak times. Depending on whether the offer is accepted, the controller component 103 may instruct the network configuration system 106 to curtail or expand the subscriber's bandwidth or access to the network in step 211. Alternatively, the controller component may determine that an optimized service plan is not available (e.g., the network lacks the necessary capacity), and proceed directly to step 211.
  • Returning to step 203, if the event is not consistent with normal high usage or historical usage, security measures are implemented. The implementation of the security measures can vary. In the embodiment depicted in flow chart 200, the process proceeds to step 206, in which a determination is made by the controller component 103 whether the usage is indicative of a problem such as a virus. If so, the process proceeds to step 210 in which the controller component signals the security management system 108 via the communication component 102 to quarantine the subscriber in step 210. This quarantine may involve, for example, limiting bandwidth (or otherwise limiting access to the internet), or it may involve isolating the subscriber completely. If the usage is determined not to be indicative of misuse in step 206, the process proceeds to step 207 in which an investigation into the anomaly is conducted. This investigation may include, for example, automated network protocol analysis using a security management system 108, or a telephone call to the subscriber. If the results of this investigation indicate that the event is indicative of misuse the process proceeds to step 210, as described above. If, however, the investigation results show no impropriety the inquiry is terminated in step 209.
  • Referring now to FIGS. 3-5, the present invention is described in terms of a cable based broadband service provider network. It should be understood, however, that the present invention is not limited to a cable-based networks and can be practiced with fiber-optic, telephony (e.g. DSL), or other broadband networks. In referring to this embodiment, the following acronyms are used to describe the system components and methods:
      • 3GPP Third Generation Partnership Project
      • API Application Programming Interface
      • BGP Border Gateway Protocol
      • BPEL Business Process Execution Language
      • BPM Business Process Management
      • CDR Call Detail Record
      • CMTS Cable Modem Termination System
      • CPE Customer Premises Equipment
      • DB Database
      • DHCP Dynamic Host Configuration Protocol
      • DOCSIS Data over Cable Service Interface Specifications
      • DSL Digital Subscriber Line
      • ERM Edge Resource Manager
      • ERMI Edge Resource Manager interface
      • ESB Enterprise Service Bus
      • HFC Hybrid Fiber Coax
      • IDS Intrusion Detection System
      • IETF Internet Engineering Task Force
      • IMS IP Multimedia Subsystem
      • IP Internet Protocol
      • IPDR Internet Protocol Detail Record
      • JCA Java Connection Architecture
      • M-CMTS Modular Cable Modem Termination System
      • MIB Management Information Base
      • MOM Message-Oriented Middleware
      • MPEG Moving Pictures Expert Group
      • OSS Operation Support System
      • PCMM PacketCable Multimedia
      • QAM Quadrature Amplitude Modulation
      • QoS Quality of Service
      • QPPB QoS Policy Propagation on BGP
      • RADIUS Remote Authentication Dial-In Subscriber Service
      • SAMIS Security Assistance Management Information System
      • SMTP Simple Mail Transfer Protocol
      • SNMP Simple Network Management Protocol
      • TCP Transmission Control Protocol
      • UDP Subscriber Datagram Protocol
      • VoIP Voice over Internet Protocol
      • XML Extensible Markup Language
      • These are well known acronyms and terms and should be construed in accordance with their ordinary meaning.
  • Referring to FIG. 3, one embodiment of the network control system is shown integrated into a broadband network 300. The core components in the network control system process, analyze, and act on sources of information about network usage. The system comprises a monitoring component, which, in this embodiment, is a Data Reduction and Analysis component 301. It accepts network usage information from the data sources 302, normalizes the network usage information as appropriate (e.g. bandwidth consumption may be obtained from various data sources 302 such as IPDR 303 or SNMP 304, messaging volume from Radius 307 or Diameter 308, and malicious activities may be reported by IDS devices 305 or Syslog 306), captures the network usage information in storage, and analyzes the network usage information for immediate network events, as well as short-term and long-term trends. One exemplary immediate event may be that a broadband subscriber device is attempting to attack a critical network server. On the other hand, an exemplary long-term trend may be an estimate of time duration of the “peak traffic” period for a particular broadband access network.
  • The following is a partial list of potential sources of information about network usage:
      • IPDR 303, or IP Detail Records, which are defined by IPDR.org and implemented by many vendors. (See, e.g., IPDR.org, “IPDR/SP Protocol Specification Version 2.1”, 2004.) IP Detail Records provide information about IP-based service usage. In the cable broadband environment, DOCSIS® CMTSs generate IPDRs that may report information at the granularity of individual broadband subscribers. (See, e.g., CableLabs, “Operations Support System Interface Specification CM-SP-OSSiv3.0-107-080522”, 2008.)
      • SNMP 304, or Simple Network Management Protocol, is an IETF standard for monitoring network devices over an IP network, as well as enabling network devices to generate alert messages to network management systems. (See, e.g., Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet Standard Management Framework”, RFC 3410, 2002.) Routers, servers, and other network nodes usually support SNMP-based network management, both for the polling of bandwidth usage as well as the generation of alerts for unusual conditions and subscriber activities.
      • Information from security appliances such as Intrusion Detection Systems (IDS) 305; this information tends to be vendor-specific. Security appliances 325 and 328 intercept and analyze network traffic for security threats and/or potential network issues, and detect Internet attacks and malicious activities.
      • Syslog 306, an IETF standard for transmitting logging messages across an IP network (although the payload of Syslog messages tends to be vendor-specific). (See, e.g., C. Lonvick, “The BSD Syslog Protocol”, RFC 3164, 2001, and R. Gerhards, “The Syslog Protocol”, RFC 5424, 2008.) Routers, servers, and other network nodes usually support the generation of Syslog messages for a wide variety of anomalous conditions, including malicious or unusual subscriber network activity observed by the Syslog message source.
      • RADIUS 307 and DIAMETER 308, IETF standards to enable authentication, authorization, and accounting over an IP network. (See, e,g., Rigney, C., Willens, S., Rubens, A. and W. Simpson, “Remote Authentication Dial In User Service (RADIUS)”, REC2865, 2000, and Calhoun, P., Loughney, J., Guttman, E., Zorn, G. and J. Arkko, “Diameter Base Protocol”, RFC 3588, 2003.) RADIUS is the earlier IETF standard, and is often used in dial-up and DSL networks. RADIUS accounting messages report on the volume of traffic for a single subscriber session. In some cases, RADIUS accounting messages are transmitted as Call Detail Records (CDRs) in Voice over IP (VoIP) applications. DIAMETER is the planned IETF replacement for RADIUS, and is the protocol basis of many authentication and accounting messages 330 defined in the 3GPP/IMS standards [See, e.g., 3GPP TS 32.299, “Telecommunication management; Charging management; Diameter charging applications”].
  • Both immediate events and short-term and tong-term trends are reported to the controller component, which, in this embodiment, is a Control System Orchestration component 312. The Control System Orchestration component 312 processes the events received from the Data Reduction and Analysis component 301 according to configured business rules and subscriber information. In a Service Oriented Architecture, the Control System Orchestration component 312 may be realized as an orchestration server or a BPM (Business Process Management) server. The Control System Orchestration may obtain subscriber information from the Subscriber Datastore component 313, including the association of cable moderns to subscribers, the subscriber email address and instant messaging identity, and the broadband services purchased by the subscriber.
  • The business rules may direct the Control System Orchestration to do any one or more of the following: to ignore the incoming event; to notify the subscriber of unusual network usage; to change the subscriber's provisioned bandwidth; to bill the subscriber based on incremental network consumption; or to modify the network to provide additional capacity.
  • It may be useful in some circumstances (e.g. critical network security breach) for events to bypass the Data Reduction and Analysis component, and to be processed immediately by the Control System Orchestration component.
  • Communication among the components of the network control system 100 and the other components of the network is facilitated by the communication component, which, in the embodiment of FIG. 3, is the Enterprise Service Bus (ESB) component 314. (See, e.g., Chappell, D., “Enterprise Service Bus”, 2004.) It links many of the components of the network control system 100 using XML messaging using, for example, message-oriented middleware (MOM), which is also common in a Service Oriented Architecture. New components can be easily added to the Enterprise Service Bus using web services APIs or the Java Connector Architecture (JCA). Messages can be multicast to multiple components on the ESB. For example, an Administrative Subscriber Interface 315 may track and display all inbound events from the Data Reduction and Analysis component 301, as well as all actions taken by the network control system Orchestration component 312, if that feature is desired.
  • The PCMM Application Management component 323 may be used by an end user or a network management system to request QoS-based services from the PCMM Policy Server component 321. (See, e.g., CableLabs, “PacketCable Multimedia Specification PKT-SPMM-104-080522”, 2008.) The QoS-based service request may flow from the PCMM Application Management component 323 to the PCMM Policy Server component 321 through the Enterprise Service Bus component 314. This enables the network control system 100, particularly the Control System Orchestration component 312, to have visibility into subscriber requests for QoS-based services, and perhaps to allow or disallow said requests based on the current usage of the subscriber and on any current security incidents.
  • The network control system 100 may use various components (as well as others via the ESB 314 to act on the business rules configured in the Control System Orchestration component 312. For example, a Messaging/Presence component 316 may be used to inform the subscriber of unusual network usage activity and any subsequent account modification, via email, instant messaging, voicemail, etc. The presence functionality may be used to determine whether a subscriber is currently online or available by phone, so that a customer care agent may contact the subscriber in person.
  • A Billing component 317 may be used in a variety of ways, such as to upgrade the subscriber account to a higher bandwidth consumption tier, to post charges for exceeding a monthly consumption limit, or to suspend or close a subscriber account (e.g. because of intentionally malicious subscriber network behavior).
  • A Provisioning component 318 may be used in a variety of ways, such as to reprovision network service to a different bandwidth tier or to block outbound SMTP traffic (e.g. via the DOCSIS configuration file).
  • A QoS Policy Propagation via BGP (QPPB) component 319 may be used to signal routers 324, 326, 327, and 329 about special handling of subscriber traffic. For example, QPPB component 319 may be used for router-based rate limiting of subscriber traffic targeted to a known infected computer, and for the redirection of subscriber network traffic to a security appliance to screen out inbound “botnet” command and control traffic.
  • A PCMM (PacketCable™ MultiMedia) Policy Server component 321 may be used to signal an edge router 329 (e.g. a DOCSIS CMTS) to create a subscriber service flow with specific bandwidth management characteristics. (See, e,g., CableLabs, “PacketCable Multimedia Specification PKT-SP-MM-104-080522”, 2008.) The service flow may be configured to impact all subscriber traffic, or only a portion of subscriber traffic (based on, for example, IP addresses and TCP/UDP ports).
  • An ERM (Edge Resource Manager) component 321 (shown integrated with the PCMM component) may be used for the management of downstream QAM channels on a Universal Edge QAM device, as part of a Modular CMTS architecture. (See, e.g., CableLabs, “Edge Resource Manager Interface Specification, CM-SP-ERMI-103-081107”, 2008.) The Universal Edge QAM device enables the delivery of DOCSIS data and MPEG video over the cable Hybrid Fiber Coax (HFC) network. With respect to the network control system, the ERM may be used to enable the allocation of additional DOCSIS QAM channels in the HFC network in the presence of heavy Internet traffic.
  • It should be appreciated that the functionality of the network configuration system 106, administration system 107 and security system 108 disclosed in FIG. 1, are distributed over the systems mentioned above.
  • The interaction of the network control system with network elements in a cable broadband network 300 is now considered. DOCSIS CMTS 329 supplies IPDR records 303 to the data sources 302, enabling SNMP 304 to collect bandwidth and subscriber network usage information for the network control system. The security appliances 328, 325 capture unusual subscriber network usage information (e.g. participation as a “zombie” in a “botnet”), as another potential source of data for the network control system 300. These various sources of data are processed by the Data Reduction and Analysis component 301, which generates a notice of network usage events transmitted over the Enterprise Service Bus component 314 for the Control System Orchestration component 312. The Control System Orchestration component 312 applies business rules to the notice of network usage events; and leverages the QPPB 319, PCMM Policy Server and ERM components 321 to affect the subscriber network experience.
  • In the context of security management, QPPB 319 may be used for router-based traffic shaping, and for the redirection of inbound subscriber traffic from a backbone router 324 or regional router 327 to a security appliance 325 or 328, respectively, for malware mitigation, instead of forwarding that traffic to the next router 326 or 329, respectively.
  • PCMM component 321 may be used to increase or decrease the effective DOCSIS network bandwidth for the subscriber (without the reset of the DOCSIS cable modem), or change the traffic priority. The ERM may be used to allocate additional DOCSIS QAM channels as required for optimal network performance.
  • As mentioned above, the network control system of the present invention facilitates a number of functions including, for example, (1) dynamic bandwidth reallocation, (2) service plan optimization, (3) optimization of subscriber usage, and (4) enhanced security.
  • 1. Bandwidth Reallocation
  • There are at least two significant considerations in the dynamic allocation of additional DOCSIS QAM channels. First, the broadband service provider needs to supply a pool of ‘spare’ QAM channels from which to allocate. This is likely to be a serious business challenge, since there are many alternative uses for QAM channels such as broadcast linear video (analog and digital), narrowcast video (e.g. video on demand and switched digital), and potentially video multiplexes for targeted advertising. The competition for QAM channels may be simplified in the future as broadcast linear video and targeted advertising video streams eventually transition to unicast switched digital video streams; at least this narrows the QAM channel conflict between DOCSIS and narrowcast video.
  • The other consideration is in the largely “passive” role of the Edge Resource Manager (ERM) in the Modular CMTS (M-CMTS) architecture, according to the interfaces defined in CableLabs, “Edge Resource Manager Interface Specification, CM-SP-ERMI-103-0811 07”, 2008. The Edge QAMs register their resources with the ERM, and the M-CMTS core initiates the resource transactions with the ERM to request or release a QAM channel. The ERM can detect an Edge QAM failure, and the ERM responds to M-CMTS resource requests with Edge QAM channel resources (possibly leveraging operator-dependent policies in the selection process). Therefore, with the current M-CMTS architecture, it appears that the M-CMTS core may actively participate in the DOCSIS QAM channel augmentation process. Alternatively, new ERMI messages might be defined to signal the availability of additional DOCSIS QAM channel resources to the M-CMTS core since the last M-CMTS core resource request.
  • 2. Service Plan Optimization
  • Rather than or in addition to reallocating bandwidth, it may be beneficial to modify usage to optimize system performance by offering optimized plans. Some “premium” broadband subscribers, such as commercial organizations or certain residential subscribers, may express interest in receiving offers for short-term upgrades of additional network bandwidth. An offer may include the proposed bandwidth augmentation and pricing, and may be communicated through instant messaging or email (via the Messaging/Presence component 316 of the network control system). If these premium subscribers accept the offer, the broadband access network is re-provisioned (dynamically via PCMM 321) for higher network bandwidth for a period of time, and the subscriber is billed according to the terms of the offer. Otherwise, the offer can be ignored or rejected with no penalty, although this may be interpreted as a lack of interest for the particular offer. The customer may have access to past offers that were accepted or rejected, as well as the ability to view any incremental charges.
  • In one embodiment, the Control System Orchestration component 312 is responsible for determining whether any bandwidth augmentation offers are made, and if so, which subset of premium subscribers may receive offers at this time (depending on the amount of available broadband access capacity).
  • In order to make effective offers of bandwidth augmentation, the network control system should consider several factors. First, it should consider the amount of available capacity in the broadband access network. The broadband service provider may want to avoid making such offers if the broadband access network is currently congested. Second, it should consider the amount of recent network traffic generated by the premium subscriber. If the subscriber has been generating network traffic close to the maximum bandwidth limit, then the subscriber is much more likely to benefit from bandwidth augmentation. Third, it should anticipate interest in the offer by the premium subscriber. The subscriber may explicitly communicate interest to the broadband service provider, or interest may be inferred by the subscriber's reaction to past broadband augmentation offers.
  • The network control system may rely on the following data sources to support this service:
      • SNMP-based collection of counters 304 associated with the interfaces Group MIB from CMTS DOCSIS interfaces, to determine the currently available capacity of the broadband access network. (See, e.g., McCloghrie, K., and F. Kastenholz, “The Interfaces Group MIB”, RFC 2863, 2000.)
      • IPDR-based collection of SAMIS records 303 with per-service flow statistics [DOCSIS-OSS], to determine the recent network traffic profile of the premium subscriber.
  • The Data Reduction and Analysis component 301 may generate events to the Control System Orchestration component 312 based on sustained bandwidth usage by premium subscribers, as well as events based on significant changes to the available capacity of the broadband access network (e.g. a transition from uncongested to congested network, or vice versa).
  • 3. Incentives for Non-Peak Time Usage
  • A subset of potential broadband subscribers, such as value-conscious consumers with time flexibility, may receive incentives from the broadband service provider (e.g. a reduced price and/or additional packaged services) to choose a broadband access service in which they consume most of their traffic volume during non-peak traffic times. During non-peak traffic times, the “incentive subscribers” may enjoy the “flagship” bandwidth rate, but the subscriber bandwidth may be restricted during peak traffic times. Notice that this is envisioned to be a voluntary service (hence the need for subscriber incentives); depending on the lower bandwidth during peak traffic times, this service may or may not be appropriate for best effort VoIP services. The incentive subscriber may be notified about bandwidth changes for non-peak-to peak transitions (if desired), and the subscriber may be offered an upgrade to a premium subscriber service if the bandwidth usage during peak traffic times is consistently at the bandwidth maximum.
  • This subscriber service is reminiscent of a service industry concept known as “yield management”. This term is used to describe techniques for the allocation of limited resources among a variety of customers, in a manner that optimizes the total revenue or “yield.” For example, the travel industry uses yield management in the allocation of airplane seats and hotel rooms to business travelers and leisure travels. Other examples of yield management include time of use electric metering, and mobile phone calling plans with night and weekend rates.
  • In the case of broadband access networks, there is often significant and consistent variation in aggregate network traffic based on the time of day. With respect to a representative CMTS, approximately 50% of the CMTS downstream capacity may be consumed at peak (e.g. 8 pm local time), but at least 70% of CMTS downstream capacity may be available at non-peak traffic times (e.g. 4 am local time). Network infrastructure expansion is typically driven by congestion during peak traffic periods, so additional subscriber traffic during non-peak traffic periods is efficient for the broadband service provider with respect to capital spending.
  • The network control system may rely on the following data sources to support this service:
      • SNMP-based collection of counters 304 associated with the Interfaces Group MIB from CMTS DOCSIS interfaces, to determine the transitions from non-peak to peak traffic periods for the broadband access network; and
      • IPDR-based collection of SAMIS records 303 with per-service flow statistics [DOCSIS-OSS], to determine the network traffic profile of the incentive subscriber during peak traffic periods.
  • The Data Reduction and Analysis component 301 may generate events to the Orchestration component 312 based on sustained bandwidth usage by incentive subscribers during peak traffic time periods, as well as events based on significant aggregate network traffic changes in the broadband access network (e.g. a transition from peak traffic to non-peak traffic, or vice versa).
  • The Orchestration component 312 may be responsible for determining when to transition incentive subscribers from non-peak to peak bandwidth rates, and vice versa. The Orchestration component may also determine whether to send flagship upgrade offers to incentive subscribers who may benefit from the flagship bandwidth rate during peak traffic periods.
  • 4. Quarantine Service for Subscribers with Security Issues
  • The “quarantine service” is designed for the broadband subscriber with security issues caused by involuntary means, such as a subscriber with an infected computer participating as a “zombie” in a “botnet.” While no subscriber may “volunteer” to have a computer infected with malware, it may be a fairly commonplace occurrence; some security experts suggest that between 10% and 25% of all broadband subscriber computers are infected with mai ware or a virus. Symantec estimates that 10% of all “spam zombies” in the world are located in the United States. (See, e.g., Symantec, “Internet Security Threat Report Trends for January-June 07, Volume XII”, 2007.) The goal of this service is to enable (perhaps limited) subscriber Internet access while the computer security issue is remedied.
  • The network control system may detect subscriber computer infections automatically, through information from the broadband service provider's own Intrusion Detection Systems (IDS), information obtained from security appliances 325 and 328, or through the analysis of “signature” network patterns (such as unusual coordinated traffic patterns by groups of computers organized in a single “botnet”). The network control system may also be manually notified of computer infections reported by external entities such as law enforcement agencies.
  • Regardless of the means of detection, the subscriber is notified of the computer infection through instant messaging, email, and/or other communication mechanisms (via the Messaging/Presence component 316 of the network control system), so that the subscriber has visibility and understanding of the security threat, and has the information needed to remediate or restore the computer. QPPB 319 may be used for the redirection of inbound subscriber traffic to a security appliance (similar to the operation of an IDS) for malware network mitigation; QPPB 319 may also be used for router-based traffic shaping, in order to control the aggregate amount of traffic directed to the security appliance. Provisioning of a new DOCSIS configuration file may be used to redirect outbound subscriber traffic to a security appliance, to restrict upstream traffic directed to the security appliance, and/or to block outbound SMTP traffic (for a “spam zombie” infection).
  • The network control system may rely on the following data sources to support this service:
      • IPDR-based collection of SAMIS records 303 with per-service flow statistics [DOCSIS-OSS], as a possible mechanism to detect unusual coordinated traffic patterns associated with a “botnet.”
      • IPDR-based collection of CPE records 303 [DOCSIS-OSS], to track the current IP addresses of infected subscriber computers (which may change due to DHCP protocol operation). The CPE IP addresses are needed to ensure that QPPB 319 is applied only to traffic associated with infected computers.
      • Collection of information from security appliances to determine the status of infected computers.
  • The Control System Orchestration component 312 may be responsible for identifying infected computers and applying appropriate mitigation measures (e.g. redirection of subscriber traffic to a security appliance, and/or blocking of outbound SMTP traffic), as well as restoring subscriber service after a computer infection has been remedied.
  • An important step in the network control system is the data analysis and event generation. As described above, a core component of the network control system 300 is the Data Reduction and Analysis component 301, which may detect significant network usage events for processing by the Control System Orchestration component 312. However, the Data Reduction and Analysis component 301 should avoid overwhelming the Control System Orchestration component 312 or Enterprise Service Bus 314 with unnecessary messages. Therefore, a key concept for the network control system 300 is to distinguish the rules for determining a network usage event, from the rules for processing and reacting to a network usage event.
  • Referring to FIG. 4, the interaction of the rules for determining events and responding to those events is considered. The rules for the determining a usage event by the Data Reduction and Analysis component 301 are based on engineering/IT constraints. Specifically, data analysts 408 review the raw network usage data 409 from a data repository 407 and the baseline business-requirements 410, and use these inputs to build event generation rules 411 for Data Reduction and Analysis in step 404. Ideally, these rules limit the maximum number of a notice of network usage events to the capacity of the Enterprise Service Bus and Control System Orchestration components. The baseline business requirements 410 help the data analysts 408 ensure that “potentially interesting” network usage events are generated, although some such events will be subsequently ignored by the Control System Orchestration component 312.
  • The benefit is that the Control System Orchestration business rules 412 by the business owners 419 may be changed independently of the network usage event rules by the analysts 408. For example, the baseline business requirement 410 may require the generation of an event for each premium subscriber reaching a certain network consumption threshold in a week, in order to identify potential candidates for offers to upgrade their network bandwidth. The Control System Orchestration component 312 may implement business rules 412 that process these events, and determine the feasibility and prioritization of such offers in particular portions of the broadband access network.
  • Another key difference between the event generation rules for Data Reduction and Analysis, and the business rules for Control System Orchestration, is that the event generation rules 411 are preferably, although not necessarily, programmed as state-of-the-art software (e.g. Java or C++), whereas the business rules 412 are likely, although not necessarily, to be configured as Business Process Execution Language (BPEL) logic using off-the-shelf graphical tools. This enables less-technical business owners 419 to build and understand their own Control System Orchestration business rules 412.
  • The diagram of FIG. 4 shows one possible instantiation of the core components of the network control system architecture. Specifically, in step 401, the network usage control system data sources (e.g., IPDR 303, IDS 305, etc.) transmit data to the network control system 300. In step 402, data extraction occurs, using a data extraction/formatting/storage software 403, for example, “VIVID” developed for Comcast. VIVID is a real-time, high-volume, general data collection and management system, with data analysis and archival storage 407 capabilities. The data extraction/formatting/storage software 403 feeds the Data Analysis and Event Generation component in step 404, which uses data analyst-developed event generation rules 411 to generate network usage events described previously.
  • Once an event is generated in step 404, an event signal is transmitted using the enterprise service bus function in step 405 for control system orchestration in step 406. In this step, the Control System Orchestration component uses the business rules 412 to determine a response to the event.
  • By implementing the network control system 300 in network 105, the network configuration is optimized while subscribers usage is moderated, thereby decreasing latency in the network and reducing the frequency for costly increases in network capacity.

Claims (1)

What is claimed is:
1. A process comprising:
monitoring data about a user's usage of a network;
determining from the monitored data that the user's network usage has exceeded a level indicative of an event using a control system that comprises one or more computing devices;
determining, by the control system, whether the event is a security incident by comparing the user's network usage to one or more of a usage of other users and a historical usage of the user, wherein determining whether the event is a security incident comprises determining whether the user's network usage is consistent with a normal network usage, and wherein an abnormal network usage indicates the event is a security incident;
if the event is not determined to be a security incident, the control system sending the user an offer to change usage plans that will result, if the offer is accepted, in an adjustment to the amount of bandwidth allocated to the user; and
if the event is determined to be a security incident, the control system restricting the user's access to the network.
US14/282,763 2008-12-30 2014-05-20 System And Method For Managing A Broadband Network Abandoned US20150026769A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/282,763 US20150026769A1 (en) 2008-12-30 2014-05-20 System And Method For Managing A Broadband Network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/346,162 US8762517B2 (en) 2008-12-30 2008-12-30 System and method for managing a broadband network
US14/282,763 US20150026769A1 (en) 2008-12-30 2014-05-20 System And Method For Managing A Broadband Network

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/346,162 Continuation US8762517B2 (en) 2008-12-30 2008-12-30 System and method for managing a broadband network

Publications (1)

Publication Number Publication Date
US20150026769A1 true US20150026769A1 (en) 2015-01-22

Family

ID=42286238

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/346,162 Active 2030-11-23 US8762517B2 (en) 2008-12-30 2008-12-30 System and method for managing a broadband network
US14/282,763 Abandoned US20150026769A1 (en) 2008-12-30 2014-05-20 System And Method For Managing A Broadband Network

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US12/346,162 Active 2030-11-23 US8762517B2 (en) 2008-12-30 2008-12-30 System and method for managing a broadband network

Country Status (1)

Country Link
US (2) US8762517B2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140378147A1 (en) * 2010-03-26 2014-12-25 Microsoft Corporation Cellular service with improved service availability
WO2016144701A1 (en) * 2015-03-06 2016-09-15 Mastercard International Incorporated Systems and methods for risk based decisioning

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7782898B2 (en) * 2003-02-04 2010-08-24 Cisco Technology, Inc. Wideband cable system
US8160098B1 (en) 2009-01-14 2012-04-17 Cisco Technology, Inc. Dynamically allocating channel bandwidth between interfaces
US8861546B2 (en) * 2009-03-06 2014-10-14 Cisco Technology, Inc. Dynamically and fairly allocating RF channel bandwidth in a wideband cable system
US8428063B2 (en) * 2009-03-31 2013-04-23 Comcast Cable Communications, Llc Access network architecture having dissimilar access sub-networks
US8094661B2 (en) 2009-03-31 2012-01-10 Comcast Cable Communications, Llc Subscriber access network architecture
US9413598B2 (en) * 2009-09-02 2016-08-09 International Business Machines Corporation Graph structures for event matching
US10157280B2 (en) * 2009-09-23 2018-12-18 F5 Networks, Inc. System and method for identifying security breach attempts of a website
CN102782710B (en) 2009-10-07 2016-08-24 鲁库斯无线公司 The computer network services performing function including self-adjusting flow provides system
CN101741734B (en) * 2009-12-08 2012-02-22 南京联创科技集团股份有限公司 Method for implementing dynamic strategic model based on mass data
US20110264477A1 (en) * 2010-01-27 2011-10-27 CALM Energy, Inc. Methods and a system for use of business process management for demand response
US10191783B2 (en) * 2010-02-26 2019-01-29 Red Hat, Inc. UDP multicast over enterprise service bus
CA2714224C (en) 2010-06-18 2011-10-25 Guest Tek Interactive Entertainment Ltd. Controller for providing user-tailored entertainment experience at entertainment device and method thereof
EP2622895A1 (en) * 2010-10-01 2013-08-07 Smith Micro Software, Inc. System and method for managing hotspot network access of a plurality of devices and billing for hotspot network access
US9159038B2 (en) * 2010-10-14 2015-10-13 Active Broadband Networks, Inc. Pre-paid service system and method
US20120124629A1 (en) * 2010-11-12 2012-05-17 Roger Musick Managing Bandwidth in an IPTV Environment
KR101036750B1 (en) * 2011-01-04 2011-05-23 주식회사 엔피코어 System for blocking zombie behavior and method for the same
US8935389B2 (en) * 2011-05-17 2015-01-13 Guavus, Inc. Method and system for collecting and managing network data
EP2530871B1 (en) * 2011-06-03 2016-08-31 Alcatel Lucent Managing a quality of an execution of a network provided service on a user device
EP2761935B1 (en) 2011-09-28 2017-02-01 Smith Micro Software, Inc. Self-adjusting mobile platform policy enforcement agent for controlling network access, mobility and efficient use of local and network resources
WO2013173244A1 (en) * 2012-05-14 2013-11-21 Sable Networks, Inc. System and method for ensuring subscriber fairness using outlier detection
US10637760B2 (en) * 2012-08-20 2020-04-28 Sandvine Corporation System and method for network capacity planning
US9515892B2 (en) * 2012-09-12 2016-12-06 Tekelec, Inc. Methods, systems, and computer readable media for providing diameter traffic estimator
US9693231B2 (en) * 2014-01-27 2017-06-27 Time Warner Cable Enterprises Llc Wireless gateway, network access, and management
CA2844724A1 (en) 2014-03-04 2015-09-04 Guest Tek Interactive Entertainment Ltd. Leveraging push notification capabilities of mobile app to send event-triggered invitations to upgrade service offered by hospitality establishment
JP6421436B2 (en) * 2014-04-11 2018-11-14 富士ゼロックス株式会社 Unauthorized communication detection device and program
WO2016061566A1 (en) * 2014-10-17 2016-04-21 Seven Networks, Llc Collaborative policy management strategies at a mobile device
US10379802B2 (en) * 2015-06-16 2019-08-13 Verizon Patent And Licensing Inc. Dynamic user identification for network content filtering
US10178421B2 (en) * 2015-10-30 2019-01-08 Rovi Guides, Inc. Methods and systems for monitoring content subscription usage
US9813396B2 (en) 2015-10-30 2017-11-07 Rovi Guides, Inc. Methods and systems for managing content subscription data
US10892963B2 (en) 2016-08-15 2021-01-12 Incognito Software Systems, Inc. System and method for determining bandwith usage from a plurality of subscribers in a cable network
US10958652B1 (en) * 2017-05-05 2021-03-23 EMC IP Holding Company LLC Secure communication link for integrated computing system management and method of operating the same
US10666619B2 (en) * 2017-07-28 2020-05-26 The Boeing Company Network address translation and service aware rule generation
CN109636338A (en) * 2018-12-12 2019-04-16 北京光电新创通信技术有限公司 A kind of broad band photoelectrical operation management platform system
US11240049B2 (en) * 2019-06-05 2022-02-01 International Business Machines Corporation Automatic recharging of data quota for successful completion of transaction
US11689426B2 (en) * 2019-08-27 2023-06-27 OpenVault, LLC System and method for applying CMTS management policies based on individual devices

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020095498A1 (en) * 2000-06-05 2002-07-18 Accordion Networks Network architecture for multi-client units
US20030093520A1 (en) * 2001-10-26 2003-05-15 Beesley Richard Craig Method of controlling the amount of data transferred between a terminal and a server
US20030134648A1 (en) * 2001-10-04 2003-07-17 Reed Mark Jefferson Machine for providing a dynamic data base of geographic location information for a plurality of wireless devices and process for making same
US20040199634A1 (en) * 2003-02-20 2004-10-07 Gilat Satellite Networks, Ltd. Enforcement of network service level agreements
US20040199635A1 (en) * 2002-10-16 2004-10-07 Tuan Ta System and method for dynamic bandwidth provisioning
US20050249214A1 (en) * 2004-05-07 2005-11-10 Tao Peng System and process for managing network traffic
US20060230444A1 (en) * 2005-03-25 2006-10-12 At&T Corp. Method and apparatus for traffic control of dynamic denial of service attacks within a communications network
US20070033282A1 (en) * 2005-08-08 2007-02-08 Weidong Mao Signaling redirection for distributed session and resource management
US20070064617A1 (en) * 2005-09-15 2007-03-22 Reves Joseph P Traffic anomaly analysis for the detection of aberrant network code
US20070094725A1 (en) * 2005-10-21 2007-04-26 Borders Kevin R Method, system and computer program product for detecting security threats in a computer network
US20070156822A1 (en) * 2005-12-30 2007-07-05 Ray Modaresi Methods and computer programs for formulating messaging platform capacity projections
US20070180090A1 (en) * 2006-02-01 2007-08-02 Simplicita Software, Inc. Dns traffic switch
US20070203714A1 (en) * 2006-02-28 2007-08-30 Microsoft Corporation Purchasable Token Bandwidth Portioning
US20080045234A1 (en) * 2001-10-04 2008-02-21 Reed Mark J Machine for providing a dynamic data base of geographic location information for a plurality of wireless devices and process for making same
US7885222B2 (en) * 2006-09-29 2011-02-08 Advanced Micro Devices, Inc. Task scheduler responsive to connectivity prerequisites

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020095498A1 (en) * 2000-06-05 2002-07-18 Accordion Networks Network architecture for multi-client units
US20080045234A1 (en) * 2001-10-04 2008-02-21 Reed Mark J Machine for providing a dynamic data base of geographic location information for a plurality of wireless devices and process for making same
US20030134648A1 (en) * 2001-10-04 2003-07-17 Reed Mark Jefferson Machine for providing a dynamic data base of geographic location information for a plurality of wireless devices and process for making same
US20030093520A1 (en) * 2001-10-26 2003-05-15 Beesley Richard Craig Method of controlling the amount of data transferred between a terminal and a server
US20040199635A1 (en) * 2002-10-16 2004-10-07 Tuan Ta System and method for dynamic bandwidth provisioning
US20040199634A1 (en) * 2003-02-20 2004-10-07 Gilat Satellite Networks, Ltd. Enforcement of network service level agreements
US20050249214A1 (en) * 2004-05-07 2005-11-10 Tao Peng System and process for managing network traffic
US20060230444A1 (en) * 2005-03-25 2006-10-12 At&T Corp. Method and apparatus for traffic control of dynamic denial of service attacks within a communications network
US20070033282A1 (en) * 2005-08-08 2007-02-08 Weidong Mao Signaling redirection for distributed session and resource management
US20070064617A1 (en) * 2005-09-15 2007-03-22 Reves Joseph P Traffic anomaly analysis for the detection of aberrant network code
US20070094725A1 (en) * 2005-10-21 2007-04-26 Borders Kevin R Method, system and computer program product for detecting security threats in a computer network
US20070156822A1 (en) * 2005-12-30 2007-07-05 Ray Modaresi Methods and computer programs for formulating messaging platform capacity projections
US20070180090A1 (en) * 2006-02-01 2007-08-02 Simplicita Software, Inc. Dns traffic switch
US20070203714A1 (en) * 2006-02-28 2007-08-30 Microsoft Corporation Purchasable Token Bandwidth Portioning
US7885222B2 (en) * 2006-09-29 2011-02-08 Advanced Micro Devices, Inc. Task scheduler responsive to connectivity prerequisites

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140378147A1 (en) * 2010-03-26 2014-12-25 Microsoft Corporation Cellular service with improved service availability
WO2016144701A1 (en) * 2015-03-06 2016-09-15 Mastercard International Incorporated Systems and methods for risk based decisioning
US9600819B2 (en) 2015-03-06 2017-03-21 Mastercard International Incorporated Systems and methods for risk based decisioning
US9870564B2 (en) 2015-03-06 2018-01-16 Mastercard International Incorporated Systems and methods for risk based decisioning
US10592905B2 (en) 2015-03-06 2020-03-17 Mastercard International Incorporated Systems and methods for risk based decisioning

Also Published As

Publication number Publication date
US20100169475A1 (en) 2010-07-01
US8762517B2 (en) 2014-06-24

Similar Documents

Publication Publication Date Title
US8762517B2 (en) System and method for managing a broadband network
CA2840432C (en) Dynamic service delivery with topology discovery for communication networks
KR101861503B1 (en) Device-assisted services for protecting network capacity
US8594621B2 (en) Usage sharing across fixed line and mobile subscribers
US20100103820A1 (en) Fair use management method and system
EP2433401B1 (en) Dynamic management of network flows
US7944836B2 (en) Adaptive method and apparatus for adjusting network traffic volume reporting
US20130124719A1 (en) Determining a bandwidth throughput requirement
US11689426B2 (en) System and method for applying CMTS management policies based on individual devices
US8959218B2 (en) Secure dynamic quality of service using packetcable multimedia
US20120303795A1 (en) Qos control in wireline subscriber management
JP3962046B2 (en) Apparatus for processing parameters and / or traffic stream measurements for local billing of resource usage per equipment element in a communication network
US9380169B2 (en) Quality of service (QoS)-enabled voice-over-internet protocol (VoIP) and video telephony applications in open networks
WO2014130367A1 (en) Systems and methods for hierarchical mobile policy control and mobile policy roaming
Karur Providing Enhanced Nextgen VoIP Service Using Packetcable Network with Efficient QoS

Legal Events

Date Code Title Description
AS Assignment

Owner name: COMCAST CABLE COMMUNICATIONS, LLC, PENNSYLVANIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WOUNDY, RICHARD M.;LEDDY, JOHN;HERTZ, RICHARD;AND OTHERS;SIGNING DATES FROM 20090128 TO 20090212;REEL/FRAME:032936/0684

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION